Phishing Webpage Detection using URL and HTML Graphs based on a Multimodal AutoEncoder Ensemble

Jun-Ho Yoon, Seok-Hun Choi, Hae-Jung Kim, Seok-Jun Buu

http://doi.org/10.5626/JOK.2025.52.6.461

As the internet continues to evolve, phishing attacks are increasingly targeting users, highlighting the need for effective detection methods. Traditional approaches focus on analyzing URL character sequences; however, phishing URLs often mimic legitimate patterns and have a short lifespan, limiting detection accuracy. To address this, we propose a multimodal ensemble-based phishing detection method that leverages both URL strings and HTML graph data. Character-level URL sequences are processed using a Convolutional AutoEncoder (CAE), while HTML DOM structures are converted into graph formats and analyzed with a Graph Convolutional AutoEncoder (GCAE). The extracted latent vectors are integrated via a Transformer layer to classify phishing webpages. The proposed model improves detection performance by up to 18.91 percentage points in F1 Score compared to existing methods, and case analysis reveals the interrelationship between URL and HTML features.