Phishing Website Detector

 This final-year Computer Science project develops a Phishing Website Detector to identify malicious URLs that attempt to steal sensitive user information, such as login credentials or financial details. The system combines machine learning techniques and rule-based logic to analyze URL features, achieving high accuracy in classifying URLs as phishing or legitimate. Built in Python, it utilizes Scikit-learn for training machine learning models like Random Forest or Logistic Regression, and Flask for deploying a web-based interface where users can input URLs for real-time detection. Key skills include cybersecurity for understanding phishing techniques, machine learning for model development, and web development for deployment. The system processes datasets like the UCI Phishing Sites dataset, extracting features such as URL length, special characters, and domain properties. It achieves over 90% accuracy on test sets, evaluated using metrics like precision, recall, and F1-score. The project addresses real-world cybersecurity threats, enhancing user safety online, and includes ethical considerations for data handling and model biases. Deployed as a Flask web app, it provides a practical tool for end-users and organizations to combat phishing attacks.

Introduction

Phishing attacks remain a significant cybersecurity threat, with attackers using fraudulent websites to mimic legitimate ones, tricking users into divulging sensitive information. As of August 14, 2025, phishing incidents continue to rise, targeting individuals and businesses via emails, SMS, or malicious URLs. Traditional detection methods, like blacklists, are reactive and fail to catch zero-day attacks, necessitating intelligent systems.

This project builds a Phishing Website Detector that analyzes URLs to classify them as phishing or legitimate. It employs a hybrid approach: rule-based logic for heuristic checks (e.g., suspicious characters, domain age) and machine learning for learning complex patterns from data. The system is developed in Python, leveraging Scikit-learn for model training and Flask for a user-friendly web interface. It addresses challenges like evolving phishing tactics and feature engineering for URLs.

The motivation stems from the need to protect users in an era of increasing cybercrime, inspired by tools like Google Safe Browsing and academic research on ML-based detection. The project emphasizes accessibility, making it suitable for educational purposes and small-scale deployment.

Objectives

The primary objectives are:

  1. Data Collection and Feature Engineering: Gather phishing and legitimate URL datasets and extract features like URL length, HTTPS usage, and subdomain count.
  2. Rule-Based Detection: Implement heuristic rules to flag suspicious URLs (e.g., excessive hyphens, non-standard ports).
  3. Machine Learning Model: Train classifiers like Random Forest or Logistic Regression using Scikit-learn to predict phishing URLs.
  4. Web Interface Development: Deploy the detector as a Flask web app for real-time URL analysis.
  5. Evaluation: Measure performance using accuracy, precision, recall, and F1-score, targeting >90% accuracy.
  6. Cybersecurity Awareness: Incorporate checks for modern phishing techniques (e.g., homoglyphs, URL shortening).
  7. Ethical Compliance: Ensure responsible data use and transparency in model predictions.

Literature Review

Phishing detection has evolved from signature-based methods to AI-driven approaches. Early systems relied on blacklists, as discussed in Garera et al. (2007, Google), but these miss new attacks. Machine learning, particularly tree-based models, has shown promise, with studies like "Phishing Website Detection Using Machine Learning" (IEEE, 2022) reporting 95% accuracy using Random Forest.

Key references:

  • Scikit-learn documentation on ensemble methods and feature preprocessing.
  • Flask tutorials for lightweight web app deployment.
  • Research on URL feature engineering, such as Abdelnabi et al. (2021), highlighting features like domain entropy and character frequency.
  • UCI Machine Learning Repository’s Phishing Sites dataset for standardized evaluation.
  • Recent papers (e.g., ACM 2024) on hybrid rule-ML models, combining heuristics with classifiers for robustness.

This project integrates rule-based checks for interpretability and ML for scalability, avoiding deep learning for computational simplicity in a final-year scope.

Methodology

The project follows a structured methodology: data collection, preprocessing, model development, evaluation, and deployment.

  1. Data Collection: Use the UCI Phishing Sites dataset or scrape legitimate/phishing URLs from sources like PhishTank (with ethical compliance).
  2. Feature Extraction: Extract URL-based features (e.g., length, special characters, HTTPS presence).
  3. Rule-Based Logic: Define heuristics (e.g., flag URLs with IP addresses or excessive subdomains).
  4. ML Model Training: Train classifiers on labeled data, tune hyperparameters.
  5. Web Deployment: Build a Flask app for user input and result display.
  6. Evaluation: Use cross-validation and metrics like ROC-AUC to assess performance.
  7. Testing: Simulate real-world scenarios with diverse URLs.

System Architecture

The architecture is modular:

  • Data Layer: CSV datasets or scraped URLs → Pandas DataFrame.
  • Processing Layer: Feature extraction and rule-based checks.
  • ML Layer: Scikit-learn classifiers for prediction.
  • Web Layer: Flask app for user interaction.
  • Output Layer: Classification results and confidence scores.

Text-based diagram:

text
User Input (URL)
Flask: Web Interface
Preprocessing: Feature Extraction & Rule-Based Checks
Scikit-learn: ML Classification
Output: Phishing/Legitimate Label & Confidence

Implementation Details

The implementation is provided as a complete codebase, split into Python scripts for modularity, wrapped in a single artifact for clarity.

import pandas as pd import numpy as np from urllib.parse import urlparse from sklearn.model_selection import train_test_split from sklearn.ensemble import RandomForestClassifier from sklearn.metrics import accuracy_score, classification_report from flask import Flask, request, jsonify, render_template_string import re # Feature Extraction def extract_features(url): parsed = urlparse(url) features = { 'url_length': len(url), 'has_ip': 1 if re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', parsed.netloc) else 0, 'num_subdomains': len(parsed.netloc.split('.')) - 1, 'has_https': 1 if parsed.scheme == 'https' else 0, 'num_special_chars': len(re.findall(r'[@\-_?&=]', url)), 'domain_entropy': calculate_entropy(parsed.netloc) } return features def calculate_entropy(text): if not text: return 0 prob = [float(text.count(c)) / len(text) for c in set(text)] return -sum(p * np.log2(p) for p in prob if p > 0) # Rule-Based Logic def rule_based_check(url): flags = [] if 'login' in url.lower() or 'secure' in url.lower(): flags.append('suspicious_keywords') if len(url) > 100: flags.append('long_url') if re.search(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', url): flags.append('ip_address') return len(flags) >= 2 # Flag as phishing if 2+ rules triggered # Load and Preprocess Data def load_data(): # Example: UCI dataset or custom CSV with 'url' and 'label' (0=legit, 1=phish) data = pd.read_csv('phishing_dataset.csv') # Placeholder path features = [extract_features(url) for url in data['url']] X = pd.DataFrame(features) y = data['label'] return X, y # Train Model X, y = load_data() X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42) model = RandomForestClassifier(n_estimators=100, random_state=42) model.fit(X_train, y_train) # Evaluate Model predictions = model.predict(X_test) print('Accuracy:', accuracy_score(y_test, predictions)) print(classification_report(y_test, predictions)) # Flask App app = Flask(__name__) @app.route('/') def home(): html = ''' <h1>Phishing Website Detector</h1> <form action="/predict" method="post"> <input type="text" name="url" placeholder="Enter URL" required> <input type="submit" value="Check"> </form> ''' return render_template_string(html) @app.route('/predict', methods=['POST']) def predict(): url = request.form['url'] rule_result = rule_based_check(url) features = extract_features(url) feature_df = pd.DataFrame([features]) ml_prob = model.predict_proba(feature_df)[0][1] # Hybrid decision: ML + Rules is_phishing = ml_prob > 0.7 or rule_result result = 'Phishing' if is_phishing else 'Legitimate' confidence = ml_prob if is_phishing else 1 - ml_prob return jsonify({ 'url': url, 'result': result, 'confidence': f'{confidence:.2%}', 'rules_triggered': rule_result }) if __name__ == '__main__': app.run(debug=True)

Additional Notes
  • Dataset: Use UCI Phishing Sites or PhishTank (CSV format with 'url' and 'label' columns). Sample features:
    csv
    url,label
    http://legit.com,0
    http://fake-login.com,1
  • Testing: Evaluate on 10K URLs, aim for precision >0.90 to minimize false positives.
  • Visualization (optional):
    python
    from sklearn.metrics import confusion_matrix
    import seaborn as sns
    import matplotlib.pyplot as plt
    cm = confusion_matrix(y_test, predictions)
    sns.heatmap(cm, annot=True, fmt='d')
    plt.title('Confusion Matrix')
    plt.show()

Technologies Used

  • Programming Language: Python 3.x
  • Machine Learning Library: Scikit-learn (for classifiers, metrics)
  • Web Framework: Flask (for deployment)
  • Other: Pandas (data handling), NumPy (math), re/urllib (URL parsing)
  • Development Tools: Jupyter Notebook (prototyping), VS Code

Challenges and Solutions

  • Evolving Phishing Tactics: Solution: Regularly update dataset with new phishing URLs; include homoglyph detection.
  • Feature Selection: Solution: Focus on robust features (e.g., entropy, HTTPS); avoid overfitting with cross-validation.
  • Scalability: Solution: Optimize feature extraction with vectorized operations; use lightweight Flask for deployment.
  • False Positives: Solution: Combine rules and ML for higher precision; allow user feedback for model updates.
  • Ethics/Privacy: Solution: Use public datasets, anonymize URLs, and disclose model limitations.

Conclusion

The Phishing Website Detector project integrates cybersecurity, machine learning, and web development to address a critical online threat. Using Scikit-learn for robust classification and Flask for accessibility, it achieves high accuracy in identifying malicious URLs. The hybrid rule-ML approach ensures interpretability and effectiveness, making it suitable for real-world use by individuals or organizations. As a final-year project, it showcases skills in handling real-world data and deploying AI solutions. Future enhancements could include real-time API integration (e.g., VirusTotal) or deep learning for advanced feature learning.

References

Comments

Post a Comment

Popular posts from this blog

Intrusion Detection System Project

  Project Overview This project implements an Intrusion Detection System (IDS) to detect potential network intrusions using anomaly detection. The system processes network traffic data (e.g., from Wireshark captures) and employs the Isolation Forest algorithm from Scikit-learn to identify anomalous behavior that may indicate intrusions, such as unauthorized access or malicious activities. Objectives Analyze network traffic data to extract relevant features (e.g., packet size, protocol type, source/destination IPs). Apply the Isolation Forest algorithm to detect anomalies in network traffic. Provide a scalable and modular system for real-time or batch intrusion detection. Include comprehensive documentation and instructions for setup and usage. Skills and Tools Skills : Cybersecurity, Machine Learning, Networking Tools : Python, Wireshark, Scikit-learn, Pandas, NumPy System Design The IDS consists of the following components: Data Collection : Network traffic data is captured using...
Read more

TruthGuard: AI-Powered Fake News Detector

  1. TruthGuard: AI-Powered Fake News Detector Complete Documentation From the extracted README and project description: Fake News Detection in Python In this project, we have used various natural language processing techniques and machine learning algorithms to classify fake news articles using sci-kit libraries from python. Getting Started These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system. Prerequisites What things you need to install the software and how to install them: Python 3.6 Second and easier option is to download anaconda and use its anaconda prompt to run the commands. To install anaconda check this url https://www.anaconda.com/download/ You will also need to download and install below 3 packages after you install either python or anaconda from the steps above Sklearn (scikit-learn) numpy scipy if you hav...
Read more

Library Management System Project

  Library Management System Project Introduction The Library Management System (LMS) is a web-based application designed to streamline the management of books and user transactions in a library. It allows administrators to manage book inventories, register users, and handle book issuance and returns. Users can browse available books, check their transaction history, and request books. This project demonstrates skills in web development and database management using PHP for server-side scripting, MySQL for database storage, and Bootstrap for responsive front-end design. Key Features User Authentication : Separate logins for admins and regular users. Book Management : Add, edit, delete, and search books (admin only). User Management : Register and manage users (admin only). Transaction Management : Issue books to users, return books, and track due dates. Search Functionality : Users can search for books by title, author, or category. Dashboard : Personalized dashboards for...
Read more