In order to solve the problem of high delay, low efficiency and complex features extraction in the traditional website phishing detection methods, a hybrid algorithm model using LSTM and the random forest was proposed. The model was composed of URL context feature extraction and hybrid features classification. Firstly, a 128-step deep network structure according to the Recurrent Neural Network was built. The experiment data was collected from the open source community, including phishing URLs and benign URLs. The URL data was encoded to a series of sequences with local features by natural language processing technology. The experiment feature sets were composed of the character context features of the URL sequence extracted by LSTM network and non-character sequence features in the traditional detection methods. Secondly, in order to get the best split point of each feature,phishing URLs recognition model was constructed by Random Fores. Then, the URL characters were chosen as the input source.On the one hand, the character sequence feature dimension of the random forest was reduced. On the other hand, in combination with the non-sequential features, the problem of the single detection rule of LSTM algorithm was avoided. In order to verify the validity of the model, a comparison experiment of our model with random forest algorithm and LSTM algorithm was designed, and the time cost of different LSTM training scale was further analyzed. The experiments demonstrated that the hybrid algorithm model provided an accuracy rate of 98.52%, surpassing single LSTM neural network and a single random forest by 3% and 7%. Meanwhile, when LSTM and hybrid model increased the same magnitude of accuracy, the latter had a smaller time cost.The experiment showed that the hybrid model overcame the efficiency problem of the traditional recognition model in feature extraction and recognition. Thus, the hybrid algorithm was suitable for rapid detection undera large of phishing attacks.
