Pish Catcher: Machine Learning-Based Client-Side Defence Mechanism for Web Spoofing Attack Detection

Abstract

Web spoofing attacks are becoming increasingly advanced, making it difficult for users
to differentiate between real and fraudulent websites designed to steal sensitive information. As phishing
techniques evolve, strong client-side protection has become essential. This work aims to develop an
automatic client-side mechanism that detects suspicious or spoofed web pages before users unknowingly
share confidential data. Traditional manual checks such as verifying URLs, examining website
appearance, or relying on browser indicators are often ineffective because attackers create visually
identical replicas and misleading domain names, making user awareness alone unreliable. To build an
accurate machine learning model, datasets from sources like PhishTank and legitimate website
repositories are collected and processed for algorithms such as XGBoost. The proposed system functions
as a client-side detection tool that extracts URL-based and content-based features in real time and uses
models like Random Forest, XGBoost, Decision Tree, Logistic Regression, and SVM to classify pages as
legitimate or spoofed, offering immediate protection without depending on server-side operations