Homoglyph Attack Detection Model Using Machine Learning and Hash Function

: Phishing is still a major security threat in cyberspace. In phishing, attackers steal critical information from victims by presenting a spooﬁng/fake site that appears to be a visual clone of a legitimate site. Several Unicode characters are visually identical to ASCII characters. This similarity in characters is generally known as homoglyphs. Malicious adversaries utilize homoglyphs in URLs and DNS domains to target organizations. To reduce the risks caused by phishing attacks, effective ways of detecting phishing websites are urgently required. This paper proposes a homoglyph attack detection model that combines a hash function and machine learning. There are two phases to the model approach. The machine was being trained during the development phase. The deployment phase involved deploying the model with a Java interface and testing the outcomes through actual user interaction. The results are more accurate when the URL is hashed, as any little changes to the URL can be recognized. The homoglyph detector can be developed as a stand-alone software that is used as the initial step in requesting a webpage as it enhances browser security and protects websites from phishing attempts. To verify the effectiveness, we compared the proposed model on several criteria to existing phishing detection methods. By using the hash function, the proposed security features increase the overall security of the homoglyph attack detection in terms of accuracy, integrity, and availability. The experiment results showed that the model can detect phishing sites with an accuracy of 99.8% using Random Forest, and the hash function improves the accuracy of homoglyph attack detection.


Introduction
Homoglyph replacement is one of the techniques commonly used by malicious adversaries as part of their phishing campaigns and other spoofing attacks [1]. It is a way that allows attackers to manipulate characters to make two words look alike but have different values in the underlying Unicode. These can be found in various language character sets such as Latin, Cyrillic, Greek, Hebrew, Chinese, and Armenian [2]. For example, the letter "O" could be written in Latin O, Cyrillic O, and Greek O. The letters seem similar but are not assigned to the same code, the code in Latin = U + 004F, Cyrillic = U + 043E, and Greek O = U + 039F [2]. The attackers use homoglyph replacement in URL and DNS to make them seem like the original legitimate URL or DNS domain. Unicode characters have a visual appearance that is remarkably identical to or near to ASCII characters. For instance, anybody can create a (yahoo.com) domain via the clever option of Unicode characters, impossible to distinguish from the legitimate (yahoo.com) ASCII-only. As an example of the homoglyph, they are using the Cyrillic small letter "o" instead of the ASCII "o". According to [3], phishing victims by clicking a message has been increasing, just as phishing for credentials from specific services where a single letter from the DNS domain is replaced by a similar character that looks the same.

Problem Statement(s) and Major Contributions
Hackers take advantage of the visual similarity of many Unicode characters to generate homoglyph-based URLs and DNS domains that impersonate real websites [4]. Many people and organizations may fall victim to phishing websites that appear to be ordinary and legitimate. According to a study by CHIBA et al. [5], the most popular brand domains are the most vulnerable to homoglyph attacks. Homoglyph domains harm the target's reputation and put website visitors at risk. Based on various types of phishing attacks, these threats can be exploited to steal sensitive data or gain access to secure assets. The attack on cryptocurrency exchange [6] is one example of IDN homograph attacks being a serious problem. When organizations such as Binance are targeted, the consequences for consumers and the corporation may be severe when sensitive information is disclosed. A homograph attack occurs when two different words have the same written form but vary in meaning, derivation, or pronunciation [7]. Some existing solutions use matching characters to avoid the possibility of phishing, but this matching cannot be updated with new existing methods that attackers used by implementing a higher similarity of characters as Unicode.
This paper will investigate how to detect DNS look-alike attacks and homoglyph domains accurately and efficiently, by proposing a detection model with high accuracy using hash functions and machine learning. Artificial intelligence (AI) in the form of machine learning (ML) enables computer programs to forecast outcomes more accurately without having been expressly taught to do so. Machine learning algorithms forecast new output values using historical data as input. A hash function, on the other hand, turns any size data into fixed-size values. The paper will also compare the proposed model to existing models. This paper's contributions are as follows: • Proposes a homoglyph attack detection model that combines a hash function and machine learning. • Achieves an accuracy of 99.8% using Random Forest, and the hash function improves the accuracy of homoglyph attack detection. • Compares the proposed model on several criteria to existing phishing detection methods.

Related Works
The concept of homoglyph was previously discovered using character matching algorithms. Later, several studies were presented that contribute to providing solutions to the homoglyph detection domain. This research will evaluate and compare various techniques that were found in the literature to determine their efficiency in solving this problem and clarify their gaps.
In 2014 and 2017, the authors in [8,9] proposed a framework of the Knuth-Morris-Prat (KMP) pattern searching solution, which can be applied to homoglyph detection. This framework uses linear time to find pattern matching, which is considered a fast approach. KMP falls into two stages, the initial stage is for running the preprocessing algorithm that calculates the prefix function, and this function shows how the pattern matches while shifting the text. The second phase is for running the KMP matcher algorithm to find the occurrence of the pattern in the text. The major drawback of this algorithm is that it is not accurate, as it does not work with large alphabet sizes.
In 2018, the authors in [10] proposed the use of an Optical Character Recognition (OCR) system to detect an IDN homoglyph attack, as the OCR system allows full recognition of alphanumeric characters or handwritten characters by scanning the form at electronic speed. The OCR process includes character-by-character photo scanning and then converting the character image into character codes, such as ASCII. The authors utilized the OCR system to detect character similarity, as the homoglyph attack uses a domain name that visually looks like a legitimate domain name but is not. Therefore, their proposed model analyzes visual similarity by using automatic OCR to detect the homogeneous IDN attack, it converts The development phase first starts with preprocessing, a technique to turn the raw data into a processed clean dataset so that it can be useful for further analysis. Second, feature extraction turns the raw data into a set of features. Third, the selection of features uses a subset of the original set of features to obtain a smaller subset that can be used to model the problem. Feature selection lowers the resources needed for computation without missing essential or related information, decreases the redundant data for analysis, facilitates speed, and enhances the accuracy of the machine learning model. The outcome of the feature selection process is the dataset with a reduced set of features that can better represent the problem. Then, several classifiers will be used to train the model. Finally, the evaluation phase will represent the effectiveness of the proposed model to solve the homoglyph problem. The deployment phase describes the actual process of our proposed idea.
Hashing is used, as it is a process of converting plain text into encoded fixed-length text, as shown in Figure 2, and it is a one-way function that produces a unique value for each input file. The hash value will help in differentiating between look-alike URLs, such as having the URL www.google.com replace a letter from different languages, which results in the same domain name based on the appearance except that the hash value is what makes each one different from the other. The hash algorithm is used to enhance the accuracy of the results; the hashing property will detect any slight alteration or modification of the URL The development phase first starts with preprocessing, a technique to turn the raw data into a processed clean dataset so that it can be useful for further analysis. Second, feature extraction turns the raw data into a set of features. Third, the selection of features uses a subset of the original set of features to obtain a smaller subset that can be used to model the problem. Feature selection lowers the resources needed for computation without missing essential or related information, decreases the redundant data for analysis, facilitates speed, and enhances the accuracy of the machine learning model. The outcome of the feature selection process is the dataset with a reduced set of features that can better represent the problem. Then, several classifiers will be used to train the model. Finally, the evaluation phase will represent the effectiveness of the proposed model to solve the homoglyph problem. The deployment phase describes the actual process of our proposed idea.
Hashing is used, as it is a process of converting plain text into encoded fixed-length text, as shown in Figure 2, and it is a one-way function that produces a unique value for each input file. The hash value will help in differentiating between look-alike URLs, such as having the URL www.google.com, (accessed on 18 July 2022) replace a letter from different languages, which results in the same domain name based on the appearance except that the hash value is what makes each one different from the other. The hash algorithm is used to enhance the accuracy of the results; the hashing property will detect any slight alteration or modification of the URL The example below is a slight change in the URL that cannot be identified with the naked eye. The attacker takes advantage of look-a-like characters from a Latin Cyrillic, Greek, Hebrew, Chinese, and Armenian character to apply a homoglyph attack. For example, the attacker may change the "or" letter of the original Google domain into a Greek "or" letter, resulting in an entirely different hash value of the Google domain. The example below is a slight change in the URL that cannot be identified with the naked eye. The attacker takes advantage of look-a-like characters from a Latin Cyrillic, Greek, Hebrew, Chinese, and Armenian character to apply a homoglyph attack. For example, the attacker may change the "or" letter of the original Google domain into a Greek "or" letter, resulting in an entirely different hash value of the Google domain.

•
The hash value of the original domain name: www.google.com, (accessed on 18 July 2022).

191347BFE55D0CA9A574DB77BC8648275CE258461450E793528E0CC6D2DCF8F5
• The hash value after changing only one 'o' of the original domain name into a Greek 'o': www.google.com (accessed on 18 July 2022).

79189C0C37E6A0EE3F83D81CB2365CEB9F1226356AC57D836851F9E1FAD44A33
By taking advantage of the hash function to store the hash of each legitimate URL, any manipulation by attackers on the URL will be detected. Figure 3 shows the process of creating the hash dataset, which will be discussed in the following. The example below is a slight change in the URL that cannot be identified with the naked eye. The attacker takes advantage of look-a-like characters from a Latin Cyrillic, Greek, Hebrew, Chinese, and Armenian character to apply a homoglyph attack. For example, the attacker may change the "or" letter of the original Google domain into a Greek "or" letter, resulting in an entirely different hash value of the Google domain. • The hash value of the original domain name: www.google.com.

191347BFE55D0CA9A574DB77BC8648275CE258461450E793528E0CC6D2DCF8F5
• The hash value after changing only one 'o' of the original domain name into a Greek 'o': www.goοgle.com (accessed on 18 July 2022).

79189C0C37E6A0EE3F83D81CB2365CEB9F1226356AC57D836851F9E1FAD44A33
By taking advantage of the hash function to store the hash of each legitimate URL, any manipulation by attackers on the URL will be detected. Figure 3 shows the process of creating the hash dataset, which will be discussed in the following. The following subsections will discuss the two phases of the model, which are development and deployment.

Development Phase
In this section, we discuss the process of training machine learning including preprocessing, feature extraction, feature selection, and data splitting. Then, we explain the method of classification and evaluation using the model. The process of data analysis including selection, processing, and feature extraction and selection took 6 weeks.

Data Selection
In this phase, many approaches towards the research were conducted to find a suitable dataset that meets the requirements and goals. The dataset consists of 70,000 URLs combined by extracting 35,000 legitimate URLs from Alexa [14], and 35,000 illegitimate URLs extracted from PhishTank and PhishStat. These datasets were chosen because they are available in different formats and are open-source, and the Alexa dataset [14] contains the top one million legitimate websites, which is the largest amount used in previous studies. Furthermore, to cover all possibilities of phishing and homoglyph websites, a homoglyph dataset was generated since there is no homoglyph dataset available. We generated our homoglyph dataset from the legitimate dataset by using a Homoglyph generator. The following subsections will discuss the two phases of the model, which are development and deployment.

Development Phase
In this section, we discuss the process of training machine learning including preprocessing, feature extraction, feature selection, and data splitting. Then, we explain the method of classification and evaluation using the model. The process of data analysis including selection, processing, and feature extraction and selection took 6 weeks.

Data Selection
In this phase, many approaches towards the research were conducted to find a suitable dataset that meets the requirements and goals. The dataset consists of 70,000 URLs combined by extracting 35,000 legitimate URLs from Alexa [14], and 35,000 illegitimate URLs extracted from PhishTank and PhishStat. These datasets were chosen because they are available in different formats and are open-source, and the Alexa dataset [14] contains the top one million legitimate websites, which is the largest amount used in previous studies. Furthermore, to cover all possibilities of phishing and homoglyph websites, a homoglyph dataset was generated since there is no homoglyph dataset available. We generated our homoglyph dataset from the legitimate dataset by using a Homoglyph generator.

Data Preprocessing
In the preprocessing data phase, the raw data for both legitimate and illegitimate datasets was simplified into a meaningful format, to minimize the redundant, inconsistent, and incomplete data involving the steps as follows: Data Cleaning: This phase is working on cleaning any useless data by removing duplicated records in our dataset. Furthermore, some records have an incomplete URL that is considered inconsistent data.

•
Data Integration: There is a large imbalance between the legitimate and illegitimate datasets, which leads to model overfitting for the majority class. To avoid this problem, we combined two illegitimate datasets (PhishTank 20% and Phishstat 80%) to have a more considerable record and to be more consistent with the legitimate dataset. We balance the distribution number of records per class label as 50% for illegitimate URLs and 50% for legitimate in our dataset. • Data Transformation: This is a pivotal role in converting unprocessed data into an understandable form. In this phase, we normalized, aggregated, and generalized our datasets. This modification helps to minimize time and complexity by arranging the columns and creating a summary for a faster overview. • Data Reaction: This phase involves reducing large amounts of data into smaller and more meaningful fragments that can extract the features directly from it into more small and significant chunks.

Feature Extraction
This section will explain how the system finds the best representation of the dataset to learn and train the machine learning algorithm to detect homoglyph attacks. Thus, transforming the uncleaned raw data into preprocessed features that clearly depict the core problem of the predictive models, resulting in improved model accuracy on unseen data. The extracted features are categorized from the dataset into six respective areas: • URL-Based Language Features: It helps to extract the features of non-English languages from URLs using words as features and N-grams [19].
The website URLs are passed to the feature extractor that acquires feature values with the help of the already extracted and mentioned URL-based features. Various related studies were selecting and extracting different features from the URL. In this section, we present different research on varied feature selection, to find the most common features that help to detect phishing.
Utilizing the IP address: If the URL contains an IP address, which means it is used as an alternative domain name. For example (192.168.200.1...), from here, we can say that someone tries to steal the user's information.

2.
Special characters: Phishing websites usually hide suspicious content in the URL by using special characters. For example, the symbol "@" leads the browser to ignore the rest of the URL before the "@" symbol. 3.
Redirecting using "//": This symbol '//' is used to forward the user to other websites since we eliminate (http//and https//). The presence of // indicates that the website is illegitimate.

4.
Prefixes or suffixes disjointed by (-) to the domain: The attacker confuses the user by accumulating a prefix or suffixes disconnected from this symbol "-" to convince the user that the URL is legitimate, for example, (www.payment-amazon.com (accessed on 18 July 2022)).

5.
Number of subdomains: The number of subdomains can be utilized by the number of dots (.). Based on the datasets, in case the number of dots is more than four, that means the website will be classified as illegitimate. 6.
The occurrence of "HTTPS" in the domain of the URL. The attacker will have the ability to attach "HTTPS" symbols to the domain of the website URL so as to fool the audience, such as http://https-www-paypal-it-webapps-mpp-home.soft-hair.com/ (accessed on 18 July 2022). The phisher will probably use HTTP instead of HTTPS. 7.
Homoglyph characters: The attackers manipulate the characters of the URL to be look-alike legitimate URLs using various writing options such as Latin, Cyrillic, and Greek to trick the user. For example, "www.google.com", (accessed on 18 July 2022) looks legitimate, but it uses Cyrillic letters to write "Google".

Feature Selection
The method chosen to implement the feature selection is the wrapper method. The wrapper method shortlists the feature set in the form of a search problem, where different groupings have been made, determined, and contrasted with other combinations. Wrappers work slowly in comparison to filters in regard to determining effective subsets as they rely on the resource requirement of the feature selection algorithm, despite the fact that the wrapper methods are slower than the filter. However, the filter method selects the feature without considering the classification model used and sometimes fails to achieve good outcomes. Therefore, the wrapper method was used as the main objective of our study is the accurate detection of homoglyph attacks. Figure 4 shows the process of the wrapper method [20]. since we eliminate (http//and https//). The presence of // indicates that the website is illegitimate. 4. Prefixes or suffixes disjointed by (-) to the domain: The attacker confuses the user by accumulating a prefix or suffixes disconnected from this symbol "-" to convince the user that the URL is legitimate, for example, (www.payment-amazon.com (accessed on 18 July 2022)). 5. Number of subdomains: The number of subdomains can be utilized by the number of dots (.). Based on the datasets, in case the number of dots is more than four, that means the website will be classified as illegitimate. 6. The occurrence of "HTTPS" in the domain of the URL. The attacker will have the ability to attach "HTTPS" symbols to the domain of the website URL so as to fool the audience, such as http://https-www-paypal-it-webapps-mpp-home.soft-hair.com/ (accessed on 18 July 2022). The phisher will probably use HTTP instead of HTTPS. 7. Homoglyph characters: The attackers manipulate the characters of the URL to be look-alike legitimate URLs using various writing options such as Latin, Cyrillic, and Greek to trick the user. For example, "www.google.com" looks legitimate, but it uses Cyrillic letters to write "Google" .

Feature Selection
The method chosen to implement the feature selection is the wrapper method. The wrapper method shortlists the feature set in the form of a search problem, where different groupings have been made, determined, and contrasted with other combinations. Wrappers work slowly in comparison to filters in regard to determining effective subsets as they rely on the resource requirement of the feature selection algorithm, despite the fact that the wrapper methods are slower than the filter. However, the filter method selects the feature without considering the classification model used and sometimes fails to achieve good outcomes. Therefore, the wrapper method was used as the main objective of our study is the accurate detection of homoglyph attacks. Figure 4 shows the process of the wrapper method [20]. The wrapper has two methods: the forward selection method starts with one or a few features selected according to a method-specific selection criterion, and then more features are added iteratively until a stopping criterion is met; the other method is the backward elimination method that starts with all features and iteratively removes one feature or bunches of features. In the current study, we used recursive feature elimination (RFE) for the feature selection. The wrapper has two methods: the forward selection method starts with one or a few features selected according to a method-specific selection criterion, and then more features are added iteratively until a stopping criterion is met; the other method is the backward elimination method that starts with all features and iteratively removes one feature or bunches of features. In the current study, we used recursive feature elimination (RFE) for the feature selection.

Data Splitting
After feature extraction and selection, all gathered data are collected in a new dataset. There are various methods for data partitioning for training and testing. We used the standard data partitioning (70-30) method, where normally approximately 70% of the total data is utilized for training and the rest of the 30% of data is utilized for testing [21].

Classifier Selection
This subsection discusses some classification techniques used in machine learning, such as SVM, artificial neural network (ANN), decision tree (DT), and k-nearest neighbor (KNN). Classification is a supervised machine learning technique that predicts the value of a categorical variable by using several numerical or categorical features.
A comparison of the four algorithms was made using "Weka software" in terms of accuracy for each algorithm. Table 1 shows the outcome summaries acquired after  implementing the relevant classifiers on the data, Table 1 also depicts that RF attained the highest accuracy in comparison to other classifiers. To specify the method to be applied, an analysis must be undertaken first to identify the classifier we will use. To do this, as shown in Table 2, we create a summary to compare the different classifiers used in various research as used previously in the feature extraction phase. The technique that produced the highest results is underlined in the table. The benchmarking will analyze the different papers and the classifier used by each paper, as well as the tools used and the highest findings in each classifier. By using Weka, we used different types of classifiers in different folds and percentages to have a more accurate result. We worked on a quickie, which is the Naïve Bayes, the laziest, which is Kstar, a type of KNN classifier, and the Random Forest, which is the classifier most used in the previous studies. To summarize Table 2, we simplified the results that achieved the highest accuracy, precision, Recall, F1_measure, and false positive to conclude the best achievement among the papers and to prepare our development phase to have the highest result. Table 3 shows the highest test results of the implemented classifiers in the literature review, which helped with choosing the best classifier.

Deployment Phase
After training the machine learning algorithm, as shown in Figure 5, this phase goes through the implementation of the system to determine the legitimacy of the clicked URL. The process sequences are clarified below. In the deployment phase, when the user clicks the URL, there are three cases.

Homoglyph Detection Implementation
When implementing the Homoglyph detector, it can be placed as a proxy to act as a middleware between a PC user and internet users for making sure the system is safe and   • Case 2: If the URL is existing in the illegitimate dataset, block the website. • Case 3: If the URL does not exist in both "Hash Dataset" and "Illegitimate Dataset", then it will go through the process of machine learning.
Employing machine learning to detect homoglyph attacks will help the users to protect themselves from being victims of phishing websites. It is accomplished by utilizing a dynamic dataset to be further utilized on new websites. The comparison will be between the URL that is clicked by users and the URL that exists in a dataset. The process is completed quickly and accurately as the hash function is used for storing the dataset.
The system aims to input the URL and extract features to use it in the classifier, and then the classifier decides if the URL is legitimate or not. The machine learning model is trained using a dataset of legitimate and illegitimate URLs. The hash function is used to store legitimate URLs. Furthermore, if the user clicks the homoglyph URL, only the hash value is checked for the decision. However, if the clicked URL is legitimate, the user is allowed through, otherwise, the request is blocked.

Homoglyph Detection Implementation
When implementing the Homoglyph detector, it can be placed as a proxy to act as a middleware between a PC user and internet users for making sure the system is safe and secure. It is an automated process that sits between the firewall and internet proxy to process and analyze all requests from users in and out before it goes to the internet as shown in Figure 6. The proxy utilizes multiple servers at the same time to control all requests.

Accessibility Interface Prototype
Users in the system have only two functions. They are allowed to enter a URL to check the legitimacy of the entered URL and provide feedback in the case of disagreement with the system's decision, as Figure 7 shows. Allowing the user to add feedback will help the admin to reduce the false-positive rate.

Accessibility Interface Prototype
Users in the system have only two functions. They are allowed to enter a URL to check the legitimacy of the entered URL and provide feedback in the case of disagreement with the system's decision, as Figure 7 shows. Allowing the user to add feedback will help the admin to reduce the false-positive rate.  Here are two scenarios for the user to interact with the machine learning process.

•
Legitimate scenario: When the user enters a legitimate URL, the pop-up message will show that the URL is legitimate and ask the user if they want to continue with the URL of the webpage or not as shown in Figure 8.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph de better solution in terms of different criteria in Table 4. This will be completed th comparison based on the following solution requirements.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements. Ours Does not provide property; Provides property; Partially provides p provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, eff rate, and ease of use. In terms of speed, the homoglyph detector is simi Finder and KMP, which takes approximately 0.07 s to show the result p of effectiveness, the system is functioning as expected, and different scena to validate the operation of the system. The system provides scalability b ble database that accepts a large number of new URLs that need to be machine learning, as shown in Figure 10. The system scalability will ben formance and efficiency and enhance system security. Other languages in the future to support expanding the system all over the world and det homoglyph attacks in global ways. Furthermore, it is easy to implement a must write the URL that needs to be checked and press the check butt result. In addition, there is a small possibility to have a wrong result; to hance the system performance, we added a feature to obtain user feed provide feedback on the result and send it to the admin. Later, the adm user feedback and make sure that the ML has provided a correct decision that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset. Ours Does not provide property; Provides property; Partially provides prope provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effecti rate, and ease of use. In terms of speed, the homoglyph detector is similar Finder and KMP, which takes approximately 0.07 s to show the result per u of effectiveness, the system is functioning as expected, and different scenario to validate the operation of the system. The system provides scalability by ha ble database that accepts a large number of new URLs that need to be pro machine learning, as shown in Figure 10. The system scalability will benefit formance and efficiency and enhance system security. Other languages can in the future to support expanding the system all over the world and detect p homoglyph attacks in global ways. Furthermore, it is easy to implement and u must write the URL that needs to be checked and press the check button t result. In addition, there is a small possibility to have a wrong result; to fix hance the system performance, we added a feature to obtain user feedbac provide feedback on the result and send it to the admin. Later, the admin w user feedback and make sure that the ML has provided a correct decision on that it has been added to the dataset. e Analysis has shown its efficiency in terms of speed, scalability, effectiveness, error of use. In terms of speed, the homoglyph detector is similar to the Sham-P, which takes approximately 0.07 s to show the result per user. In terms s, the system is functioning as expected, and different scenarios were tested operation of the system. The system provides scalability by having a flexiat accepts a large number of new URLs that need to be processed using ng, as shown in Figure 10. The system scalability will benefit system perefficiency and enhance system security. Other languages can be included support expanding the system all over the world and detect phishing and acks in global ways. Furthermore, it is easy to implement and use. The user URL that needs to be checked and press the check button to obtain the ion, there is a small possibility to have a wrong result; to fix that and enem performance, we added a feature to obtain user feedback. Users can ck on the result and send it to the admin. Later, the admin will check all and make sure that the ML has provided a correct decision on the URL and added to the dataset. formance Analysis e system has shown its efficiency in terms of speed, scalability, effectiveness, error d ease of use. In terms of speed, the homoglyph detector is similar to the Shamand KMP, which takes approximately 0.07 s to show the result per user. In terms tiveness, the system is functioning as expected, and different scenarios were tested ate the operation of the system. The system provides scalability by having a flexiabase that accepts a large number of new URLs that need to be processed using e learning, as shown in Figure 10. The system scalability will benefit system perce and efficiency and enhance system security. Other languages can be included uture to support expanding the system all over the world and detect phishing and lyph attacks in global ways. Furthermore, it is easy to implement and use. The user rite the URL that needs to be checked and press the check button to obtain the In addition, there is a small possibility to have a wrong result; to fix that and enhe system performance, we added a feature to obtain user feedback. Users can feedback on the result and send it to the admin. Later, the admin will check all dback and make sure that the ML has provided a correct decision on the URL and as been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, erro rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham Finder and KMP, which takes approximately 0.07 s to show the result per user. In term of effectiveness, the system is functioning as expected, and different scenarios were teste to validate the operation of the system. The system provides scalability by having a flex ble database that accepts a large number of new URLs that need to be processed usin machine learning, as shown in Figure 10. The system scalability will benefit system pe formance and efficiency and enhance system security. Other languages can be include in the future to support expanding the system all over the world and detect phishing an homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The use must write the URL that needs to be checked and press the check button to obtain th result. In addition, there is a small possibility to have a wrong result; to fix that and en hance the system performance, we added a feature to obtain user feedback. Users ca provide feedback on the result and send it to the admin. Later, the admin will check a user feedback and make sure that the ML has provided a correct decision on the URL an that it has been added to the dataset.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset. Ours Does not provide property; Provides property; Partially provides prope provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effecti rate, and ease of use. In terms of speed, the homoglyph detector is similar Finder and KMP, which takes approximately 0.07 s to show the result per u of effectiveness, the system is functioning as expected, and different scenario to validate the operation of the system. The system provides scalability by ha ble database that accepts a large number of new URLs that need to be pro machine learning, as shown in Figure 10. The system scalability will benefit formance and efficiency and enhance system security. Other languages can in the future to support expanding the system all over the world and detect p homoglyph attacks in global ways. Furthermore, it is easy to implement and u must write the URL that needs to be checked and press the check button t result. In addition, there is a small possibility to have a wrong result; to fix hance the system performance, we added a feature to obtain user feedbac provide feedback on the result and send it to the admin. Later, the admin w user feedback and make sure that the ML has provided a correct decision on that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset. Ours Does not provide property; Provides property; Partially provides prope provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effecti rate, and ease of use. In terms of speed, the homoglyph detector is similar Finder and KMP, which takes approximately 0.07 s to show the result per u of effectiveness, the system is functioning as expected, and different scenario to validate the operation of the system. The system provides scalability by ha ble database that accepts a large number of new URLs that need to be pro machine learning, as shown in Figure 10. The system scalability will benefit formance and efficiency and enhance system security. Other languages can in the future to support expanding the system all over the world and detect p homoglyph attacks in global ways. Furthermore, it is easy to implement and u must write the URL that needs to be checked and press the check button t result. In addition, there is a small possibility to have a wrong result; to fix hance the system performance, we added a feature to obtain user feedbac provide feedback on the result and send it to the admin. Later, the admin w user feedback and make sure that the ML has provided a correct decision on that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, erro rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham Finder and KMP, which takes approximately 0.07 s to show the result per user. In term of effectiveness, the system is functioning as expected, and different scenarios were teste to validate the operation of the system. The system provides scalability by having a flex ble database that accepts a large number of new URLs that need to be processed usin machine learning, as shown in Figure 10. The system scalability will benefit system pe formance and efficiency and enhance system security. Other languages can be include in the future to support expanding the system all over the world and detect phishing an homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The use must write the URL that needs to be checked and press the check button to obtain th result. In addition, there is a small possibility to have a wrong result; to fix that and en hance the system performance, we added a feature to obtain user feedback. Users ca provide feedback on the result and send it to the admin. Later, the admin will check a user feedback and make sure that the ML has provided a correct decision on the URL an that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset. J. Sens. Actuator Netw. 2022, 11, x FOR PEER REVIEW ShamFinder [12] k-nearest neighbors algorithm (k-NN) [11] □ HitZone map [28] KMP [9], [35] Ours Does not provide property; Provides property; Part provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed rate, and ease of use. In terms of speed, the homoglyph d Finder and KMP, which takes approximately 0.07 s to sho of effectiveness, the system is functioning as expected, and to validate the operation of the system. The system provid ble database that accepts a large number of new URLs th machine learning, as shown in Figure 10. The system scal formance and efficiency and enhance system security. Ot in the future to support expanding the system all over the homoglyph attacks in global ways. Furthermore, it is easy must write the URL that needs to be checked and press result. In addition, there is a small possibility to have a w hance the system performance, we added a feature to o provide feedback on the result and send it to the admin. user feedback and make sure that the ML has provided a c that it has been added to the dataset. k-nearest neighbors algorithm (k-NN) [ e Analysis has shown its efficiency in terms of speed, scalability, effectiveness, error of use. In terms of speed, the homoglyph detector is similar to the Sham-P, which takes approximately 0.07 s to show the result per user. In terms s, the system is functioning as expected, and different scenarios were tested operation of the system. The system provides scalability by having a flexiat accepts a large number of new URLs that need to be processed using ng, as shown in Figure 10. The system scalability will benefit system perefficiency and enhance system security. Other languages can be included support expanding the system all over the world and detect phishing and acks in global ways. Furthermore, it is easy to implement and use. The user URL that needs to be checked and press the check button to obtain the ion, there is a small possibility to have a wrong result; to fix that and enem performance, we added a feature to obtain user feedback. Users can ck on the result and send it to the admin. Later, the admin will check all and make sure that the ML has provided a correct decision on the URL and added to the dataset.   Table 4. This will be completed through a comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, erro rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham Finder and KMP, which takes approximately 0.07 s to show the result per user. In term of effectiveness, the system is functioning as expected, and different scenarios were teste to validate the operation of the system. The system provides scalability by having a flex ble database that accepts a large number of new URLs that need to be processed usin machine learning, as shown in Figure 10. The system scalability will benefit system pe formance and efficiency and enhance system security. Other languages can be include in the future to support expanding the system all over the world and detect phishing an homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The use must write the URL that needs to be checked and press the check button to obtain th result. In addition, there is a small possibility to have a wrong result; to fix that and en hance the system performance, we added a feature to obtain user feedback. Users ca provide feedback on the result and send it to the admin. Later, the admin will check a user feedback and make sure that the ML has provided a correct decision on the URL an that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiven rate, and ease of use. In terms of speed, the homoglyph detector is similar to th Finder and KMP, which takes approximately 0.07 s to show the result per user. of effectiveness, the system is functioning as expected, and different scenarios we to validate the operation of the system. The system provides scalability by havin ble database that accepts a large number of new URLs that need to be process machine learning, as shown in Figure 10. The system scalability will benefit sys formance and efficiency and enhance system security. Other languages can be in the future to support expanding the system all over the world and detect phis homoglyph attacks in global ways. Furthermore, it is easy to implement and use. must write the URL that needs to be checked and press the check button to o result. In addition, there is a small possibility to have a wrong result; to fix tha hance the system performance, we added a feature to obtain user feedback. U provide feedback on the result and send it to the admin. Later, the admin will user feedback and make sure that the ML has provided a correct decision on the that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.   Table 4. This will be completed through a comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and J. Sens. Actuator Netw. 2022, 11, x FOR PEER REVIEW ShamFinder [12] k-nearest neighbors algorithm (k-NN) [11] □ HitZone map [28] KMP [9], [35] Ours Does not provide property; Provides property; Part provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed rate, and ease of use. In terms of speed, the homoglyph d Finder and KMP, which takes approximately 0.07 s to sho of effectiveness, the system is functioning as expected, and to validate the operation of the system. The system provid ble database that accepts a large number of new URLs th machine learning, as shown in Figure 10. The system scal formance and efficiency and enhance system security. Ot in the future to support expanding the system all over the homoglyph attacks in global ways. Furthermore, it is easy must write the URL that needs to be checked and press result. In addition, there is a small possibility to have a w hance the system performance, we added a feature to o provide feedback on the result and send it to the admin. user feedback and make sure that the ML has provided a c that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can J. Sens. Actuator Netw. 2022, 11, x FOR PEER REVIEW ShamFinder [12] □ k-nearest neighbors algorithm (k-NN) [11] □ HitZone map [28] □ KMP [9], [35] Ours Does not provide property; Provides property; Partially provides property; provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiven rate, and ease of use. In terms of speed, the homoglyph detector is similar to th Finder and KMP, which takes approximately 0.07 s to show the result per user. of effectiveness, the system is functioning as expected, and different scenarios we to validate the operation of the system. The system provides scalability by havin ble database that accepts a large number of new URLs that need to be process machine learning, as shown in Figure 10. The system scalability will benefit sys formance and efficiency and enhance system security. Other languages can be in the future to support expanding the system all over the world and detect phis homoglyph attacks in global ways. Furthermore, it is easy to implement and use. must write the URL that needs to be checked and press the check button to o result. In addition, there is a small possibility to have a wrong result; to fix tha hance the system performance, we added a feature to obtain user feedback. U provide feedback on the result and send it to the admin. Later, the admin will user feedback and make sure that the ML has provided a correct decision on the that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and J. Sens. Actuator Netw. 2022, 11, x FOR PEER REVIEW ShamFinder [12] k-nearest neighbors algorithm (k-NN) [11] □ HitZone map [28] KMP [9], [35] Ours Does not provide property; Provides property; Partially pro provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed, scalab rate, and ease of use. In terms of speed, the homoglyph detector Finder and KMP, which takes approximately 0.07 s to show the r of effectiveness, the system is functioning as expected, and differe to validate the operation of the system. The system provides scala ble database that accepts a large number of new URLs that need machine learning, as shown in Figure 10. The system scalability formance and efficiency and enhance system security. Other lan in the future to support expanding the system all over the world a homoglyph attacks in global ways. Furthermore, it is easy to impl must write the URL that needs to be checked and press the che result. In addition, there is a small possibility to have a wrong re hance the system performance, we added a feature to obtain u provide feedback on the result and send it to the admin. Later, t user feedback and make sure that the ML has provided a correct d that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, erro rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham Finder and KMP, which takes approximately 0.07 s to show the result per user. In term of effectiveness, the system is functioning as expected, and different scenarios were teste to validate the operation of the system. The system provides scalability by having a flex ble database that accepts a large number of new URLs that need to be processed usin machine learning, as shown in Figure 10. The system scalability will benefit system pe formance and efficiency and enhance system security. Other languages can be include in the future to support expanding the system all over the world and detect phishing an homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The use must write the URL that needs to be checked and press the check button to obtain th result. In addition, there is a small possibility to have a wrong result; to fix that and en hance the system performance, we added a feature to obtain user feedback. Users ca provide feedback on the result and send it to the admin. Later, the admin will check a user feedback and make sure that the ML has provided a correct decision on the URL an that it has been added to the dataset.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiven rate, and ease of use. In terms of speed, the homoglyph detector is similar to th Finder and KMP, which takes approximately 0.07 s to show the result per user. of effectiveness, the system is functioning as expected, and different scenarios we to validate the operation of the system. The system provides scalability by havin ble database that accepts a large number of new URLs that need to be process machine learning, as shown in Figure 10. The system scalability will benefit sys formance and efficiency and enhance system security. Other languages can be in the future to support expanding the system all over the world and detect phis homoglyph attacks in global ways. Furthermore, it is easy to implement and use. must write the URL that needs to be checked and press the check button to o result. In addition, there is a small possibility to have a wrong result; to fix tha hance the system performance, we added a feature to obtain user feedback. U provide feedback on the result and send it to the admin. Later, the admin will user feedback and make sure that the ML has provided a correct decision on the that it has been added to the dataset.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector a better solution in terms of different criteria in Table 4. This will be completed through a comparison based on the following solution requirements. ShamFinder [12] k-nearest neighbors algorithm (k-NN) [11] □ HitZone map [28] KMP [9], [35] Ours Does not provide property; Provides property; Part provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms of speed rate, and ease of use. In terms of speed, the homoglyph d Finder and KMP, which takes approximately 0.07 s to sho of effectiveness, the system is functioning as expected, and to validate the operation of the system. The system provid ble database that accepts a large number of new URLs th machine learning, as shown in Figure 10. The system scal formance and efficiency and enhance system security. Ot in the future to support expanding the system all over the homoglyph attacks in global ways. Furthermore, it is easy must write the URL that needs to be checked and press result. In addition, there is a small possibility to have a w hance the system performance, we added a feature to o provide feedback on the result and send it to the admin. user feedback and make sure that the ML has provided a c that it has been added to the dataset. J. Sens. Actuator Netw. 2022, 11, x FOR PEER REVIEW ShamFinder [12] k-nearest neighbors algorithm (k-NN) [11] □ HitZone map [28] KMP [9], [35] Ours Does not provide property; Provides property; provides property; □ Null.

Performance Analysis
The system has shown its efficiency in terms o rate, and ease of use. In terms of speed, the homo Finder and KMP, which takes approximately 0.07 of effectiveness, the system is functioning as expect to validate the operation of the system. The system ble database that accepts a large number of new machine learning, as shown in Figure 10. The syst formance and efficiency and enhance system secu in the future to support expanding the system all o homoglyph attacks in global ways. Furthermore, it must write the URL that needs to be checked and result. In addition, there is a small possibility to h hance the system performance, we added a featu provide feedback on the result and send it to the user feedback and make sure that the ML has prov that it has been added to the dataset. J. Sens. Actuator Netw. 2022, 11, x FOR PEER REVIEW ShamFinder [12] k-nearest neighbors algorithm (k-NN) [11] HitZone map [28] KMP [9], [35] Ours Does not provide property; Provides p provides property; □ Null.

Performance Analysis
The system has shown its efficiency in rate, and ease of use. In terms of speed, th Finder and KMP, which takes approximate of effectiveness, the system is functioning a to validate the operation of the system. The ble database that accepts a large number o machine learning, as shown in Figure 10. T formance and efficiency and enhance syste in the future to support expanding the syst homoglyph attacks in global ways. Furtherm must write the URL that needs to be chec result. In addition, there is a small possibil hance the system performance, we added provide feedback on the result and send it user feedback and make sure that the ML h that it has been added to the dataset. 13  In terms em is functioning as expected, and different scenarios were tested of the system. The system provides scalability by having a flexis a large number of new URLs that need to be processed using wn in Figure 10. The system scalability will benefit system perand enhance system security. Other languages can be included expanding the system all over the world and detect phishing and obal ways. Furthermore, it is easy to implement and use. The user t needs to be checked and press the check button to obtain the

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the Sham-Finder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and en-Partially provides property; • Illegitimate scenario: When the user enters a mix of IP and homoglyph letters, e.g www.talenteđ/192.168.4.8 as shown in Figure 9.

Experimental Analysis, Observations, and Results
This section provides a clear justification for what makes the homoglyph detector better solution in terms of different criteria in Table 4. This will be completed through comparison based on the following solution requirements.

Performance Analysis
The system has shown its efficiency in terms of speed, scalability, effectiveness, error rate, and ease of use. In terms of speed, the homoglyph detector is similar to the ShamFinder and KMP, which takes approximately 0.07 s to show the result per user. In terms of effectiveness, the system is functioning as expected, and different scenarios were tested to validate the operation of the system. The system provides scalability by having a flexible database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result.
In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset. ble database that accepts a large number of new URLs that need to be processed using machine learning, as shown in Figure 10. The system scalability will benefit system performance and efficiency and enhance system security. Other languages can be included in the future to support expanding the system all over the world and detect phishing and homoglyph attacks in global ways. Furthermore, it is easy to implement and use. The user must write the URL that needs to be checked and press the check button to obtain the result. In addition, there is a small possibility to have a wrong result; to fix that and enhance the system performance, we added a feature to obtain user feedback. Users can provide feedback on the result and send it to the admin. Later, the admin will check all user feedback and make sure that the ML has provided a correct decision on the URL and that it has been added to the dataset.

Functionality Analysis
The functionality of this program depends on three features, namely: implementation, economics, and independence. The program is implemented in Java using Weka libraries. However, can be implemented in different programming languages. We considered it as economical because it only requires software installation of the solution into the organization server with no additional hardware or tools required. Moreover, independence is measured based on the need for external data or software to operate the homoglyph detector.

Functionality Analysis
The functionality of this program depends on three features, namely: implementation, economics, and independence. The program is implemented in Java using Weka libraries. However, can be implemented in different programming languages. We considered it as economical because it only requires software installation of the solution into the organization server with no additional hardware or tools required. Moreover, independence is measured based on the need for external data or software to operate the homoglyph detector.

Security Analysis
In the security aspect, integrity, accuracy, and availability were considered. Where integrity means the data was used as is and was not subject to any changes or modifications. Availability means you can reach the system and data whenever needed and there are no obstacles to reaching what you are supposed to reach. While accuracy is a percentage of how true the result is compared to reality. Comparing these three aspects with related works shows that the homoglyph detector provides better results in conjunction with machine learning. With the software combined with machine learning, it enhances compliance and maintenance strategies for the detection of defects. With the help of this out-of-thebox approach, the rate of data stored and captured will rise and will offer more practical and real-time data comparison and will be flexible for new data that will be utilized for conditional determination. This revolutionary approach will provide real-time data analysis and allow for the use of new data for assessment. The data integrity cannot be altered unless the admin is allowed because s/he has the ability to add data manually. Talking about the accuracy, as shown in Table 5, the system depends upon the result of the model used "Random Forest," which achieved 99.82%, and it can be higher over time because of the machine learning and the update in the datasets illustrated in Figure 10. While the ShamFinder approach [12] uses machine learning but they used fixed datasets that do not add new data over time, so the rate of accuracy is unlikely to improve, which is 97%. Regarding the availability, the homoglyph detector has proven its availability as it is considered available to the user as a first step for entering a webpage. Moreover, the solution can function on different web browsers and operating systems properly. As an example of the percentage comparison with previous related work [11], homoglyph detection shows a higher result in Table 5.

Discussion
In this section, we will discuss several attacks that may target the system and will threaten the functionality and security of the system and how these attacks will be mitigated. Figure 11 illustrates a threat model containing potential threats targeting admin datasets and machine learning algorithms. • Dictionary attack: The technique utilized to break the system and gain unauthorized access by going through every password in the dictionary word list.

•
Rainbow attack: Method used to compare hashed passwords in the rainbow table with the entered password.

•
Privilege abuse: A privilege abuse attack occurs when the attacker tries to use the admin account inappropriately by entering the system with the admin account.
-Mitigation: (1) access control: regulating access to the system by using ACL to minimize the risk of unauthorized users. (2) Audit trail: auditing and logging the admin's activities.

Data Attack
The following attacks target the data: • SQL injection: The SQL injection attack is when the attacker tries to gain unauthorized access by injecting a malicious SQL query to retrieve the desired information from the database. In the case of the proposed model within this paper, the attacker tends to replace the URL with an SQL query [36]. That adds an illegitimate URL in the legitimate dataset to ensure future access to the website.

Interface Attack
The following attacks targeted the admin account: • Password attack: The attacker can gain unauthorized access to the system through an admin account. The following are examples of password attacks. • Brute force attack: It is an attack when multiple attempts and combinations are tested by the hacker to attain the account password. • Dictionary attack: The technique utilized to break the system and gain unauthorized access by going through every password in the dictionary word list. • Rainbow attack: Method used to compare hashed passwords in the rainbow table with the entered password.
• Privilege abuse: A privilege abuse attack occurs when the attacker tries to use the admin account inappropriately by entering the system with the admin account.
-Mitigation: (1) access control: regulating access to the system by using ACL to minimize the risk of unauthorized users. (2) Audit trail: auditing and logging the admin's activities.

Data Attack
The following attacks target the data: • SQL injection: The SQL injection attack is when the attacker tries to gain unauthorized access by injecting a malicious SQL query to retrieve the desired information from the database. In the case of the proposed model within this paper, the attacker tends to replace the URL with an SQL query [36]. That adds an illegitimate URL in the legitimate dataset to ensure future access to the website. • Mitigation: The input validation mechanism must occur. The input validation will check the input given by the user. The input must be a URL that will be checked by the machine to determine its legitimacy and add it to the suitable dataset. If the input were an SQL query, the system would drop the input to block any attempt from the user to apply the direct modification to the dataset, which is the responsibility of the machine only [36].

System Attacks
The following attacks target the system: • Evasion attacks: They are the most prevalent type of attacks that may be encountered during system operation. This attack happened during the learned model, e.g., in our case, the attacker changes some words in the URL and it seems readable, but actually, the system fails to classify the result in the classification process of the ML.

System Attacks
The following attacks target the system: • Evasion attacks: They are the most prevalent type of attacks that may be encountered during system operation. This attack happened during the learned model, e.g., in our case, the attacker changes some words in the URL and it seems readable, but actually, the system fails to classify the result in the classification process of the ML. • Mitigation: It evaluated the efficacy of the classifier model by validating the input as shown in Figure 12. • Poisoning attacks: This attacker is targeting ML during the deployment model. This attack targets the availability and integrity of the ML by injecting so much bad data into the system that whatever boundary the model learns becomes useless. • Mitigation: The most common type of defense is outlier detection. The idea is when the infection is poisoning the machine learning system, the attacker is injecting something into the training aggregation that is very different from what it should include, and this should be detected.
The experiments and key findings show that the proposed model is effective at detecting homoglyph attacks. Moreover, the proposed model was evaluated against various types of attacks.

Conclusions
This paper considered visually similar characters known as homoglyphs. The similarity of these characters "Unicode or ASCII" has recently been used in different kinds of attacks such as phishing attacks and other homoglyph attacks. In this paper, various tech-

•
Poisoning attacks: This attacker is targeting ML during the deployment model. This attack targets the availability and integrity of the ML by injecting so much bad data into the system that whatever boundary the model learns becomes useless. • Mitigation: The most common type of defense is outlier detection. The idea is when the infection is poisoning the machine learning system, the attacker is injecting something into the training aggregation that is very different from what it should include, and this should be detected.
The experiments and key findings show that the proposed model is effective at detecting homoglyph attacks. Moreover, the proposed model was evaluated against various types of attacks.