Research Article
BibTex RIS Cite

Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset

Year 2025, Volume: 14 Issue: 4, 1 - 12, 01.01.2026

Mehmet Aksoy , Meltem Kurt Pehlivanoğlu , Halil Yiğit

https://doi.org/10.55859/ijiss.1813327

Abstract

This paper presents a comprehensive evaluation of phishing detection architectures, systematically transitioning from single-modality text classifiers to parameter-efficient hybrid multimodal systems. Using the MTLP dataset, a large-scale collection containing 100,000 legitimate and phishing webpage samples, we systematically evaluated multiple model configurations. The dataset includes Uniform Resource Locators (URLs), HyperText Markup Language (HTML) content, and WHOIS metadata. Each experiment targeted a specific research question, examining the impact of Parameter-Efficient Fine-Tuning (PEFT) using Low Rank Adaptation (LoRA), feature fusion strategies, and feature engineering on detection accuracy and efficiency. The optimal configuration (V5.2) integrated a language-specific Turkish BERT encoder with 14 domain-specific URL features, achieving an F1-score of 99.14% and outperforming text-only, image-based, and WHOIS-based baselines. Our experiments show that increasing architectural complexity (e.g., cross-attention) does not necessarily lead to better performance; instead, a balanced fusion of linguistic and structural cues yields optimal results. We also observed a clear trade-off between parameter count and accuracy, as lightweight models with only 1,538 trainable parameters achieved near state-of-the-art performance. Error analysis revealed that even advanced systems struggle with structurally ambiguous or content-sparse webpages. Overall, the findings highlight the potential of domain-adapted hybrid architectures as a robust, efficient, and explainable approach to phishing detection.

Keywords

Phishing Detection Multimodal Learning Transfer Learning BERT PEFT LoRA Structural Analysis

Ethical Statement

This research uses publicly available datasets and does not require ethics committee approval.

References

  • Anti-Phishing Working Group, “Phishing activity trends report, 1st quarter 2025,” APWG, Tech. Rep., 2025, accessed: November 22, 2025. [Online]. Available: https://apwg.org/ trendsreports/
  • P. Prakash, M. Kumar, R. R. Kompella, and M. Gupta, “Phishnet: Predictive blacklisting to detect phishing attacks,” in Proceedings of the IEEE INFOCOM, 2010, pp. 1–9.
  • O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, “Machine learning based phishing detection from urls,” Expert Systems with Applications, vol. 117, pp. 345–357, 2019.
  • K. Haynes, H. Shirazi, and I. Ray, “Lightweight url-based phishing detection using natural language processing transformers for mobile devices,” Procedia Computer Science, vol. 191, pp. 235– 242, 2021.
  • K. Misra and J. T. Rayz, “Lms go phishing: Adapting pretrained language models to detect phishing emails,” in Proceedings of the 2022 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT), 2022, pp. 169–178.
  • F. Çolhak, M. I. Ecevit, B. E. Ucar, R. Creutzburg, and H. Dag, “Phishing website detection through multi-model analysis of html content,” in Proceedings of the International Conference on Theoretical and Applied Computing (ICTAC), Kocaeli, Türkiye, 2024, pp. 1–8, arXiv:2401.04820. [Online]. Available: https://arxiv.org/abs/2401.04820
  • E. J. Hu, Y. Shen, P. Wallis, Z. Allen-Zhu, Y. Li, S. Wang, L. Wang, and W. Chen, “Lora: Low-rank adaptation of large language models,” in Proceedings of the International Conference on Learning Representations (ICLR), 2021. [Online]. Available: https://openreview.net/forum?id= nZeVKeeFYf9
  • M. Aksoy, “Phishing detection with hybrid and multimodal architectures (version v5.2),” https://github.com/mehmetaksoy/ Kimlik-Av-Tespiti, 2025, accessed: October 30, 2025.
  • J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pretraining of deep bidirectional transformers for language understanding,” in Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL-HLT), 2019, pp. 4171–4186.
  • C. Opara, Y. Chen, and B. Wei, “Htmlphish: A deep learningbased framework for phishing web page detection,” IEEE Access, vol. 12, pp. 12 345–12 356, 2024.
  • S. Manjaly and S. Scott-Hayward, “Multimodal phishing detection using deep learning,” Computers & Security, vol. 128, p. 103150, 2023.
  • F. Çolhak, M. I. Ecevit, and H. Dag, “Transfer learning for phishing detection: Screenshot-based website classification,” in Proceedings of the 2024 9th International Conference on Computer Science and Engineering (UBMK), 2024, pp. 1–6.
  • F. Çolhak, M. I. Ecevit, R. Creutzburg, and H. Dag, “Comparing deep neural networks and machine learning for detecting malicious domain name registrations,” in Proceedings of the 2024 IEEE International Conference on Omni-layer Intelligent Systems (COINS), 2024, pp. 1–6.
There are 13 citations in total.

Details

Primary Language English
Subjects Information Security and Cryptology
Journal Section Research Article
Authors

Mehmet Aksoy 0009-0007-0250-8384

Meltem Kurt Pehlivanoğlu 0000-0002-7581-9390

Halil Yiğit 0000-0003-0932-6966

Submission Date October 30, 2025
Acceptance Date December 9, 2025
Publication Date January 1, 2026
Published in Issue Year 2025 Volume: 14 Issue: 4

Cite

IEEE M. Aksoy, M. Kurt Pehlivanoğlu, and H. Yiğit, “Parameter-Efficient Hybrid Architectures for Multimodal Phishing Detection: Insights from the MTLP Dataset”, IJISS, vol. 14, no. 4, pp. 1–12, 2026, doi: 10.55859/ijiss.1813327.