| | import re
|
| | import joblib
|
| | import pandas as pd
|
| | import numpy as np
|
| | from typing import Dict, Any
|
| |
|
| | _SUSPICIOUS_TOKENS = [
|
| | "login", "verify", "secure", "update", "bank", "pay", "account", "webscr"
|
| | ]
|
| | _IPV4_PATTERN = re.compile(r"(?:\d{1,3}\.){3}\d{1,3}")
|
| |
|
| |
|
| | def _engineer_features(url_series: pd.Series) -> pd.DataFrame:
|
| | s = url_series.astype(str)
|
| | out = pd.DataFrame(index=s.index)
|
| | out["url_len"] = s.str.len().fillna(0)
|
| | out["count_dot"] = s.str.count(r"\.")
|
| | out["count_hyphen"] = s.str.count("-")
|
| | out["count_digit"] = s.str.count(r"\d")
|
| | out["count_at"] = s.str.count("@")
|
| | out["count_qmark"] = s.str.count("\?")
|
| | out["count_eq"] = s.str.count("=")
|
| | out["count_slash"] = s.str.count("/")
|
| | out["digit_ratio"] = (out["count_digit"] / out["url_len"].replace(0, np.nan)).fillna(0)
|
| | out["has_ip"] = s.str.contains(_IPV4_PATTERN).astype(int)
|
| | for tok in _SUSPICIOUS_TOKENS:
|
| | out[f"has_{tok}"] = s.str.contains(tok, case=False, regex=False).astype(int)
|
| | out["starts_https"] = s.str.startswith("https").astype(int)
|
| | out["ends_with_exe"] = s.str.endswith(".exe").astype(int)
|
| | out["ends_with_zip"] = s.str.endswith(".zip").astype(int)
|
| | return out
|
| |
|
| |
|
| | def load_bundle(path: str) -> Dict[str, Any]:
|
| | """Load the saved joblib bundle produced by the notebook.
|
| |
|
| | Returns a dict with keys: model, feature_cols, url_col, label_col, model_type
|
| | """
|
| | bundle = joblib.load(path)
|
| | required = {"model", "feature_cols", "url_col", "label_col", "model_type"}
|
| | missing = required - set(bundle.keys())
|
| | if missing:
|
| | raise ValueError(f"Bundle missing keys: {missing}")
|
| | return bundle
|
| |
|
| |
|
| | def predict_url(url: str, bundle: Dict[str, Any], threshold: float = 0.5) -> Dict[str, Any]:
|
| | """Predict phishing probability for a single URL using the saved bundle."""
|
| | url_col = bundle["url_col"]
|
| | feature_cols = bundle["feature_cols"]
|
| | model_type = bundle.get("model_type", "xgboost_bst")
|
| | model = bundle["model"]
|
| |
|
| | row = pd.DataFrame({url_col: [url]})
|
| | feats = _engineer_features(row[url_col])[feature_cols]
|
| |
|
| | if model_type == "xgboost_bst":
|
| | import xgboost as xgb
|
| | dmat = xgb.DMatrix(feats)
|
| | proba = float(model.predict(dmat)[0])
|
| | elif model_type == "cuml_rf":
|
| | try:
|
| | import cudf
|
| | gfeats = cudf.DataFrame.from_pandas(feats)
|
| | proba = float(model.predict_proba(gfeats)[:, 1].to_pandas().values[0])
|
| | except Exception as e:
|
| | raise RuntimeError("cudf/cuml required for this bundle but not available") from e
|
| | else:
|
| | proba = float(model.predict_proba(feats)[:, 1][0])
|
| |
|
| | pred = int(proba >= threshold)
|
| | return {
|
| | "url": url,
|
| | "phishing_probability": proba,
|
| | "predicted_label": pred,
|
| | "backend": model_type,
|
| | }
|
| |
|
| |
|
| | if __name__ == "__main__":
|
| |
|
| | try:
|
| | bundle = load_bundle("rf_url_phishing_xgboost_bst.joblib")
|
| | print(
|
| | predict_url(
|
| | "http://secure-login-account-update.example.com/session?id=123",
|
| | bundle=bundle,
|
| | )
|
| | )
|
| | except FileNotFoundError:
|
| | print("Bundle not found in current directory. This is expected inside the source repo.")
|
| |
|
| |
|
| |
|
