International Journal of Computer Science & Programming languages

Phishing is a type of cyber-attack where a fraudulent message is sent by an attacker in order to deceive an individual into revealing sensitive information. The fraudulent message is often designed to mimic a legitimate website or organization, and the attacker can observe the victim's activity on the site. According to the FBI's Internet Crime Complaint Centre, phishing incidents have been recorded at more than twice the rate of any other type of computer crime. In 2022, phishing attacks were the most common type of attack carried out by cybercriminals. The number of phishing attacks reached an alltime high in 2021, with 300,000 attacks recorded in December alone, representing a more than threefold increase from less than 2 years prior. Our aim is to create a chrome extension to detect the Phishing websites and alert the user using machine learning techniques whenever a user visits the website. Whenever a user opens a website on his browser, the extension will work in the background, if the website is detected as phishing website, the user will be alerted with an alert pop up box with an ‘OK’ button. Along with it, the owner of the original website will be informed via email. If the website is not detected as phishing website, then no action will be taken. The project aims to gather URLs from multiple sources, including UCI machine learning repository, Kaggle, Phish Tank, and Alexa URL. We have used various machine learning algorithms along with deep learning algorithms to train the model and it was evaluated on the basis accuracy and on the basis of evaluation function such as recall, F1score, precision. The train/test split rule for dataset were 80/20 respectively. The browser extension was written in JavaScript. The extension contains content.js file which extracts features of URL such as browser popup, use of frames, web traffic, etc. and then applied the algorithm to detect whether the website is legitimate or not.

Fortinet. (2022). 19 Types of Phishing Attacks with Examples. [Online]. Fortinet. Available from: https://www.fortinet.com/resources/cyberglossary/types-of-phishing-attacks

Publish0x.com. A podcast: “Week by week”. [Online]. Available from: https://www.publish0x.com/a-podcast-week-by-week

Patil S, Dhage S. A methodical overview on phishing detection along with an organized way to construct an anti-phishing framework. In 2019 IEEE 5th International Conference on Advanced Computing & Communication Systems (ICACCS). 2019 Mar 15; 588–593.

Yang P, Zhao G, Zeng P. Phishing website detection based on multidimensional features driven by deep learning. IEEE Access. 2019 Jan 11; 7: 15196–209.

Xu Z, Wang H, Jajodia S. Gemini: An emergency line of defense against phishing attacks. In 2014 IEEE 33rd International Symposium on Reliable Distributed Systems. 2014 Oct 6; 11–20.

Mughaid A, AlZu’bi S, Hnaif A, Taamneh S, Alnajjar A, Elsoud EA. An intelligent cyber security phishing detection system using deep learning techniques. Cluster Comput. 2022 Dec; 25(6): 3819–28.

Fette I, Sadeh N, Tomasic A. Learning to detect phishing emails. In Proceedings of the 16th international conference on World Wide Web. 2007 May 8; 649–656.

Bhat VH, Malkani VR, Shenoy PD, Venugopal KR, Patnaik LM. Classification of email using BeaKS: Behavior and keyword stemming. In 2011 IEEE Region 10 Conference (TENCON 2011). 2011 Nov 21; 1139–1143.

Chiew KL, Chang EH, Tan CL, Abdullah J, Yong KS. Building standard offline anti-phishing dataset for benchmarking. Int J Eng Technol. 2018 Dec; 7(4.31): 7–14.

Marchal S, François J, State R, Engel T. PhishStorm: Detecting phishing with streaming analytics. IEEE Trans Netw Service Manag. 2014 Dec 4; 11(4): 458–71.

Zhu E, Chen Y, Ye C, Li X, Liu F. OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network. IEEE Access. 2019 Jun 4; 7: 73271–84.

Shukla S, Sharma P. Detection of phishing URL using Bayesian optimized SVM classifier. In 2020 IEEE 4th International Conference on Electronics, Communication and Aerospace Technology (ICECA). 2020 Nov 5; 1385–1389.

Parthiban R, Abarna V, Banupriya M, Keerthana S, Saravanan D. Web Folder Phishing Discovery and Prevention with Customer Image Verification. In 2020 IEEE International Conference on System, Computation, Automation and Networking (ICSCAN). 2020 Jul 3; 1–5.

Su Y. Research on website phishing detection based on LSTM RNN. In 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). 2020 Jun 12; 1: 284–288.

Saha I, Sarma D, Chakma RJ, Alam MN, Sultana A, Hossain S. Phishing attacks detection using deep learning approach. In 2020 IEEE 3rd International Conference on Smart Systems and Inventive Technology (ICSSIT). 2020 Aug 20; 1180–1185.

Shikalgar S, Sawarkar SD, Narwane S. Detection of URL based phishing attacks using machine learning. Int J Eng Res Tech (IJERT). 2019; 8(11): 537–544.

Javatpoint. (2021). Data Preprocessing in Machine learning. [Online]. JavaTpoint. Available from: https://www.javatpoint.com/data-preprocessing-machine-learning

Javatpoint. (2021). Machine Learning Random Forest Algorithm. [Online]. Javatpoint. Available from: https://www.javatpoint.com/machine-learning-random-forest-algorithm