PENINGKATAN DETEKSI PHISHING PADA PORTAL PASIEN DENGAN MODEL TERKALIBRASI

Andi Cahyono; Dwi Indah Purnama; Inkha Ameriza; Rahmat Taufan; Gunadi Gunadi

doi:10.37600/tekinkom.v8i2.2527

Andi Cahyono Informatika Medis, Universitas Sains dan Teknologi Indonesia
Dwi Indah Purnama Informatika Medis, Universitas Sains dan Teknologi Indonesia
Inkha Ameriza Pendidikan Teknologi Informasi, Universitas Sains dan Teknologi Indonesia
Rahmat Taufan Pendidikan Teknologi Informasi, Universitas Sains dan Teknologi Indonesia
Gunadi Gunadi Teknik Informatika, Universitas Sains dan Teknologi Indonesia

DOI: https://doi.org/10.37600/tekinkom.v8i2.2527

Abstract

Phishing attacks that imitate hospital domains pose serious risks to telehealth portals by enabling credential theft and malware delivery. Because false negatives can be more harmful than false positives in healthcare environments, security teams require well-calibrated risk probabilities rather than binary decisions. This study aims to evaluate and improve phishing-URL detection for telehealth portals using probabilistic modeling and calibration. Experiments were conducted on the UCI PhiUSIIL phishing dataset by comparing regularized logistic regression and gradient-boosted trees, with and without probability calibration using Platt scaling and isotonic regression. Model performance was assessed using discrimination and calibration metrics, including Brier score and expected calibration error, and operationalized through cost-sensitive decision thresholds (FN:FP = 5:1, 10:1, 20:1) and a high-specificity setting (≥95%). Results show that calibrated models produce more reliable probability estimates, reduce expected misclassification cost compared with the default 0.5 threshold, and yield higher net benefit in decision-curve analysis. These findings demonstrate that probability calibration enhances both clinical safety alignment and operational decision-making, supporting an auditable block–verify–allow triage strategy for telehealth security systems.

References

[1] H. Belani and K. Fišter, “Who should do what to help mitigate cyber threats in health care: narrative review of practical approaches and actionable recommendations,” Int. J. Health Gov., vol. 30, no. 3, pp. 282–292, Jul. 2025, doi: 10.1108/IJHG-03-2025-0030.
[2] E. Okewu, S. Misra, G.-P. Le, L.-Q.-N. Ho, and Q.-T. Pham, “Multi-factor Authentication Healthcare Data Security Framework and SDG 3,” in Computational Intelligence in Engineering Science, N. T. Nguyen, V. H. Pham, T. D. Tran, T.-P. Hong, Y. Manolopoulos, N. A. Le Khac, and P. T. Tin, Eds., Cham: Springer Nature Switzerland, 2026, pp. 335–348. doi: 10.1007/978-3-031-98161-6_25.
[3] E. Filiopoulou, G. Dede, G. Fragiadakis, S. Evangelatos, T. Stamati, and T. Kamalakis, “Prioritizing Cybersecurity Controls for SDG 3: An AHP-Based Impact–Feasibility Assessment Framework,” Appl. Sci., vol. 15, no. 19, p. 10669, Oct. 2025, doi: 10.3390/app151910669.
[4] M. Ndiaye, R. G. Saade, and H. Liu, “Understanding the impact of digitalization transition of Senegal and its implication on human health and wellbeing,” Glob. Transit., vol. 8, no. 1, pp. 37–55, May 2026, doi: 10.1016/j.glt.2025.09.002.
[5] G. H. Djatmiko, O. Sinaga, and S. Pawirosumarto, “Digital Transformation and Social Inclusion in Public Services: A Qualitative Analysis of E-Government Adoption for Marginalized Communities in Sustainable Governance,” Sustainability, vol. 17, no. 7, p. 2908, Jan. 2025, doi: 10.3390/su17072908.
[6] B. Umamageswari, M. Jeba Malar, K. Anandhi, and M. Sindhuja, “Real-Time Phishing URL Detection by using XGBoost and Google Safe Browsing API,” in Proc. Int. Conf. Soft Comput. Secur. Appl., ICSCSA, Institute of Electrical and Electronics Engineers Inc., 2025, pp. 186–191. doi: 10.1109/ICSCSA66339.2025.11171104.
[7] G. B. Sambare, G. Pawar, S. Vhanamane, T. Sonar, and O. Gouroji, “Phishing URL Detection: A Comprehensive Survey of Machine Learning Approaches,” in Lect. Notes Networks Syst., Springer Science and Business Media Deutschland GmbH, 2026, pp. 415–423. doi: 10.1007/978-3-032-06662-6_41.
[8] T. Patel and D. Rathod, “Automated AI framework for Malicious URL detection through enhanced feature extraction,” J. Comput. Virol. Hacking Tech., vol. 22, no. 1, p. 4, Nov. 2025, doi: 10.1007/s11416-025-00581-1.
[9] W. Du, Q. Huang, and R. Xu, “Follow the vine to get the melon: A deep framework for blockchain phishing fraud detection,” Decis. Support Syst., vol. 199, p. 114555, Dec. 2025, doi: 10.1016/j.dss.2025.114555.
[10] A. Prasad and S. Chandra, “PhiUSIIL: A diverse security profile empowered phishing URL detection framework based on similarity index and incremental learning,” Comput. Secur., vol. 136, p. 103545, Jan. 2024, doi: 10.1016/j.cose.2023.103545.
[11] W. A. Yousef, I. Traore, and W. Briguglio, “Classifier Calibration: With Application to Threat Scores in Cybersecurity,” IEEE Trans. Dependable Secure Comput., vol. 20, no. 3, pp. 1994–2010, 2023, doi: 10.1109/TDSC.2022.3170011.
[12] Y. Xiao, H. Shao, and B. Liu, “Evaluating calibration of deep fault diagnostic models under distribution shift,” Comput. Ind., vol. 171, 2025, doi: 10.1016/j.compind.2025.104334.
[13] “JMIR Public Health and Surveillance - Machine Learning Applications in Population and Public Health: Guidelines for Development, Testing, and Implementation.” Accessed: Nov. 29, 2025. [Online]. Available: https://publichealth.jmir.org/2025/1/e68952
[14] J. Jang, H. J. Lee, N. Navab, and S. T. Kim, “PRADA: Protecting and Detecting Dataset Abuse for Open-Source Medical Dataset,” in Medical Image Computing and Computer Assisted Intervention – MICCAI 2025, J. C. Gee, D. C. Alexander, J. Hong, J. E. Iglesias, C. H. Sudre, A. Venkataraman, P. Golland, J. H. Kim, and J. Park, Eds., Cham: Springer Nature Switzerland, 2026, pp. 463–473. doi: 10.1007/978-3-032-05185-1_45.
[15] “End-to-end deep learning for smart maritime threat detection: an AE–CNN–LSTM-based approach | Scientific Reports.” Accessed: Nov. 29, 2025. [Online]. Available: https://www.nature.com/articles/s41598-025-19450-4
[16] G. Vargas-Solar et al., “Experiversum: An Environment for Curating Data-Driven Experimental Sciences,” in New Trends in Database and Information Systems, P. K. Chrysanthis, K. Nørvåg, K. Stefanidis, Z. Zhang, E. Quintarelli, and E. Zumpano, Eds., Cham: Springer Nature Switzerland, 2026, pp. 98–107. doi: 10.1007/978-3-032-05727-3_10.
[17] R. Sathish et al., “Transforming Business Strategies with AI-Driven Predictive Analytics and Ethical Data Practices,” in Applied Informatics, H. Florez and D. Peluffo-Ordoñez, Eds., Cham: Springer Nature Switzerland, 2026, pp. 191–206. doi: 10.1007/978-3-032-07175-0_13.
[18] N. Sharma and P. G. Shambharkar, “Multi-attention DeepCRNN: an efficient and explainable intrusion detection framework for Internet of Medical Things environments,” Knowl. Inf. Syst., vol. 67, no. 7, pp. 5783–5849, Jul. 2025, doi: 10.1007/s10115-025-02402-9.
[19] A. J. Vickers and F. Holland, “Decision curve analysis to evaluate the clinical benefit of prediction models,” Spine J., vol. 21, no. 10, pp. 1643–1648, Oct. 2021, doi: 10.1016/j.spinee.2021.02.024.
[20] G. Zamagni and G. Barbati, “Integrating Calibration into the Evaluation of Clinical Utility: A Proposal for a Weighted Net Benefit,” Epidemiol. Biostat. Public Health, Sep. 2025, doi: 10.54103/2282-0930/29535.
[21] Z.-E. Khene et al., “Application of Machine Learning Models to Predict Recurrence After Surgical Resection of Nonmetastatic Renal Cell Carcinoma,” Eur. Urol. Oncol., vol. 6, no. 3, pp. 323–330, Jun. 2023, doi: 10.1016/j.euo.2022.07.007.
[22] M. Al-Hawawreh, Z. Baig, and S. Zeadally, “Resilient Intrusion Detection Models for Closed Control-Loop in Cyber-Physical Systems: Combating Adversarial Examples,” IEEE Internet Things Mag., vol. 8, no. 1, pp. 73–80, Jan. 2025, doi: 10.1109/IOTM.001.2400068.
[23] “Cyber Threats in the Pharmaceutical Industry: A Deep Dive Into Recent Attacks and Future Implications | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Jan. 25, 2026. [Online]. Available: https://ieeexplore.ieee.org/document/11053755
[24] D. Saxena et al., “Secure Resource Management in Cloud Computing: Challenges, Strategies and Meta-Analysis,” IEEE Trans. Syst. Man Cybern. Syst., vol. 55, no. 4, pp. 2897–2912, Apr. 2025, doi: 10.1109/TSMC.2025.3525956.
[25] H. Yadav and K. Jhajharia, “URL- Based Phishing Detection Using Catboost,” in 2025 IEEE 7th International Conference on Computing, Communication and Automation (ICCCA), Nov. 2025, pp. 1–6. doi: 10.1109/ICCCA66364.2025.11325141.