Abstract. Phishing is an attack that is harmful to organizations and individuals in cybersecurity. Many researchers use deep learning techniques to detect phishing. However, the proposed techniques still have shortcomings in terms of performance, especially in detecting unknown attacks, even though they have been developed in such a way. Therefore, to gain a more comprehensive understanding of the current state of research on the use of deep learning to detect phishing, a systematic literature review (SLR) is needed. This SLR aims to identify deep learning techniques, performance measures, overfitting techniques, datasets, parameters, phishing types, and recommendations for future phishing detection research. The method used by SLR consists of a research question and research objective, Search strategy, Inclusion and exclusion criteria, and Data extraction and Analysis. Over the past five years, SLR successfully identified 25 quality articles on phishing detection using deep learning. The contribution of this SLR is to provide insight into the current state of research and identify future research areas of phishing detection using deep learning techniques.

Detection; Deep Learning; Phishing; Systematic Literature Review

N. Altwaijry, I. Al-Turaiki, R. Alotaibi, and F. Alakeel, “Advancing Phishing Email Detection: A Comparative Study of Deep Learning Models,” Sensors, vol. 24, no. 7, p. 2077, Mar. 2024, doi: 10.3390/s24072077.

O. K. Sahingoz, E. BUBEr, and E. Kugu, “DEPHIDES: Deep Learning Based Phishing Detection System,” IEEE Access, vol. 12, pp. 8052–8070, 2024, doi: 10.1109/ACCESS.2024.3352629.

R. Brindha, S. Nandagopal, H. Azath, V. Sathana, G. Prasad Joshi, and S. Won Kim, “Intelligent Deep Learning Based Cybersecurity Phishing Email Detection and Classification,” Comput. Mater. Contin., vol. 74, no. 3, pp. 5901–5914, 2023, doi: 10.32604/cmc.2023.030784.

M. K. Prabakaran, P. Meenakshi Sundaram, and A. D. Chandrasekar, “An enhanced deep learning‐based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders,” IET Inf. Secur., vol. 17, no. 3, pp. 423–440, May 2023, doi: 10.1049/ise2.12106.

K. Thakur, M. L. Ali, M. A. Obaidat, and A. Kamruzzaman, “A Systematic Review on Deep-Learning-Based Phishing Email Detection,” Electronics, vol. 12, no. 21, p. 4545, Nov. 2023, doi: 10.3390/electronics12214545.

N. Q. Do, A. Selamat, O. Krejcar, E. Herrera-Viedma, and H. Fujita, “Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions,” IEEE Access, vol. 10, pp. 36429–36463, 2022, doi: 10.1109/ACCESS.2022.3151903.

C. Catal, G. Giray, B. Tekinerdogan, S. Kumar, and S. Shukla, “Applications of deep learning for phishing detection: a systematic literature review,” Knowl. Inf. Syst., vol. 64, no. 6, pp. 1457–1500, Jun. 2022, doi: 10.1007/s10115-022-01672-x.

B. Kitchenham, O. Pearl Brereton, D. Budgen, M. Turner, J. Bailey, and S. Linkman, “Systematic literature reviews in software engineering – A systematic literature review,” Inf. Softw. Technol., vol. 51, no. 1, pp. 7–15, Jan. 2009, doi: 10.1016/j.infsof.2008.09.009.

S. Wang, S. Khan, C. Xu, S. Nazir, and A. Hafeez, “Deep Learning-Based Efficient Model Development for Phishing Detection Using Random Forest and BLSTM Classifiers,” Complexity, vol. 2020, pp. 1–7, Sep. 2020, doi: 10.1155/2020/8694796.

M. Somesha, A. R. Pais, R. S. Rao, and V. S. Rathour, “Efficient deep learning techniques for the detection of phishing websites,” Sādhanā, vol. 45, no. 1, p. 165, Dec. 2020, doi: 10.1007/s12046-020-01392-4.

T. Rasymas and L. Dovydaitis, “Detection of phishing URLs by using deep learning approach and multiple features combinations,” Balt. J. Mod. Comput., vol. 8, no. 3, pp. 471–483, 2020, doi: 10.22364/BJMC.2020.8.3.06.

J. Feng, L. yang Zou, O. Ye, and J. zhou Han, “Web2Vec: Phishing Webpage Detection Method Based on Multidimensional Features Driven by Deep Learning,” IEEE Access, vol. 8, 2020, doi: 10.1109/ACCESS.2020.3043188.

A. Al-Alyan and S. Al-Ahmadi, “Robust URL phishing detection based on deep learning,” KSII Trans. Internet Inf. Syst., vol. 14, no. 7, pp. 2752–2768, 2020, doi: 10.3837/tiis.2020.07.001.

M. A. Adebowale, K. T. Lwin, and M. A. Hossain, “Intelligent phishing detection scheme using deep learning algorithms,” J. Enterp. Inf. Manag., vol. ahead-of-p, no. ahead-of-print, Jun. 2020, doi: 10.1108/JEIM-01-2020-0036.

R. Yang, K. Zheng, B. Wu, C. Wu, and X. Wang, “Phishing Website Detection Based on Deep Convolutional Neural Network and Random Forest Ensemble Learning,” Sensors, vol. 21, no. 24, p. 8281, Dec. 2021, doi: 10.3390/s21248281.

S. M. Alzahrani, “Phishing Attack Detection Using Deep Learning,” Int. J. Comput. Sci. Netw. Secur., vol. 21, no. 12, pp. 213–218, Dec. 2021, doi: 10.22937/IJCSNS.2021.21.12.31.

L. Tang and Q. H. Mahmoud, “A Deep Learning-Based Framework for Phishing Website Detection,” IEEE Access, vol. 10, pp. 1509–1521, 2022, doi: 10.1109/ACCESS.2021.3137636.

H. Shaiba, J. S. Alzahrani, M. M. Eltahir, R. Marzouk, H. Mohsen, and M. Ahmed Hamza, “Hunger Search Optimization with Hybrid Deep Learning Enabled Phishing Detection and Classification Model,” Comput. Mater. Contin., vol. 73, no. 3, pp. 6425–6441, 2022, doi: 10.32604/cmc.2022.031625.

Y. Ogawa, T. Kimura, and J. Cheng, “Deep-learning-based sequential phishing detection,” IEICE Commun. Express, vol. 11, no. 4, pp. 171–175, Apr. 2022, doi: 10.1587/comex.2021XBL0212.

M. Korkmaz, E. Kocyigit, O. K. Sahingoz, and B. Diri, “A Hybrid Phishing Detection System Using Deep Learning-based URL and Content Analysis,” Elektron. Ir Elektrotechnika, vol. 28, no. 5, pp. 80–89, Oct. 2022, doi: 10.5755/j02.eie.31197.

M. Elsadig et al., “Intelligent Deep Machine Learning Cyber Phishing URL Detection Based on BERT Features Extraction,” Electronics, vol. 11, no. 22, p. 3647, Nov. 2022, doi: 10.3390/electronics11223647.

S.-J. Bu and H.-J. Kim, “Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection,” Electronics, vol. 11, no. 7, p. 1090, Mar. 2022.

M. Almousa, T. Zhang, A. Sarrafzadeh, and M. Anwar, “Phishing website detection: How effective are deep learning-based models and hyperparameter optimization?,” Secur. Priv., vol. 5, no. 6, p. e256, Nov. 2022, doi: 10.1002/spy2.256.

E. Benavides-Astudillo, W. Fuertes, S. Sanchez-Gordon, D. Nuñez-Agurto, and G. Rodríguez-Galán, “A Phishing-Attack-Detection Model Using Natural Language Processing and Deep Learning,” Appl. Sci., vol. 13, no. 9, p. 5275, Apr. 2023, doi: 10.3390/app13095275.

Z. Alshingiti, R. Alaqel, J. Al-Muhtadi, Q. E. U. Haq, K. Saleem, and M. H. Faheem, “A Deep Learning-Based Phishing Detection System Using CNN, LSTM, and LSTM-CNN,” Electronics, vol. 12, no. 1, p. 232, Jan. 2023, doi: 10.3390/electronics12010232.

E. A. Aldakheel, M. Zakariah, G. A. Gashgari, F. A. Almarshad, and A. I. A. Alzahrani, “A Deep Learning-Based Innovative Technique for Phishing Detection in Modern Security with Uniform Resource Locators,” Sensors, vol. 23, no. 9, p. 4403, Apr. 2023, doi: 10.3390/s23094403.

M. Abdullah Alohali et al., “Metaheuristics with deep learning driven phishing detection for sustainable and secure environment,” Sustain. Energy Technol. Assess., vol. 56, p. 103114, Mar. 2023, doi: 10.1016/j.seta.2023.103114.

S. Atawneh and H. Aljehani, “Phishing Email Detection Model Using Deep Learning,” Electronics, vol. 12, no. 20, p. 4261, Oct. 2023, doi: 10.3390/electronics12204261.

F. S. Alsubaei, A. A. Almazroi, and N. Ayub, “Enhancing Phishing Detection: A Novel Hybrid Deep Learning Framework for Cybercrime Forensics,” IEEE Access, vol. 12, pp. 8373–8389, 2024, doi: 10.1109/ACCESS.2024.3351946.