Authors : S. Ezhil Savier; T. Balaguru; E. Dhanushri; A. Soumya

Volume/Issue : Volume 11 - 2026, Issue 3 - March

Google Scholar : https://tinyurl.com/5afmsyem

Scribd : https://tinyurl.com/2ydmewpw

DOI : https://doi.org/10.38124/ijisrt/26mar1626

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : This paper presents the design and development of a consent-based AI-driven system for detecting phishing and social engineering attacks from spam emails. The proposed system integrates official email APIs to access only spam or phishing-flagged emails with explicit user consent, ensuring privacy protection and ethical compliance. A hybrid detection model combining Natural Language Processing, metadata analysis, and rule-based techniques is employed to classify emails and generate a risk score. The system introduces a Phishing Intent Timeline Reconstruction module to identify attack stages such as lure creation, delivery, exploitation, and credential harvesting, and explains potential consequences in clear and user-friendly language. Additionally, a Phishing DNA engine extracts structural and behavioral features including HTML patterns, redirection chains, and hosting attributes to cluster related phishing campaigns and detect phishing kit reuse. A secure backend honeypot environment safely interacts with suspicious links in an isolated environment to observe attacker behavior and infrastructure patterns without collecting real credentials. The system also incorporates an Explain-Before-Click interface and a local- language awareness module to enhance user understanding and prevention. The proposed solution improves phishing detection accuracy while maintaining ethical standards and practical feasibility for academic implementation.

Keywords : Phishing Detection, Artificial Intelligence, Honeypot, Social Engineering, Cybersecurity.

References :

1. Y. Zhang, J. Hong and L. Cranor, “Cantina: A Content- Based Approach to Detecting Phishing Web Sites,” Proc. 16th Int. Conf. World Wide Web (WWW), pp. 639–648, 2007. Available: https://doi.org/10.1145/1242572.1242653
2. D. R. Thomas, C. Grier and V. Paxson, “Adapting Honeypots for Web Security Education,” Proc. 17th ACM Conf. Computer and Communications Security (CCS), pp. 50–61, 2010. Available: https://doi.org/10.1145/1866307.1866315
3. S. Abu-Nimeh, D. Nappa, X. Wang and S. Nair, “A Comparison of Machine Learning Techniques for Phishing Detection,” Proc. IEEE 10th Int. Conf. Machine Learning Applications (ICMLA), pp. 254–260, 2011. PDF: https://ieeexplore.ieee.org/document/6147468
4. A. Khonji, Y. Iraqi and A. Jones, “Phishing Detection: A Literature Survey,” IEEE Commun. Surveys & Tutorials, vol. 15, no. 4, pp. 2091–2121, 2013. Available: https://ieeexplore.ieee.org/document/6472480
5. R. Chandrasekaran, G. Narayanan and S. Upadhyaya, “Phishing Email Detection Based on Structural Properties,” Proc. 5th Int. Conf. Email and Anti-Spam (CEAS), 2008. Link: https://www.ceas.cc/papers-2008/78.pdf