PhishBuster: An Intelligent Web-Based Tool for Real-Time Malicious URL Detection in Small Businesses

Authors

  • Romina Stephanie Huamani-Félix Universidad Peruana de Ciencias Aplicadas, Lima, Peru
  • Giancarlo André Roman-Zamora Universidad Peruana de Ciencias Aplicadas, Lima, Peru https://orcid.org/0009-0003-2621-9916
  • Pedro Castañeda Universidad Nacional Toribio Rodriguez de Mendoza (UNTRM), Amazonas, Peru https://orcid.org/0000-0003-1865-1293
  • Juan Mansilla-López Universidad Peruana de Ciencias Aplicadas, Lima, Peru
  • Alberto Daniel García-Núñez Universidad Pontificia Bolivariana, Medellín, Colombia https://orcid.org/0000-0002-9402-3785

DOI:

https://doi.org/10.3991/ijoe.v22i03.58701

Keywords:

Add-On Web, Artificial Intelligence, Machine Learning, Phishing, Natural Language Processing (NLP)

Abstract


In light of the ongoing digital transformation, small and medium-sized enterprises (SMEs) in Peru are becoming increasingly susceptible to phishing attacks, which threaten both operational continuity and the protection of sensitive data. To tackle this issue, this study introduces a smart web-based solution designed to detect malicious URLs by leveraging machine learning (ML) techniques. The main objective of this study is to develop and evaluate a machine learning-based browser extension capable of accurately identifying phishing URLs in realtime scenarios. The system was assessed using three classification algorithms—XGBoost, LightGBM, and Random Forest—trained on publicly available datasets from PhishTank and PhishStorm. The performance of each model was evaluated using key metrics, including accuracy, precision, recall, specificity, F1-score, receiver operating characteristic curve (ROC), and the area under the ROC curve (AUC). Among the tested models, XGBoost achieved the highest performance, recording an AUC of 0.99 and an accuracy of 94.6%. The tool proved effective in identifying phishing links, especially by reducing the rate of false negatives, which is crucial for real-time threat prevention. In addition, a continuity strategy was developed to ensure smooth integration into the digital environments of SMEs. This proposed solution stands out for its ease of deployment, scalability, and efficiency, offering a meaningful contribution to improving cybersecurity and strengthening the digital resilience of Peru’s SME sector.

Author Biographies

Romina Stephanie Huamani-Félix, Universidad Peruana de Ciencias Aplicadas, Lima, Peru

Romina Stephanie Huamani-Félix is a Systems Information Engineering at the Peruvian University of Applied Sciences in Lima, Peru (Email: U20201B134@upc.edu.pe). 

Giancarlo André Roman-Zamora, Universidad Peruana de Ciencias Aplicadas, Lima, Peru

Giancarlo André Roman-Zamora is a Systems Information Engineering at the Peruvian University of Applied Sciences in Lima, Peru (Email: U202010572@upc.edu.pe). 

Pedro Castañeda, Universidad Nacional Toribio Rodriguez de Mendoza (UNTRM), Amazonas, Peru

Pedro Castañeda is a RENACYT Researcher and holds a PhD in Systems Engineering, a master’s degree in management and information technology management from UNMSM and a master’s degree in business administration (MBA) - ESAN. He has completed doctoral studies in Public Policy and State Management at the Centro de Altos Estudios Nacionales (CAEN). He leads e-brokerage projects, software development and process improvement, using agile and traditional methodologies. He has the following certifications: Project Management Professional (PMP), Scrum Certified Developer (CSD), IBM Certified Professional in Rational Unified Process, and ORACLE Certifications. Areas of Interest: Artificial Intelligence, Software Productivity, Business Intelligence, Data Analytics, Machine Learning, Software Engineering. (Email: pedro.castaneda@untrm.edu.pe, ORCID: https://orcid.org/0000-0003-1865-1293).

Juan Mansilla-López, Universidad Peruana de Ciencias Aplicadas, Lima, Peru

Juan Mansilla-Lopez received a bachelor's degree in systems engineering from Universidad de Lima in 1997 and a master's degree in finance from Universidad ESAN in 2011. Since 2022, he has been the coordinator of the Information Systems Engineering program at the Universidad Peruana de Ciencias Aplicadas. His research interests include artificial intelligence, internet of things, finance and stock markets. (Email: pcsijman@upc.edu.pe, ORCID: https://orcid.org/0000-0003-0039-6044)

Alberto Daniel García-Núñez, Universidad Pontificia Bolivariana, Medellín, Colombia

Alberto Daniel García-Núñez. D. student in Technology and Innovation Management (UPB), Master in Information Technology Management (ITESM). (Email: alberto.garcia@upb.edu.co, ORCID: https://orcid.org/0000-0002-9402-3785)

Cover iJOE – Vol 22, No 03 (2026)

Downloads

Published

2026-03-05

How to Cite

Huamani-Félix, R. S., Roman-Zamora, G. A., Castañeda, P., Mansilla-López, J., & García-Núñez, A. D. (2026). PhishBuster: An Intelligent Web-Based Tool for Real-Time Malicious URL Detection in Small Businesses. International Journal of Online and Biomedical Engineering (iJOE), 22(03), pp. 39–57. https://doi.org/10.3991/ijoe.v22i03.58701

Issue

Vol. 22 No. 03 (2026)

Section

Papers

License

Copyright (c) 2026 Romina Stephanie Huamani-Félix, Giancarlo André Roman-Zamora, Pedro Castañeda, Juan Mansilla-López, Alberto Daniel García-Núñez

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.