Abstract

Phishing websites are a kind of internet security problem that focuses on human vulnerabilities in contrast with software vulnerabilities. They are poisonous websites that look like legitimate websites to steal user’s identities like passwords and financial information. The main objective of this study is to develop a rule-based phishing website classification system to detect and classify the website into phishing and non-phishing. The specific objectives are to determine and examine the specific features for classification, design and implement the model, and to evaluate the performance of the model. Samples of phishing data were collected by documenting and evaluating different behaviors of Phishing Website to train the system from URLhaus, Openphish, and Moz Trusted URL, the model was implemented using Random Forest in Python Programming Language environment, and the performance evaluation was done using sensitivity, specificity, and accuracy as metrics. The developed system has successfully identified and analyzed different URL features using a rule-based model with an accuracy of 81.6%, sensitivity of 78.4%, and specificity of 84.4%. Thereby, reducing cybercrime and improving the security level on the internet.