Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset
Abstract
This paper presents a comprehensive evaluation of phishing detection architectures, systematically transitioning from single-modality text classifiers to parameter-efficient hybrid multimodal systems. Using the MTLP dataset, a large-scale collection containing 100,000 legitimate and phishing webpage samples, we systematically evaluated multiple model configurations. The dataset includes Uniform Resource Locators (URLs), HyperText Markup Language (HTML) content, and WHOIS metadata. Each experiment targeted a specific research question, examining the impact of Parameter-Efficient Fine-Tuning (PEFT) using Low Rank Adaptation (LoRA), feature fusion strategies, and feature engineering on detection accuracy and efficiency. The optimal configuration (V5.2) integrated a language-specific Turkish BERT encoder with 14 domain-specific URL features, achieving an F1-score of 99.14% and outperforming text-only, image-based, and WHOIS-based baselines. Our experiments show that increasing architectural complexity (e.g., cross-attention) does not necessarily lead to better performance; instead, a balanced fusion of linguistic and structural cues yields optimal results. We also observed a clear trade-off between parameter count and accuracy, as lightweight models with only 1,538 trainable parameters achieved near state-of-the-art performance. Error analysis revealed that even advanced systems struggle with structurally ambiguous or content-sparse webpages. Overall, the findings highlight the potential of domain-adapted hybrid architectures as a robust, efficient, and explainable approach to phishing detection.
Keywords
Ethical Statement
This research uses publicly available datasets and does not require ethics committee approval.
References
- Anti-Phishing Working Group, “Phishing activity trends report, 1st quarter 2025,” APWG, Tech. Rep., 2025, accessed: November 22, 2025. [Online]. Available: https://apwg.org/ trendsreports/
- P. Prakash, M. Kumar, R. R. Kompella, and M. Gupta, “Phishnet: Predictive blacklisting to detect phishing attacks,” in Proceedings of the IEEE INFOCOM, 2010, pp. 1–9.
- O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, “Machine learning based phishing detection from urls,” Expert Systems with Applications, vol. 117, pp. 345–357, 2019.
- K. Haynes, H. Shirazi, and I. Ray, “Lightweight url-based phishing detection using natural language processing transformers for mobile devices,” Procedia Computer Science, vol. 191, pp. 235– 242, 2021.
- K. Misra and J. T. Rayz, “Lms go phishing: Adapting pretrained language models to detect phishing emails,” in Proceedings of the 2022 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT), 2022, pp. 169–178.
- F. Çolhak, M. I. Ecevit, B. E. Ucar, R. Creutzburg, and H. Dag, “Phishing website detection through multi-model analysis of html content,” in Proceedings of the International Conference on Theoretical and Applied Computing (ICTAC), Kocaeli, Türkiye, 2024, pp. 1–8, arXiv:2401.04820. [Online]. Available: https://arxiv.org/abs/2401.04820
- E. J. Hu, Y. Shen, P. Wallis, Z. Allen-Zhu, Y. Li, S. Wang, L. Wang, and W. Chen, “Lora: Low-rank adaptation of large language models,” in Proceedings of the International Conference on Learning Representations (ICLR), 2021. [Online]. Available: https://openreview.net/forum?id= nZeVKeeFYf9
- M. Aksoy, “Phishing detection with hybrid and multimodal architectures (version v5.2),” https://github.com/mehmetaksoy/ Kimlik-Av-Tespiti, 2025, accessed: October 30, 2025.
Details
Primary Language
English
Subjects
Information Security and Cryptology
Journal Section
Research Article
Publication Date
January 1, 2026
Submission Date
October 30, 2025
Acceptance Date
December 9, 2025
Published in Issue
Year 2025 Volume: 14 Number: 4
APA
Aksoy, M., Kurt Pehlivanoğlu, M., & Yiğit, H. (2026). Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset. International Journal of Information Security Science, 14(4), 1-12. https://doi.org/10.55859/ijiss.1813327
AMA
1.Aksoy M, Kurt Pehlivanoğlu M, Yiğit H. Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset. IJISS. 2026;14(4):1-12. doi:10.55859/ijiss.1813327
Chicago
Aksoy, Mehmet, Meltem Kurt Pehlivanoğlu, and Halil Yiğit. 2026. “Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset”. International Journal of Information Security Science 14 (4): 1-12. https://doi.org/10.55859/ijiss.1813327.
EndNote
Aksoy M, Kurt Pehlivanoğlu M, Yiğit H (January 1, 2026) Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset. International Journal of Information Security Science 14 4 1–12.
IEEE
[1]M. Aksoy, M. Kurt Pehlivanoğlu, and H. Yiğit, “Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset”, IJISS, vol. 14, no. 4, pp. 1–12, Jan. 2026, doi: 10.55859/ijiss.1813327.
ISNAD
Aksoy, Mehmet - Kurt Pehlivanoğlu, Meltem - Yiğit, Halil. “Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset”. International Journal of Information Security Science 14/4 (January 1, 2026): 1-12. https://doi.org/10.55859/ijiss.1813327.
JAMA
1.Aksoy M, Kurt Pehlivanoğlu M, Yiğit H. Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset. IJISS. 2026;14:1–12.
MLA
Aksoy, Mehmet, et al. “Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset”. International Journal of Information Security Science, vol. 14, no. 4, Jan. 2026, pp. 1-12, doi:10.55859/ijiss.1813327.
Vancouver
1.Mehmet Aksoy, Meltem Kurt Pehlivanoğlu, Halil Yiğit. Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset. IJISS. 2026 Jan. 1;14(4):1-12. doi:10.55859/ijiss.1813327