Software Project Management

Project Proposal and Execution Plan

 Phishing website detection is a crucial aspect of cybersecurity aimed at
identifying fraudulent websites that steal sensitive information like
passwords, financial data, and personal details. These websites often mimic
legitimate sites to deceive users.

 Detecting phishing websites involves analyzing both phishing emails and

the websites they link to by assessing factors such as suspicious URLs,
domain age, and security certificates. Machine learning techniques can help
automate the identification of phishing patterns, providing comprehensive
defense against these threats.
●Phishing attacks are increasingly sophisticated, exploiting human trust and
technological weaknesses to deceive users into sharing sensitive data.
Traditional detection methods are proving inadequate as phishing techniques
evolve. This project seeks to develop an advanced detection system that
analyzes both phishing emails and linked websites to flag potential threats
using indicators like suspicious URLs and urgent language. By integrating
machine learning, the system will continuously adapt to new phishing tactics,
providing a proactive defense against these cyber threats. The goal is to
improve user protection and reduce the prevalence of phishing scams.
●The primary objective of this project is to develop a tool that helps users
avoid phishing websites designed to steal personal information such as
passwords and financial data. The vision is to enhance users' online safety by
enabling them to browse the internet securely without fear of falling victim
to phishing attacks. This detection mechanism aims to build trust between
users and their online tools while maintaining a smooth browsing experience.
●We will integrate key deliverables such as the phishing detection model,
frontend, and testing results into a structured plan. Activities will be divided
among team members, with clear deadlines and milestones guiding the
project's progress.
●Progress will be reported weekly to the client, supervisors, and the steering
committee through brief meetings and written summaries, outlining
completed tasks and future work.
●The final product will be tested by the client using predefined phishing URLs
and test data. The system's detection accuracy will determine whether it
meets the client's expectations. Any necessary improvements will be made
before final acceptance.
●The project will utilize phishing datasets like PhishTank and comply with
data protection policies to ensure system reliability. If necessary, we may
develop a Chrome extension as part of the solution.
Deliverables
● Phishing Detection Tool:

● A fully functional tool available as both a browser extension and web-based

application, using algorithms to detect phishing sites.

● Phishing Database:

● A regularly updated database of known phishing websites.

● Algorithm Documentation:

● Detailed documentation explaining the methods used to identify phishing sites.

● User Guide and Tutorials:

● Comprehensive documentation to help users install and use the tool effectively.
● To achieve these deliverables, the following activities will be executed:

● Research and Requirements Analysis: Study phishing tactics and review current
detection tools.

● Algorithm Development: Develop an algorithm to evaluate various website

elements, integrating machine learning if necessary.

● Frontend and Backend Development: Create an intuitive user interface and a

back-end to handle website analysis.

● Database Management: Manage a database of phishing websites, continuously

updated with new threats.

● Testing and Quality Assurance: Conduct extensive testing to ensure detection

accuracy.
●Research Completion: Finalize the research and requirement gathering.

●Algorithm Design and Prototype: Develop the detection algorithm and

prototype.

●Web App Development: Complete the web app’s frontend and backend.

●Testing and Quality Assurance: Conduct thorough testing of the system.

●Final Product Launch: Official launch of the tool, followed by continuous

updates.
● The project plan is developed in alignment with the assignment description to
ensure feasibility and clarity in project objectives.

 Key components of the project plan include:

● Simultaneous Development: The assignment description and project plan should

be developed concurrently to ensure consistency and clarity in objectives and
deliverables.

● Client Consultation: The assignment description is created in consultation with

the client, ensuring their expectations are clear.

● Flexibility and Adaptability: While the assignment description is typically fixed

once agreed upon, the project plan is dynamic and can evolve based on project
needs and real-time insights.
●Access to Quality Data: We assume reliable access to comprehensive
phishing datasets, such as PhishTank, throughout the project. These datasets
are critical for training and validating the detection model.

●Availability of Team Resources: Each team member is expected to be

available and fully committed to their allocated tasks according to the project
schedule. This includes assuming no unexpected absences or conflicts that
would affect project timelines.

●Required Development Tools: All necessary development tools, including

programming environments, libraries (e.g., Scikit-Learn, TensorFlow), and
version control systems (e.g., Git
● The project organization for the Phishing Website Detection Tool is designed
to promote efficiency, accountability, and collaboration across all phases.
Each member has specific roles and responsibilities to ensure that tasks are
completed on schedule and meet quality standards, while interdependencies
and milestones provide structure to the workflow. Key organizational
elements include team structure, roles, resource allocation, and
communication strategies to maintain project alignment and timely progress.
● The project team is organized to cover all technical, management, and quality
assurance aspects required for a phishing website detection tool. Each member
brings expertise in various areas, allowing for a well-rounded approach to
development, testing, and deployment. The team structure includes:

● Project Manager: Oversees the project, coordinates tasks, and ensures milestones
are achieved.

● Developers: Focus on backend and frontend development for the tool, ensuring
robust and user-friendly functionality.

● Data Scientists: Develop and refine the phishing detection algorithms.

● Quality Assurance (QA): Conducts testing to confirm the tool’s reliability and
accuracy.
● Each role is assigned specific activities and expected deliverables within the project’s timeline:

● Project Manager (Amanuel Tsehay): Oversees planning, manages timelines, and ensures team
members remain aligned with project goals.

● Backend Developer (Obsu Kebede) Develops backend systems for processing phishing
detections and integrates algorithms into the application.

● Frontend Developer (Daniel Asrat): Designs and implements the web interface or browser
extension.

● Database Manager (Bikila Tariku): Gathers and maintains datasets, ensures database updates,
and manages data access for real-time detection.

● UI/UX Designer (Feven Lendu): Designs the user interface, focusing on ease of use and
navigation.

● Quality Assurance (Biruk Amanuel): Tests the system for reliability, compatibility, and
accuracy, ensuring the tool’s quality and functionality.
● Resources are distributed to support a balanced workload and ensure that each project
phase receives the necessary attention. Weekly hours for each member are assigned
based on their expertise and tasks in the development lifecycle:

● Personnel Allocation: Weekly hours for each team member range between 20 to 30,
with roles assigned based on individual expertise.

● Technology and Tools: Python for backend development, JavaScript/HTML/CSS for

frontend design, Scikit-Learn and TensorFlow for machine learning, and Git for
version control.

● Time Allocation: Resources are dedicated to stages like data collection, algorithm
development, interface design, and testing to maintain steady progress toward
milestones.
●The team uses a structured communication plan to ensure transparency,
accountability, and timely decision-making:

●Weekly Meetings: In-person meetings to discuss progress, align tasks, and

troubleshoot.

●Daily Updates: Managed via a Telegram group for immediate coordination

and addressing day-to-day queries.

●Virtual Meetings: Scheduled on Google Meet as needed for remote

coordination.

●Client Updates: Weekly progress emails to inform the client and supervisor,
with monthly check-in meetings to review milestones and receive feedback
●To structure the project, specific activities, dependencies, and milestones are
identified:

●Phases: From goal definition, data gathering, and model development, to

testing and final deployment, each phase has distinct outputs and timelines.

●Dependencies: Key activities, such as the algorithm prototype, depend on

data gathering and research completion. Milestones ensure structured
progression with checkpoints for internal review and potential reassignment
if delays occur.

●Milestones: Major milestones include the completion of research, prototype,

testing, and the final deployment
●Documentation is an integral part of the project to ensure clarity and
alignment:

●Documentation Plan: All documents follow a consistent style, with clear

headers, section divisions, and version histories.

●Review Process: Regular reviews by team members and supervisors to

ensure quality before final submission to the client.
● Risk management is built into the organization to address potential delays or challenges:

● Risk Control Measures: Procedures are established for dataset availability, team availability, and
technical issues, with contingency plans for reassigning tasks if necessary.

● Progress Monitoring: Project management tools such as Trello or Asana track progress and
manage dependencies, ensuring transparency and the ability to adjust schedules as needed.

● By maintaining this organized structure, the team can effectively manage tasks, reduce risks,
and deliver a high-quality phishing detection tool aligned with client expectations and project
goals.
 Management Targets
● Successfully deliver a functional phishing detection tool as both a browser extension and a web-based application.

● Ensure that each development phase is completed within the specified timeline and with high quality.

● Achieve a detection accuracy rate that meets or exceeds the client’s expectations and passes predefined tests.

● Facilitate effective communication and collaboration within the team and with stakeholders through regular updates and
progress reports.
●Assumptions include access to reliable phishing datasets (e.g., PhishTank),
availability of team members as per the project timeline, and access to
required resources (e.g., development tools, testing platforms).
●The project’s success depends on the availability of comprehensive datasets
for training and testing the machine learning model, as well as timely
feedback from the client and supervisors on prototype iterations.
● Data Access and Quality: If datasets like PhishTank are unavailable or
insufficient, we may need to gather additional data or rely on alternative
sources, which could delay training.

●Algorithm Performance: The phishing detection model may not achieve high
accuracy initially. To mitigate this, we will conduct thorough testing and
model refinement.

●Team Availability: In case of a team member’s absence, tasks will be

redistributed among other team members to maintain project momentum.

●Technical Challenges: Any unforeseen issues with the browser extension

compatibility or database integration will be addressed through additional
testing and use of technical support when necessary.
 Weekly updates will be provided to the project team and client. Tasks and
milestones will be monitored using a project management tool (e.g., Trello or
Asana) to track progress and make adjustments as necessary.
 Each phase will have designated checkpoints for internal review and sign-
off, with the option for reassignment or re-estimation if delays occur.
●Development Frameworks and Languages: The backend will be developed
using Python, with potential frontend work using JavaScript and HTML/CSS
for web compatibility.

●Machine Learning Libraries: Libraries such as Scikit-Learn and TensorFlow

will be used for model training and feature extraction, with data pre-
processing and feature engineering performed on phishing-related features.

●Browser Extension Framework: Chrome’s extension APIs will be used if a

browser extension is developed, allowing for phishing detection integration
directly in the browser.

●Data Sources: PhishTank and other open-source datasets will provide data for
training and validation. Web scraping tools may supplement this data if
●Version Control: Git will be used for code versioning, with frequent commits
and team code reviews.

●Configuration Management: Docker containers will be used to set up a stable

environment for development, deployment, and testing, ensuring consistent
results across different systems.

●Testing Infrastructure: Testing frameworks (e.g., Pytest, Jest) will be

implemented to validate both machine learning outputs and the app's user
interface.
Documentation Plan

● Objectives: The documentation plan ensures clarity and consistency across all
project-related documents, making it easier for team members and stakeholders to
understand project progress and outcomes.

● Document Style and Attributes: All documents will follow a consistent style, with
clear headings, sections, and a template specifying the author(s), date, and document
status (draft, review, final). Each document will include a version history detailing
changes, with appropriate comments by reviewers.
● The project is organized into several key work packages and sub-projects, each with distinct
deliverables. The Research and Data Gathering phase involves conducting a thorough investigation
into phishing tactics and collecting datasets of known phishing websites. This phase will produce a
comprehensive research report and a cleaned dataset for use in subsequent stages.

● In the Frontend and Backend Development stage, an intuitive user interface for either a web
application or browser extension will be developed alongside backend functionality to handle website
analysis.The Database Management phase will ensure the tool has a continuously updated database
ophishing websites, maintained in real-time. Next, Testing and Quality Assurance will involve rigorous
evaluation of the tool’s detection accuracy, with the results compiled in a testing and security report.
Finally, the Deployment and Maintenance
Communication Plan

● · Weekly Progress Updates: Brief email updates sent to the client and supervisor.

● · Monthly Check-In Meetings: Virtual or in-person meetings to discuss milestones and receive
feedback.

● · Final Review Meeting:

● Public Relations Actions

● 1. Promotional Campaign: Inform stakeholders of project developments and outcomes.

● 2. Final Presentation: Organized event for demonstrating the completed tool, inviting relevant
stakeholders.