A phishing website is a common social engineering method that mimics trustful uniform resource locators (URLs) and webpages. The objective of this project is to train machine learning models and deep neural nets on the dataset created to predict phishing websites. Both phishing and benign URLs of websites are gathered to form a dataset and from them required URL and website content-based features are extracted. The performance level of each model is measured and compared.
The set of phishing URLs are collected from opensource service called PhishTank. This service provides a set of phishing URLs in multiple formats like csv, json etc. that gets updated hourly. To download the data: https://www.phishtank.com/developer_info.php. From this dataset, 5000 random phishing URLs are collected to train the ML models.
The legitimate URLs are obtained from the open datasets of the University of New Brunswick: https://www.unb.ca/cic/datasets/url-2016.html. This dataset has a collection of benign, spam, phishing, malware & defacement URLs. Out of all these types, the benign URL dataset is considered for this project. From this dataset, 5000 random legitimate URLs are collected to train the ML models.
The above mentioned datasets are uploaded to the 'DataFiles' folder of this repository.
The below mentioned category of features are extracted from the URL data:
-
Address Bar based Features
In this category 9 features are extracted. -
Domain based Features
In this category 4 features are extracted. -
HTML & Javascript based Features
In this category 4 features are extracted.
The details pertaining to these features are mentioned in the URL Feature Extraction.ipynb notebook.
So, all together 17 features are extracted from the 10,000 URL dataset and are stored in the 5.urldata.csv file in the DataFiles folder.
The features are referenced from the https://archive.ics.uci.edu/ml/datasets/Phishing+Websites.
Before starting the ML model training, the data is split into 80-20 i.e., 8000 training samples & 2000 testing samples. From the dataset, it is clear that this is a supervised machine learning task. There are two major types of supervised machine learning problems: classification and regression.
This dataset comes under classification problem, as the input URL is classified as phishing (1) or legitimate (0).
The supervised machine learning models (classification) considered in this project are:
- Decision Tree
- Random Forest
- Multilayer Perceptrons
- XGBoost
- Autoencoder Neural Network
- Support Vector Machines
All these models are trained on the dataset and evaluation of the model is done with the test dataset.
The detailed explanation of model training is available in the Phishing Website Detection_Models & Training.ipynb notebook.
The slide presentation for this project is included in the repository: Phishing Website Detection by Machine Learning Techniques Presentation.pdf
From the obtained results of the above models, XGBoost Classifier has the highest model performance of 86.4%.
So, the model is saved to the file XGBoostClassifier.pickle.dat.
This project can be further extended by creating a:
- Browser extension
- GUI application
Both will take URL input from users and classify whether it is legitimate or phishing.
Created by CodeWithMehru