System Architecture

Serverless and Scalable Design for Rule-Based Phishing Detection

PhishAID is designed using a lightweight, serverless architecture that emphasizes scalability, low operational overhead, and high availability. The architecture eliminates the need for traditional server management while ensuring fast response times and reliable access.

The system is deployed using modern edge and cloud-native services, making it suitable for academic demonstrations, real-world experimentation, and large-scale public access.

Architectural Overview

PhishAID follows a client–edge–logic model where phishing detection is performed through deterministic rules rather than computationally intensive machine learning pipelines.

The core architectural components include:

User Interface (HTML/CSS) – A lightweight browser-based interface for URL submission and result display.
Rule Engine (JavaScript) – Implements phishing detection logic using predefined, explainable rules.
Static Hosting – Frontend is deployed using Cloudflare Pages for global availability.
CDN & Security Layer – Cloudflare provides caching, DDoS protection, and secure content delivery.

Serverless and Edge-Based Design

PhishAID follows a serverless architecture model, where detection logic is executed without maintaining dedicated backend servers. Hosting the application at the network edge reduces latency and improves performance for users across different geographic regions.

This design choice also minimizes maintenance effort, simplifies deployment, and allows the system to scale automatically based on demand.

Request Processing Flow

The step-by-step flow of a phishing detection request is as follows:

User submits a URL through the web interface.
The request is routed through the Cloudflare CDN.
The rule engine evaluates the URL against predefined phishing indicators.
A verdict along with rule-based warnings is generated.
The result is returned instantly to the user’s browser.

Security and Availability Considerations

Cloudflare’s CDN and security services provide an additional protection layer, ensuring resilience against malicious traffic and denial-of-service attacks. Static hosting further reduces the attack surface by eliminating server-side vulnerabilities.

The architecture ensures:

High availability with minimal downtime
Global access with low latency
Secure and reliable content delivery
Easy extensibility for future enhancements

Future Architectural Extensions

While the current architecture focuses on rule-based detection, it is designed to support future extensions such as backend APIs, logging services, and optional AI-assisted analysis modules in later project phases.

This modular approach ensures that PhishAID can evolve without requiring a complete redesign of the system architecture.