Adaptive Control-Based Phishing Detection with Model-Based Learning under Feature Drift

Phishing attacks are perpetrated using pages and text messages that closely mimic the appearance and behavior of authentic online platforms [1]. At present, both the scale and diversity of automated phishing kits and the systematic reuse of phishing attack templates have substantially increased [2]. As such, conventional fixed-rule detection systems, that are developed using decision rules from historical datasets, are structurally vulnerable to these changes. This is because such models fail to detect the new features that are characteristic of present-day phishing attacks [3, 4]. Recent studies on phishing trends and cybercrime response further show that prevention and detection remain constrained by evolving attack timing, user-facing deception, and response latency [5, 6]. AI-driven email-security research also links phishing defense to scalable big-data analysis of mail streams [7]. Perpetrators also systematically exploit the structure of uniform resource locators (URLs) as well as embedded links. This method successfully overcomes legacy filters, that depend on familiar lexical patterns [8]. Web-based threat-signal studies using predictive analytics and feature attribution similarly confirm that URL and page-level indicators remain central to phishing discrimination [9]. Fixed-rule detection systems are also vulnerable to feature-level drift as they lack adaptive capabilities. This is because, as the statistical correlation between the input features and the class labels change across the batches, they produce higher false-positive or false-negative rates [10]. As such, these vulnerabilities remain a constant challenge for system designers [8].

The same deployment problem is visible in broader AI-security and security-control literature, including cyber-physical systems, maritime-security AI, and ERP-integrated IoT environments, where data-source quality, operational context, and control reliability affect practical adoption [11-13]. System designers use two types of approaches to address these challenges, namely, (1) static machine and deep learning models and (2) drift-aware and adaptive approaches. Static machine and deep learning models perform very accurately when tested using curated benchmark datasets. However, the feature representations, decision thresholds, and parameters of these models cannot be adjusted when the input distribution changes [14-18]. Meanwhile, drift-aware and adaptive approaches use re-training, feature substitution, and weight adjustments to, partially, overcome these limitations. However, these solutions are reactive and lack coordinated, closed-loop regulation at the feature, decision, and parameter levels [19]. Therefore, such systems fail to simultaneously manage input representation drift, rising false-positive rates, and unstable gradients.

As such, the present study proposed an adaptive control (AC)-based phishing detection framework that uses a controlled, dynamic process that adheres to structured feedback laws. It, primarily, differs from extant models in terms of architecture. More specifically, standard machine learning models learn a fixed map from historical datasets, while drift-aware approaches react and adapt, but do not implement simultaneous coordinated, closed-loop regulation at the feature, decision, and parameter levels. Meanwhile, the proposed AC-based phishing detection framework uses (i) feature-level correction to decrease deviation from the benign manifold when the input distribution changes; (ii) dynamic threshold adaptation to regulate false-positive behavior according to the error rates; and (iii) parameter-level controlled updates to create gradients using drift-sensitive gain matrices. Furthermore, these three control layers operate within a unified stability monitoring function to provide a measurable indicator of adaptation at the system-level.

The proposed AC-based phishing detection framework is more than just a classification model. It is also a detection tool that can be integrated into existing security systems. Phishing attacks target users, primarily, via entry points, such as emails, web searches, and network gateways. Adaptive approaches can be implemented at each of these attack entry points. For instance, the proposed AC-based phishing detection framework can be implemented in an email filtering pipeline, a secure web gateway, or a network monitoring platform. At these entry points, it will receive the raw messages or request data, extract unified feature representations, produce calibrated phishing probability (pt) scores, and feed operational error signals back to maintain stable phishing attack detection even when the input distributions change. Therefore, the proposed AC-based phishing detection framework satisfies demand for safety and security by providing constant, reliable protection in environments with ever-changing feature distributions.

The research questions of the present study include (1) can a control-guided model adapt its detection decisions when phishing behaviors change across the batches? (2) how does structured feature tracking facilitate stable phishing detection when feature distributions change? (3) how does updating controlled parameters decrease error accumulation and improve the robustness of detecting hitherto unknown phishing attacks?

The rest of the present study is organised as follows. Section 2 evaluates extant phishing detection models and identifies research gaps, while Section 3 describes the proposed AC-based phishing detection framework. Section 4 discusses the datasets used in the present study as well as the feature extraction process and experiment settings. Section 5, on the other hand, analyses and compares the performance of the proposed AC-based phishing detection framework with that of other approaches, while Section 6 provides the conclusion and directions for future research.

The proposed AC-based phishing detection framework operates across three levels, namely, (1) feature representation correction, (2) decision threshold adaptation, and (3) parameter updates. It uses a unified representation of URL, HTML, behavioral, and linguistic cues, as well as structured feedback laws to maintain stable phishing detection, even when input distributions change across the batches.

In a multi-stage security processing pipeline, the proposed AC-based phishing detection framework would occupy the detection and adaptation layers. At the input stage, raw artefacts, such as email messages, hypertext transfer protocol requests, and URL submissions from the mail transfer agent, web proxy, or network sensor, are passed to a feature extraction module. The normalised representation (x_t) is processed by a feature-level AC block, before it is sent to a multilayer perceptron (MLP)-based detector. Here, the pt is evaluated against the adaptive threshold (${{\tau }_{t}}$) to generate a binary decision. Messages classified as phishing content are quarantined or flagged for review, while other traffic proceeds uninterrupted. At the end of each batch processing cycle, the parameter-level AC block uses a controlled gradient to update the detector weights, then includes the newly-labelled samples in the framework sans full re-training.

Figure 1. The architecture of the proposed adaptive control-based phishing detection framework

Figure 1 depicts the architecture of the proposed AC-based phishing detection framework. As seen, the features of incoming samples are extracted and added to the base layers of the AC. The feature-level AC block modifies the sample representations according to the drift behavior, then the threshold-level AC block moderates the decision boundary fluctuations when the false-positive rate changes. The parameter-level AC block then conditions the framework’s updates according to the drift conditions. These controlled signals are fed into the model-based detector to yield the final decision. Lastly, the output layer generates alerts, performance metrics, and logs of the framework’s behavior.

It illustrates the vertical workflow of the processes, namely, the acquisition of raw input via feature extraction and fusion, the feature-level control, the threshold-level control, the parameter-level control, the final decision, and the performance logging. The dashed feedback paths indicate closed-loop signals that link the output layer to each AC block.

3.1 Notation and base mapping

Each incoming-sample-at-time (t) is segregated into three feature groups, namely, (1) URL features (x^url,t), (2) HTML features (x^html,t), and (3) behavioral features (x^beh,t). Eq. (1) is then used to link these feature groups into a single raw feature vector:

$z_t=\left[\begin{array}{lll}x^{\text {url }} & x_t^{\text {html }} & x_t^{\text {beh }}\end{array}\right] \in \mathbb{R}^d$    (1)

where, ${{z}_{t}}$ is the linked raw input vector, the superscript (⊤) denotes vector transposition and is used only to indicate that the feature sub-vectors are concatenated into a single column-oriented raw feature vector, and d is the dimension of the total features. A scaling operator (S(·)) is then used to yield a normalised vector:

${{x}_{t}}=S\left( {{z}_{t}} \right)$       (2)

where, ${{x}_{t}}\in {{\mathbb{R}}^{d}}$ may be produced by zero-mean unit-variance standardisation or robust percentile-based scaling. The S(·) is only added at the training phase and at the inference. No test-set statistics are used in the normalisation stage. The model-based detector then maps x_t to a scalar detection score (s_t) using a parametric function:

${{s}_{t}}={{f}_{\theta }}\left( {{{\tilde{x}}}_{t}} \right)$       (3)

which might be a shallow neural unit or another differentiable mapping. Eq. (3) defined the internal activation before probability conversion. The parameter vector θ collected all trainable weights. The choice of fθ(·) remained flexible, since the AC design acted outside this mapping. This separation preserved generality while keeping a clear model structure. The pt then follows a logistic map:

${{p}_{t}}=\sigma \left( {{S}_{t}} \right)=\frac{1}{1+exp\left( -{{s}_{t}} \right)}$        (4)

where, ${{p}_{t}}$ ∈ (0, 1) and $\sigma \left( {{S}_{t}} \right)$ are the standard logistic sigmoid functions. This probability interacts with the ${{\tau }_{t}}$ in Section 3.4 and yields a smooth, differentiable surface for gradient-based parameter updates.

3.2 Base detection model and architectural specification

The function fθ(·), seen in Eq. (3), is implemented as a tri-layer MLP with fully linked layers. A deliberately shallow architecture was used to ensure that the AC laws handled the feature drift instead of the representational depth. It was also used to ensure reproducibility on hardware with limitations.

The input is the controlled feature vector (x̃_t∈ ℝ^d) from the feature-level AC block (Section 3.3). The first hidden layer then maps the d-dimensional input to 256 units, with a rectified linear unit. The second hidden layer reduces it to 128 units, with the help of yet another rectified linear unit. A dropout layer (rate = 0.3) is applied after each hidden layer during the training phase. The output layer comprises a single linear unit, yielding s_t, per Eq. (3), with pt obtained using Eq. (4).

The training comprises binary cross-entropy loss (Eq. (13)) with the Adam optimisation algorithm, at a learning rate of 1 × 10⁻³ and default momentum of 0.9 and 0.999. The standard Adam adaptive gradient optimisation is not applied directly. Instead, the raw gradient (g_t) (Eq. (14)) passes through the parameter-level AC block and yields the controlled update ($u_{t}^{\theta }$) (Eq. (15)). This is then applied, as per Eq. (16). The training is conducted in small batches of 32 samples each for, at most, 100 epochs. It is stopped early if the validation loss fails to improve after 10 consecutive epochs. The weights are initialised using the He uniform scheme. Ridge regression, at a coefficient of 1 × 10⁻⁴, is applied to all the fully linked layers. All the experiments were conducted using Python© 3.10, with PyTorch© 2.1, on a workstation equipped with an Intel© Core™ i7 processor, 32 gigabytes of random-access memory, and an NVIDIA© GeForce RTX™ 3060 graphics processing unit.

The base classifier, the MLP, is architecturally distinct from the three AC layers. The feature-level AC block transforms x_t into x̃_t upstream in the network, and the threshold-level AC block adjusts ${{\tau }_{t}}$ downstream of the sigmoid output, without modifying the network’s weights. Lastly, the parameter-level AC block conditions each weight update using the gain matrix ($K_{t}^{\theta }$) before it is applied to θ. The three control layers do not add learnable parameters to the base model to ensure clean architectural separation between the classifier and the control mechanism.

3.3 Feature-level adaptive control

3.3.1 Benign reference and feature error

The proposed AC-based phishing detection framework records a running estimate of the benign feature centre ($\mu _{t}^{b}$ ∈ ℝ^d), which tracks the expected number of representations of legitimate samples. When a sample is labelled benign (y_t = 0), the reference is updated using an exponential moving average:

$\mu _{t}^{b}=\left( 1-\beta  \right)\mu _{t-1}^{b}+{{\beta }_{xt}}\ ,\ \ \ \ \ {{y}_{t}}=0$        (5)

where β ∈ (0,1) is the benign-based reference learning rate. Here, when y_t = 1, it indicates phishing. The feature error is then calculated using Eq. (6):

$e_{t}^{x}={{x}_{t}}-\mu _{t}^{b}$       (6)

where $e_{t}^{x}$ ∈ ℝ^d is the size of the displacement of the current sample from the benign manifold. A large ‖$e_{t}^{x}$‖ indicates that the location of the sample is far away from expected benign structure.

3.3.2 Feature control input and corrected representation

A feature correction input ($u_{t}^{x}$) is then computed to adjust the sample representation, before it is sent to the classifier:

$u_t^x=-K_t^x e_t^x$        (7)

where, $K_t^x \in \mathbb{R}^{d \times d}$ is a positive semi-definite feature gain matrix. The negative integer ensures that the correction moves in the opposite direction of the displacement, away from the benign centre. The corrected feature vector that is sent to the classifier is then:

$\tilde{x}_t=x_t+u_t^x$       (8)

where, x̃_t replaces x_t as the input to fθ(·) in Eq. (3). The gain matrix then adapts using a rank-one update:

$K_{t+1}^x=K_t^x+\eta_x e_t^x\left(e_t^x\right)^T$        (9)

where η_x > 0 is the gain adaptation rate. This rank-one update increases the gain along the feature dimensions, where displacement from the benign centre will occur the most. It also concentrates corrective efforts where the most drift has occurred.

The label-conditional updating, that occurs in Step 3, ensures that the benign reference is not contaminated by phishing-labelled samples. The rank-one gain update, that occurs in Step 7, concentrates corrective efforts on feature dimensions that have been repeatedly displaced. This serves as the foundation for the stability analysis described in Section 3.6.

3.4 Threshold-level adaptive control

3.4.1 Dynamic decision threshold

Here, the detector applies a time-varying ${{\mathcal{T}}_{t}}$ to the ${{p}_{t}}$:

$\hat{y}_t= \begin{cases}1, & \mathfrak{p}_t \geq \mathcal{T}_t \\ 0, & \mathfrak{p}_t<\mathcal{T}_t\end{cases}$     (10)

where, $\hat{y}_t$ ∈ {0, 1} is the predicted label. A positive tracking error, relative to the target false-positive rate, will increase the threshold, while a negative tracking error will decrease it:

$e_{t}^{\tau }=\phi _{t}^{fp}-~{{\phi }^{target}}$        (11)

where, $\phi _{t}^{fp}~$is the false-positive rate, estimated over a sliding window of length (W), and ${{\phi }^{target}}~$is the specified target. The integral-form threshold update rule is described in Eq. (12):

${{\tau }_{t+1}}={{\tau }_{t}}+{{k}_{\tau }}\,e_{t}^{\tau }$       (12)

where ${{K}_{\tau }}$ > 0 is the threshold adaptation gain. In practice, ${{\tau }_{t}}$ is limited to a safe operating interval to prevent the occurrence of boundary positions that are below the transient noise.

Algorithm 2 then adjusts the threshold based on the observed false-positive feedback. The sliding window then stabilises the estimate against short-term fluctuations. It is noteworthy that the threshold does not need to be manually recalibrated when it is implemented.

3.5 Parameter-level adaptive control

The parameter-level AC block minimises a binary cross-entropy loss at each time step:

${{L}_{t}}=-\left[ {{y}_{t}}log\left( {{p}_{t}} \right)+\left( 1-{{y}_{t}} \right)log\left( 1-{{p}_{t}} \right) \right]$       (13)

where, ${{L}_{t}}$ ∈ ℝ ≥ 0 is the cross-entropy loss determined using x̃_t from Eq. (8). The gradient of the loss with respect to θ is:

${{g}_{t}}={{\nabla }_{\theta }}{{L}_{t}}$        (14)

In a feature drift condition, g_t can indicate high variance or oscillatory behavior. This renders unconditioned gradient steps unreliable. Therefore, a parameter-level control input is used to moderate this:

$u_{t}^{\theta }\ =\ -K_{t}^{\theta }{{g}_{t}}$         (15)

where, $K_{t}^{\theta }$∈ℝ^p×p is a drift-sensitive parameter gain matrix. The gain is specified in a drift-damped form to ensure that the update magnitude is damped when the distributional drift is high and returns to a standard fixed-rate gradient step when the drift vanishes:

$K_{t}^{\theta }=\frac{K_{0}^{\theta }}{1+{{\eta }_{\theta }}{{D}_{t}}}~{{I}_{p}}~,~{{\theta }_{t+1}}={{\theta }_{t}}+u_{t}^{\theta }$        (16)

where, η_θ > 0 is the parameter-gain damping rate, D_t is the drift magnitude defined in Eq. (17), and $K_{0}^{\theta }$ is the nominal drift-free gain. When D_t increases, the effective gain $K_{t}^{\theta }$ decreases, thereby damping parameter updates under distributional drift. When D_t → 0, $K_{t}^{\theta }$approaches $K_{0}^{\theta }$. The second part of Eq. (16) applies the resulting controlled update to θ.

Algorithm 3 combines drift information from the feature-level AC block, before sending it to the parameter update step, to retain learning strength while ensuring that the destabilising parameter does not increase when the inputs change.

3.6 Drift quantification and stability function

The proposed AC-based phishing detection framework defines the D_t based on the movement of the benign feature centre ($\mu _{t}^{b}$ ∈ ℝ^d) over a W to clearly calculate the distributional change:

${{D}_{t}}=\mu _{t}^{b}-\mu {{_{t-w}^{b}}_{2}}$        (17)

where, D_t ∈ ℝ≥0 is the scalar drift magnitude, $\mu _{t}^{b}$ is the current benign centre, $\mu _{t-w}^{b}$ is the benign centre over a W from the previous step, and ‖·‖ is the Euclidean norm. As a high D_t will trigger an equally strong adaptation in $K_{t}^{x}$, Eq. (16) is used to calculate an equally damped effective parameter gain. The composite stability monitoring function is described in Eq. (18):

${{V}_{t}}={{\left( e_{t}^{} \right)}^{T}}Pe_{t}^{}+{{\lambda }_{T}}{{\left( e_{t}^{} \right)}^{2}}+{{\text{ }\!\!\lambda\!\!\text{ }}_{\theta }}{{g}_{t}}_{2}^{2}$        (18)

where, P ∈ ℝ^d×d is the positive-definite weighting matrix and λ_τ, λ_θ > 0 are the scalar weights. Here, Eq. (18) is used as an engineering monitoring metric, not a formal Lyapunov certificate. It aggregates feature displacement errors, threshold tracking errors, and gradient energy into a single scalar indicator of the state of the system-level adaptation. Eq. (19) describes a practical stability requirement:

${{V}_{t+1}}\ -\ {{V}_{t}}\le \ -\delta {{V}_{t}}$        (19)

where, δ > 0 is a user-specified decay parameter. Eq. (19) requires the stability function (V_t) to consistently decrease when the drift is within bounds. It also determines the learning rates and gain matrices during the experiments.

5.1 Evaluation strategy and overall performance

5.1.1 Evaluation protocol

The purpose of the evaluation was to determine how the proposed AC-based phishing detection framework adjusted its behavior in relation to the changing input patterns of Dataset 1, Dataset 2, and Dataset 3. All the datasets were subjected to single feature extraction, which yielded a single-structured representation comprising URL, HTML, behavioral, and text cues. The data was segregated into batches to approximate real-world drift conditions and observe the performance of the proposed AC-based phishing detection framework across different input distributions. Each batch of data passed through the feature-, threshold-, and parameter-levels’ control units. The effect of each level was determined by examining the corrected features, threshold movements, and controlled parameter updates. Apart from that, the accuracy, precision, recall, and F1 score were recorded, alongside the batch-level drift magnitudes, false-positive rates, and stability function values.

As shown in Figure 2, the workflow processes Dataset 1, Dataset 2, and Dataset 3 through a common feature extractor, followed by parallel baseline and adaptive-control evaluation paths. Batch-level performance, drift, and stability metrics are then logged for comparative analysis.

Figure 2.  Evaluation workflow of the proposed framework

5.1.2 Performance comparison with existing studies

The fixed-rule baseline model processed the unified feature space sans AC. As such, its performance plummeted as the URL, HTML, and behavioral cues drifted across the batches. However, the feature correction, threshold offsets, and controlled parameter updates used in the proposed AC-based phishing detection framework yielded higher accuracy, precision, recall, and F1. The most significant improvements were seen when processing Dataset 1 and Dataset 2, where the feature-level AC block decreased the structural drift most effectively. When processing Dataset 3, the recall improved significantly as the feature controller corrected the linguistic variations.

As shown in Figure 3, a comparison of the classification performances of the strongest published results and the proposed AC-based phishing detection framework across Dataset 1, Dataset 2, and Dataset 3.

Figure 3. Comparison of literature and proposed method performance across datasets

As seen in Figure 3, the proposed AC-based phishing detection framework achieved the highest and most consistent performance in terms of accuracy, precision, recall, and F1. Operationally, this balanced metric profile is more valuable than isolated accuracy improvements as it reflects reliable detection behavior, instead of performance that has been optimised for a single criterion using a fixed testing dataset.

Table 3 compares the strongest literature results with the proposed adaptive control-based phishing detection framework across the three evaluation datasets.

Table 3. Comparison between strongest literature results and the proposed adaptive control method

Note: * Pub: ranges as reported in prior studies; protocols may differ. Prop: proposed method (this work).

5.2 Adaptive control behavior under feature drift

5.2.1 Feature-level adaptive control

The feature-level controller decreased the size of the displacement between the incoming feature vectors and the benign centre. Therefore, it stabilised the decision boundaries when the URL and HTML patterns changed across the batches. Apart from that, the drift responses confirm that the adjustment decreased the effects of irregular lexical and structural changes. It also improved the separation between phishing and benign samples when the distributions were changing.

Table 4 describes how drift behavior changed after applying feature-level control, and Figure 4 presents the drift magnitude across batches for both stages. The behavior before control showed larger changes in the benign feature centre. The adaptive feature block reduced these movements and stabilised the drift curve. This stability supported more consistent feature representations during detection.

The batch-wise D_t (Eq. (17)) of Dataset 1 before and after the feature-level AC was implemented.

Table 4. Feature drift behavior before and after feature-level control

Figure 4. Drift response before and after feature-level control

As seen in Figure 4, before the AC were implemented, the inter-batch variation of the Dt was significant, particularly in the early batches of Dataset 1 and Dataset 2. However, after the feature-level AC block was implemented, the drift curve was smoother and the trajectory of the amplitude was lower. This decrease was consistently observed in Dataset 1, Dataset 2, and Dataset 3. Therefore, the mechanism was generalised across URL-, webpage-, and text-based phishing environments.

5.2.2 Threshold-level adaptive control

The interactions of the feature- and threshold-level AC blocks were assessed by comparing the results when both the AC blocks were implemented simultaneously and when each AC block was implemented on its own. When both the AC blocks were implemented, the feature-level AC block stabilised the input representations, while the threshold-level AC block reinforced it. This was done by adjusting the decision boundary in relation to the residual false-positive behavior that prevailed even after the feature correction. Across most of the batches of Dataset 1 and Dataset 2, the false-positive rates were lower, and the recall was higher when both the AC blocks were implemented. Therefore, both the AC blocks are complementary, rather than redundant. In Dataset 3, however, where false-positive monitoring cannot be performed, the feature-level AC block was the primary stabiliser, while the threshold-level AC block had no effect due to the absence of benign samples. Therefore, the performance of the proposed AC-based phishing detection framework plummets gracefully when one of the AC blocks cannot be implemented.

5.2.3 Effect of the threshold-level adaptive control block

The threshold-level AC block modified the decision boundary in relation to variations in the false-positive rate at the batch-level. In Dataset 1 and Dataset 2, both of which contain phishing and benign samples, the threshold-level AC block increased the threshold when the false-positive ratio exceeded the target and vice versa. Therefore, it adjusts the sensitivity without destabilising the results. In Dataset 3, which contains only phishing messages, the threshold-level AC block yielded consistent recall across linguistic variations. Therefore, it is still valuable, even when false-positive monitoring is unavailable.

Table 5. Batch-wise threshold adjustment using Dataset 1 and Dataset 2

The batch-wise threshold results are presented in Table 5, showing that the adaptive threshold remained close to the fixed threshold of 0.50 while adjusting slightly across batches in response to changes in the false-positive rate.

A comparison of the evolution of the τt in Dataset 1, Dataset 2, and Dataset 3, and the fixed baseline threshold (0.50).

Figure 5 illustrates the closed-loop threshold behavior. As seen, in the initial batches, where the false-positive rate exceeded the target, the threshold was > 0.50 (Eq. (12)). However, as the false-positive rate stabilised, the threshold decreased to restore sensitivity. Furthermore, as the trajectory was smooth and bounded, it proves that the threshold-level AC block dampens short-term noise without producing unstable oscillations. This would decrease the likelihood of unnecessary quarantines occurring in operational filtering systems.

Figure 5. Adaptive movement of the decision threshold across batches

5.2.4 Parameter-level control and stability behavior

The V_t (Eq. (18)) was monitored across all the batches to evaluate the combined effect of feature correction, threshold adjustment, and parameter updates. In Dataset 1 and Dataset 2, the stability decreased across the batches. This indicates that the AC blocks compensate for changing URL and HTML structures. Furthermore, sans adaptation, the stability curve was jagged due to the uneven movement of the benign centre, the irregular false-positive behavior, and the unstable gradients. However, when all three AC blocks were implemented, the stability curve was smoother and less jagged. Apart from that, in Dataset 1, Dataset 2, and Dataset 3, the stability decreased monotonically or nearly- monotonically. Therefore, the controlled drift behavior matched the improvements in accuracy, precision, and recall. Comparison with fixed-threshold and static-update studies is integrated into the stability analysis below.

Extant studies, that used fixed thresholds or static parameter updates, reported erratic phishing detection behavior when the feature distribution changed. They also reported higher false-positive rates and lower recall scores when the URL, HTML, or text patterns changed across the batches. Meanwhile, the proposed AC-based phishing detection framework yielded smoother decisions in Dataset 1, Dataset 2, and Dataset 3. More specifically, the feature-level AC block decreased drift-induced displacement, the threshold-level AC block stabilised the decision boundary, while the parameter-level AC block attenuated gradient oscillations. The comparative patterns across studies are summarised in Table 6.

Table 6. Contrast between behavior reported in prior studies and the adaptive framework

Figure 6 proves the stability of the proposed AC-based phishing detection framework. Instability values were calculated as (1 − F1). More specifically, the instability values were 0.0086, 0.0112, and 0.0246, respectively, in Dataset 1, Dataset 2, and Dataset 3. Therefore, its detection behavior was consistent across all phishing modalities. Meanwhile, extant studies reported higher detection behavior instability. Therefore, fixed-rule models are more sensitive to changes in distribution.

Figure 6. Instability comparison across evaluation datasets

5.3 Dataset-wise, ablation, and error analysis

5.3.1 Dataset-wise performance behavior

Dataset 1, Dataset 2, and Dataset 3 were subjected to unified feature representation. The accuracy, precision, recall, and F1 of the proposed AC-based phishing detection framework were, respectively, 99.12, 99.24, 99.05, and 99.14% in Dataset 1; 98.87, 99.03, 98.74, and 98.88% in Dataset 2; and 97.56, 97.92, 97.18, and 97.54% in Dataset 3. Therefore, the feature-level AC block adjusted the representations in relation to the dataset-specific drift patterns, the threshold-level AC block regulated the false-positive behavior in the two datasets that contain benign samples, and the parameter-level AC block shaped the learning response during the irregular update sequences.

As seen in Figure 7, the performance of the proposed AC-based phishing detection framework was consistently high and balanced in Dataset 1, Dataset 2, and Dataset 3. The precision was slightly higher than the recall in all three datasets. This indicates that the threshold-level AC block moderates the false-positive rate. Furthermore, the narrow spread between the accuracy, precision, recall, and F1 confirms that the proposed AC-based phishing detection framework does not sacrifice recall for accuracy or vice versa. Table 7 reports the dataset-wise accuracy, precision, recall, and F1-score obtained by the proposed framework.

Figure 7. Dataset-wise performance of the proposed framework

Table 7. Performance of the proposed system across evaluation datasets

5.3.2 Ablation analysis of adaptive control blocks

The purpose of the ablation study was to isolated the effect of each AC block. The feature-level AC block decreases distributional drift and improves phishing-benign segregation in the URL and HTML cues. Meanwhile, the threshold-level AC block stabilises false-positive behavior and smooths decision boundaries in datasets that contain both sample types. Lastly, the parameter-level AC block reduces gradient oscillations and produces more stable weight updates. Therefore, in combination, they yield the highest accuracy, precision, recall, and F1 scores and the most stable behavior under drift conditions in Dataset 1, Dataset 2, and Dataset 3. Table 8 summarizes the ablation behavior of the feature-level, threshold-level, and parameter-level adaptive control components, and Table 9 presents the main misclassification patterns observed across the three datasets.

Table 8. Ablation behavior of adaptive components

Table 9. Misclassification patterns observed across datasets

5.3.3 Misclassification and error patterns

The false positives observed in Dataset 1 were primarily due to benign webpages that contain long, redirect chains or embedded scripts that resembled phishing patterns. Meanwhile, Dataset 2 contains benign pages that have extended lexical forms or nested HTML tags, which led to, occasional, confusion due to their structural similarity with phishing pages. Lastly, the false negatives observed in Dataset 3 were primarily due to messages that used alert-style phrasing, which is common in legitimate service notifications. However, it is noteworthy that the feature-level AC block mitigated these errors by adjusting the representations in relation to changes in the lexicon or structure, the threshold-level AC block stabilised the decisions when the benign samples fluctuated across the batches, and the parameter-level AC block decreased gradient noise in samples that contain variable cue distributions.

5.4 Robustness, runtime, and generalisation

5.4.1 Robustness under drift conditions

In Dataset 1, Dataset 2, and Dataset 3, the observed drifts were primarily due to changes in the URL structure and embedded redirect behavior; changes to longer lexical forms, HTML depth, and webpage composition; and changes in the linguistic markers used in phishing phrases, respectively. However, it is noteworthy that the feature-level AC block decreased the size of the displacement by adjusting the representations in relation to movements in the benign sample, the threshold-level AC block stabilised the decision boundaries when the benign cues changed in Dataset 1 and Dataset 2, and the parameter-level AC block decreased gradient fluctuations during irregular input sequences. Therefore, in combination, they successfully maintained stable predictions under ever-changing drift conditions in Dataset 1, Dataset 2, and Dataset 3. Table 10 summarizes the observed drift behavior and the corresponding adaptive response of each control component.

Table 10. Drift behavior and the response of adaptive components

5.4.2 Runtime and computational behavior

Two distinct measurement conventions were used to assess runtime. Firstly, a per-sample inference delay, which comprised the forward pass of the base classifier and the lightweight control updates, was executed at prediction time. This was found to be 12 microseconds per sample. Secondly, a drift-handling delay, which is the end-to-end time required to detect drifts and apply corrective actions at the pipeline level. The ±18 seconds reported by Reda et al. [19] was for the latter, not the per-request inference time. Their serving performance was under 50 microseconds at p99. Therefore, as these two figures measure different operational stages, they cannot be directly compared. Table 11 reports the runtime behavior of the proposed method and compares it with the available operational results reported in the literature.

Table 11. Runtime behavior of the proposed method compared with available results

Note: BL = baseline (fixed threshold, no control), P-Inf = proposed (control during inference only), P-Upd = proposed (control + online model update per batch), N/R = not reported. Mean/p95/p99 refer to per-sample inference latency (prediction path).

5.4.3 Cross-dataset generalisation behavior

The proposed AC-based phishing detection framework processed samples from three structurally distinct datasets using the same unified feature space. This ensured stable predictions even when the structure of the inputs changed. More specifically, the feature-level AC block decreased the size of the displacement from distinct lexical or structural cues, the threshold-level AC block adjusted the decisions when the benign cues changed in Dataset 1 and Dataset 2, and the parameter-level AC block maintained stable updates when the sequence of the cues varied. Therefore, in combination, they decreased sensitivity to dataset-specific structures and supported generalisation across URL-, webpage-, and text-based phishing environments. It is noteworthy that the present study did not perform cross-dataset evaluation, such as training using one dataset or testing on a structurally distinct one. As such, cross-dataset evaluation is identified as essential future research in Section 6.2.

Table 12 summarizes the cross-dataset generalisation behavior and the adaptive response observed across URL-, webpage-, and text-based phishing environments.

Table 12. Cross-dataset generalisation behavior and adaptive response

5.5 Performance comparison with state-of-the-art models

The performance of extant phishing detection models, that use fixed thresholds or static parameter updates, often plummeted when the feature distributions changed. However, the performance of the proposed AC-based phishing detection framework remained consistent throughout feature corrections, threshold adaptations, and controlled parameter updates. Table 13 compares the performance of the proposed AC-based phishing detection framework with that of extant phishing detection models.

Table 13. Comparison of the proposed adaptive system with existing phishing detection models

Figure 8 positions the proposed AC-based phishing detection framework within the current performance landscape. As seen, it was accurate 99.12% of the time. As previously mentioned, the delay figures seen in Table 13, more specifically, the 12 ms per-sample inference time of the proposed AC-based phishing detection framework and the 18 second drift-handling delay reported by Reda et al. [19] measure different operational stages. Therefore, they cannot be directly compared. It is, however, noteworthy that the broader value of the proposed AC-based phishing detection framework lies in its ability to yield competitive detection accuracy as well as controlled adaptation, stable threshold behavior, and bounded parameter dynamics.

Figure 8. A comparison of the accuracy, precision, recall, and F1 scores of the best extant phishing detection models and the proposed AC-based phishing detection framework

5.6 Overall stability behavior

In Dataset 1, Dataset 2, and Dataset 3, the proposed AC-based phishing detection framework was able to yield steady decision patterns sans abrupt fluctuations, even when the distribution of the URL, HTML, or text cues changed across the batches. It was also able to yield uniform prediction patterns when the structure and lexicon changed. Therefore, the proposed AC-based phishing detection framework does not rely on any single dataset-specific feature. This consistent performance matches the results of the quantitative stability-function analysis (Section 5.6) and affirms the detection reliability of the proposed AC-based phishing detection framework. The supporting system-level stability observations are summarized in Table 14.

Table 14. System-level stability behavior across datasets

5.7 Critical interpretation of reported performance

The accuracy, precision, recall, and F1 score of the proposed AC-based phishing detection framework in Dataset 1, Dataset 2, and Dataset 3 were high. It reached 99.12% in Dataset 1, 98.87% in Dataset 2, and 97.56% in Dataset 3. It is noteworthy that several dataset-level factors contributed to these figures. Firstly, Dataset 1, Dataset 2, and Dataset 3 are publicly available. They are curated datasets of phishing and benign samples that have been labelled in controlled conditions. Furthermore, Dataset 1 and Dataset 2 contain structured URL and HTML attributes, with relatively high inter-class separability, while Dataset 3 contains greater linguistic variability as it is categorised according to urgency, authority, and persuasion, which would explain its slightly lower scores. Secondly, as these datasets are structured and curated, the accuracy, precision, recall, and F1 score of the proposed AC-based phishing detection framework reflect its performance under controlled input conditions. Therefore, its performance should not be generalised to live deployment environments, where the phishing content is more diverse, the labels are noisier, and the benign traffic is more contextually variable.

In terms of the integrity of the evaluation, the validation subset was set aside before any model fitting, feature normalisation, threshold initialisation, or adaptive parameter update. The S(·) was also fitted exclusively on the training set and frozen before inference. Therefore, the validation subset statistics did not influence any normalisation or scaling parameters. Furthermore, the benign reference centre (μtb) was only updated on the training set. Therefore, none of the test-set label information could have influenced any of the AC components. These procedural safeguards were undertaken to substantially decrease the risk of information leakage. However, as the samples in Dataset 1, Dataset 2, and Dataset 3 were drawn from related phishing domains, they have overlapping structural feature vocabularies. As such, there is a possibility that pre-existing inter-sample correlations led to optimistic performance estimates. Therefore, this uncertainty is a, potential, limitation of the present study.

Apart from that, the present study did not perform cross-dataset evaluation, such as training using one dataset or testing on a structurally distinct one. Therefore, future research could assess cross-dataset generalisation by training the proposed AC-based phishing detection framework using URL-based phishing data and evaluating its performance on text-based datasets. Temporally separated partitions, that simulate concept drifts at longer time periods, could also be constructed to evaluate the performance of the proposed AC-based phishing detection framework. It is believed that such evaluations would affirm the deployment-level robustness of the proposed AC-based phishing detection framework better than benchmarked accuracy alone.

Therefore, the reported results are best interpreted as evidence that the proposed AC-based phishing detection framework yields stable and consistent performance solely under the feature distributions of D Dataset 1, Dataset 2, and Dataset 3. Its primary contribution is its ability (1) to stably detect phishing across sequential batches under feature drift conditions, (2) to control and regulate false-positive behavior, and (3) to maintain consistent gradient dynamics properties that are relevant for security engineering systems that are required to operate reliably under ever-changing input conditions.

The datasets used in this study are publicly available from the UCI Machine Learning Repository [31], Mendeley Data [32], and Kaggle [33].