An Improved Method of Phishing URL Detection Using Machine Learning

The Internet has become an integral part of our lives over the past few years, providing us with essential services. However, the increasing dependency on the web has also led to a surge in cyber-attacks and fraudulent activities, making it crucial to identify malicious websites. Phishing attacks are the leading cause of internet data breaches. According to the FBI, these attacks are expected to increase each year. Shockingly, only 57% of organizations have URL protection in place. Successful phishing attempts can result in data loss, system compromise, and ransomware. Phishing attacks target financial companies, social media firms, software as a service company, and retail sellers the most. One of the most critical factors in determining whether a website is safe or not is its Uniform Resource Locator. Despite numerous measures taken by cybersecurity experts to identify phishing URLs, attackers always find new ways to attack and breach existing antiphishing defenses. To combat this growing threat, an improved approach to detecting phishing URLs is proposed. A dataset from the Security Repository consisting of both normal and malicious URLs is used, and five supervised Machine Learning algorithms are applied to it. Fourteen important attributes contributing to a phishing URL are extracted by feature engineering. To test the URLs, a DNS toolkit called DNSPython, which queries and resolves name servers, is used, and the DNS records of the URLs are used as the target variable. Additionally, a web interface is built using Flask with the attributes from the best-performing classifier to show the prediction of the URLs based on the detection, providing a user-friendly and efficient to identify malicious websites. It is concluded that the Random Forest algorithm provided the highest accuracy score of 96.38% among all models. The proposed model has proved to be very effective in detecting phishing URLs.