ATBU Journal of Science, Technology and Education

Phishing attacks are one of the most common forms of cybercrime that exists, it uses social engineering techniques that are advanced and character-level obfuscation in order to avoid the traditional detection techniques. As much as deep learning approaches have boosted phishing detection, its application remains limited due to two main challenges: vulnerability of models to evolving evasion tactics and their lack of interpretability in model decisions. Addressing these limitations is crucial for developing reliable phishing detection system suitable for real-world cybersecurity operations. This paper proposes an explainable hybrid LSTM-CNN model for phishing URL detection. The model was designed to learn both local and sequential patterns in URLs, with the SHAP (Shapley Additive Explanations) framework integrated to ensure explanations for classification decisions were interpretable. The model displayed an excellent performance having overall accuracy of 98.09%, and low false-positive rate of 0.72%. The model used a large dataset of 549,346 URLs with an Accuracy of 98.09%, Precision of 98.14%, Recall of 95.10%, F1-Score of 96.59% and ROC-AUC of 99.72%. The SHAP aspect showed how the model could identify phishing indicators like random character sequences, suspicious top-level domains that are unusual. 

APWG. (2024, April). APWG Q4 Report Finds 2023 Was Record Year for Phishing. APWG. Retrieved January 20, 2026, from https://s29837.pcdn.co/apwg-q4-report-finds-2023-was-record-year-for-phishing/

Aljofey, A., Jiang, Q., Qiang Qu, Huang, M., & Niyigena, J.-P. (2020, September 15). AnEffective Phishing Detection Model Based on Character Level Convolutional Neural Network from URL. 9(9), 24. https://doi.org/10.3390/electronics9091514

Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2020, March). Machine learning based phishing detection from URLs. Expert Systems with Applications, 117, 345 - 357. https://doi.org/10.1016/j.eswa.2018.09.029

Faizal, D. (2024). Enhancing Phishing Threat Detection and Resilience: Leveraging Machine Learning, AI, and User Education in Cybersecurity. ResearchGate. https://www.researchgate.net/publication/384367000

Li, M., Qiao, Y., & Lee, B. (2025, October 7th). Adversarial Robustness Evaluation for Multi-View Deep Learning Cybersecurity Anomaly Detection. 17(10), 22. https://doi.org/10.3390/fi17100459

Shendkar, B. D., Chandre, P. R., Madachane, S. S., Kulkarni, N., & Deshmukh, S. (2024). Enhancing Phishing Attack Detection Using Explainable AI: Trends and Innovations. ASEAN Journal on Science and Technology for Development (AJSTD), 42(1). https://doi.org/10.61931/2224-9028.1604

Alsabri, A. A., & Al-Hadi, M. A. (2025). A Hybrid CNN-BLSTM Model for Phishing Attack Detection Using Deep Learning to Strengthen Internet Security. Sana'a Univeristy Journal of Applied Sciences and Technology, 3(4), 964 - 972. https://doi.org/10.59628/jast.v3i4.1822

Zara, U., Ayyub, K., Khan, H. U., Daud, A., Alsahfi, T., & Ahmad, S. G. (2024, October 25th). IEEE Access, 12. https://ieeexplore.ieee.org/abstract/document/10735206

Atanda, O. G., Amoyedo, F. E., Olowe, O. T., & Jimoh, E. R. (2025). Deep Learning for Phishing URL Detection: A Comparative Analysis of CNN and RNN Models for Enhanced Cybersecurity. NIPES - Journal of Science and Technology Research, 7, 1121 - 1129.

Kulkarni, A. D. (2023). Convolution Neural Networks for Phishing Detection. Computer Science Faculty Publications and Presentations, 23. http://hdl.handle.net/10950/4224?utm_source=scholarworks.uttyler.edu%2Fcompsci_fac%2F23&utm_medium=PDF&utm_campaign=PDFCoverPages

Gharkan, D. K. (2025, December 30). Performance and Explainability of Machine Learning Models in Phishing Detection Using SHAP. Al-Mustansiriyah Journal of Science, 36(4). https://doi.org/10.23851/mjs.v36i4.1707

Shaurya, & Vaghela, R. S. (2023, December). Exploring feature importance in phishing URL detection models. NFSU - Journal of Cyber Security and Digital Forensics, 2(2). https://jcsdf.nfsu.ac.in/

Warnecke, A., Arp, D., Wressnegger, C., & Rieck, K. (2020). Evaluating Explanation Methods for Deep Learning in Security. 2020 IEEE European Symposium on Security and Privacy (EuroS&P). https://ieeexplore.ieee.org/abstract/document/9230374

Omar, A., Tale, S., & Shaheen, M. (2023). From Phishing Behavior Analysis and Feature Selection to Enhance Prediction Rate in Phishing Detection. (IJACSA) International Journal of Advanced Computer Science and Applications, 14(5). https://pdfs.semanticscholar.org/9414/b6ceba2d159b7e58b90ab7c428fb8796af19.pdf

Jampen, D., Gur, G., Sutter, T., & Tellenbach, B. (2020, December 1). Don’t click: towards an effective anti-phishing training. A comparative literature review. Human-centric Computing and Information Sciences, 10(1), 41. 10.1186/s13673-020-00237-7.