Integrated Random Forest over Network-Based Firewall Implementation on Mikrotik Network for Phishing Filtering

Abstract

Phishing attacks have escalated significantly, necessitating robust yet cost-effective network security solutions. Addressing the limitations of static blocking in Mikrotik and the prohibitive costs of dedicated hardware firewalls, this paper proposes an automated filtering system that integrates the Random Forest Machine Learning algorithm with Mikrotik architecture via a Python-based RouterOS API. The proposed system enables dynamic monitoring of DNS caches to automatically identify and block phishing domains through firewall drop rules. Experimental evaluation involved feature selection, offline validation, and real-world deployment. Results demonstrate that the 10-feature model delivers the optimal balance between accuracy and latency, achieving 90% accuracy with an average classification time of 11.5 seconds. In live network testing, the system successfully detected and mitigated phishing threats within 7 to 21 seconds. While CPU utilization increased by 7-40% during active detection, memory efficiency remained stable. This study validates that integrating Random Forest with Mikrotik offers an adaptive, scalable, and economical solution for network-based phishing prevention.