GuardSurfing : Ekstensi Browser sebagai Alat Bantu Deteksi Website Phishing dengan Metode Klasifikasi XGBoost untuk Deteksi URL Phishing Berbasis Flask Framework

Authors

  • Hanif Abdul Karim Afandi Politeknik Siber dan Sandi Negara
  • M. Lazaro Fa. Al-Dzaki
  • Nurul Qomariasih
  • Reza Aulia Wildana

DOI:

https://doi.org/10.56706/ik.v19i2.124

Keywords:

Deteksi phishing , XGBoost, Ekstensi browser, URL phishing

Abstract

Dengan meningkatnya aktivitas di dunia maya seperti jejaring sosial, perbankan elektronik, dan e-commerce, ancaman URL phishing semakin sulit diidentifikasi oleh pengguna umum. Penelitian ini memperkenalkan GuardSurfing: alat deteksi URL phishing berbasis XGBoost yang diimplementasikan sebagai ekstensi browser dengan backend ringan untuk inferensi real-time. Pada data uji, sistem mencapai akurasi 0.970, presisi 0.973, recall 0.993, dan F1-score 0.984. Desain privacy-by-design (hanya string URL, tanpa mengambil konten halaman) memungkinkan latensi rendah dan jejak komputasi minimal. Secara empiris, dibandingkan baseline Logistic Regression, SVM, dan Random Forest pada protokol evaluasi identik, XGBoost menunjukkan keseimbangan terbaik antara sensitivitas (recall) dan stabilitas (F1), didukung penanganan ketidakseimbangan kelas (scale_pos_weight) dan penalaan threshold berorientasi F1/Recall. Sistem ini efektif membantu melindungi pengguna dari ancaman phishing dengan pendekatan yang efisien, mudah digunakan, dan dapat diperbarui berkala untuk menghadapi pola serangan terbaru.

References

Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Mar. 09, 2021, Frontiers Media S.A. doi: 10.3389/fcomp.2021.563060.

M. F. Ansari, P. K. Sharma, and B. Dash, “Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training,” International Journal of Smart Sensor and Adhoc Network., pp. 61–72, Mar. 2022, doi: 10.47893/ijssan.2022.1221.

K. Oloyede et al., “Impact Of Web (URL) Phishing and Its Detection,” International Journal of Scientific Research and Management (IJSRM), vol. 12, no. 04, pp. 484–493, Apr. 2024, doi: 10.18535/ijsrm/v12i04.m02.

L. Tang and Q. H. Mahmoud, “A Survey of Machine Learning-Based Solutions for Phishing Website Detection,” Sep. 01, 2021, MDPI. doi: 10.3390/make3030034.

K. Omari and A. Oukhatar, “Advanced Phishing Website Detection with SMOTETomek-XGB: Addressing Class Imbalance for Optimal Results,” in Procedia Computer Science, Elsevier B.V., 2025, pp. 289–295. doi: 10.1016/j.procs.2024.12.031.

T. O. Ojewumi, G. O. Ogunleye, B. O. Oguntunde, O. Folorunsho, S. G. Fashoto, and N. Ogbu, “Performance evaluation of machine learning tools for detection of phishing attacks on web pages,” Sci Afr, vol. 16, Jul. 2022, doi: 10.1016/j.sciaf.2022.e01165.

A. A. Orunsolu, A. S. Sodiya, and A. T. Akinwale, “A predictive model for phishing detection,” Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 2, pp. 232–247, Feb. 2022, doi: 10.1016/j.jksuci.2019.12.005.

Q. E. ul Haq, M. H. Faheem, and I. Ahmad, “Detecting Phishing URLs Based on a Deep Learning Approach to Prevent Cyber-Attacks,” Applied Sciences (Switzerland), vol. 14, no. 22, Nov. 2024, doi: 10.3390/app142210086.

A. Safi and S. Singh, “A systematic literature review on phishing website detection techniques,” Journal of King Saud University - Computer and Information Sciences, vol. 35, no. 2, pp. 590–611, Feb. 2023, doi: 10.1016/j.jksuci.2023.01.004.

M. I. Alwanain, “Phishing Awareness and Elderly Users in Social Media,”International Journal of Computer Science and Network Security, vol. 20, no. 9, pp. 114–119, Sep. 2020, doi: 10.22937/IJCSNS.2020.20.09.14.

A. Sjösten, S. Van Acker, and A. Sabelfeld, “Discovering Browser Extensions via Web Accessible Resources,” in Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, in CODASPY ’17. New York, NY, USA: Association for Computing Machinery, 2017, pp. 329–336. doi: 10.1145/3029806.3029820.

B. Jin, H. Li, and Y. Zou, “Impact of extensions on browser performance: An empirical study on google chrome,” Empir Softw Eng, vol. 30, no. 4, p. 103, 2025, doi: 10.1007/s10664-025-10633-1.

P. Picazo-Sanchez, L. Ortiz-Martin, G. Schneider, and A. Sabelfeld, “Are chrome extensions compliant with the spirit of least privilege?,” Int J Inf Secur, vol. 21, no. 6, pp. 1283–1297, Dec. 2022, doi: 10.1007/s10207-022-00610-w.

A. Nayak, R. Khandelwal, E. Fernandes, and K. Fawaz, “Experimental Security Analysis of Sensitive Data Access by Browser Extensions,” in WWW 2024 - Proceedings of the ACM Web Conference, Association for Computing Machinery, Inc, May 2024, pp. 1283–1294. doi: 10.1145/3589334.3645683.

Q. Wang et al., “XGBoost algorithm assisted multi-component quantitative analysis with Raman spectroscopy,” Spectrochim Acta A Mol Biomol Spectrosc, vol. 323, p. 124917, 2024, doi: https://doi.org/10.1016/j.saa.2024.124917.

M. Bahaghighat, M. Ghasemi, and F. Ozen, “A high-accuracy phishing website detection method based on machine learning,” Journal of Information Security and Applications, vol. 77, Sep. 2023, doi: 10.1016/j.jisa.2023.103553.

J. Osamor, M. Ashawa, J. Riley, P. Owoh, A. Ajibade, and C. Iwendi, “Real-time Detection of Phishing Emails Using XG Boost Machine Learning Technique,” 2024.

S. Al-Saqqa, S. Sawalha, and H. Abdelnabi, “Agile software development: Methodologies and trends,” International Journal of Interactive Mobile Technologies, vol. 14, no. 11, pp. 246–270, 2020, doi: 10.3991/ijim.v14i11.13269.

L. T. M. Blessing and A. Chakrabarti, DRM, a design research methodology. Springer London, 2009. doi: 10.1007/978-1-84882-587-1.

D. Hellhake, J. Bogner, T. Schmid, and S. Wagner, “Towards using coupling measures to guide black-box integration testing in component-based systems,” Software Testing Verification and Reliability, vol. 32, no. 4, Jun. 2022, doi: 10.1002/stvr.1811.

F. Rahmat Halim et al., “RANCANG BANGUN SISTEM INFORMASI PENGUMUMAN KELULUSAN SISWA BERBASIS WEB MENGGUNAKAN METODE AGILE WEB-BASED STUDENT GRADUATION ANNOUNCEMENT INFORMATION SYSTEM DESIGN USING THE AGILE METHOD.”

V. D. Chavan, A. Gadekar, S. Bidwai, V. Gogi, and L. Kurapati, “Phishing Detection using Machine Learning and Chrome Extension,” in 2nd IEEE International Conference on Advances in Information Technology, ICAIT 2024 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2024. doi: 10.1109/ICAIT61638.2024.10690839.

S. Kusawa, “Phishing URLs,” 2025. [Online]. Available: https://www.kaggle.com/datasets/sunnykusawa/phishing-urls

S. Ariyadasa, S. Fernando, and S. Fernando, “Phishing Websites Dataset,” 2021. doi: 10.17632/n96ncsr5g4.1.

G. Vrbancic, “Phishing-Dataset,” 2019. [Online]. Available: https://github.com/GregaVrbancic/Phishing-Dataset

fandcomp, “GuardSurfing-Extension-for-URL-Phishing,” 2025. [Online]. Available: https://github.com/fandcomp/GuardSurfing-Extension-for-URL-Phishing

Downloads

Submitted

26-05-2025

Accepted

22-08-2025

Published

31-08-2025

Issue

Vol. 19 No. 2 (2025)

Section

Articles

License

Copyright (c) 2025 Info Kripto

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.