Detection and Mitigation of Label-Flipping Attacks on Phishing URL Classification Models

Roopesh Kumar B N1, Amulya V2, Anuja V M3, Asiya Naaz4, Chaitra N Kiranagi5
1Associate Professor, Dept of CSE & K S Institute of Technology Bangalore, Karnataka, India

2345Students, Dept of CSE & K S Institute of Technology Bangalore, Karnataka, India

Abstract - Phishing URL detection systems based on machine learning are widely used in modern cybersecurity pipelines. Although these systems can achieve high classification accuracy under clean data conditions, they remain vulnerable to training-time data poisoning. One of the most practical poisoning strategies is label-flipping, where an adversary intentionally changes class labels to corrupt model learning. This work presents a structured study of label-flipping attacks on phishing URL classifiers and introduces a mitigation workflow designed for practical deployment. Using a feature-engineered phishing URL dataset with 11,056 samples, we benchmark Random Forest, Support Vector Machine, Logistic Regression, and voting-based ensemble models. We then inject controlled label noise at multiple poisoning levels and evaluate degradation using accuracy, precision, recall, F1-score, and confusion matrices. Experimental observations indicate that performance drops progressively with higher poisoning ratios, with false negatives increasing in security-critical cases. To address this, we apply a defense pipeline based on suspicious-label screening and sanitized retraining. The defended models recover a significant portion of lost performance and show improved robustness compared with unprotected training. The study highlights that clean-data accuracy alone is insufficient for security evaluation and that poisoning-aware training workflows are essential for trustworthy phishing URL detection.Keywords: Phishing URL Detection, Label-Flipping Attack, Data Poisoning, Random Forest, Ensemble Learning, Adversarial Machine Learning, Cybersecurity, Robust Classification