Abstract

Phishing is a type of social engineering where attackers deceive people into revealing sensitive information, or into installing malware onto their computer devices. The information obtained can be used to take ressources (essentially financial) from the victims, or to just prevent the victim from carrying out his activities.

Phishing attacks remain a significant threat to online security, targeting individuals and organizations to extract sensitive information. This project presents a novel approach to phishing website detection utilizing machine learning techniques. The primary objective is to develop an automated system that accurately identifies and flags potential phishing sites based on their features.

To make this more relevant, the automated system incorporates a major aspect of phishing: Emails. Phishing is mostly done through the use of seemingly trusted emails. It is much more likely for a victim to find him/herself on a phishing website if the URL comes from a ‘trustworthy’ email. The system therefore aims to retrieve and classify URLs from the user’s mailbox.

Using a data set comprising legitimate and phishing websites, various machine learning algorithms, including decision trees and support vector machines, were trained and evaluated. Key features such as URL length, use of HTTPS, and domain age were extracted and analyzed to enhance classification accuracy. The model’s performance was rigorously assessed through metrics such as accuracy, precision, and recall.

Results indicate that the proposed machine learning models effectively detects phishing websites with an accuracy of over 93%, demonstrating a significant improvement over traditional detection methods. The findings highlight the potential of machine learning in enhancing cybersecurity measures and provide a foundation for future research in automated phishing detection system.

CHAPTER ONE

GENERAL INTRODUCTION

1.1 Background and Context of the Study

In modern era, we all have to use the internet daily for either work or leisure. Mail services are another must have for any regular internet user, especially for work-related processes.

Phishing is a type of social engineering where attackers deceive people into revealing sensitive information, or into installing malware onto their computer devices. This can all be done using a phishing website and it would be fair to say that all internet users are potential victims of phishing.

The attackers aim to collect sensitive information form the victims so they can gain financial resources and if the victim is an organization, they can prevent the victim from carrying out its activities. Knowing this, it becomes imperative for internet users to be able to protect themselves from these attackers.

Phishing makes use of spoofing which is another cybercrime where the attacker successfully identifies as another by falsifying data. Spoofing makes phishing detection way harder, because there is no way for the regular internet user to be able to tell the difference between a trusted source and an attacker that spoofed someone else.

Mail services such as Gmail, Yahoo etc. All have protocols put in place to ensure that mails received in the users inbox are from a trusted source. However, these protocols do not protect from spoofing/mail forgery. This means that if the attackers can successfully identify as someone else, then he/she can bypass all these protocols and still reach the end user.

1.2 Problem Statement

As stated in the background and context above, there are protocols put in place by Mail service providers to ensure that the mails received by users are from a trusted source. It was also highlighted that once we add spoofing/mail forgery to the phishing equation, it becomes significantly harder to identify a phishing attempt from an attacker.

The problem initially was: «How can phishing websites be successfully identified?». Now that we aware of the dispositions currently in place to detect phishing, it is more accurate to slightly alter the problem statement. It becomes : «How to successfully identify phishing websites despite all the protocols already put in place for phishing detection». This then means that we aim to focus on the shortcomings of these processes to add a protective layer to the layers of phishing detection.

NB: The major shortcoming of these protocols is Mail forgery Detection.

1.3 Objectives of the Study

1.3.1 General Objectives

The primary goal is to develop an automated machine learning model capable of identifying phishing websites and emails based on specific features extracted from       URLs, webpage content and email header data.

1.3.2 Specific Objectives

• Obtain header data
• Train classification models
• Connect to mailbox successfully
• Access the inbox folder
• Successfully retrieve email headers from inbox mails
• Convert the email headers into a data frames that can be used by the trained model for classification
• Successfully retrieve the links in the mail content of said mails
• Convert the links to data frames that can be used by the classification model
• Classify the links into malicious and non malicious
• Blacklist the malicious links and headers and save them for future references

Check out: Computer Engineering Project Topics with Materials