A Machine-Learning Based Approach for Detecting Phishing URLs

Abstract

This research’s focus is to utilize different machine learning classification models to predict whether a given URL is a legitimate or a phishing URL. A legitimate URL directs users to a benign authentic webpage and typically serves the user’s request. In contrast, a phishing URL directs users to a fraudulent website, usually impersonating another entity, luring visitors to believe otherwise, and eventually allowing the attacker to perform limitless post-exploitation attacks. Given the little-to-no internet safety awareness of average individuals, this paper aims to take an adaptive approach to detect phishing URLs on the client-side, which can significantly protect users from falling victims to cyber-attacks such as stealing important personal credentials. The proposed approach is to build a machine-learning powered tool that can help individuals stay safe and assist security researchers in identifying patterns and relations that correlate to these attacks, which will help maintain high-security standards for everyday internet users. Finally, the proposed model yielded a 97% detection accuracy using the XGBoost classifier and the random forest classifier.