Authors - Siddalingappagouda Biradar, Vinod B Durdi, Suganthi Neelagiri, Devaraju Ramakrishna, Preeti Khanwalkar, Shashi Raj K Abstract - Phishing attacks continue to evolve in scale and sophistication, working on weaknesses across infrastructure, content, and user behavior. Earlier studies demonstrated that hybrid feature representations combining URL, HTML, and infrastructure features significantly outperform single-source approaches, with tree-based and deep learning models achieving detection accuracies exceeding 95%. However, these studies also revealed limitations related to global feature selection, cluster-agnostic learning, and evaluation protocols that may lead to optimistic performance estimates. In this paper, propose a multi-cluster phishing detection framework that organizes features into three complementary clusters: Cluster 0 (C0) for infrastructure and transport-layer characteristics, Cluster 1 (C1) for URL and HTML content features, and Cluster 2 (C2) for behavioral and campaign-level patterns. To address the limitations of traditional feature selection methods, we introduce HC²FS (Heuristic-Constrained Class-Conditional Feature Selection), a cluster-aware and class-conditional approach that preserves low-variance yet highly discriminative phishing indicators. The proposed system is evaluated on large-scale datasets comprising over 600 combined features, using a strict 80% training and 20% testing split enforced prior to feature selection and model training.
Open Zoom