Phishing

Website
Detection Using
Machine
Learning
A MACHINE LEARNING-BASED SOLUTION FOR
ENHANCED ONLINE SECURITY

PRACHI GUPTA-
4MH22CS109
KUSHI RAO PR-
4MH22CS074
VIDYASHREE N-
4MH22CS180
 Introduction

 Phishing attacks are a major cybersecurity threat

today.
 This project leverages machine learning for real-
time detection.
 Creating a system to detect phishing websites
using machine learning.
 System analyses and classifies URLs as legitimate
or phishing
 Aim and Objectives
 Aim:
 Build a high-accuracy tool to classify URLs as phishing
or legitimate.

 Objectives:
 Feature extraction from URLs (length, subdomains,
characters).
 Evaluate and compare models for best performance.
 Develop a user-friendly web interface for URL analysis.
Current Scenario of
Phishing Attacks

• Phishing Overview:
• One of the most common cyber threats today.
• Targets individuals and organizations.
• Consequences:
• Financial loss, identity theft, and data breaches.
• Challenges:
• Increased online activities make traditional detection
harder.
 Machine Learning
Algorithms

• Key Algorithms Tested:

• XGBoost: High accuracy (86.7%) and efficiency.
• Decision Trees & Random Forest: Basic
classifiers.
• SVM: Helps separate phishing from legitimate URLs.
• Neural Networks: Explored for deeper analysis.
• Why XGBoost?
• Best performance.
• Handles complex data efficiently.
Technologies Used

 Machine Learning Models: XGBoost, Random

Forest, Decision Tree, SVM.
 Development Framework: Flask for user interface.
 Programming Language: Python.
 Dataset: 10,000 URLs (50% phishing, 50%
legitimate).
How the System Works

• Feature Extraction:
• Analyzes URL length, special characters, and HTTPS
usage.
• Model Analysis:
• Trained model predicts if a URL is phishing or
legitimate.
• User Interaction:
• Real-time detection through a Flask-based web
interface.
Results and Performance

 XGBoost emerged as the top model with 86.7%

accuracy.
 Features used include URL length, subdomains,
HTTPS presence.
 Real-time detection capability implemented for
instant feedback.
 Understanding Phishing
Attacks

• What is a phishing attack?

• Fake websites designed to steal sensitive
information.
• How do these attacks happen?
• Links via email, text, or ads.
• Fake sites mimic legitimate websites.
 Detecting Phishing URLs

•Signs to Look For:

•Very long or unusual URLs.
•Excessive subdomains or dots.
•Lack of HTTPS security.
•Suspicious characters in the URL
 Effects of Phishing Attacks

• Consequences:
• Financial Loss: Unauthorized transactions.
• Identity Theft: Misuse of personal data.
• Data Breaches: Loss of sensitive organizational data.
• Use of Stolen Data:
• Sold on the dark web.
• Used for fraud or blackmail.
Prevention Measures

 Verify URLs before clicking.

 Use multi-factor authentication and strong
passwords.
 Use Browser extensions and anti-phishing tools .
 Stay educated about phishing techniques.
 Report and block phishing URLs when detected.
Conclusion

 Developed a robust system for phishing detection

using XGBoost.
 Provides real-time URL analysis to identify
phishing threats.
 Future enhancements include browser integration
and continuous updates.
 A step forward in combating phishing attacks
effectively.