Email Phishing Detection Website

The project addressed the critical cybersecurity challenge of phishing emails, which account for 36% of data breaches globally. By combining rule-based heuristics with NLP techniques, the system aimed to deliver a lightweight, scalable, and transparent solution. Key objectives included reducing false positives, ensuring real-time detection, and fostering user trust through ethical design.

A comparative analysis of existing methods highlighted the limitations of standalone machine learning models (high computational costs) and pure rule-based systems (rigidity). The project’s hybrid approach leveraging NLP for semantic analysis and rules for structural checks emerged as a balanced solution. Insights from tools like PhishTank and frameworks like SpaCy informed the design, bridging gaps in adaptability and efficiency.

Design: A modular architecture separated the rule engine, NLP processor, and Flask-based UI. PostgreSQL replaced SQLite to handle high concurrency.

Implementation: Key features included dynamic rule updates via JSON, OAuth2 authentication for IMAP, and Twilio integration for SMS alerts.

Testing: Achieved 92% accuracy and 8% false positives through rigorous unit, system, and acceptance testing. Challenges like database locks and IMAP errors were resolved with asynchronous processing (Celery) and connection pooling.

The system surpassed benchmarks, processing 1,200 emails/minute with a 7.2s average response time. Stakeholder feedback validated its usability, though gaps in multilingual support were noted. Skills acquired spanned Flask development, NLP integration, and Agile project management. Future work prioritizes:

1.Hybrid ML Models: Enhance detection of AI-generated phishing content.

2.Multilingual NLP: Support Arabic, Chinese, and other non-Latin scripts.

3.Mobile Integration: Develop iOS/Android apps for on-the-go alerts.