PhishAlert

• 

  Click our extension icon in your menu bar to open the text window.

• 

  Our algorithm flags emails suspected of being phishing attempts and highlights keywords.

• 

  Our ML algorithm correctly identifies emails that are not phishing attempts.

Inspiration

Phishing attacks are up 900% in the past few years alone, and companies are expected to lose $10.5 trillion due to cyberattacks annually. This is a widespread problem that needs a quick, easy-to-use solution. Introducing PhishAlert, a Google Chrome extension designed to help users detect potential phishing attacks.

What it does

PhishAlert is a simple, easy-to-use extension that only has two moving parts: a textbox for inputting text and a button to analyze the text. When a user comes across a text they believe could be suspicious or asks for their information, they can paste the text into our extension, and it will perform machine learning analysis to determine the likelihood of it being a phishing attack. If the text is marked as likely to be a phishing attack, our extension will also highlight pieces of text that are known to be common words used in phishing attacks.

How we built it

We built this extension using vanilla HTML, CSS, and JavaScript frontend languages. We used JQuery with SummerNote to create a rich-text editor and Bootstrap for straightforward styling. On the backend, we have a C-Support Vector Classification model pre-trained with Scikit-Learn on a dataset pulled from Kaggle here. We also used Jupyter Notebooks to perform tests on the model during the training process. We exposed this model to the frontend via endpoints on a REST API created using Python and Flask.

Challenges we ran into

This was our first time working with Scikit-Learn, and we ran into difficulties figuring out why our model had a high accuracy when testing it against test data but wasn't producing the expected results when testing it on the emails from our inboxes. Additionally, we had to pull an all-nighter to finish the planned functionality on time.

Accomplishments that we're proud of

We're proud that we finished a MVP within 24 hours and made sure it was a seamless, clean user experience. Even if our product wasn't perfect, we love the feeling of satisfaction after knowing we put everything we had into making the best possible product within the constraints we had.

What we learned

We learned how to train models using Scikit-Learn and we also discovered that Scikit-Learn also has a class called CalibratedClassifierCV that allows developers to evaluate the probability of a prediction being correct. In addition, it became clear to us how important it was to select a high-quality dataset that fits our specific needs. On the front end, we figured out how to develop a Chrome extension from scratch and how to customize its features.

What's next for PhishAlert

Unfortunately, we did not have enough time to implement all of desired features in the timeframe given. However, we would love to add login functionality that allows the user to discover which Open Source Information sources have their personal information and alert them to how potential attackers could use their information in a phishing attack. We would also like to implement automatic mailbox-scraping functionality to further improve ease-of-use. Ultimately, we could see this app becoming a long-term business venture that has the potential to improve the online security of users worldwide.

Built With

• bootstrap
• css
• flask
• html
• javascript
• jupyter
• python
• summernote