OFERCE: Optimized Rule-Based Detection of Malicious URLs

Dhika Ananda Ramadhan; Vera Suryani

doi:10.48084/etasr.16366

Authors

Dhika Ananda Ramadhan School of Computing, Telkom University, Bandung, Indonesia
Vera Suryani School of Computing, Telkom University, Bandung, Indonesia

Volume: 16 | Issue: 1 | Pages: 32398-32405 | February 2026 | https://doi.org/10.48084/etasr.16366

Received: 19 November 2025 | Revised: 1 December 2025, 26 December 2025, and 5 January 2026 | Accepted: 6 January 2026 | Online: 12 January 2026
Corresponding author: Dhika Ananda Ramadhan

Abstract

Cyberattacks using bad URLs are on the rise and are quickly becoming a key means of disseminating contemporary online dangers. Numerous cybersecurity agencies have reported a notable increase in Advanced Persistent Threat (APT), malware, and phishing activities that leverage URLs to spread their attacks. This circumstance emphasizes the importance of creating effective and flexible detection systems to thwart increasingly intricate attack patterns. A previous study proposed a malicious URL detection algorithm based on neural networks that achieved 97% accuracy. However, this model's reliability against dynamic attacks is still limited because it has not been verified using actual network data and still has a high false prediction detection rate (18.13%). To address these limitations, this study proposes OFERCE (Optimized Rule-based Detection for Malicious URLs), an optimized rule-based feature extraction framework that integrates adaptive feature selection based on mutual information, data-balancing strategies (SMOTE and class weighting), and comprehensive lexical rule-based features. Additionally, OFERCE incorporates hyperparameter tuning to ensure that the underlying machine-learning models operate at their optimal configuration, enhancing generalization capability and reducing overfitting during real-world evaluation. According to experimental results, OFERCE improves the performance of the Logistic Regression model to 99% accuracy and reduces the average error detection rate by up to 30%, demonstrating consistent and reliable performance across multiple categories of URL-based threats.

Keywords:

malicious url, false-detection, optimised feature, real network traffic

Downloads

Download data is not yet available.

References

Q. Abu Al-Haija and M. Al-Fayoumi, "An intelligent identification and classification system for malicious uniform resource locators (URLs)," Neural Computing and Applications, vol. 35, no. 23, pp. 16995–17011, Aug. 2023. DOI: https://doi.org/10.1007/s00521-023-08592-z

"Kaspersky reports phishing attacks grow by 40 percent in 2023," Kaspersky, Mar. 07, 2024. https://www.kaspersky.com/about/press-releases/kaspersky-reports-phishing-attacks-grow-by-40-percent-in-2023.

Lanskap Keamanan Siber Indonesia. Jakarta, Indonesia: Id-SIRTII/CC–BSSN, 2024.

A. Prasad and S. Chandra, "PhiUSIIL: A diverse security profile empowered phishing URL detection framework based on similarity index and incremental learning," Computers & Security, vol. 136, Jan. 2024, Art. no. 103545. DOI: https://doi.org/10.1016/j.cose.2023.103545

B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, "Fighting against phishing attacks: state of the art and future challenges," Neural Computing and Applications, vol. 28, no. 12, pp. 3629–3654, Dec. 2017. DOI: https://doi.org/10.1007/s00521-016-2275-y

"Email Threat Landscape Report: Evolving Threats in Email-Based Attacks," https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/email-threat-landscape-report-evolving-threats-in-email-based-attacks.

D. E. D. Vivas, W. Y. G. Pena, S. P. C. Botero, and A. E. Rojas, "A Controlled Phishing Attack in a University Community: A Case Study," Journal of Internet Services and Information Security, vol. 14, no. 3, pp. 98–110, Aug. 2024. DOI: https://doi.org/10.58346/JISIS.2024.I2.007

J. Milletary, "Technical Trends in Phishing Attacks," US-CERT.

S. Udipi, "The event data management problem: getting the most from network detection and response," Network Security, Nov. 2021. DOI: https://doi.org/10.1016/S1353-4858(21)00008-8

M. Campfield, "The problem with (most) network detection and response," Network Security, Nov. 2021. DOI: https://doi.org/10.1016/S1353-4858(20)30104-5

R. Alzubi, T. Bishtawi, and H. Kassem, "Improving Web Security through Machine Learning: A Feature-Based Methodology for Detecting Phishing URLs," Engineering, Technology & Applied Science Research, vol. 15, no. 5, pp. 26845–26851, Oct. 2025. DOI: https://doi.org/10.48084/etasr.12015

A. A. Albishri and M. M. Dessouky, "A Comparative Analysis of Machine Learning Techniques for URL Phishing Detection," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 18495–18501, Dec. 2024. DOI: https://doi.org/10.48084/etasr.8920

H. Ghalechyan, E. Israyelyan, A. Arakelyan, G. Hovhannisyan, and A. Davtyan, "Phishing URL detection with neural networks: an empirical study," Scientific Reports, vol. 14, no. 1, Oct. 2024, Art. no. 25134. DOI: https://doi.org/10.1038/s41598-024-74725-6

M. Alsaedi et al., "Cyber Threat Intelligence-Based Malicious URL Detection Model Using Ensemble Learning," Sensors, vol. 22, no. 9, Apr. 2022. DOI: https://doi.org/10.3390/s22093373

J. K. S. Kaitholikkal and B. Anthi, "Phishing URL dataset." Mendeley Data, Apr. 02, 2024.

"Malicious URLs dataset." Kaggle, [Online]. Available: https://www.kaggle.com/datasets/sid321axn/malicious-urls-dataset.

"Cyber threat intelligence dataset 2024." National Cyber and Crypto Agency (private, provided under formal institutional request), 2024.