Integrated Random Forest over Network-Based Firewall Implementation on Mikrotik Network for Phishing Filtering

Phishing attacks have escalated significantly, necessitating robust yet cost-effective network security solutions. Addressing the limitations of static blocking in Mikrotik and the prohibitive costs of dedicated hardware firewalls, this paper proposes an automated filtering system that integrates the Random Forest Machine Learning algorithm with Mikrotik architecture via a Python-based RouterOS API. The proposed system enables dynamic monitoring of DNS caches to automatically identify and block phishing domains through firewall drop rules. Experimental evaluation involved feature selection, offline validation, and real-world deployment. Results demonstrate that the 10-feature model delivers the optimal balance between accuracy and latency, achieving 90% accuracy with an average classification time of 11.5 seconds. In live network testing, the system successfully detected and mitigated phishing threats within 7 to 21 seconds. While CPU utilization increased by 7-40% during active detection, memory efficiency remained stable. This study validates that integrating Random Forest with Mikrotik offers an adaptive, scalable, and economical solution for network-based phishing prevention.

Cognitive Security, Firewall Automation, Mikrotik, Phishing Filtering

1. Cloudflare, "What is phishing? | Phishing attack prevention," Cloudflare Learning Center. [Online]. Available: https://www.cloudflare.com/learning/access-management/phishing-attack/. [Accessed: Jan. 23, 2026]. [Google Scholar] [Crossref]

2. Petrosyan, "Number of phishing domain names worldwide from 1st quarter 2013 to 4th quarter 2024," Statista, Sep. 1, 2025. [Online]. Available: https://www.statista.com/statistics/266155/number-of-phishing-domain-names-worldwide/. [Google Scholar] [Crossref]

3. RocketMeUpNetworking, "Next-Generation Firewalls (NGFW) — Beyond Traditional Security Measures," Medium, Oct. 28, 2024. [Online]. Available: https://medium.com/@RocketMeUpNetworking/next-generation-firewalls-ngfw-beyond-traditional-security-measures-d2ebe6dcab8b. [Google Scholar] [Crossref]

4. RevoU, "Apa itu Mikrotik? Pengertian, Fungsi, dan Jenisnya," RevoU.co. [Online]. Available: https://www.revou.co/kosakata/Mikrotik. [Google Scholar] [Crossref]

5. H. P. Fitrian, F. Dani, I. Fadilah, R. D. Fauzan, and M. R. Ardhyansyah, "Implementasi Mikrotik firewall sebagai solusi filtering situs judi online dalam jaringan," JATI (Jurnal Mahasiswa Teknik Informatika), vol. 9, no. 1, pp. 1685–1691, 2025. DOI: 10.36040/jati.v9i1.12781. [Google Scholar] [Crossref]

6. B. Māris, "API Implementation Details," Mikrotik Documentation, Feb. 27, 2025. [Online]. Available: https://help.Mikrotik.com/docs/spaces/ROS/pages/47579160/API. [Google Scholar] [Crossref]

7. T. Jason, "Prediksi phishing menggunakan machine learning support vector, dan random forest," Undergraduate Thesis, Informatics Dept., Petra Christian University, Surabaya, Indonesia, 2024. [Online]. Available: https://dewey.petra.ac.id/digital/view/59221. [Google Scholar] [Crossref]

8. Mostafavi, "Farah_phishing Dataset, Version 1," Kaggle Datasets, Nov. 2024. [Online]. Available: https://www.kaggle.com/datasets/akrammostafavi/farah-phishing. [Google Scholar] [Crossref]

9. D. Kurniawan, Pengenalan Machine Learning dengan Python, 6th ed. Jakarta, Indonesia: Elex Media Komputindo, 2020. [Google Scholar] [Crossref]

• The Impact of Ownership Structure on Dividend Payout Policy of Listed Plantation Companies in Sri Lanka
• Urban Sustainability in North-East India: A Study through the lens of NER-SDG index
• Performance Assessment of Predictive Forecasting Techniques for Enhancing Hospital Supply Chain Efficiency in Healthcare Logistics
• The Fractured Self in Julian Barnes' Postmodern Fiction: Identity Crisis and Deflation in Metroland and the Sense of an Ending
• Impact of Flood on the Employment, Labour Productivity and Migration of Agricultural Labour in North Bihar