English

A Hybrid Deep Learning and Anomaly Detection Framework for Real-Time Malicious URL Classification

Cryptography and Security 2025-12-04 v1 Machine Learning

Abstract

Malicious URLs remain a primary vector for phishing, malware, and cyberthreats. This study proposes a hybrid deep learning framework combining \texttt{HashingVectorizer} n-gram analysis, SMOTE balancing, Isolation Forest anomaly filtering, and a lightweight neural network classifier for real-time URL classification. The multi-stage pipeline processes URLs from open-source repositories with statistical features (length, dot count, entropy), achieving O(NL+EBdh)O(NL + EBdh) training complexity and a 20\,ms prediction latency. Empirical evaluation yields 96.4\% accuracy, 95.4\% F1-score, and 97.3\% ROC-AUC, outperforming CNN (94.8\%) and SVM baselines with a 50 ⁣×50\!\times--100 ⁣×100\!\times speedup (Table~\ref{tab:comp-complexity}). A multilingual Tkinter GUI (Arabic/English/French) enables real-time threat assessment with clipboard integration. The framework demonstrates superior scalability and resilience against obfuscated URL patterns.

Keywords

Cite

@article{arxiv.2512.03462,
  title  = {A Hybrid Deep Learning and Anomaly Detection Framework for Real-Time Malicious URL Classification},
  author = {Berkani Khaled and Zeraoulia Rafik},
  journal= {arXiv preprint arXiv:2512.03462},
  year   = {2025}
}

Comments

14 pages,2 figures

R2 v1 2026-07-01T08:07:07.606Z