Bilstm based model for detection of phishing attacks

Abstract

Phishing attacks remain a major security threat because traditional machine learning models and even Long Short Term Memory (LSTM) approaches struggle to detect evolving phishing techniques, fail to capture temporal patterns effectively, and often suffer from poor generalisation and elevated false detection rates. This work proposes a Bidirectional Long Short Term Memory (BiLSTM) model for detecting phishing attacks in emails. Word2Vec embeddings were applied to help the model understand word relationships and the general structure of email messages. A total of 6,000 emails, equally split between phishing and legitimate types, were collected from a range of open sources. Before training, the dataset underwent a series of preprocessing steps, including text cleaning, tokenisation, and feature transformation. To improve performance, random search was used for tuning the hyperparameters effectively. Since the BiLSTM reads the email content from both directions, it could catch deeper patterns in how the text is written. With Word2Vec, the model did not need manual feature selection; it was able to understand the meaning of words from how they appear in context. Key metrics for performance, such as accuracy, precision, recall, F1 score, false positive rate, and false negative rate, were used to gauge performance. With a false positive rate of 6.83% and a false negative rate of 2.28%, the model achieved an accuracy of 96%. When compared to other models like Support Vector Machine (SVM), Decision Tree, Random Forest, and LSTM, the BiLSTM model performed better overall.