Phishing attacks are a prevalent threat to users worldwide, where malicious actors attempt to compromise user credentials and infect their computers with malware. This project aims to create an automated tool that utilizes open-source databases, such as the WHOIS database, to identify phishing domains among newly registered websites. Leveraging the power of AI/ML, this tool employs various techniques to distinguish phishing domains from genuine ones.
Phishing links and websites are disseminated through various mediums like email, SMS, and more. These domains often host login pages that mimic legitimate websites, making it imperative to detect and prevent users from falling victim to such attacks.
The primary objectives of this project are as follows:
-
Automated Detection: Develop a tool that can automatically identify phishing domains based on open-source databases.
-
AI/ML Techniques: Utilize advanced AI/ML techniques, including backend code/content similarity analysis and web page image analysis, to improve the accuracy of phishing domain detection.
-
Probability Scoring: Assign probability scores to phishing domains to assess their similarity to genuine domains.
-
Timely Detection: Ensure the tool can detect new phishing domains in a reasonable timeframe, enhancing its effectiveness in preventing attacks.
-
User-Friendly: Design the tool to be easy to use, and provide flexibility in output formats for different use cases.
The tool will consist of the following components:
- Gather data from open-source databases, including the WHOIS database, to obtain a list of newly registered domains.
- Extract relevant features from the domains and web pages, including content, code, and images.
- Utilize AI/ML algorithms to perform the following analyses:
- Backend code/content similarity analysis to compare websites.
- Web page image analysis to distinguish between genuine and phishing site images.
- Assign probability scores to each domain based on its similarity to genuine domains. Higher scores indicate a higher likelihood of being a phishing site.
- Continuously monitor and update the tool's database to detect new phishing domains as they emerge.
- Create a user-friendly interface that allows users to input domains and view detection results.
- Provide flexibility in output formats, including reports, alerts, and logs, to cater to various user requirements.
The success of this tool will be evaluated based on the following criteria:
-
Probability Scores: The tool's ability to accurately assign probability scores to phishing domains.
-
Timely Detection: Its effectiveness in identifying new phishing domains promptly.
-
User-Friendliness: The ease of use and intuitiveness of the user interface.
-
Flexibility: The ability to customize output formats to suit different user needs.
This project aims to develop a robust and automated phishing domain detection tool that harnesses the power of AI/ML and open-source databases to protect users from phishing attacks. By achieving the outlined objectives, we can enhance online security and reduce the risk of user credential compromise and malware infections.