Online Phishing Detection: A Heuristic-Based Machine Learning Framework

The prevalence of phishing attacks has exhibited a marked rise in recent years, posing significant threats to the confidentiality, integrity, and availability of sensitive data at both individual and organizational levels. This escalating threat underscores the critical need for automated and real-time detection of phishing web pages. This paper proposes a novel machine-learning framework that leverages heuristic methodologies for the real-time detection of phishing URLs. The framework entails the acquisition of data from reputable sources to train a machine-learning model capable of classifying URLs as either phishing or legitimate. To enhance detection accuracy, the framework employs a dynamic list management strategy incorporating three key components: blacklists for known threats, whitelists for safe URLs, and an innovative greylist that allows users to verify and approve URLs they consider trustworthy. This user-centric mechanism fosters the adaptability and effectiveness of phishing detection systems, particularly in the context of evolving attack tactics.