International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 12 Issue: 11 | Nov 2025
p-ISSN: 2395-0072
www.irjet.net
PHISH-STOP: PHISHING DETECTION PIPELINE USING EMAIL HEADERS AND LOGS Chandrakala. S 1, Sathishkumar. P2, Balamurugan. S3, Jaysankar. P4, Kishore. M5 1Assistant Professor, Dept. of Cybersecurity, Paavai Engineering College
2Assistant Professor, Dept. of Cybersecurity, Paavai Engineering College 3Student, Dept. of Cybersecurity, Paavai Engineering College 4Student, Dept. of Cybersecurity, Paavai Engineering College 5Student, Dept. of Cybersecurity, Paavai Engineering College
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - The Phishing Detection Pipeline Using Email
harmful links, the system can automatically flag threats. This approach includes real-time dataset integration, using Firebase for dataset distribution and IndexedDB for local caching. This ensures daily updates without slowing down performance. This hybrid model provides an effective, scalable, and user-friendly solution for modern phishing detection.
Headers and Logs is a lightweight, browser-based extension that detects phishing attempts in real time. It analyzes metadata such as sender information, domain reputation, message routing, and suspicious patterns in email headers. This system identifies malicious activity with high accuracy. To keep up with changing phishing tactics, the extension uses a real-time dataset that updates daily from trusted sources like PhishTank, OpenPhish, Abuse.ch, Google Safe Browsing, and SpamAssassin rules. The data is stored locally using IndexedDB and refreshes automatically, which ensures offline access and quick response times. With Firebase integration for dataset updates and user testing, the pipeline provides an efficient, scalable, and user-friendly way to prevent phishing.
2. PRIMARY OBJECTIVES OF THE STUDY • Automation constitutes the foundational pillar of the system’s architecture. The primary focus is to develop a fully autonomous detection mechanism capable of operating efficiently with minimal human supervision. This is realized through the seamless integration of continuously updated phishing intelligence datasets aggregated from globally recognized threat intelligence sources. Such dynamic incorporation ensures that the system not only scales effectively in handling extensive data streams but also evolves in real time to counter emerging tactics, techniques, and procedures employed by cyber adversaries.
Key Words: Phishing Detection , Email Headers , Logs , RealTime Detection , Browser Extension , Cybersecurity , IndexedDB , Firebase , Threat Intelligence , PhishTank , OpenPhish
1.INTRODUCTION
• Achieving equilibrium between analytical accuracy and computational efficiency is critical to the system’s success. The detection pipeline is rigorously optimized to reduce false positive occurrences, thereby ensuring that alerts maintain high fidelity and operational reliability. Excessive false alerts often contribute to alert fatigue, diminishing user responsiveness and trust; hence, precision in detection is a paramount design criterion. Concurrently, the system is engineered to maintain a minimal computational footprint, ensuring seamless operation as a browser-based extension without introducing perceptible latency, excessive memory utilization, or a degraded user experience.
In the modern digital ecosystem, the connections that define communication and commerce have also increased challenges related to privacy and identity protection. Phishing attacks, in particular, remain one of the most common and damaging cybersecurity threats. They often deceive users through fake emails. Every online interaction, from social networking to e-commerce, adds to a digital footprint that bad actors can exploit. These scattered digital footprints lead to data misuse, identity theft, and profiling. Traditional spam filters try to offer some protection, but they often depend on static content analysis or blacklists. Attackers are always changing their tactics, using tricks like URL shortening or Unicode domains to get around these defenses. This creates a serious gap in security, leaving users exposed.
• Resilience is an intrinsic element of the system’s design philosophy, ensuring continuous protection regardless of network stability. By leveraging IndexedDB for client-side data management, the system offers persistent, secure, and offline operational capabilities. This architectural choice enables the pipeline to sustain its analytical capacity and threat mitigation functions by utilizing cached intelligence— such as known phishing signatures, behavioral heuristics, and
The proposed Phishing Detection Pipeline, "Phish-Stop," improves protection by focusing on a different and more reliable set of indicators: email headers and logs. By analyzing technical metadata, like suspicious sender addresses, domain spoofing, unusual routing paths, and
© 2025, IRJET
|
Impact Factor value: 8.315
|
ISO 9001:2008 Certified Journal
|
Page 380