The latest articles on DEV Community by Abdul Ghani (@abdulghani200). https://dev.to/abdulghani200 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F51602%2F9b7a74b1-8d57-48ea-aa41-49d2db06d362.png https://dev.to/abdulghani200 en Abdul Ghani Thu, 21 May 2020 18:21:06 +0000 https://dev.to/abdulghani200/real-time-phishing-attack-detection-using-ml-22d2 https://dev.to/abdulghani200/real-time-phishing-attack-detection-using-ml-22d2 <h2> My Final Project </h2> <p>So, I've built this project called RPAD-ML in my final year. It is essentially an Android app coupled with a machine learning backend server which detects 🕵️ any link that is a possible phishing site in REALTIME ⚡. It can detect malicious/phishing links from any app. Open any app which has external links 🔗, RPAD-ML will detect it in no time and gives you a warning message⚠️ right away. </p> <p><iframe src="//www.slideshare.net/slideshow/embed_code/key/dVheHqxtxdaQEn" alt="dVheHqxtxdaQEn on slideshare.net" width="100%" height="450"> </iframe> </p> <h2> Demo </h2> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/l4k5RQF72TU"> </iframe> </p> <p><a href="https://github.com/abdulghanitech/rpad-ml/raw/master/app-release.apk">Download RPAD-ML Demo APK</a></p> <p>I know there are lots of things available like Google safe browsing. But those are limited to chrome web browser. So, What I've done is used a machine learning model of phishing sites combined with Google safe browsing which when given a URL predicts whether it is a phishing website or not. </p> <h2> Link to Code </h2> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vWogaON8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/github-logo-28d89282e0daa1e2496205e2f218a44c755b0dd6536bbadf5ed5a44a7ca54716.svg" alt="GitHub logo"> <a href="https://github.com/abdulghanitech"> abdulghanitech </a> / <a href="https://github.com/abdulghanitech/rpad-ml"> rpad-ml </a> </h2> <h3> Real-time Phishing Attack Detection using ML 💻 </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <h1> rpad-ml</h1> <p>Real-time Phishing Attack Detection using ML 💻</p> <p>The repo contains code for both the ML server and the Android app which was used to detect phishing sites in real-time. Below is a flow chart of it.</p> <p><a rel="noopener noreferrer" href="https://raw.githubusercontent.com/abdulghanitech/rpad-ml/master/flowchart.png"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--EGjA4-fB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://raw.githubusercontent.com/abdulghanitech/rpad-ml/master/flowchart.png" alt="Screenshot"></a></p> </div> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/abdulghanitech/rpad-ml">View on GitHub</a></div> <br> </div> <br> <h2> How I built it </h2> <p>I've got a machine learning model built using dataset of phishing sites.</p> <h2> DATA SELECTION </h2> <p>The dataset is downloaded from UCI machine learning repository. The dataset contains 31 columns, with 30 features and 1 target. The dataset has 2456 observations.</p> <h2> MODELS </h2> <p>To fit the models over the dataset the dataset is split into training and testing sets. The split ratio is 75-25. Where in 75% accounts to training set. </p> <p>Now the training set is used to train the classifier. The classifiers chosen are: </p> <h4> * Logistic Regression </h4> <h4> * Random Forest Classification </h4> <h4> * Support Vector Machine </h4> <p>We will see which one fits best in our dataset.</p> <h3> 1.Logistic Regression </h3> <p>Fitting logistic regression and creating confusion matrix of predicted values and real values I was able to get 92.3 accuracy. Which was good for a logistic regression model.</p> <h3> 2.Support Vector Machine </h3> <p>Support vector machine with a rbf kernel and using gridsearchcv to predict best parameters for svm was a really good choice, and fitting the model with predicted best parameters I was able to get 96.47 accuracy which is pretty good.</p> <h3> 3.Random Forest Classification </h3> <p>Next model I wanted to try was random forest and I will also get features importances using it, again using gridsearchcv to get best parameters and fitting best parameters to it I got very good accuracy 97.26.</p> <p>Random forest was giving very good accuracy. We can also try artificial neural network to get a improved accuracy.</p> <h2> FEATURE IMPORTANCES </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dfZ4stnw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://raw.githubusercontent.com/abhishekdid/PHISHCOOP-phishing-website-detection/master/variable_Importances.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dfZ4stnw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://raw.githubusercontent.com/abhishekdid/PHISHCOOP-phishing-website-detection/master/variable_Importances.png" alt="FEATURE IMPORTANCE"></a><br> ML Model: <a href="https://github.com/abhishekdid/detecting-phishing-websites">Phishcoop</a></p> <h2> Hosting online as a server </h2> <p>I've used the Heroku platform (Hobby plan provided by GitHub education) to host this machine learning model online. I used pickle to save and load the machine learning model and hosted it using Flask.</p> <p>The idea was to put this as a service and then call it from the android app.</p> <h2> Android App </h2> <p>Essentially, this is the front-end to call this service. I've used Android's accessibility API to access and intercept network. Hence, I got the URLs being opened in any app using this method. </p> <p>Now, after getting this url, firstly I call the Google safe browsing API to check whether it is a phishing site or not. If yes, I show a warning dialog else I call the machine learning backend server and using the result provided by it I again show warning dialog if the result comes as phishing site.</p> <h2> Additional Thoughts / Feelings / Stories </h2> <p>This was more like a prototype. While it is not that perfect, but hey it works 🙌🏻. And the best thing is I've learnt so much by working on this project 🤓 </p> devgrad2020 octograd2020 showdev githubsdp Abdul Ghani Mon, 15 Jan 2018 12:32:32 +0000 https://dev.to/abdulghani200/how-to-build-a-php-remote-application-update-system-with-authentication-49og https://dev.to/abdulghani200/how-to-build-a-php-remote-application-update-system-with-authentication-49og <p>Hey there! I have built an application in PHP. It is a paid application and contains a licensing system too. </p> <p>Now, I want to provide automatic updates to my clients. How should I do it? </p> <p>One important thing is the update URL should not be accessible by the normal public, only my registered application users can download the file. </p> <p>To be simple, I want authentication to be done while downloading the updates too so that others can't get updates without buying my application.</p> discuss Abdul Ghani Sun, 14 Jan 2018 13:36:34 +0000 https://dev.to/abdulghani200/any-good-php-code-obfuscators-which-are-hard-to-deobfuscate-312k https://dev.to/abdulghani200/any-good-php-code-obfuscators-which-are-hard-to-deobfuscate-312k <p>Any good code obfuscators? Tried phpprotect, etc. They just either scramble the identifiers or encode the code in base64. And it seems pretty easy to deobfuscate that. I want something really hard to deobfuscate i.e., get the original code.</p> <p>Also I tried FOPO.com.ar , actually it was working fine. But after a while my production server started giving error stating that the file in which I'm using FOPO's obfuscated code is Malicious. And the server is automatically deleting the file having FOPO'S obfuscated code.</p> <p>So guys, can you please suggest any good code obfuscator like FOPO (which uses a cipher key to deobfuscate the code)?</p> <p>P.S: Free ones first. :P</p> discuss