Abstract
QR code phishing, or "quishing," exploits the widespread adoption of QR codes to embed malicious URLs that lead users to phishing sites or initiate malware downloads. Unlike traditional phishing methods, QR phishing is uniquely deceptive, leveraging the inherent trust and convenience associated with QR codes while bypassing standard detection mechanisms. This thesis presents the SEQR scanner, a novel solution tailored to detect and prevent QR phishing attacks, specifically focusing on Android platforms. By integrating multiple detection mechanisms—machine learning prediction, fuzzy logic algorithm, and third-party blacklisting APIs—the solution effectively identifies malicious QR codes with precision. A zero-trust-based mechanism is implemented alongside a novel cloud-based browser isolation mechanism to mitigate risks, ensuring harmful links are contained within a secure, sandboxed environment. With the continued widespread adoption of QR codes, the rise in Quishing attacks is inevitable, as these attacks leverage the convenience of QR codes to bypass scrutiny and evade traditional detection methods. This thesis not only addresses critical gaps in existing QR phishing detection mechanisms but also introduces a scalable and user-friendly defense solution. Comprehensive performance evaluations reveal that the proposed solution, the SEQR scanner, excels in detecting advanced obfuscated URLs, mitigating zero-day threats, and delivering an accessible, scalable tool through a progressive web application.
Library of Congress Subject Headings
Android (Electronic resource)--Security measures; QR codes--Security measures; Phishing--Prevention; Smartphones--Security measures; Machine learning
Publication Date
2024
Document Type
Thesis
Student Type
Graduate
Degree Name
Cybersecurity (MS)
Department, Program, or Center
Cybersecurity, Department of
Advisor
Wesam Almobaideen
Advisor/Committee Member
Mohammed M. Al Ani
Advisor/Committee Member
Omar Abdul Latif
Recommended Citation
William, Felix, "Machine learning, Fuzzy logic and Zero Trust-Based Quishing Prevention solution for Android Smartphones" (2024). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/11995
Campus
RIT Dubai
Plan Codes
COMPSEC-MS
Comments
This thesis has been embargoed. The full-text will be available on or around 1/17/2026.