PHISH CATCHER CLIENT-SIDE DEFENSE AGAINST WEB SPOOFING ATTACKS USING MACHINE LEARNING

Abstract

This project aims to address the persistent threat of phishing attacks by developing PhishCatcher, a client-side defense tool. The primary goal is to utilize machine learning as a core component for the robust identification of evolving web spoofing threats. By focusing on the client side, the project seeks to enhance the overall security posture against phishing attacks. The emphasis on machine learning underscores the need for an adaptive and intelligent defense mechanism. By incorporating machine learning into PhishCatcher, the project aims to empower the tool to stay ahead of the ever-evolving tactics employed by phishing attackers. This approach ensures a more effective and dynamic response to emerging web spoofing threats. Recognizing the escalating risk posed by phishing, especially in the context of increased online activities, this project signifies the urgency of countering web spoofing. The development of PhishCatcher is positioned as a critical measure to safeguard both user privacy and organizational security in the face of escalating phishing threats. In contrast to traditional server-side solutions with inherent limitations, PhishCatcher adopts a clientside protection approach. This strategic choice allows users to benefit from a comprehensive defense tool without necessitating modifications to the targeted websites. This client-side focus aims to overcome the drawbacks associated with conventional server-side solutions. PhishCatcher is designed with the end-user in mind, especially those who are frequently targeted by phishing attacks. The tool offers tangible benefits by enhancing online safety, significantly reducing the risk of identity theft, and preventing fraud through the effective detection of malicious URLs. By placing the user at the center, PhishCatcher becomes a valuable asset in fortifying individuals against the pervasive threat of phishing attacks. We extended our anti-phishing tool by integrating Support Vector Machine, XGBoost, and a Stacking Classifier, augmenting the system's capabilities. Additionally, a Flask framework with SQLite was implemented, offering streamlined signup and signin processes for user testing and input validation.