DETECTING PHISHING URLS BASED ON HEURISTIC RULES

Abstract

The growing number of cyber threats, including phishing attacks, requires the development of effective phishing detection methods. Phishing is one of the most widespread and dangerous forms of cybercrime aimed at gaining access to confidential user information by manipulating their trust. The methodology of social engineering attacks is evolving rapidly, which creates challenges for cybersecurity professionals. This study discusses a rule-based heuristic approach to detecting phishing URLs that analyses various characteristics of web addresses, such as atypical link structure, suspicious characters, or incorrect word sequences in domain names, to identify potential threats. A mind map, as a visualisation tool, provides a structured and logically ordered approach to analysing phishing website detection methods. It clearly demonstrates the relationships between various rules aimed at identifying suspicious behaviour of web resources, and also allows you to clearly trace the classification of characteristics inherent in phishing attacks. This map summarises the key features used to analyse URLs, allowing for a structured presentation of the criteria for assessing a potential threat. Having a clear classification of heuristic detection rules, the accuracy of identifying phishing websites is significantly improved, protecting users from possible attacks. The study evaluates the effectiveness of individual heuristic rules and their combinations, which gives an idea of their applicability to automated phishing detection systems. For this purpose, we use key metrics that determine the quality of the algorithm and its ability to distinguish between phishing and legitimate websites, namely reliability, true positive rate, false positive rate, accuracy, and F-1 score. The results demonstrate the feasibility of heuristic detection as a simple, effective and understandable alternative to complex machine learning models.