AI-Driven Malicious URL Detection Using Graph Neural Networks

Abstract: The exponential proliferation of internet-based services has been accompanied by a parallel surge in cyber threats, particularly the distribution of malicious Uniform Resource Locators (URLs). Phishing attacks, financial fraud, and data exfiltration perpetrated through deceptive URLs cause billions of dollars in losses annually. Conventional detection mechanisms—predicated on static blacklists and rule-based filters—exhibit inherent limitations in identifying novel, obfuscated, or zero-day threats. This paper presents an AI-driven URL classification framework that harnesses the representational power of Graph Neural Networks (GNNs) to model inter-URL relational dependencies alongside individual lexical and structural URL features. In the proposed architecture, URLs are encoded as graph nodes and semantic or behavioral relationships between them are captured as weighted edges. A Graph Convolutional Network (GCN) is subsequently trained on a composite dataset aggregated from PhishTank, ISCX-URL2016, and Kaggle malicious URL repositories. Experimental evaluation on a balanced 80/20 train-test split yields an accuracy of 96.8%, precision of 97.1%, recall of 96.4%, and F1-score of 96.7%, outperforming baseline Support Vector Machine (SVM), Random Forest (RF), and Multi-Layer Perceptron (MLP) classifiers by margins of 4–9 percentage points. The system exposes a Flask-based REST API and lightweight web interface, enabling real-time single-URL and batch classification. Results corroborate the hypothesis that relational graph-based modelling substantially improves detection efficacy and generalization, with particular gains on obfuscated and previously unseen URL patterns.

Keywords: URL detection; graph neural network; graph convolutional network; phishing detection; cybersecurity; malicious URL classification; deep learning.