Spaces:

Perth0603
/

Random-Forest-Model-for-PhishingDetection

Sleeping

App Files Files Community

Perth0603 commited on Oct 16, 2025

Commit

6e01a39

verified ·

1 Parent(s): aafb4b7

Upload app.py

Browse files

Files changed (1) hide show

app.py +42 -0

app.py CHANGED Viewed

@@ -385,6 +385,48 @@ def predict_url(payload: PredictUrlPayload):
                         "url_col": url_col,
                     }
         # Typosquat guard: mirror notebook fallback logic.
         try:
             s_host = (urlparse(_ensure_scheme(url_str)).hostname or "").lower()

                         "url_col": url_col,
                     }
+        # Lookalike character guard: detect homoglyph/lookalike attacks
+        try:
+            # Cyrillic characters that look like ASCII letters
+            lookalikes_cyrillic = {
+                'а': 'a', 'е': 'e', 'о': 'o', 'р': 'p', 'с': 'c', 'х': 'x',
+                'у': 'y', 'ч': '4', 'ы': 'b', 'ь': 'b', 'і': 'i', 'ї': 'yi',
+                'ґ': 'g', 'ė': 'e', 'ń': 'n', 'ș': 's', 'ț': 't'
+            }
+            # Greek characters that look like ASCII letters
+            lookalikes_greek = {
+                'α': 'a', 'ο': 'o', 'ν': 'v', 'τ': 't', 'ρ': 'p'
+            }
+            # Latin Extended lookalikes
+            lookalikes_latin = {
+                'ɑ': 'a', 'ɢ': 'g', 'ᴅ': 'd', 'ɡ': 'g', 'ɪ': 'i',
+                'ɴ': 'n', 'ᴘ': 'p', 'ᴠ': 'v', 'ᴡ': 'w', 'ɨ': 'i'
+            }
+            all_lookalikes = {**lookalikes_cyrillic, **lookalikes_greek, **lookalikes_latin}
+            for char in url_str:
+                if char in all_lookalikes:
+                    phish_is_positive = True if URL_POSITIVE_CLASS_ENV == "" else (URL_POSITIVE_CLASS_ENV == "PHISH")
+                    label = "PHISH"
+                    predicted_label = 1 if ((label == "PHISH") == phish_is_positive) else 0
+                    phish_proba = 0.95
+                    score = phish_proba
+                    return {
+                        "label": label,
+                        "predicted_label": int(predicted_label),
+                        "score": float(score),
+                        "phishing_probability": float(phish_proba),
+                        "backend": "lookalike_guard",
+                        "threshold": 0.5,
+                        "url_col": url_col,
+                        "rule": "lookalike_character_detected",
+                    }
+        except Exception:
+            pass
         # Typosquat guard: mirror notebook fallback logic.
         try:
             s_host = (urlparse(_ensure_scheme(url_str)).hostname or "").lower()