作者
Mahdi Rabbani,Morteza Eskandarian,Mansur Mirani,Gunjan Piya,Igor Opushnyev,Rongxing Lu,Sajjad Dadkhah
摘要
Phishing attacks remain one of the most popular, damaging cyber threats, with malicious Uniform Resource Locators (URLs) acting as a primary vector for credential theft, malware distribution. Traditional detection approaches, based on phishing keyword matching, static rule-based systems, struggle against modern phishing attempts due to syntactic variability, semantic obfuscation, adversarial manipulation. Recent advances in Large Language Models (LLMs) have further enabled attackers to generate visually deceptive, syntactically diverse URLs that evade lexical similarity filters. To address these emerging challenges, this paper introduces a content-independent phishing URL detection framework that combines lexical feature extraction with graph-based reasoning. The proposed technique, URL2Path, tokenizes URL strings into sequential segments, maps them onto a homogeneous directed graph, where structural, semantic patterns are captured using DeepWalk-based node embeddings. This approach addresses three key limitations in existing systems: limited scalability of content-based detection, weak robustness of traditional models against LLM generated adversarial URLs, the absence of graph-structured reasoning to vectorize raw URLs into expressive representations. Experimental evaluations show that URL2Path achieves superior precision, recall, F1-score, particularly under cross-dataset validation, adversarial stress testing, imbalanced training conditions. The model is benchmarked against recent lightweight LLMs (BERT-Tiny, DeBERTa-v3, ModernBERT, DeepSeek), demonstrating improved detection accuracy, faster inference. Additionally, we assess its scalability to million-scale datasets, cross-domain generalization, robustness against adversarial perturbations.