Author
Listed:
- Isaac Kofi Nti
(School of Information Technology, University of Cincinnati, Cincinnati, OH 45221, USA
Information Technology and Analytics Center (ITAC), School of Information Technology, University of Cincinnati, Cincinnati, OH 45221, USA)
- Murat Ozer
(School of Information Technology, University of Cincinnati, Cincinnati, OH 45221, USA
Information Technology and Analytics Center (ITAC), School of Information Technology, University of Cincinnati, Cincinnati, OH 45221, USA)
- Chengcheng Li
(School of Information Technology, University of Cincinnati, Cincinnati, OH 45221, USA)
Abstract
Phishing websites continue to evolve in sophistication, making them increasingly difficult to distinguish from legitimate platforms and challenging the effectiveness of current detection systems. In this study, we investigate the role of subtle deceptive behavioral cues such as mouse-over effects, pop-up triggers, right-click restrictions, and hidden iframes in enhancing phishing detection beyond traditional structural and domain-based indicators. We propose a hierarchical hybrid detection framework that integrates dimensionality reduction through Principal Component Analysis (PCA), phishing campaign profiling using K Means clustering, and a stacked ensemble classifier for final prediction. Using a public phishing dataset, we evaluate multiple feature configurations to quantify the added value of behavioral indicators. The results demonstrate that behavioral indicators, while weak predictors in isolation, significantly improve performance when combined with conventional features, achieving a macro F1 score of 97 percent. Explainable AI analysis using SHAP confirms the contribution of specific behavioral characteristics to model decisions and reveals interpretable patterns in attacker manipulation strategies. This study shows that behavioral interactions leave measurable forensic signatures and provides evidence that combining structural, domain, and behavioral features offers a more comprehensive and reliable approach to phishing intrusion detection.
Suggested Citation
Isaac Kofi Nti & Murat Ozer & Chengcheng Li, 2026.
"Synergistic Phishing Intrusion Detection: Integrating Behavioral and Structural Indicators with Hybrid Ensembles and XAI Validation,"
Future Internet, MDPI, vol. 18(1), pages 1-33, January.
Handle:
RePEc:gam:jftint:v:18:y:2026:i:1:p:30-:d:1833014
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:18:y:2026:i:1:p:30-:d:1833014. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/gam/jftint/v18y2026i1p30-d1833014.html