Abstract:

Phishing sounds like fishing (which means to cash fish) is a term used for an attempt to commit financial fraud on the internet. An e-mail scam is carried out on individuals or corporate organizations in an attempt to defraud them by falsely obtaining their sensitive details such as usernames, passwords, credit card information, and account numbers. For example, an email may be sent to an individual and appears with a link to click, such as “click me” showing that the recipient has won a certain amount of money, and thereafter requesting him to provide account information for verification. Unfortunately, the credentials are actually transmitted to a phisher who may exploit the person's account when the receiver sends the account details for validation. This research’s focus is to utilize different machine learning classification models to predict whether a given URL is legitimate or a phishing URL. A legitimate URL directs users to a benign authentic webpage and typically serves the user’s request. In contrast, a phishing URL directs users to a fraudulent website, usually impersonating another entity, luring visitors to believe otherwise, and eventually allowing the attacker to perform limitless post-exploitation attacks. Given the little-to-no internet safety awareness of average individuals, this paper aims to take an adaptive approach to detect phishing URLs on the client-side, which can significantly protect users from falling victims to cyber-attacks such as stealing important personal credentials. The proposed approach is to build a machine-learning powered tool that can help individuals stay safe and assist security researchers in identifying patterns and relations that correlate to these attacks, which will help maintain high-security standards for everyday internet users.

Keywords: