Spaces:

Perth0603
/

Random-Forest-Model-for-PhishingDetection

Sleeping

App Files Files Community

Perth0603 commited on Oct 4, 2025

Commit

d506ae1

verified ·

1 Parent(s): 016c0e8

Upload 7 files

Browse files

Files changed (4) hide show

app.py +30 -63
autocalib_legit.csv +22 -0
autocalib_phishy.csv +27 -0
known_hosts.csv +4 -0

app.py CHANGED Viewed

@@ -69,68 +69,19 @@ _url_lock = threading.Lock()
 _url_phish_is_positive: Optional[bool] = None
 # -------------------------
-# Autocalibration URL prototypes (editable)
 # -------------------------
-# You can edit these lists to define which URLs are considered obviously phishy/legit
-# for polarity auto-calibration of classical URL models (e.g., XGBoost, scikit-learn).
-_AUTOCALIB_PHISHY_URLS: List[str] = [
-    "http://198.51.100.23/login/update?acc=123",
-    "http://secure-login-account-update.example.com/session?id=123",
-    "http://bank.verify-update-security.com/confirm",
-    "http://paypal.com.account-verify.cn/login",
-    "http://abc.xyz/downloads/invoice.exe",
-    "http://203.0.113.45/verify/account",
-    "http://login-secure-update.example.net/confirm",
-    "http://paypal.com.verify.bill.cn/login",
-    "http://account-update-security-pay.example.org/verify",
-    "http://secure-login-microsoft.example.info/reset",
-    "http://login.verify-paypal.support-id.example.com/",
-    "http://dropbox.com.security-alert.example.net/login",
-    "http://bankofamerica.secure-update.example.co/verify",
-    "http://icloud.apple.com.signin.security-alert.example.co/login",
-    "http://google.com.accounts.security-check.example.xyz/signin",
-    "http://update-billing-info.example-downloads.com/invoice.zip",
-    "http://download.secure-update.example.com/app.exe",
-    "http://192.0.2.10/secure/login",
-    "http://198.51.100.50/account/verify?session=abc",
-    "http://example.com@evil.com/login",
-    "http://secure.example.com-login.verify.co/reset",
-    "http://support-paypal.example.co.uk.refund.cn/login",
-    "http://microsoft.account-security.example.ru/update",
-    "http://amazon.verify-order.example.top/confirm",
-    "http://webscr.paypal.example.phish/login",
-]
-_AUTOCALIB_LEGIT_URLS: List[str] = [
-    "https://www.wikipedia.org/",
-    "https://www.microsoft.com/",
-    "https://www.openai.com/",
-    "https://www.python.org/",
-    "https://www.gov.uk/",
-    "https://www.google.com/",
-    "https://www.apple.com/",
-    "https://github.com/",
-    "https://stackoverflow.com/",
-    "https://www.bbc.com/",
-    "https://www.nytimes.com/",
-    "https://www.nasa.gov/",
-    "https://www.mozilla.org/",
-    "https://www.cloudflare.com/",
-    "https://www.reddit.com/",
-    "https://www.linkedin.com/",
-    "https://www.youtube.com/",
-    "https://developer.apple.com/",
-    "https://aws.amazon.com/",
-    "https://azure.microsoft.com/",
-]
-# Known host overrides (editable): force certain domains as LEGIT or PHISH
-_KNOWN_LEGIT_HOSTS: List[str] = [
-    "cjplogger.com",
-    "www.cjplogger.com",
-]
-_KNOWN_PHISH_HOSTS: List[str] = [
-]
 # Helpers to normalize and match hosts by suffix (handles subdomains)
 def _normalize_host(value: str) -> str:
@@ -327,6 +278,22 @@ def _auto_calibrate_phish_positive(bundle: Dict[str, Any], feature_cols: List[st
     phishy = _AUTOCALIB_PHISHY_URLS
     legit = _AUTOCALIB_LEGIT_URLS
     model = bundle.get("model")
     model_type: str = str(bundle.get("model_type") or "")
@@ -489,9 +456,9 @@ def predict_url(payload: PredictUrlPayload):
         host = (urlparse(url_str).hostname or "").lower()
         if host:
             override_label: Optional[str] = None
-            if host in _KNOWN_LEGIT_HOSTS:
                 override_label = "LEGIT"
-            elif host in _KNOWN_PHISH_HOSTS:
                 override_label = "PHISH"
             if override_label is not None:
                 # Map numeric label according to resolved polarity

 _url_phish_is_positive: Optional[bool] = None
 # -------------------------
+# Autocalibration URL prototypes (CSV-driven)
 # -------------------------
+# Provide CSV files for calibration lists to avoid code edits:
+#  - AUTOCALIB_PHISHY_CSV (default hf_space/autocalib_phishy.csv)
+#  - AUTOCALIB_LEGIT_CSV (default hf_space/autocalib_legit.csv)
+# These lists are loaded at startup and before each request (hot-reload safe).
+_AUTOCALIB_PHISHY_URLS: List[str] = []
+_AUTOCALIB_LEGIT_URLS: List[str] = []
+# Known host overrides via CSV (suffix-matched):
+#  - KNOWN_HOSTS_CSV (default hf_space/known_hosts.csv) with columns host,label
+_KNOWN_LEGIT_HOSTS: List[str] = []
+_KNOWN_PHISH_HOSTS: List[str] = []
 # Helpers to normalize and match hosts by suffix (handles subdomains)
 def _normalize_host(value: str) -> str:
     phishy = _AUTOCALIB_PHISHY_URLS
     legit = _AUTOCALIB_LEGIT_URLS
+    # Safe fallback if CSVs are missing/empty
+    if not phishy:
+        phishy = [
+            "http://198.51.100.23/login/update?acc=123",
+            "http://secure-login-account-update.example.com/session?id=123",
+            "http://bank.verify-update-security.com/confirm",
+            "http://paypal.com.account-verify.cn/login",
+            "http://abc.xyz/downloads/invoice.exe",
+        ]
+    if not legit:
+        legit = [
+            "https://www.wikipedia.org/",
+            "https://www.microsoft.com/",
+            "https://www.python.org/",
+            "https://www.openai.com/",
+        ]
     model = bundle.get("model")
     model_type: str = str(bundle.get("model_type") or "")
         host = (urlparse(url_str).hostname or "").lower()
         if host:
             override_label: Optional[str] = None
+            if _host_matches_any(host, _KNOWN_LEGIT_HOSTS):
                 override_label = "LEGIT"
+            elif _host_matches_any(host, _KNOWN_PHISH_HOSTS):
                 override_label = "PHISH"
             if override_label is not None:
                 # Map numeric label according to resolved polarity

autocalib_legit.csv ADDED Viewed

	@@ -0,0 +1,22 @@

+url
+https://www.wikipedia.org/
+https://www.microsoft.com/
+https://www.openai.com/
+https://www.python.org/
+https://www.gov.uk/
+https://www.google.com/
+https://www.apple.com/
+https://github.com/
+https://stackoverflow.com/
+https://www.bbc.com/
+https://www.nytimes.com/
+https://www.nasa.gov/
+https://www.mozilla.org/
+https://www.cloudflare.com/
+https://www.reddit.com/
+https://www.linkedin.com/
+https://www.youtube.com/
+https://developer.apple.com/
+https://aws.amazon.com/
+https://azure.microsoft.com/

autocalib_phishy.csv ADDED Viewed

	@@ -0,0 +1,27 @@

+url
+http://198.51.100.23/login/update?acc=123
+http://secure-login-account-update.example.com/session?id=123
+http://bank.verify-update-security.com/confirm
+http://paypal.com.account-verify.cn/login
+http://abc.xyz/downloads/invoice.exe
+http://203.0.113.45/verify/account
+http://login-secure-update.example.net/confirm
+http://paypal.com.verify.bill.cn/login
+http://account-update-security-pay.example.org/verify
+http://secure-login-microsoft.example.info/reset
+http://login.verify-paypal.support-id.example.com/
+http://dropbox.com.security-alert.example.net/login
+http://bankofamerica.secure-update.example.co/verify
+http://icloud.apple.com.signin.security-alert.example.co/login
+http://google.com.accounts.security-check.example.xyz/signin
+http://update-billing-info.example-downloads.com/invoice.zip
+http://download.secure-update.example.com/app.exe
+http://192.0.2.10/secure/login
+http://198.51.100.50/account/verify?session=abc
+http://example.com@evil.com/login
+http://secure.example.com-login.verify.co/reset
+http://support-paypal.example.co.uk.refund.cn/login
+http://microsoft.account-security.example.ru/update
+http://amazon.verify-order.example.top/confirm
+http://webscr.paypal.example.phish/login

known_hosts.csv ADDED Viewed

	@@ -0,0 +1,4 @@

+host,label
+cjplogger.com,LEGIT
+www.cjplogger.com,LEGIT