Spaces:

Perth0603
/

Random-Forest-Model-for-PhishingDetection

Sleeping

App Files Files Community

Perth0603 commited on Oct 16, 2025

Commit

aafb4b7

verified ·

1 Parent(s): 0319812

Upload app.py

Browse files

Files changed (1) hide show

app.py +39 -0

app.py CHANGED Viewed

@@ -247,6 +247,45 @@ def _engineer_features(urls: List[str], feature_cols: List[str]) -> pd.DataFrame
     out["max_brand_sim"] = hosts.apply(_max_brand_similarity)
     out["like_facebook"] = hosts.apply(lambda h: _like_brand(h, "facebook"))
     # Return columns in the exact order expected by the model; fill any
     # still-missing engineered columns with zeros to stay robust across
     # model updates.

     out["max_brand_sim"] = hosts.apply(_max_brand_similarity)
     out["like_facebook"] = hosts.apply(lambda h: _like_brand(h, "facebook"))
+    # Lookalike/homoglyph detection: unusual Unicode symbols that resemble ASCII letters
+    # Examples: Cyrillic а (U+0430) looks like 'a', Greek α (U+03B1) looks like 'a', etc.
+    def _detect_lookalike_chars(url: str) -> int:
+        """
+        Detects if URL contains Unicode characters that visually resemble ASCII letters.
+        Common lookalikes used in phishing:
+        - Cyrillic: а, е, о, р, с, х, у, ч, ы, ь (look like a,e,o,p,c,x,y,4,b,b)
+        - Greek: α, ο (look like a, o)
+        - Latin Extended: ɑ, ɢ, ᴅ, ɡ, ɪ, ɴ, ɪ (look like a,G,D,g,i,N,I)
+        """
+        url_str = url or ""
+        # Cyrillic characters that look like ASCII letters
+        lookalikes_cyrillic = {
+            'а': 'a', 'е': 'e', 'о': 'o', 'р': 'p', 'с': 'c', 'х': 'x',
+            'у': 'y', 'ч': '4', 'ы': 'b', 'ь': 'b', 'і': 'i', 'ї': 'yi',
+            'ґ': 'g', 'ė': 'e', 'ń': 'n', 'ș': 's', 'ț': 't'
+        }
+        # Greek characters that look like ASCII letters
+        lookalikes_greek = {
+            'α': 'a', 'ο': 'o', 'ν': 'v', 'τ': 't', 'ρ': 'p'
+        }
+        # Latin Extended lookalikes
+        lookalikes_latin = {
+            'ɑ': 'a', 'ɢ': 'g', 'ᴅ': 'd', 'ɡ': 'g', 'ɪ': 'i',
+            'ɴ': 'n', 'ᴘ': 'p', 'ᴠ': 'v', 'ᴡ': 'w', 'ɨ': 'i'
+        }
+        all_lookalikes = {**lookalikes_cyrillic, **lookalikes_greek, **lookalikes_latin}
+        for char in url_str:
+            if char in all_lookalikes:
+                return 1
+        return 0
+    out["has_lookalike_chars"] = s.apply(_detect_lookalike_chars)
     # Return columns in the exact order expected by the model; fill any
     # still-missing engineered columns with zeros to stay robust across
     # model updates.