Abstract
The rapid expansion of malicious websites poses a critical threat to online security, as conventional blacklist-based and manual inspection methods cannot keep pace with evolving attacks. In this study, we present a hybrid detection framework that integrates ensemble learning models, Random Forest, Extreme Gradient Boosting, and Light Gradient Boosting with a Deep Neural Network to distinguish malicious from benign websites accurately. The framework leverages a large-scale dataset of 63,191 URLs, combining application-layer attributes (such as URL structure, server type, and WHOIS data) with network-layer features (including TCP exchanges, DNS queries, and packet statistics). Dimensionality reduction is achieved through Principal Component Analysis, while model explainability is provided by SHapley Additive exPlanations. To enhance predictive performance, hyperparameters are tuned using two recent metaheuristic algorithms: the Weevil Damage Optimization Algorithm and the Energy Valley Optimizer. A rigorous k-fold cross-validation strategy confirms the robustness and generalization capability of the model. Experimental results demonstrate that the optimized hybrid framework surpasses individual classifiers, delivering high accuracy, strong scalability, and interpretability. This work contributes to proactive cybersecurity defenses by offering a reliable, data-driven, and explainable solution for real-time malicious website detection.