Abstract Phishing emails pose a significant cybersecurity threat, necessitating advanced detection systems to counter evolving attack strategies. This study introduces a novel hybrid model combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks to enhance phishing email detection. The model leverages CNNs for local feature extraction (e.g., n-grams, stylistic cues) and LSTMs for sequential dependency modeling, augmented by multi-modal features including email metadata, URL characteristics, and sender reputation. Evaluated on a balanced dataset of 10,000 emails (5000 legitimate, 5000 phishing) from the Enron and Nazario corpora, augmented with synthetic data, the model achieves an accuracy of 96.86%, precision of 95.09%, recall of 96.98%, F1-score of 96.02%, and AUC-ROC of 0.99, outperforming baseline models (e.g., standalone CNN, LSTM, Random Forest) and recent studies. Ablation studies validate the synergy of CNN and LSTM components, while ensemble techniques (stacking, bagging) boost accuracy to 97.20%. Cross-domain evaluations across financial, healthcare, and education sectors demonstrate robust generalizability (93.20%-94.50% accuracy). Adversarial training enhances resilience against obfuscation attacks, achieving 95.30% accuracy on perturbed inputs. Despite computational challenges, mitigation strategies like pruning and quantization ensure scalability. Attention mechanisms improve interpretability, highlighting critical features. This model offers a scalable, robust solution for phishing detection, advancing cybersecurity against sophisticated threats.
Mandela et al. (Thu,) studied this question.