Detecting malicious websites using machine learning models by incorporating both lexical and network-based features. | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Detecting malicious websites using machine learning models by incorporating both lexical and network-based features. Daniel Kwadwo Nterful, Richard Appiah, David Ezejimofor This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6256091/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract The utilization of blacklists is a commonly used approach for detecting malicious websites. However, blacklists have limitations as they lack comprehensive information and cannot be easily updated to include newly discovered harmful websites. To enhance security and reduce vulnerability to these attacks, it is crucial to employ techniques that can automatically identify and manage newly emerging malicious websites. In this regard, machine learning models offer a promising solution. By utilizing eight different machine learning models, namely Random Forests (RF), Decision Trees (DT), Logistic Regression (LR), Naive Bayes (NB), K-Nearest Neighbors (KNN), Support Vector Machines (SVM), XGBoost, and LightGBM, it is possible to detect and classify malicious websites effectively. These models leverage the power of machine learning algorithms to analyze various features and patterns associated with malicious URLs, enabling accurate identification and proactive defense against such threats. Additionally, it investigates the application of ensemble methods, particularly the Stacking method, to create a brand-new model known as DKN. The study explores the experimental assessment, including the dataset source, feature extraction, and evaluation measures, and presents the architecture of the DKN model. The outcomes show how well the suggested models and the ensemble DKN stacking model predict the characteristics of URLs. The paper looks at methods like downsampling and oversampling to enhance model performance as well as the problem of imbalanced datasets. By investigating the fusion of several variables and machine-learning models to produce precise predictions, the research makes a contribution to the field of malicious website identification. Artificial Intelligence and Machine Learning Machine learning Feature Extraction Detection Malicious URL Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6256091","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":430692190,"identity":"758b553a-dd95-4cc5-b1ba-3f5cc5bc316d","order_by":0,"name":"Daniel Kwadwo Nterful","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABAUlEQVRIiWNgGAWjYPACCyhtwyDDD6ITCghqkQBiZiBOY+CRbABpMSBFi8EBkAAeLfztPWYPf1RIyJnP7j/4uCLhMI/x+dWJHx4YMMjzix3AbvyZM+bGPGckjGXuHGY2PAPUYnbj7WYJoMMMZ85OwKrFQCLHTJqxTSJxhkQym2TjD5CWsxtAWhIMbuPWIvnzH1gL+88GkMNmnN38g5AWCd4GiC2MIC0G/L3b8NoiceZYmTTPMQljCYlkY8mGhHQeiRu82ywSDCRw+oW/vXmb5I8aGzkJicSHHxsSrOX4+89uvvmjwkaeXxq7FmwWg1VKEKscbPEBUlSPglEwCkbBCAAA2jJWp9HPKuwAAAAASUVORK5CYII=","orcid":"","institution":"Takoradi Technical University-TTU (Directorate of ICT Services)","correspondingAuthor":true,"prefix":"","firstName":"Daniel","middleName":"Kwadwo","lastName":"Nterful","suffix":""},{"id":430692191,"identity":"70088d74-8d15-4398-b714-64531e0fa940","order_by":1,"name":"Richard Appiah","email":"","orcid":"","institution":"Takoradi Technical University-TTU (Computer Science Department)","correspondingAuthor":false,"prefix":"","firstName":"Richard","middleName":"","lastName":"Appiah","suffix":""},{"id":430692192,"identity":"4324d998-31ee-478b-8585-04a935607e8b","order_by":2,"name":"David Ezejimofor","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABG0lEQVRIie3QMUsDMRQH8FcOborNmhv8Dk8OROnhfZUcB9dFcO3gEChmErp26FcQnJwTAtfloOuJg4jQqciNTmpiOxw0WEfB/EkgvOQHLw8gJOQvRtlFvk9aAGQAdFuP7Ca/IRVAIqPDpHdlCdYHyHDZnKgNZDkdmJv7jmdX6fOsZjAZFYLeKR9JmkvUC6iiRGj5OOfV+UMdxQyacSHYG/cRVBU3BEyMSsuno3eDp44MpLGkQS9ZrR35JLkjhBtMpSMfP5C2VJYohrAjGDsiLKG3XpK0r0ovsESmtn9BVpfpGa/HqWTES4arYtptJhc5nS/XrZ0Y0ql+abvr0fGM+hvbtWc3U72CG1XMvAPrhYq9itp/FRISEvIf8wU9GGjVTh2ZPgAAAABJRU5ErkJggg==","orcid":"","institution":"Takoradi Technical University-TTU (Directorate of ICT Services)","correspondingAuthor":true,"prefix":"","firstName":"David","middleName":"","lastName":"Ezejimofor","suffix":""}],"badges":[],"createdAt":"2025-03-18 20:33:25","currentVersionCode":1,"declarations":{"humanSubjects":true,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":true,"humanSubjectConsent":true,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":true,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-6256091/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6256091/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":78867070,"identity":"eeaa187c-8254-47c9-93f3-2bcdb2bbc707","added_by":"auto","created_at":"2025-03-20 04:27:25","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":491612,"visible":true,"origin":"","legend":"","description":"","filename":"Detectingmaliciouswebsitesusingmachinelearning.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6256091/v1_covered_2a935ce4-c6e2-43a5-96ba-77b749322bdd.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eDetecting malicious websites using machine learning models by incorporating both lexical\u003c/p\u003e\n\u003cp\u003eand network-based features.\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"Takoradi Technical University-TTU","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Machine learning, Feature Extraction, Detection, Malicious URL","lastPublishedDoi":"10.21203/rs.3.rs-6256091/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6256091/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eThe utilization of blacklists is a commonly used approach for detecting malicious websites. However, blacklists have limitations as they lack comprehensive information and cannot be easily updated to include newly discovered harmful websites. To enhance security and reduce vulnerability to these attacks, it is crucial to employ techniques that can automatically identify and manage newly emerging malicious websites. In this regard, machine learning models offer a promising solution. By utilizing eight different machine learning models, namely Random Forests (RF), Decision Trees (DT), Logistic Regression (LR), Naive Bayes (NB), K-Nearest Neighbors (KNN), Support Vector Machines (SVM), XGBoost, and LightGBM, it is possible to detect and classify malicious websites effectively. These models leverage the power of machine learning algorithms to analyze various features and patterns associated with malicious URLs, enabling accurate identification and proactive defense against such threats. Additionally, it investigates the application of ensemble methods, particularly the Stacking method, to create a brand-new model known as DKN. The study explores the experimental assessment, including the dataset source, feature extraction, and evaluation measures, and presents the architecture of the DKN model. The outcomes show how well the suggested models and the ensemble DKN stacking model predict the characteristics of URLs. The paper looks at methods like downsampling and oversampling to enhance model performance as well as the problem of imbalanced datasets. By investigating the fusion of several variables and machine-learning models to produce precise predictions, the research makes a contribution to the field of malicious website identification.\u003c/p\u003e","manuscriptTitle":"Detecting malicious websites using machine learning models by incorporating both lexical\nand network-based features.","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-03-20 04:19:18","doi":"10.21203/rs.3.rs-6256091/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"f16c4f84-effc-4819-be2a-3100fe3155c7","owner":[],"postedDate":"March 20th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":45872801,"name":"Artificial Intelligence and Machine Learning"}],"tags":[],"updatedAt":"2025-03-20T04:19:19+00:00","versionOfRecord":[],"versionCreatedAt":"2025-03-20 04:19:18","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-6256091","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6256091","identity":"rs-6256091","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.