EMAIL SPAM FILTERING WITH

MACHINE LEARNING AND NATURAL

LANGUAGE PROCESSING TECHNIQUES
A Project Report submitted to
JAWAHARLAL NEHRU TECHNOLOGICAL UNVERSITY ANANTAPUR.

in Partial Fulfillment of the Requirements for the Award of the degree of

BACHELOR OF TECHNOLOGY
IN
INFORMATION TECHNOLOGY

Submitted by

SINGAMSETTI YUVANEETHA (21121A3839)

VAIKUNTHAM LAKSHMI NAIDU (21121A3843)

CM LAVANYA (21121A3805)

CHINTHAGINJALA LOKESH (21121A3810)

Under the Guidance of

Mr. P Yogendra Prasad
Assistant Professor

Department of Information Technology

Sree Sainath Nagar, Tirupati – 517 102, A.P., INDIA

2021 - 2025
 Department of Information Technology

Sree Sainath Nagar, Tirupati – 517 102, A.P., INDIA

CERTIFICATE

This is to certify that the project report entitled

“EMAIL SPAM FILTERING WITH MACHINE LEARNING AND

NATURAL LANGUAGE PROCESSING TECHNIQUES”
is the Bonafide work done by
SINGAMSETTI YUVANEETHA (21121A3839)
VAIKUNTAM LAKSHMI NAIDU (21121A3843)

CM LAVANYA (21121A3805)

CHINTHAGINJALA LOKESH (21121A3810)

in the Department of Information Technology, and submitted to Jawaharlal Nehru
Technological University Anantapur, Ananthapuramu in partial fulfillment of the
requirements for the award of the degree of Bachelor of Technology in Computer Science
and Systems Engineering during the academic year 2023-2024. This work has been carried
out under my supervision. The results of this mini project work have not been submitted to
any university for the award of any degree or diploma.
Supervisor: Head of the Dept.:

Mr. P. Yogendra Prasad, Dr. K. Reddy Madhavi,

Assistant Professor Professor & Head
Dept. of Computer Science and Systems Dept. of Computer Science and Systems
Engineering Engineering
Sree Vidyanikethan Engineering College Sree Vidyanikethan Engineering College
Sree Sainath Nagar, Tirupati – 517 102 Sree Sainath Nagar, Tirupati – 517 102

INTERNAL EXAMINER EXTERNALEXAMINER

i
 DECLARATION

We declare that this written submission represents our ideas in our own words and

where others' ideas or words have been included, we have adequately cited and referenced

the original sources. We also declare that we have adhered to all principles of academic

honesty and integrity and have not misrepresented or fabricated or falsified any idea / data

/ fact / source in our submission. We understand that any violation of the above will be cause

for disciplinary action by the Institute and can also evoke penal action from the sources

which have thus not been properly cited or from whom proper permission has not been taken

when needed.

Signature of the students

1.

2.

3.

4.

ii
 ACKNOWLEDGEMENTS

We are extremely thankful to our beloved Chairman and founder Dr. M. Mohan Babu who
took keen interest to provide us the infrastructural facilities for carrying out the project work.

I am extremely thankful to our beloved Chief executive officer Sri Vishnu Manchu of Sree
Vidyanikethan Educational Institutions who took keen interest in providing better academic
facilities in the institution.

We are highly indebted to Dr. Y. Dileep Kumar, Principal of Sree Vidyanikethan

EngineeringCollege for his valuable support and guidance in all academic matters.

We are very much obliged to Dr. K. Reddy Madhavi, Professor & Head, Department of
CSSE, forproviding us the guidance and encouragement in completion of this project.

We would like to express our indebtedness to the project coordinator, Mr. P. Yogendra
Prasad, Assistant Professor, Department of CSSE for his valuable guidance during the
courseof project work.

We would like to express our deep sense of gratitude to Mr. P. Yogendra Prasad, Assistant
Professor, Department of CSSE, for the constant support and invaluable guidance provided
forthe successful completion of the project.

We are also thankful to all the faculty members of the CSSE Department, who have
cooperatedin carrying out our project. We would like to thank our parents and friends who
have extended their help and encouragement either directly or indirectly in completion of
our project work.

Project Associates

SINGAMSETTI YUVANEETHA
VAIKUNTAM LAKSHMI NAIDU
CM LAVANYA
CHINTHAGINJALA LOKESH

iii
 ABSTRACT

Email communication has become an integral part of our personal and professional lives,
but with its widespread use comes the persistent issue of spam emails. Spam messages often
contain malicious content, phishing attempts, or advertisements that clutter inboxes and
pose security threats. Traditional rule-based spam filters have limitations in adapting to new
spam techniques, necessitating the use of more sophisticated approaches. This project
explores the implementation of an email spam detection system using Natural Language
Processing (NLP) and Machine Learning (ML) techniques.
The proposed system preprocesses email text using NLP methods such as tokenization, stop
word removal, lemmatization, and vectorization to extract meaningful features. Various
machine learning algorithms, including Naïve Bayes, Decision Trees, Random Forest,
Support Vector Machines (SVM), Gaussian Naïve Bayes, and K-Nearest Neighbors (KNN),
are evaluated for their effectiveness in classifying emails as spam or ham (non-spam). The
dataset used in this study consists of labeled email messages, which are split into training
and testing sets for model evaluation.
Performance metrics such as accuracy, precision, recall, and F1-score are used to compare
the effectiveness of different classifiers. Experimental results demonstrate that SVM and
Random Forest classifiers achieve the highest accuracy, outperforming traditional spam
detection techniques. The findings of this study contribute to the development of more
robust and efficient spam filtering mechanisms, reducing the impact of unwanted emails on
users.
The study also highlights the importance of feature selection and preprocessing in improving
classification accuracy. Future enhancements may include deep learning-based techniques
and real-time email filtering solutions to further improve spam detection efficiency. By
leveraging a combination of NLP and ML, this research aims to make email communication
safer and more efficient.

Keywords: Email Spam Filtering, Machine Learning, Natural Language Processing

(NLP), Data Preprocessing, TF-IDF, Word Embeddings, Binary Classification, Logistic
Regression, Support Vector Machines (SVM), Neural Networks.

iv
 TABLE OF CONTENTS
Title Page No.

1. CERTIFICATE i

2. DECLARATION ii

3. ACKNOWLEDGEMENTS iii

4. ABSTRACT iv

5. TABLE OF CONTENTS v-vi

6. LIST OF FIGURES vii

7. LIST OF TABLES viii

CHAPTER 1: INTRODUCTION

1.1 Introduction to the Topic 1

1.2 Problem Statement 2

1.3 Motivation 3

1.4 Objectives of Project Work 4

1.5 Limitations of Existing System 5

1.6 Organization of Thesis 6

CHAPTER 2: LITERATURE REVIEW

2.1 Evolution of Spam Detection 7

2.2 Machine Learning Techniques in Spam Detection 7

2.3 Role of NLP in Spam Detection 8

2.4 Existing Spam Detection Systems 9

2.5 Challenges in Email Spam Detection 9

v
2.6 Comparative Analysis of Spam Detection Techniques 9

CHAPTER 3: METHODOLOGY

3.1 Proposed System 18

3.2 Libraries 19

3.3 Working Model 20

3.4 Working of Algorithms 26

CHAPTER 4: SYSTEM DESIGN

4.1 UML Diagrams 43

4.2 Algorithm Implementation 47

4.3 Code Snippets 51

CHAPTER 5: EXPERIMENTS AND RESULTS

5.1 Analysis of Experimental Data 57

5.2 Performance Evaluation 59

CHAPTER 6: CONCLUSION AND FUTURE WORK

6.1 Conclusion 63

6.2 Future Work 63

CHAPTER 7: REFERENCES

7.1 References 65

vi
 LIST OF FIGURES

Figure No Title Page No

Figure 3.1 Working Model 20

Figure 3.2 Naive Bayes Classifier 28

Figure 3.3 Decision Tree 30

Figure 3.4 Random Forest Classification 33

Figure 3.5 Support Vector Machine 37

Figure 3.6 K-Nearest Neighbors 39

Figure 4.1 Class Diagram 44

Figure 4.2 Sequence Diagram 45

Figure 4.3 Collaboration Diagram 46

Figure 4.4 Use Case Diagram 47

Figure 4.5 Import Required Libraries 48

Figure 4.6 Load and Inspect Dataset 48

Figure 4.7 Preprocessing Text Data 49

Figure 4.8 Naive Bayes 50

Figure 4.9 Evaluate Model Performance 50

Figure 5.1 Email classification Result-1 58

Figure 5.2 Email Classification Result -2 59

Figure 5.3 Accuracy Evaluation -1 61

Figure 5.4 Accuracy Evaluation-2 62

vii
 LIST OF TABLES

Table No. Title Page No

3.1 Dataset 1 22

3.2 Dataset 2 24

3.3 Dataset 3 25

viii
 1. INTRODUCTION

1.1 Introduction to the topic

Email has revolutionized digital communication, enabling fast and cost-effective interaction
for individuals and businesses alike. However, with the rise of email usage, the problem of
spam emails has become increasingly prevalent. Spam emails, also known as junk emails,
are unsolicited messages sent in bulk, often for advertising, phishing, or malicious intent.
These messages not only waste user time and storage but also pose serious security risks,
including fraud, malware distribution, and identity theft.

The primary challenge with spam detection lies in its evolving nature. Spammers constantly
modify their techniques to bypass traditional spam filters, making rule-based filtering
systems ineffective over time. To address this issue, researchers have turned to Machine
Learning (ML) and Natural Language Processing (NLP) techniques, which offer adaptive
and intelligent solutions for identifying spam emails. By analyzing textual features and
patterns, ML-based classifiers can learn from historical data and make accurate predictions
on new email messages.

In this project, we explore various ML techniques to develop an efficient spam detection

system. The study aims to enhance spam classification by leveraging NLP-based
preprocessing and feature extraction methods, followed by comparative analysis of multiple
machine learning models. The findings of this research contribute to improving automated
spam detection, thereby enhancing email security and user experience.

Email spam detection is not just a technical challenge; it is also a cybersecurity concern.
Organizations and individuals alike are constantly targeted by spam campaigns designed to
exploit vulnerabilities and steal sensitive information. The ability to accurately classify and
filter spam emails can mitigate these threats and enhance trust in email communication.
Moreover, as the volume of email traffic increases, effective spam detection becomes crucial
in reducing clutter and improving productivity.

Advancements in AI and NLP have paved the way for highly effective spam detection
mechanisms. Traditional spam filters relied on blacklists, heuristics, and manually crafted
rules, but these methods quickly became obsolete as spammers devised more sophisticated
techniques. Machine learning models, however, can learn from data patterns and adapt

1
dynamically, offering a more reliable approach. By implementing ML algorithms such as
SVM, Random Forest, and Naïve Bayes, this project demonstrates how automated spam
detection can achieve high accuracy rates and improve upon existing filtering techniques.

Furthermore, integrating NLP into spam detection enables the system to process and
understand the linguistic features of emails, which helps in differentiating spam from
legitimate messages. Techniques like TF-IDF (Term Frequency-Inverse Document
Frequency) and word embeddings allow the model to recognize spam keywords, phrases,
and sentence structures. This intelligent approach enhances the efficiency and reliability of
spam classification.

By the end of this research, we hope to provide insights into the best-performing models
and highlight areas for future improvement in spam detection methodologies. This work
serves as a foundation for developing more advanced and real-time spam filtering solutions
that can be integrated into email service providers and enterprise security systems.
1.2 Problem Statement
The proliferation of email communication has led to a significant rise in unsolicited and
potentially harmful messages, commonly referred to as spam. Spam emails not only create
inconvenience by cluttering inboxes but also expose users to security risks such as phishing
attacks, malware, and financial fraud. Traditional spam filters, which rely on predefined
rules and blacklists, struggle to keep up with constantly evolving spam tactics. Spammers
employ sophisticated techniques, such as content obfuscation and dynamic email
generation, to evade detection.

Existing systems face challenges in accurately distinguishing between spam and legitimate
emails. A major limitation of conventional spam filtering approaches is their reliance on
static rules, which fail to adapt to new spam patterns. Additionally, high false positive rates
in traditional filtering methods often result in legitimate emails being mistakenly marked as
spam, leading to potential communication loss.

With the advent of Machine Learning (ML) and Natural Language Processing (NLP), new
opportunities arise for improving spam detection accuracy. ML models can learn from
historical data, recognize patterns, and dynamically adapt to new spam trends. However,
selecting the most effective ML algorithm and optimizing the feature extraction process
remain critical challenges. This project seeks to address these challenges by developing a

2
robust and efficient email spam detection system using multiple ML algorithms and NLP
techniques.

Another challenge in spam detection is handling large datasets efficiently. With millions of
emails being exchanged daily, any spam classification system must be capable of processing
vast amounts of textual data while maintaining high accuracy and low latency. Moreover,
the presence of multilingual spam messages and the increasing sophistication of phishing
scams add further complexity to the task.

To overcome these limitations, this research focuses on evaluating multiple ML models to

determine their effectiveness in classifying spam emails. The proposed approach involves
feature engineering using NLP, model training, hyperparameter tuning, and performance
comparison across different classifiers. Through rigorous experimentation, we aim to
identify the most reliable spam detection model that balances accuracy, computational
efficiency, and adaptability.

By addressing these challenges, our research contributes to the ongoing efforts in

cybersecurity and AI-driven spam detection, ultimately improving email security and
reducing user exposure to fraudulent and malicious messages.
1.3 Motivation
Spam emails have become an unavoidable nuisance for email users worldwide, affecting
individuals, businesses, and organizations alike. The increasing sophistication of spam
techniques makes traditional filtering systems inadequate, necessitating the development of
advanced machine learning solutions. The motivation behind this project stems from the
need to enhance email security by leveraging AI-driven approaches to detect and filter spam
more effectively.

One of the primary motivations is the growing number of cyber threats associated with spam
emails. Many phishing attacks originate from spam messages, aiming to deceive users into
revealing sensitive information such as passwords, credit card details, and personal data.
With businesses increasingly relying on email communication, the risks posed by spam
emails have escalated significantly, leading to financial losses and compromised security.

Moreover, the sheer volume of spam emails contributes to inefficiencies in digital

communication. Employees waste valuable time sifting through unwanted messages,

3
reducing productivity. Implementing a robust spam detection system can help mitigate this
issue by automatically filtering out spam, allowing users to focus on important emails.

This project is also motivated by the advancements in Natural Language Processing and
Machine Learning, which provide new opportunities to enhance spam detection accuracy.
Traditional spam filters rely on keyword-based filtering, which is easily bypassed by
spammers using obfuscation techniques. NLP-based approaches enable the analysis of email
content at a deeper level, identifying spam based on linguistic patterns, sentiment analysis,
and contextual clues.

Furthermore, this research contributes to the broader field of artificial intelligence and
cybersecurity by demonstrating how machine learning models can be used to solve real-
world problems. By evaluating different ML algorithms, this study aims to identify the most
effective method for spam detection, paving the way for further enhancements in email
security.

1.4 Objectives of the project work

The primary objective of this project is to develop an efficient and intelligent email spam
detection system using Machine Learning and Natural Language Processing. The specific
objectives include:

1. To analyze and understand the characteristics of spam and ham emails by examining
textual features and patterns.

2. To implement NLP techniques for effective text preprocessing, including

tokenization, stopword removal, lemmatization, and vectorization.

3. To evaluate multiple machine learning algorithms and determine their effectiveness

in spam classification.

4. To optimize model performance by fine-tuning hyperparameters and feature

selection techniques.

5. To compare traditional rule-based spam filtering with ML-based approaches to

highlight improvements in accuracy and adaptability.

4
 6. To assess the performance of the proposed system using key evaluation metrics such
as precision, recall, accuracy, and F1-score.

7. To explore potential enhancements for future spam detection systems, including

deep learning-based models and real-time filtering mechanisms.

1.5 Limitations of Existing System

1. Traditional spam detection systems rely on predefined rules, blacklists, and

keyword-based filtering methods to classify emails. While these approaches have
been effective in the past, they exhibit several limitations that make them less
reliable in the modern digital landscape.

2. Firstly, rule-based systems require continuous updates to keep up with evolving

spam techniques. Spammers frequently alter their content, use obfuscation
techniques, and manipulate text to bypass traditional filters. This dynamic nature of
spam renders rule-based systems inefficient over time, leading to high false positives
and false negatives.

3. Secondly, traditional systems struggle to differentiate between spam and legitimate

emails with similar structures. For example, promotional emails from verified
businesses may resemble spam emails in content but should not be classified as such.
This challenge often results in the misclassification of non-spam emails, leading to
frustration among users and missed important communications.

4. Another major limitation is the computational inefficiency of existing spam filters.

Many rule-based or heuristic-based filtering systems require extensive processing
power to scan large volumes of emails. This leads to delays in email delivery,
affecting user experience and productivity. Moreover, resource-intensive filters may
not be scalable for enterprises handling millions of emails daily.

5. Finally, traditional spam detection lacks adaptability and self-learning capabilities.

Unlike modern machine learning models, these systems do not learn from past
mistakes or improve over time. This means that once new spam patterns emerge,
traditional filters require manual intervention to be updated, making them less
effective in real-time scenarios.

5
1.6 Organization of Thesis

This thesis is structured to provide a comprehensive understanding of email spam detection

using NLP and ML techniques. The document is divided into several key chapters, each
focusing on a specific aspect of the research.

Chapter 1 introduces the topic, outlining the significance of spam detection, the problem
statement, objectives, and limitations of existing systems. It provides a foundational
understanding of why spam detection is essential and highlights the gaps in traditional
methods.

Chapter 2 presents a detailed literature review, summarizing previous research conducted in

spam detection. It explores various machine learning approaches, NLP techniques, and
dataset usage in past studies. This chapter also discusses the strengths and weaknesses of
existing models.

Chapter 3 discusses the methodology used in this research. It includes an in-depth

explanation of the proposed spam detection system, the libraries utilized, and the working
principles of different machine learning algorithms implemented in the study. This chapter
also details the preprocessing steps and feature extraction techniques applied to the dataset.

Chapter 4 focuses on experimental results and analysis. It provides insights into dataset
characteristics, the performance of different classifiers, and an evaluation of various
performance metrics such as accuracy, precision, recall, and F1-score. This chapter also
includes visualizations and comparisons of model efficiency.

Chapter 5 concludes the research by summarizing the key findings and highlighting the
contributions of this study to the field of spam detection. It also discusses potential future
directions, including advancements such as deep learning techniques and real-time email
filtering solutions.

Through these chapters, this thesis aims to provide a structured and detailed examination of
email spam detection, bridging the gap between traditional and modern filtering techniques.

6
 2. LITERATURE REVIEW
Introduction

The exponential growth of digital communication has led to an increase in the volume of
emails exchanged daily. Unfortunately, this rise has also resulted in the proliferation of spam
emails—unsolicited messages that often contain phishing attempts, advertisements, or
malicious content. Email spam detection has become an essential field of study, employing
various machine learning (ML) and natural language processing (NLP) techniques to
distinguish legitimate emails from spam effectively. This literature review explores existing
methods, challenges, and advancements in email spam detection using ML and NLP
techniques.

2.1 Evolution of Spam Detection

Initially, spam detection was performed using rule-based filtering, where predefined
keywords or patterns were used to classify emails. However, this approach was inefficient
due to its inability to adapt to evolving spam tactics. Over time, statistical and machine
learning models replaced rule-based systems, enabling more dynamic and accurate spam
detection. Today, deep learning and NLP techniques further enhance detection capabilities
by analyzing email content contextually.

2.2 Machine Learning Techniques in Spam Detection

Machine learning methods such as Naive Bayes, Decision Trees, Random Forest, Support
Vector Machines (SVM), K-Nearest Neighbors (KNN), and ensemble learning approaches
have been widely used for email classification. These models rely on textual features
extracted from email messages, including word frequency, presence of certain keywords,
and metadata features like sender reputation.

Naive Bayes Classifier

Naive Bayes (NB) is one of the earliest and most effective algorithms used for spam
classification. It applies Bayes’ theorem to calculate the probability of an email belonging
to either spam or ham (legitimate). Studies have shown that NB performs well due to its
ability to handle noisy data and independence assumptions between words.

7
Decision Tree Classifier

Decision Tree (DT) classifiers create a tree-like model of decisions based on word
occurrence in an email. These models are easy to interpret and computationally efficient but
may suffer from overfitting, requiring techniques such as pruning to improve generalization.

Random Forest Classifier

Random Forest (RF) is an ensemble learning technique that aggregates multiple decision
trees to enhance accuracy and robustness. Research suggests that RF provides high accuracy
and is less susceptible to overfitting compared to individual decision trees.

Support Vector Machine (SVM)

SVM is a popular choice for text classification due to its ability to find the optimal
hyperplane for separating spam and ham emails. Studies indicate that SVM performs well
with high-dimensional text data and generalizes better to unseen emails.

K-Nearest Neighbors (KNN)

KNN is a non-parametric algorithm that classifies emails based on their similarity to known
examples. While simple and effective, KNN is computationally expensive, especially with
large datasets.

2.3 Role of NLP in Spam Detection

NLP plays a crucial role in feature extraction and email text analysis. Techniques such as
tokenization, lemmatization, stopword removal, and term frequency-inverse document
frequency (TF-IDF) vectorization help convert raw email text into meaningful numerical
representations.

Additionally, deep learning techniques such as Recurrent Neural Networks (RNNs) and
Transformer-based models like BERT have been used for spam detection. These models
analyze contextual meaning and semantic relationships between words, improving
classification accuracy.

8
2.4 Existing Spam Detection Systems

Several email service providers integrate ML-based spam filters, including Google’s Gmail,
Microsoft Outlook, and Yahoo Mail. These filters leverage both rule-based heuristics and
machine learning models to prevent spam emails from reaching users' inboxes. However,
despite advancements, spam filters still face limitations in handling adversarial email
manipulations and highly sophisticated phishing attacks.

2.5 Challenges in Email Spam Detection

● Evolving Spam Techniques: Spammers continuously modify their tactics to evade

detection, requiring adaptive models.
● Imbalanced Datasets: Spam detection datasets often contain a higher proportion of
legitimate emails, leading to bias in classification.
● False Positives: Misclassifying legitimate emails as spam can lead to important
messages being lost.
● Adversarial Attacks: Sophisticated attackers manipulate spam emails to bypass
detection models.
● Language and Encoding Variability: Spammers use multiple languages, encoded
characters, and obfuscation techniques to deceive classifiers.
● Scalability Issues: Large-scale email classification requires efficient models that
can handle millions of emails in real-time without excessive computational costs.

2.6 Comparative Analysis of Spam Detection Techniques

Several studies have compared different machine learning techniques for spam
classification. Research findings suggest that:

● Naive Bayes is computationally efficient but may struggle with high-dimensional

feature spaces.
● SVM often outperforms other classifiers in terms of precision and recall, particularly
with well-processed textual data.
● Random Forest provides robust performance and is less prone to overfitting.

9
 ● Deep learning models, especially LSTMs and Transformer-based architectures,
offer superior contextual understanding but require large labeled datasets for
training.

Recent advancements in AI and deep learning present opportunities for improved spam
detection. Future work may explore:

● Hybrid Models: Combining traditional ML classifiers with deep learning

techniques to enhance performance.
● Adversarial Training: Developing robust models that can withstand adversarial
spam attacks.
● Explainability in AI: Improving the interpretability of spam detection models to
enhance trust and transparency.
● Integration with Blockchain: Decentralized email verification systems using
blockchain technology to combat phishing scams and fraudulent emails.

Email spam detection is a dynamic and evolving field that leverages machine learning and
NLP techniques to improve accuracy. While traditional approaches such as Naive Bayes
and SVM remain popular, deep learning models are gaining traction for their superior
performance in detecting complex spam patterns. Future research should focus on
adversarial robustness, real-time detection, and hybrid models combining multiple
techniques.

Security Enhancement and Analysis of Images Using a Novel Sudoku-

Based Encryption Algorithm

In recent years, the security of digital images has gained significant attention due to the
growing reliance on digital communication and multimedia sharing. The study by
Deshpande et al. (2023) presents a novel encryption algorithm based on Sudoku principles
to enhance image security. Traditional encryption techniques, such as Advanced Encryption
Standard (AES) and Data Encryption Standard (DES), are often computationally expensive
when applied to large image data. To address these challenges, the authors introduce a
Sudoku-based approach that enhances security while maintaining computational efficiency.
The proposed algorithm leverages the principles of Sudoku puzzles to shuffle pixel positions
and modify pixel values, making it resistant to brute-force attacks and statistical analysis.

10
The methodology involves converting an image into a two-dimensional matrix and applying
Sudoku-based transformations to encrypt pixel positions and intensity values. The
experimental analysis indicates that the algorithm performs well in terms of security strength
and resistance to various forms of attacks, including differential and statistical attacks.
Additionally, the encryption time is significantly lower compared to traditional
cryptographic methods, making the approach suitable for real-time applications. However,
the study acknowledges potential limitations in terms of decryption complexity and the need
for key management strategies to ensure secure image retrieval. The research contributes to
the growing field of multimedia security by introducing an innovative technique that
balances encryption robustness and computational efficiency.

Mobile Phishing Attacks and Defence Mechanisms: State of Art and Open
Research Challenges

With the widespread adoption of smartphones and mobile applications, the risks associated
with phishing attacks have escalated, necessitating robust defense mechanisms. Goel and
Jain (2018) provide a comprehensive survey on mobile phishing attacks, detailing various
techniques employed by attackers and countermeasures to mitigate the threats. The paper
categorizes phishing attacks into several types, including SMS phishing (smishing), voice
phishing (vishing), and application-based phishing. The authors highlight that mobile users
are particularly vulnerable due to smaller screen sizes, limited security awareness, and
increased use of third-party applications. Attackers exploit these factors to deceive users
into providing sensitive information through fake login pages and malicious links. The
survey also discusses various detection and prevention techniques, such as machine
learning-based detection, heuristic analysis, and authentication enhancements. While
machine learning algorithms demonstrate promise in identifying phishing URLs, challenges
such as feature extraction and adversarial attacks remain unresolved. Furthermore, the study
identifies open research challenges, including the need for cross-platform phishing detection
mechanisms, real-time defense strategies, and the integration of behavioral analytics to
improve detection accuracy. The paper underscores the urgency for continuous
advancements in mobile security to address the evolving nature of phishing threats. By
consolidating existing research and highlighting key areas for future work, this study serves
as a valuable resource for cybersecurity professionals and researchers seeking to develop
effective anti-phishing strategies.

11
A Comprehensive Dual-Layer Architecture for Phishing and Spam Email
Detection

Email phishing and spam pose significant cybersecurity threats, leading to financial losses
and data breaches. Doshi et al. (2023) propose a dual-layer architecture for detecting
phishing and spam emails, combining content-based and behavior-based filtering
techniques. Traditional spam detection systems rely on rule-based filtering, which often fails
to adapt to evolving phishing strategies. The proposed model integrates machine learning
algorithms with natural language processing (NLP) techniques to enhance detection
accuracy. In the first layer, emails undergo preprocessing to remove redundant elements and
extract key features such as sender details, subject line analysis, and embedded links. The
second layer applies deep learning models, including Convolutional Neural Networks
(CNNs) and Recurrent Neural Networks (RNNs), to analyze email content and detect
phishing patterns. Experimental evaluations demonstrate that the dual-layer architecture
achieves a high detection rate with minimal false positives. The study also explores the
effectiveness of ensemble learning by combining multiple classifiers, such as Support
Vector Machines (SVM) and Decision Trees, to improve accuracy. One of the key findings
is that linguistic analysis plays a crucial role in distinguishing phishing emails from
legitimate messages. Additionally, the study highlights the challenges of adapting the model
to real-world applications due to the dynamic nature of phishing techniques. Future research
directions include improving model generalization, reducing computational overhead, and
integrating real-time threat intelligence to enhance detection capabilities. The proposed
approach represents a significant advancement in email security, offering a scalable and
adaptive solution to combat phishing and spam threats effectively.

Social Engineering Attacks: A Survey

Social engineering attacks have become one of the most deceptive and effective tactics used
by cybercriminals to exploit human vulnerabilities. Salahdine and Kaabouch (2019) provide
an extensive survey on various forms of social engineering attacks, their impact, and
countermeasures. The study categorizes social engineering techniques into pretexting,
baiting, tailgating, and phishing, highlighting how attackers manipulate victims into
divulging confidential information. One of the key insights from the survey is that social
engineering attacks are highly effective because they exploit psychological triggers such as

12
trust, fear, and urgency. The authors analyze real-world incidents to demonstrate how
attackers craft convincing narratives to deceive victims. Furthermore, the study explores
detection and prevention strategies, emphasizing the importance of security awareness
training and multi-factor authentication. Machine learning approaches have shown promise
in detecting social engineering attacks by analyzing communication patterns and user
behaviors. However, the study identifies several challenges, including the difficulty of
automating social engineering detection due to its human-centric nature. The authors
advocate for a multi-layered defense strategy that combines technical controls, policy
enforcement, and user education to mitigate the risks associated with social engineering.
Additionally, future research should focus on integrating AI-driven solutions with
behavioral analytics to enhance threat detection. The survey underscores the need for
organizations to prioritize cybersecurity awareness programs and adopt proactive measures
to counteract the growing sophistication of social engineering tactics.

A Deeper Look into Cybersecurity Issues in the Wake of COVID-19: A

Survey

The COVID-19 pandemic has reshaped the cybersecurity landscape, exposing new
vulnerabilities and accelerating cyber threats. Alawida et al. (2022) provide a detailed
survey of cybersecurity issues that emerged during the pandemic, analyzing their impact on
organizations and individuals. The study identifies key cybersecurity challenges, including
the rise of remote work, increased phishing attacks, and the exploitation of pandemic-related
themes by cybercriminals. One of the most significant concerns highlighted in the survey is
the surge in ransomware attacks targeting healthcare institutions and government agencies.
The rapid shift to remote work led to an expansion of attack surfaces, with employees
accessing corporate networks from unsecured devices. The study examines the effectiveness
of existing security measures, such as Virtual Private Networks (VPNs) and endpoint
security solutions, in mitigating these risks. Additionally, the paper discusses the role of AI
and machine learning in detecting cyber threats and enhancing incident response
capabilities. The survey also addresses the long-term implications of the pandemic on
cybersecurity policies, advocating for a shift toward zero-trust architectures and continuous
security monitoring. One of the key takeaways from the research is the need for
organizations to adopt a proactive security approach by implementing robust authentication
mechanisms and enhancing security awareness training for remote workers. The study

13
concludes by emphasizing the importance of collaborative efforts between governments,
cybersecurity firms, and organizations to combat evolving cyber threats. The findings serve
as a valuable reference for understanding how cybersecurity has evolved in response to
global crises and provide insights into future threat mitigation strategies.

These literature surveys provide a comprehensive understanding of emerging cybersecurity

challenges and innovative solutions proposed in recent research. Each study contributes to
the broader discourse on digital security, offering valuable insights into encryption
techniques, phishing defense mechanisms, social engineering countermeasures, and
cybersecurity adaptations in response to the COVID-19 pandemic.

An Exploratory Study of the Application of Mindsight in Email

Communication (S. Ogwu, P. Sice, S. Keogh, and C. Goodlet, 2020)

In their study, Ogwu et al. (2020) explore the concept of mindsight in the context of email
communication and its implications for understanding human cognition, awareness, and
interaction. The research delves into how individuals interpret and respond to emails using
cognitive frameworks shaped by their experiences, biases, and emotional intelligence. The
authors argue that mindsight, a term popularized by neuroscientist Daniel Siegel, plays a
crucial role in email interpretation, impacting both sender intent and receiver perception.
Through an exploratory approach, the study investigates various elements of email
exchanges, such as linguistic tone, phrasing, and implicit biases, and how these factors
influence the effectiveness of digital communication. The findings highlight the potential
for improving email communication by incorporating cognitive awareness techniques,
which could reduce misunderstandings and enhance productivity. While the study does not
directly address spam filtering, it provides valuable insights into the cognitive processing of
emails, which could inform the development of more sophisticated spam detection
algorithms that account for semantic and contextual nuances in email content.

Manipulating Email Server Feedback for Spam Prevention (O. A.

Okunade, 2017)

Okunade (2017) investigates the role of email server feedback mechanisms in preventing
spam and enhancing the effectiveness of spam filtering systems. The study focuses on how
email servers handle spam complaints, rejection notifications, and feedback loops to

14
improve filtering accuracy. A significant aspect of the research is the examination of
feedback loops that allow email service providers (ESPs) to collect and analyze user-
reported spam complaints, enabling them to refine their spam detection techniques. The
author discusses various approaches to manipulating email server feedback to reduce false
positives and negatives, such as sender reputation scoring, domain authentication (SPF,
DKIM, and DMARC), and behavioral analysis of email senders. The study suggests that
leveraging these feedback mechanisms can significantly enhance spam detection accuracy
and reduce the prevalence of unwanted emails. However, the research also acknowledges
the challenges of balancing security with user convenience, emphasizing the need for
dynamic and adaptive filtering models that can respond to evolving spam tactics.

Firms’ Spam Statistics (2023)

The 2023 report from [Link] provides a comprehensive analysis of global spam trends
and their impact on cybersecurity, productivity, and user experience. The study aggregates
data from multiple sources to highlight key statistics, such as the proportion of spam emails
in total email traffic, the most commonly targeted industries, and the economic costs
associated with spam-related cyber threats. One of the critical findings of the report is the
increasing sophistication of spam campaigns, which now frequently incorporate phishing
techniques, malware distribution, and social engineering tactics. The report also examines
the effectiveness of various anti-spam measures, including AI-driven filtering systems,
blacklisting techniques, and user education initiatives. By providing up-to-date statistical
insights, this study serves as a valuable resource for researchers and industry professionals
seeking to understand the evolving landscape of email spam and develop more effective
mitigation strategies. While the report does not present original research, its synthesis of
industry data provides a useful benchmark for evaluating the performance of different spam
filtering technologies.

A Study on Email Image Spam Filtering Techniques (S. Dhanaraj and V.

Karthikeyani, 2013)

Dhanaraj and Karthikeyani (2013) examine the challenges and techniques involved in
filtering image-based spam emails. Unlike traditional text-based spam, image spam involves
embedding malicious content within images to evade text-based filtering mechanisms. The
authors provide an extensive review of various image spam filtering methods, including
15
Optical Character Recognition (OCR), pixel-based analysis, and machine learning
approaches. One of the key observations is that spammers frequently employ image
obfuscation techniques such as randomization, noise addition, and image segmentation to
bypass conventional detection systems. The study evaluates the effectiveness of different
filtering approaches, emphasizing the need for hybrid models that integrate OCR with deep
learning-based image recognition. Additionally, the authors discuss the computational
overhead associated with processing large volumes of image-based spam and propose
optimization techniques to enhance filtering efficiency. The research underscores the
importance of continuous advancements in image-processing algorithms to keep pace with
evolving spam tactics.

Machine Learning for Email Spam Filtering: Review, Techniques, and

Trends (A. Bhowmick and S. M. Hazarika, 2016)

Bhowmick and Hazarika (2016) present an in-depth review of machine learning techniques
applied to email spam filtering. The study categorizes spam detection methods into
supervised, unsupervised, and hybrid approaches, highlighting their advantages and
limitations. Among the supervised techniques, the authors discuss popular algorithms such
as Naïve Bayes, Support Vector Machines (SVM), Decision Trees, and Neural Networks.
They also explore unsupervised techniques like clustering and anomaly detection, which
can be used to identify novel spam patterns without requiring labeled data. A significant
portion of the study is dedicated to the evaluation of feature selection methods, including
term frequency-inverse document frequency (TF-IDF) and n-gram analysis, which play a
crucial role in enhancing classification accuracy. The authors also highlight emerging trends
in spam filtering, such as deep learning-based Natural Language Processing (NLP) models
and adversarial training to counteract evolving spam tactics. The research concludes that
while machine learning has significantly improved spam detection capabilities, ongoing
research is needed to address challenges such as concept drift, adversarial attacks, and real-
time filtering efficiency.

Study on the Effectiveness of Anomaly Detection for Spam Filtering (C.

Laorden et al., 2014)

Laorden et al. (2014) investigate the application of anomaly detection techniques in spam

16
filtering, emphasizing their potential to detect novel spam patterns that may not be captured
by traditional rule-based or machine learning classifiers. The study proposes an anomaly
detection framework that leverages statistical and behavioral analysis of email
characteristics, including sender reputation, email structure, and content anomalies. The
authors evaluate various anomaly detection algorithms, such as k-means clustering, one-
class SVM, and Principal Component Analysis (PCA), to determine their effectiveness in
identifying outliers indicative of spam. One of the key findings is that anomaly detection
techniques can complement conventional spam filters by identifying previously unseen
spam variations, thereby reducing false negatives. However, the study also highlights
challenges such as the risk of increased false positives and the need for robust feature
engineering to improve detection accuracy. The authors suggest that hybrid models
combining anomaly detection with supervised learning approaches could offer a more
balanced and effective spam filtering solution.

17
 3. METHODLOGY
3.1 Proposed System

In this project, we propose a robust system for detecting spam emails using Natural
Language Processing (NLP) techniques and machine learning algorithms. The proposed
system aims to efficiently differentiate between spam and legitimate emails by employing
text preprocessing, feature extraction, and classification models. The methodology includes
data preprocessing to clean and transform raw text data, vectorization to convert text into
numerical representations, and classification using supervised learning models. The system
utilizes multiple classifiers, including Naive Bayes, Decision Tree, Random Forest, Support
Vector Machine (SVM), Gaussian Naive Bayes, and K-Nearest Neighbors (KNN), to
evaluate and compare their effectiveness.

The first phase involves collecting and preparing the dataset, followed by text cleaning
through tokenization, stopword removal, and lemmatization. Then, TF-IDF vectorization is
applied to extract meaningful features from the text. The processed data is split into training
and testing sets, where various classifiers are trained and tested. Finally, performance
evaluation metrics such as accuracy, precision, recall, and F1-score are used to determine
the most effective model for spam detection.

Machine learning techniques are increasingly being used to automate spam detection,
significantly reducing manual effort. The use of NLP ensures that even complex spam
patterns can be identified with higher accuracy. Moreover, spam detection models must be
adaptive and capable of learning from new email patterns, making supervised learning a
critical approach. By leveraging multiple classifiers, this system ensures a comparative
study that highlights the strengths and weaknesses of different algorithms.

The development of this spam detection system follows a systematic approach that
prioritizes scalability, efficiency, and accuracy. Each step of the process—from data
collection to model evaluation—is designed to optimize performance and ensure the
system's reliability in real-world applications. Advanced preprocessing techniques, such as
stemming and lemmatization, further enhance the ability of classifiers to distinguish spam
from legitimate emails accurately.

Overall, this project provides a comprehensive methodology that integrates various machine

18
learning techniques with NLP to create an efficient and effective spam detection system.
The comparative analysis of different classifiers ensures that the best-performing model can
be identified and potentially deployed in real-world email filtering applications.

3.2. Libraries

The implementation of the email spam detection system relies on various Python libraries
that facilitate data processing, model training, and performance evaluation. Key libraries
used in this project include:

● NumPy and Pandas: These libraries are essential for handling and manipulating large
datasets efficiently. NumPy provides numerical computing capabilities, while
Pandas is used for data analysis and processing. The ability to work with structured
and unstructured data makes them indispensable for spam detection tasks.

● scikit-learn: This library is the backbone of machine learning implementations. It

includes various classification algorithms, performance evaluation metrics, and data
preprocessing techniques. The ease of model training and evaluation using scikit-
learn simplifies the workflow significantly.

● NLTK (Natural Language Toolkit): NLP plays a crucial role in spam detection, and
NLTK provides essential functionalities such as stopword removal, tokenization,
and lemmatization. These steps enhance text processing, ensuring that only
meaningful features are extracted for classification.

● re (Regular Expressions): Spam emails often contain patterns that can be detected
using regular expressions. This library enables efficient text cleaning, such as
removing special characters, URLs, and email-specific patterns that may not
contribute to classification.

● Tf-idf Vectorizer: This technique converts raw text into numerical vectors based on
word importance in a document. It helps the model distinguish frequently used spam
words from regular email content, improving classification accuracy.

Each of these libraries plays a crucial role in different stages of the workflow, from data
preprocessing to model evaluation. Their functionalities enable efficient spam detection and
contribute to the system's overall robustness.

19
By utilizing these libraries, the project ensures a streamlined and optimized implementation
of machine learning models. Their combined capabilities allow for effective feature
extraction, model training, and performance analysis, ultimately enhancing the spam
detection system.

Furthermore, the modular nature of these libraries allows for easy scalability and future
improvements. Additional NLP techniques or deep learning models can be integrated
seamlessly, ensuring adaptability to evolving spam patterns.

3.3 Working Model

Fig. 3.1 Working Model

20
Data preprocessing:

Data preprocessing is a crucial step in building an effective spam detection system, as it

ensures that raw email text is transformed into a structured format suitable for machine
learning models. The preprocessing pipeline includes several essential steps: data collection,
text cleaning, tokenization, stopword removal, lemmatization, and feature extraction using
TF-IDF vectorization.

1. Data Collection and Preparation:

The first step involves gathering a dataset containing both spam and legitimate (ham) emails.
Popular datasets like the SpamAssassin or Enron Spam Dataset can be used for training
and testing the model. The dataset is then split into training and testing subsets to evaluate
model performance effectively.

• SpamAssassin Dataset – A well-known dataset containing spam and ham emails.

• Enron Spam Dataset – A collection of real emails from the Enron Corporation,
labeled as spam or ham.

2. Text Cleaning:

Raw email text often contains unnecessary elements such as special characters, HTML tags,
and punctuation. Cleaning the text improves feature extraction by removing:

• Special characters and symbols (e.g., @, #, $).

• HTML tags (if present in the dataset).

• Extra whitespaces to standardize the text.

3 Tokenization:

Tokenization breaks down email content into individual words or tokens. For example, the
sentence “This is a spam email!” would be tokenized into:

[“This”, “is”, “a”, “spam”, “email”].

21
4 Stopword Removal:

Stopwords like "the," "is," "and," "of" do not contribute much meaning in spam detection
and are removed to reduce noise in the dataset. Removing these words improves
computational efficiency and enhances model performance.

5 Lemmatization:

Lemmatization reduces words to their root forms while preserving meaning. For example,
words like "running," "runs," and "ran" are converted to "run." This step ensures that
different variations of the same word are treated as a single feature.

Feature Extraction
Feature extraction is a fundamental part of the machine learning pipeline which converts
raw data into an easier format to work with and analysis for algorithms. Feature extraction
is very important specifically for text data like emails to get the unstructured text into a
single structured format to represent the data in a manner where a machine learning model
could easily understand it. In this process the most important attributes of data are
discovered and then they are converted into numerical format so that they can be analysed
easily and provide additional boost to the model. For spam email classification if we want
to extract the features in the dataset.

To summarize, we prepare the data first by structuring the messages and their labels
(potentially inside of a DataFrame) This is an important preliminary step that allows you to
categorize the textual data in a meaningful manner or at minimum, make them manageable.
To give you an example, our dataset can be seen like this:

Table 3.1 Dataset 1

Label Message

ham "Go until jurong point, crazy... Available only in bugis..."

spam "Free entry in 2 a wkly comp to win FA Cup final tkts..."

ham "I’ve been searching for the right words to thank you..."

22
First we clean the text to get rid of elements such as HTML tags, special characters and
excessively long white space. Example: Win big prizes today!!! This changes to; “Win big
money today” Once cleaned, we tokenize the text by splitting it into a list of words. For
instance,it becomes ['Free', 'entry', 'in', '2', 'a',…. ].Then, we standardize the tokens by:
lower-casing the text, removing stop words and applying lemmatization or stemming (for
example "running" to "run"). Feature extractionAfter normalization, BoW (Bag of Words)
is used for feature extraction. In BoW, all unique words are represented as features (!!!)
which converts the emails into vectors of numbers. An email can be written as [1, 1, 1, 1]
with that example vocabulary ["free", "entry", "win", "cup"] saying it has those words.
Further improvement, for example TF-IDF measures the influence on words in the dataset.
This means that if "win" also often appears in spam mails, then has a higher weight. Finally,
depending on the which type of class imbalance technique is applied like oversample,
undersampling or SMOTE etc. It can be helpful to do this in a structured way to get the data
ready for accurate spam classification.

Feature Selection:

Feature selection is used to selecting the most important features out of all input features
that are significant with respect to the output of a machine learning model. This step will
assist your model in being more accurate, overfitting reduction and also helps the learning
process to be faster. It is used to identifying the most significant words (or tokens) in spam
emails, deciding what an email should be classed as; spam or ham. Logistic Regression can
be used for Feature Selection. Using this algorithm then shows us which features (words)
were the most critical in an e-mail being considered a spam.

So in our case Logistic Regression would give us this ability to figure out the important
words (or features) which contribute the most for predicting that an email is spam. Here,
first we have to use the data preprocessing where we have used tokenization and also some
vectorization (for example: TF-IDF), converting each message into numerical form so that
our logistic regression model could understand it.

For example, after the message will be transformed from text into the numerical matrix
using TF-IDF it can looks like this:

23
 Table 4.2 Dataset 2
Label Free entry won week available crazy membership

ham
- - - - 0.4 0.5 -

spam
0.6 0.5 - - - - 0.4

ham
- - - - - - -

spam
0.7 - 0.6 0.4 - - 0.5

Each column, then represents the TF-IDF score of a word and each row is an email. The
Logistic Regression model then receives this data and subsequently gives a weight (or
importance) to each of the feature.

In case of the logistic regression model the formula used for probability of a class (spam
or ham) is:

P(b=1∣a) = 1/(1+q^-(w1a1+w2a2+⋯+wnan+c)

Where:

• P(b=1∣a) is the probability that the message is spam.

• w1,w2,...,wn are the coefficients (weights) associated with each feature (word).

• a1,a2,...,an are the feature values (e.g., TF-IDF scores of the words).

• c is the intercept term (bias).

• q is the base of the natural logarithm (Euler's number).

An algorithm may assign the following coefficients after training the logistic regression
model on the dataset, for example:

24
 Table 3.3 Dataset 3
Word Coefficient

Free +2.5

entry +1.8

won +2.2

available -0.5

crazy -0.7

membership +1.9

"Free," "entry," "won," etc. are given high positive coefficients in the logistic regression (as
they strongly suggest spam) while words like "available" and "crazy" have negative weights,
again pointing towards a ham email. Logistic Regression assigns weight to every word
everywhere according to these coefficients then this will help the model in what is important
which feature. Words with very tiny coefficients can be dropped from the model to make it
smaller and easier to work with, as well as helping make the algorithm generalize better.
For example, features such as Free, entry, won are very important to identify [Link]
that have insignificant power are overlooked. Where we obtained this strange looking
[Link] formula used in logistic regression to create the decision boundary is:

w1x1 + w2x2 + … + wnxn+ c = 0

It is just a boundary beyond which a mail will be classified as spam rather than ham We use
it simply to select top n most important features in the following logistic regression model,it
helps us build effecient, interpretable models for email classification.

Train And Test Analytical model:

In machine learning algorithms, to train an analytical model using the dataset already
available and perhaps later testing it as well (if not with input data from you), we have this
typical scenario dividing the data into training and testing . through the training data, we
easily identify the relationships between features (message text) and labels (ham or spam)
so that it learns [Link] most important step in this context is feature extraction, and
here text is fattened to numerical data using TF-IDF.A model is then trained using

25
algorithms ,after which the evaluate score is obtained from test set. Various performance
metrics will be used to measure how well the model classifies whether a message is spam
or ham.

3.4 Working of Algorithms

This section provides a comprehensive explanation of the algorithms used in the project,
detailing their working principles, mathematical formulations, advantages, and
disadvantages.

Naive Bayes Classifier

The Naive Bayes classifier is based on Bayes' theorem and assumes that features are
independent. It calculates the probability of an email being spam or legitimate based on
word frequencies. Due to its simplicity and efficiency, it is widely used in spam detection.
However, its assumption of feature independence may lead to inaccuracies in some cases.
Naive Bayes classifiers are supervised machine learning algorithms used for classification
tasks, based on Bayes’ Theorem to find probabilities.

The main idea behind the Naive Bayes classifier is to use Bayes’ Theorem to classify data
based on the probabilities of different classes given the features of the data. It is used mostly
in high-dimensional text classification

The Naive Bayes Classifier is a simple probabilistic classifier and it has very few number
of parameters which are used to build the ML models that can predict at a faster speed than
other classification algorithms.

It is a probabilistic classifier because it assumes that one feature in the model is independent
of existence of another feature. In other words, each feature contributes to the predictions
with no relation between each other.

Naïve Bayes Algorithm is used in spam filtration, Sentimental analysis, classifying articles
and many more.

It is named as “Naive” because it assumes the presence of one feature does not affect other
features.

The “Bayes” part of the name refers to for the basis in Bayes’ Theorem.

26
The fundamental Naive Bayes assumption is that each feature makes an:

Feature independence: This means that when we are trying to classify something, we assume
that each feature (or piece of information) in the data does not affect any other feature.

Continuous features are normally distributed: If a feature is continuous, then it is assumed

to be normally distributed within each class.

Discrete features have multinomial distributions: If a feature is discrete, then it is assumed

to have a multinomial distribution within each class.

Features are equally important: All features are assumed to contribute equally to the
prediction of the class label.

No missing data: The data should not contain any missing values.

There are three types of Naive Bayes Model :

Gaussian Naive Bayes

In Gaussian Naive Bayes, continuous values associated with each feature are assumed to be
distributed according to a Gaussian distribution. A Gaussian distribution is also called
Normal distribution When plotted, it gives a bell shaped curve which is symmetric about
the mean of the feature values as shown below:

Multinomial Naive Bayes

Multinomial Naive Bayes is used when features represent the frequency of terms (such as
word counts) in a document. It is commonly applied in text classification, where term
frequencies are important.

Bernoulli Naive Bayes

Bernoulli Naive Bayes deals with binary features, where each feature indicates whether a
word appears or not in a document. It is suited for scenarios where the presence or absence
of terms is more relevant than their frequency. Both models are widely used in document
classification tasks.

27
 Fig. 3.2 Naive Bayes Classifier

Advantages of Naive Bayes Classifier

• Easy to implement and computationally efficient.

• Effective in cases with a large number of features.
• Performs well even with limited training data.
• It performs well in the presence of categorical features.
• For numerical features data is assumed to come from normal distributions

Disadvantages of Naive Bayes Classifier

• Assumes that features are independent, which may not always hold in real-world
data.
• Can be influenced by irrelevant attributes.
• May assign zero probability to unseen events, leading to poor generalization.

28
Applications of Naive Bayes Classifier

• Spam Email Filtering: Classifies emails as spam or non-spam based on features.

• Text Classification: Used in sentiment analysis, document categorization, and topic
classification.
• Medical Diagnosis: Helps in predicting the likelihood of a disease based on
symptoms.
• Credit Scoring: Evaluates creditworthiness of individuals for loan approval.
• Weather Prediction: Classifies weather conditions based on various factors.

Decision Tree Classifier

Decision trees work by creating a flowchart-like structure where features are split based on
conditions. It is a highly interpretable model that can capture complex decision
boundaries. However, decision trees are prone to overfitting, which can be mitigated by
techniques such as pruning or ensemble learning.

A decision tree is a graphical representation of different options for solving a problem and
show how different factors are related. It has a hierarchical tree structure starts with one
main question at the top called a node which further branches out into different possible
outcomes where:

Root Node is the starting point that represents the entire dataset.

Branches: These are the lines that connect nodes. It shows the flow from one decision to
another.

Internal Nodes are Points where decisions are made based on the input features.

Leaf Nodes: These are the terminal nodes at the end of branches that represent final
outcomes or predictions. They also support decision-making by visualizing outcomes

29
 Fig. 3.3 Decision Tree

Classification of Decision Tree

We have mainly two types of decision tree based on the nature of the target variable:
classification trees and regression trees.

Classification trees: They are designed to predict categorical outcomes means they classify
data into different classes. They can determine whether an email is “spam” or “not spam”
based on various features of the email.

Regression trees : These are used when the target variable is continuous It predict numerical
values rather than categories. For example a regression tree can estimate the price of a house
based on its size, location, and other features.

A decision tree working starts with a main question known as the root node. This question
is derived from the features of the dataset and serves as the starting point for decision-
making.

From the root node, the tree asks a series of yes/no questions. Each question is designed to
split the data into subsets based on specific attributes. For example if the first question is “Is
it raining?”, the answer will determine which branch of the tree to follow. Depending on the

30
response to each question you follow different branches. If your answer is “Yes,” you might
proceed down one path if “No,” you will take another path.

This branching continues through a sequence of decisions. As you follow each branch, you
get more questions that break the data into smaller groups. This step-by-step process
continues until you have no more helpful questions .

You reach at the end of a branch where you find the final outcome or decision. It could be
a classification (like “spam” or “not spam”) or a prediction (such as estimated price).

Advantages of Decision Trees

• Simplicity and Interpretability: Decision trees are straightforward and easy to

understand. You can visualize them like a flowchart which makes it simple to see
how decisions are made.
• Versatility: It means they can be used for different types of tasks can work well for
both classification and regression
• No Need for Feature Scaling: They don’t require you to normalize or scale your data.
• Handles Non-linear Relationships: It is capable of capturing non-linear relationships
between features and target variables.

Disadvantages of Decision Trees

• Overfitting: Overfitting occurs when a decision tree captures noise and details in the
training data and it perform poorly on new data.
• Instability: instability means that the model can be unreliable slight variations in
input can lead to significant differences in predictions.
• Bias towards Features with More Levels: Decision trees can become biased towards
features with many categories focusing too much on them during decision-making.
This can cause the model to miss out other important features led to less accurate
predictions .

Applications of Decision Trees

• Loan Approval in Banking: A bank needs to decide whether to approve a loan

application based on customer profiles.
• Input features include income, credit score, employment status, and loan history.
31
 • The decision tree predicts loan approval or rejection, helping the bank make quick
and reliable decisions.
• Medical Diagnosis: A healthcare provider wants to predict whether a patient has
diabetes based on clinical test results.
• Predicting Exam Results in Education : School wants to predict whether a student
will pass or fail based on study habits.

A decision tree can also be used to help build automated predictive models, which have
applications in machine learning, data mining, and statistics

Random Forest Classifier

Random forests enhance decision trees by training multiple trees and averaging their
outputs. This approach reduces overfitting and improves accuracy. It is highly effective for
spam detection, offering robustness and generalization. However, it can be
computationally expensive when handling large datasets.

The Random forest or Random Decision Forest is a supervised Machine learning algorithm
used for classification, regression, and other tasks using decision trees. Random Forests are
particularly well-suited for handling large and complex datasets, dealing with high-
dimensional feature spaces, and providing insights into feature importance. This algorithm’s
ability to maintain high predictive accuracy while minimizing overfitting makes it a popular
choice across various domains, including finance, healthcare, and image analysis, among
others.

The Random forest classifier creates a set of decision trees from a randomly selected subset
of the training set. It is a set of decision trees (DT) from a randomly selected subset of the
training set and then It collects the votes from different decision trees to decide the final
prediction.

Additionally, the random forest classifier can handle both classification and regression
tasks, and its ability to provide feature importance scores makes it a valuable tool for
understanding the significance of different variables in the dataset.

Random Forest Classification is an ensemble learning technique designed to enhance the

32
accuracy and robustness of classification tasks. The algorithm builds a multitude of decision
trees during training and outputs the class that is the mode of the classification classes. Each
decision tree in the random forest is constructed using a subset of the training data and a
random subset of features introducing diversity among the trees, making the model more
robust and less prone to overfitting.

The random forest algorithm employs a technique called bagging (Bootstrap Aggregating)
to create these diverse subsets.

Fig. 3.4 Random Forest Classification

During the training phase, each tree is built by recursively partitioning the data based on the
features. At each split, the algorithm selects the best feature from the random subset,
optimizing for information gain or Gini impurity. The process continues until a predefined
stopping criterion is met, such as reaching a maximum depth or having a minimum number
of samples in each leaf node.

Once the random forest is trained, it can make predictions, using each tree “votes” for a
class, and the class with the most votes becomes the predicted class for the input data.

Feature Selection in Random Forests

Feature selection in Random Forests is inherently embedded in the construction of

33
individual decision trees and the aggregation process.

During the training phase, each decision tree is built using a random subset of features,
contributing to diversity among the trees. The process is known as feature bagging, helps
prevent the dominance of any single feature and promotes a more robust model.

The algorithm evaluates various subsets of features at each split point, selecting the best
feature for node splitting based on criteria such as information gain or Gini impurity.
Consequently, Random Forests naturally incorporate a form of feature selection, ensuring
that the ensemble benefits from a diverse set of features to enhance generalization and
reduce overfitting.

Random Forest Classifier Parameters

n_estimators: Number of trees in the forest.

More trees generally lead to better performance, but at the cost of computational time.

Start with a value of 100 and increase as needed.

max_depth: Maximum depth of each tree.

Deeper trees can capture more complex patterns, but also risk overfitting.

Experiment with values between 5 and 15, and consider lower values for smaller datasets.

max_features: Number of features considered for splitting at each node.

A common value is ‘sqrt’ (square root of the total number of features).

Adjust based on dataset size and feature importance.

criterion: Function used to measure split quality (‘gini’ or ‘entropy’).

Gini impurity is often slightly faster, but both are generally similar in performance.

min_samples_split: Minimum samples required to split a node.

Higher values can prevent overfitting, but too high can hinder model complexity.

Start with 2 and adjust as needed.

34
min_samples_leaf: Minimum samples required to be at a leaf node.

Similar to min_samples_split, but focused on leaf nodes.

Start with 1 and adjust as needed.

bootstrap: Whether to use bootstrap sampling when building trees (True or False).

Bootstrapping can improve model variance and generalization, but can slightly increase
bias.

Advantages of Random Forest Classifier

• The ensemble nature of Random Forests, combining multiple trees, makes them less
prone to overfitting compared to individual decision trees.
• Effective on datasets with a large number of features, and it can handle irrelevant
variables well.
• Random Forests can provide insights into feature importance, helping in feature
selection and understanding the dataset.

Disadvantages of Random Forest Classifier

• Random Forests can be computationally expensive and may require more resources
due to the construction of multiple decision trees.
• The ensemble nature makes it challenging to interpret the reasoning behind
individual predictions compared to a single decision tree.
• In imbalanced datasets, Random Forests may be biased toward the majority class,
impacting the predictive performance for minority classes.

Support Vector Machine (SVM)

SVM is a powerful classifier that finds the optimal decision boundary to separate spam and
legitimate emails. It performs well with high-dimensional data and is effective in spam
detection. However, its training time increases with large datasets, making it less scalable
compared to other algorithms.

Support Vector Machine (SVM) is a supervised machine learning algorithm used for

35
classification and regression tasks. While it can handle regression problems, SVM is
particularly well-suited for classification tasks.

SVM aims to find the optimal hyperplane in an N-dimensional space to separate data points
into different classes. The algorithm maximizes the margin between the closest points of
different classes.

Support Vector Machine (SVM) Terminology

Hyperplane: A decision boundary separating different classes in feature space, represented

by the equation wx + b = 0 in linear classification.

Support Vectors: The closest data points to the hyperplane, crucial for determining the
hyperplane and margin in SVM.

Margin: The distance between the hyperplane and the support vectors. SVM aims to
maximize this margin for better classification performance.

Kernel: A function that maps data to a higher-dimensional space, enabling SVM to handle
non-linearly separable data.

Hard Margin: A maximum-margin hyperplane that perfectly separates the data without
misclassifications.

Soft Margin: Allows some misclassifications by introducing slack variables, balancing

margin maximization and misclassification penalties when data is not perfectly separable.

C: A regularization term balancing margin maximization and misclassification penalties. A

higher C value enforces a stricter penalty for misclassifications.

Hinge Loss: A loss function penalizing misclassified points or margin violations, combined
with regularization in SVM.

Dual Problem: Involves solving for Lagrange multipliers associated with support vectors,
facilitating the kernel trick and efficient computation.

The key idea behind the SVM algorithm is to find the hyperplane that best separates two
classes by maximizing the margin between them. This margin is the distance from the
hyperplane to the nearest data points (support vectors) on each [Link] best hyperplane,

36
also known as the “hard margin,” is the one that maximizes the distance between the
hyperplane and the nearest data points from both classes. This ensures a clear separation
between the classes. So, from the above figure, we choose L2 as hard margin.

Fig. 3.5 Support Vector Machine

The SVM algorithm has the characteristics to ignore the outlier and finds the best hyperplane
that maximizes the margin. SVM is robust to outliers.

A soft margin allows for some misclassifications or violations of the margin to improve
generalization.

The penalty used for violations is often hinge loss, which has the following behavior:

If a data point is correctly classified and within the margin, there is no penalty (loss = 0).

If a point is incorrectly classified or violates the margin, the hinge loss increases
proportionally to the distance of the violation.

When data is not linearly separable (i.e., it can’t be divided by a straight line), SVM uses a
technique called kernels to map the data into a higher-dimensional space where it becomes

37
separable. This transformation helps SVM find a decision boundary even for non-linear
data.A kernel is a function that maps data points into a higher-dimensional space without
explicitly computing the coordinates in that space. This allows SVM to work efficiently
with non-linear data by implicitly performing the mapping.

For example, consider data points that are not linearly separable. By applying a kernel
function, SVM transforms the data points into a higher-dimensional space where they
become linearly separable.

Linear Kernel: For linear separability.

Polynomial Kernel: Maps data into a polynomial space.

Radial Basis Function (RBF) Kernel: Transforms data into a space based on distances
between data points.

Types of Support Vector Machine

Based on the nature of the decision boundary, Support Vector Machines (SVM) can be
divided into two main parts:

Linear SVM: Linear SVMs use a linear decision boundary to separate the data points of
different classes. When the data can be precisely linearly separated, linear SVMs are very
suitable. This means that a single straight line (in 2D) or a hyperplane (in higher dimensions)
can entirely divide the data points into their respective classes. A hyperplane that maximizes
the margin between the classes is the decision boundary.

Non-Linear SVM: Non-Linear SVM can be used to classify data when it cannot be
separated into two classes by a straight line (in the case of 2D). By using kernel functions,
nonlinear SVMs can handle nonlinearly separable data. The original input data is
transformed by these kernel functions into a higher-dimensional feature space, where the
data points can be linearly separated. A linear SVM is used to locate a nonlinear decision
boundary in this modified space.

K-Nearest Neighbors (KNN)

KNN is a simple yet effective algorithm that classifies emails based on the similarity to
their nearest neighbors. While it requires minimal training, its prediction phase can be

38
slow for large datasets. Despite its effectiveness, it is rarely used in real-time spam
detection due to computational constraints.

K-Nearest Neighbors is also called as a lazy learner algorithm because it does not learn from
the training set immediately instead it stores the dataset and at the time of classification it
performs an action on the dataset.

Fig. 3.6 K-Nearest Neighbors

The new point is classified as Category 2 because most of its closest neighbors are blue
squares. KNN assigns the category based on the majority of nearby points.

The image shows how KNN predicts the category of a new data point based on its closest
neighbours.

The red diamonds represent Category 1 and the blue squares represent Category 2.

The new data point checks its closest neighbours (circled points).

Since the majority of its closest neighbours are blue squares (Category 2) KNN predicts the
new data point belongs to Category [Link] works by using proximity and majority voting

39
to make predictions.

In the k-Nearest Neighbours (k-NN) algorithm k is just a number that tells the algorithm
how many nearby points (neighbours) to look at when it makes a decision.

Imagine you’re deciding which fruit it is based on its shape and size. You compare it to
fruits you already know.

If k = 3, the algorithm looks at the 3 closest fruits to the new one.

If 2 of those 3 fruits are apples and 1 is a banana, the algorithm says the new fruit is an apple
because most of its neighbours are apples.

Choosing K value for KNN algorithm

The value of k is critical in KNN as it determines the number of neighbors to consider when
making predictions. Selecting the optimal value of k depends on the characteristics of the
input data. If the dataset has significant outliers or noise a higher k can help smooth out the
predictions and reduce the influence of noisy data. However choosing very high value can
lead to underfitting where the model becomes too simplistic.

Statistical Methods for Selecting k:

Cross-Validation: A robust method for selecting the best k is to perform k-fold cross-
validation. This involves splitting the data into k subsets training the model on some subsets
and testing it on the remaining ones and repeating this for each subset. The value of k that
results in the highest average validation accuracy is usually the best choice.

Elbow Method: In the elbow method we plot the model’s error rate or accuracy for different
values of k. As we increase k the error usually decreases initially. However after a certain
point the error rate starts to decrease more slowly. This point where the curve forms an
“elbow” that point is considered as best k.

Odd Values for k: It’s also recommended to choose an odd value for k especially in
classification tasks to avoid ties when deciding the majority class.

Distance Metrics Used in KNN Algorithm

KNN uses distance metrics to identify nearest neighbour, these neighbours are used for

40
classification and regression task. To identify nearest neighbour we use below distance
metrics:

1. Euclidean Distance

Euclidean distance is defined as the straight-line distance between two points in a plane or
space. You can think of it like the shortest path you would walk if you were to go directly
from one point to another.

2. Manhattan Distance

This is the total distance you would travel if you could only move along horizontal and
vertical lines (like a grid or city streets). It’s also called “taxicab distance” because a taxi
can only drive along the grid-like streets of a city.

3. Minkowski Distance

Minkowski distance is like a family of distances, which includes both Euclidean and
Manhattan distances as special cases.

Thе K-Nearest Neighbors (KNN) algorithm operates on the principle of similarity where it
predicts the label or value of a new data point by considering the labels or values of its K
nearest neighbors in the training dataset.

Step 1: Selecting the optimal value of K , It represents the number of nearest neighbors that
needs to be considered while making prediction.

Step 2: Calculating distance

To measure the similarity between target and training data points Euclidean distance is used.
Distance is calculated between data points in the dataset and target point.

Step 3: Finding Nearest Neighbors

The k data points with the smallest distances to the target point are nearest neighbors.

Step 4: Voting for Classification or Taking Average for Regression

When you want to classify a data point into a category (like spam or not spam), the K-NN

41
algorithm looks at the K closest points in the dataset. These closest points are called
neighbors. The algorithm then looks at which category the neighbors belong to and picks
the one that appears the most. This is called majority voting.

In regression, the algorithm still looks for the K closest points. But instead of voting for a
class in classification, it takes the average of the values of those K neighbors. This average
is the predicted value for the new point for the algorithm.

It shows how a test point is classified based on its nearest neighbors. As the test point moves
the algorithm identifies the closest ‘k’ data points

Each algorithm has its own strengths and weaknesses. By analyzing their performance, we
can determine the most suitable model for effective spam detection. The comparative study
ensures that the system leverages the best-performing classifier for optimal results.

42
 4. SYSTEM DESIGN
4.1 UML Diagrams
Class Diagram

A Class Diagram is a fundamental component of the Unified Modeling Language (UML)

that represents the static structure of a system. It provides a visual representation of the
system’s classes, their attributes, operations, and the relationships between them. Class
diagrams serve as blueprints for software development, enabling developers to understand
the architecture of an application and how different components interact.

Elements of a Class Diagram:

● Classes: Represented as rectangles, each class has three sections: the class name,
attributes, and methods (operations).
● Attributes: Define the properties of a class.
● Methods: Specify the behaviors associated with a class.
● Relationships: Define how classes interact with each other, which includes:
○ Association: A direct connection between two classes.
○ Aggregation: A weaker relationship where a class can exist independently of
the whole.
○ Composition: A strong relationship where the child class cannot exist
independently.
○ Generalization (Inheritance): Depicts a parent-child relationship.
○ Multiplicity: Indicates the number of instances that can be associated.

Use of Class Diagrams: Class diagrams are widely used in object-oriented programming to
design the architecture of applications. They help in conceptualizing domain models,
database schemas, and class relationships in software projects.

43
 Fig.4.1 Class Diagram
Sequence Diagram

A Sequence Diagram is a type of interaction diagram that illustrates how objects interact in
a particular sequence of time. It is used to depict the flow of messages and interactions
between system components, emphasizing the order of execution.

Elements of a Sequence Diagram:

● Actors: Represent external entities that interact with the system (e.g., users, external
systems).
● Objects: Indicate system components involved in the interaction.
● Lifelines: Vertical dashed lines that show the presence of an object over time.
● Messages: Horizontal arrows depicting interactions (synchronous and asynchronous
calls).
● Activation Bars: Represent periods when an object is actively processing a request.
● Return Messages: Show responses to previously sent messages.

Use of Sequence Diagrams: Sequence diagrams are beneficial for modeling dynamic aspects
of a system. They help in visualizing how objects collaborate to fulfill a function, making
them useful in designing workflows, communication protocols, and system behaviors in
real-time applications.

44
 Fig. 4.2 Sequence Diagram

Collaboration Diagram

A Collaboration Diagram (also known as a Communication Diagram) is another interaction

diagram that focuses on the relationships between objects rather than the sequence of
messages. It shows how objects are connected and the flow of messages between them.

Elements of a Collaboration Diagram:

● Objects: Represented as rectangles, these denote instances involved in the

interaction.
● Links: Depict associations between objects.
● Messages: Numbered arrows indicating the sequence and direction of
communication.

Comparison with Sequence Diagrams: While a sequence diagram emphasizes the order of
interactions, a collaboration diagram highlights the structural relationships between objects.
Collaboration diagrams are preferred in scenarios where the focus is on object dependencies
rather than temporal sequence.

45
Use of Collaboration Diagrams: Collaboration diagrams are helpful in visualizing system
architecture, understanding object relationships, and refining communication models in
software applications.

Fig. 4.3 Collaboration Diagram

Use Case Diagram

A Use Case Diagram is a high-level representation of a system’s functional requirements,

illustrating how users (actors) interact with different functionalities (use cases) within a
system.

Elements of a Use Case Diagram:

● Actors: Represent external entities that interact with the system (users, devices, other
systems).
● Use Cases: Depict the different functionalities or services offered by the system.
● Relationships: Define interactions between actors and use cases, including:
○ Association: A direct link between an actor and a use case.

46
 ○ Include: Represents the inclusion of one use case in another.
○ Extend: Represents optional or conditional behavior.
● System Boundary: A rectangle enclosing all use cases, representing the system’s
scope.

Use of Use Case Diagrams: Use case diagrams are widely used in requirements gathering
and analysis, helping stakeholders understand the functionalities a system must support.
They aid in defining system scope, identifying primary interactions, and planning test cases.

[Link] 4.4 Use case diagram

4.2 Algorithm Implementation

1. Import Required Libraries

The necessary Python libraries are imported for data processing, feature extraction, model
training, and evaluation.

47
 Fig. 4.5 Import Required Libraries

2. Load and Inspect Dataset

The dataset is loaded into a Pandas DataFrame.

Fig. 4.6 Load and Inspect Dataset

The dataset contains email messages with labels indicating whether they are spam or ham
(legitimate).

3. Analyze Class Distribution

Checking the number of spam and ham emails.

48
4. Preprocessing Text Data

Perform text cleaning, stopword removal, and lemmatization.

Fig. 4.7 Preprocessing Text Data

5. Convert Labels to Numerical Format

Since machine learning models require numerical data, labels (spam/ham) are converted to
binary form.

6. Feature Extraction using TF-IDF Vectorization

TF-IDF (Term Frequency-Inverse Document Frequency) is used to convert textual data into
numerical format.

7. Splitting Dataset into Training and Testing Sets

The dataset is split into training (80%) and testing (20%) subsets.

49
8. Train Multiple Classification Models

Various machine learning models are used to compare performance.

● Naïve Bayes (MultinomialNB)

[Link] 4.8 Train Multiple Classification Models

9. Evaluate Model Performance

Using classification metrics like accuracy, precision, recall, and F1-score.

Fig. 4.9 Evaluate Model Performance

10. Save the Best Model

If a model performs significantly better, it can be saved using joblib or pickle for later use.

50
4.3 Code Snippets:
import numpy as np

import pandas as pd

import warnings

[Link](action='ignore')

from [Link] import LabelEncoder

from sklearn.feature_extraction.text import TfidfVectorizer

from sklearn.model_selection import train_test_split

from [Link] import accuracy_score, classification_report

from sklearn.naive_bayes import MultinomialNB

from [Link] import DecisionTreeClassifier

from [Link] import RandomForestClassifier

from [Link] import SVC

from sklearn.naive_bayes import GaussianNB

from [Link] import KNeighborsClassifier

import nltk

import re

from [Link] import stopwords

from [Link] import WordNetLemmatizer

df = pd.read_csv(r"C:\Users\91798\Downloads\major project\[Link]")

df

df['Category'].value_counts()

51
[Link][5572]

df = [Link](index=5572)

df

le = LabelEncoder()

df['Category'] = le.fit_transform(df['Category']) # 1: spam, 0: ham

df

[Link][0]

[Link][2]

[Link]('stopwords')

[Link]('wordnet')

import nltk

import re

from [Link] import stopwords

from [Link] import WordNetLemmatizer

ps = WordNetLemmatizer()

stopwords_set = set([Link]('english'))

def clean_row(row):

row = [Link]()

row = [Link]('[^a-zA-Z]', ' ', row)

tokens = [Link]()

email = [[Link](word) for word in tokens if word not in stopwords_set]

52
 return ' '.join(email)

df['Message']

df['Message'] = df['Message'].apply(clean_row)

df['Message']

vectorizer = TfidfVectorizer(max_features=9000, lowercase=False, ngram_range=(1, 2))

X = df['Message']

Y = df['X_train, X_test, Y_train, Y_test = train_test_split(X, Y, test_size=0.2,

random_state=42)']

vec_train_data = vectorizer.fit_transform(X_train).toarray()

vec_test_data = [Link](X_test).toarray()

nb_model = MultinomialNB()

nb_model.fit(vec_train_data, Y_train)

nb_pred = nb_model.predict(vec_test_data)

print("Classification Report:")

print(classification_report(Y_test, nb_pred, target_names=['Ham', 'Spam']))

# Test on a sample email

sample_email = "Congratulations! You've won a $1000 Walmart gift card. Click here to
claim your prize."

cleaned_sample_email = clean_row(sample_email)

vec_sample_email = [Link]([cleaned_sample_email]).toarray()

sample_print(f"\nSample Email: {sample_email}")

print(f"Prediction: {'Spam' if sample_prediction[0] == 1 else 'Not Spam'}") =

nb_model.predict(vec_sample_email)
53
sample_prediction = nb_model.predict(vec_sample_email)

models = {

"Naive Bayes": MultinomialNB(),

"Decision Tree": DecisionTreeClassifier(random_state=42),

"Random Forest": RandomForestClassifier(random_state=42),

"SVM": SVC(kernel='linear', random_state=42),

"Gaussian NB": GaussianNB(),

"KNN": KNeighborsClassifier()

results = {}

for model_name, model in [Link]():

[Link](vec_train_data, Y_train)

predictions = [Link](vec_test_data)

accuracy = accuracy_score(Y_test, predictions)

results[model_name] = {

"accuracy": accuracy,

"classification_report":classification_report(Y_test,predictions,target_names=['Ham',
'Spam'], output_dict=True)

print(f"--- {model_name} ---")

print(f"Accuracy: {accuracy:.4f}")

print(classification_report(Y_test, predictions, target_names=['Ham', 'Spam']))

54
 print("\n")

print("Model Performance Comparison:")

for model_name, metrics in [Link]():

print(f"{model_name}: Accuracy = {metrics['accuracy']:.4f}")

sample_email = "Congratulations! You've won a $1000 Walmart gift card. Click here to
claim your prize."

cleaned_sample_email = clean_row(sample_email)

vec_sample_email = [Link]([cleaned_sample_email]).toarray()

print("\nSample Email Classification:")

for model_name, model in [Link]():

if model_name == "Gaussian NB":

prediction = [Link](vec_sample_email)

else:

prediction = [Link](vec_sample_email)

print(f"{model_name}: {'Spam' if prediction[0] == 1 else 'Ham'}")

sample_email = '''Hi Team,

I hope this email finds you well. I wanted to inform you that our weekly team meeting has
been rescheduled to

Thursday at 2 PM due to scheduling conflicts. Please let me know if this time works for
everyone.

Best regards'''

cleaned_sample_email = clean_row(sample_email)

vec_sample_email = [Link]([cleaned_sample_email]).toarray()
55
print("\nSample Email Classification:")

for model_name, model in [Link]():

if model_name == "Gaussian NB":

prediction = [Link](vec_sample_email)

else:

prediction = [Link](vec_sample_email)

print(f"{model_name}: {'Spam' if prediction[0] == 1 else 'Ham'}")

56
 5. EXPERIMENTS AND RESULTS
5.1 Analysis of Experimental Data

The Email Spam Detection project utilized a dataset containing 5,573 email messages
labeled as either "ham" (legitimate emails) or "spam" (unsolicited or malicious messages).
The dataset was preprocessed using Natural Language Processing (NLP) techniques,
including stopword removal, lemmatization, and TF-IDF vectorization, to convert textual
data into numerical representations suitable for machine learning models.

The dataset's distribution was initially analyzed, revealing that ham messages significantly
outnumber spam messages. This class imbalance was taken into account when evaluating
model performance. The dataset was split into training and testing sets in an 80-20 ratio to
ensure robust evaluation.

Multiple machine learning models were trained and tested to determine the most effective
approach for spam detection. The models included:

• Multinomial Naive Bayes

• Decision Tree Classifier
• Random Forest Classifier
• Support Vector Machine (SVM)
• Gaussian Naive Bayes
• K-Nearest Neighbors (KNN)

Each model was trained on the processed text data and evaluated using accuracy, precision,
recall, and F1-score metrics. The classification report and confusion matrix provided further
insights into each model's effectiveness.

Among the models tested, SVM achieved the highest accuracy (98.48%), followed by
Random Forest (98.03%) and Multinomial Naive Bayes (97.13%). While Gaussian Naive
Bayes and KNN models performed relatively poorly, their results were still valuable for
comparison. KNN, in particular, struggled with spam detection, misclassifying many spam
messages as ham.

To further analyze model performance, a sample spam email was tested across all classifiers.
The results showed that most models correctly identified the email as spam, except for KNN,

57
which misclassified it as ham. Another legitimate email sample was tested, and all models
correctly identified it as ham.

These experiments highlight the strengths of different machine learning models in email
spam detection, with SVM and Random Forest emerging as the most reliable choices for
deployment in real-world applications.

Fig. 5.1 Email classification Result-1

58
 Fig. 5.2 Email Classification Result -2

5.2 Performance Evaluation

The performance of each model was evaluated based on accuracy, precision, recall, and F1-
score. Accuracy, being the most common metric, indicated the proportion of correct
predictions. However, since the dataset was imbalanced, precision and recall provided
deeper insights.

59
● Multinomial Naive Bayes: Achieved an accuracy of 97.13%, with high precision
for spam detection (100%) but a lower recall (79%). This suggests that while it
correctly identified all actual spam messages, it missed some spam messages,
classifying them as ham.

● Decision Tree: Slightly lower accuracy (96.50%), but better recall (85%) compared
to Naive Bayes. However, its overall performance was slightly weaker.

● Random Forest: One of the top performers with 98.03% accuracy. It maintained a
good balance between precision and recall, making it a strong candidate for spam
detection.

● SVM: The best model in terms of accuracy (98.48%). It provided a high F1-score
and showed excellent generalization capabilities on test data.

● Gaussian Naive Bayes: Performed the worst (89.78%) due to its assumption of
feature independence, which did not hold well for textual data.

● KNN: Achieved 91.66% accuracy but had a significantly low recall (38%) for spam
messages, making it unreliable.

60
Fig. 5.3 Accuracy Evaluation -1

61
 Fig. 5.4 Accuracy Evaluation-2

The results indicate that SVM and Random Forest are the most suitable models for email
spam detection due to their high precision, recall, and overall accuracy. Future
improvements may focus on hybrid models that combine the strengths of multiple
classifiers.

62
 6. CONCLUSION AND FUTURE WORK

6.1 Conclusion

This project demonstrated the effectiveness of NLP-based machine learning models in email
spam detection. The experimentation and evaluation of multiple classifiers provided
valuable insights into their performance. The preprocessing steps, including stopword
removal, lemmatization, and TF-IDF vectorization, played a crucial role in improving
classification accuracy.

Among the models tested, SVM and Random Forest proved to be the most effective,
achieving accuracy rates of 98.48% and 98.03%, respectively. Their high precision and
recall rates indicate their ability to correctly classify spam emails while minimizing false
positives and false negatives.

Naive Bayes, a traditionally strong text classification model, also performed well with an
accuracy of 97.13%, but it struggled with recall for spam messages. Decision Tree and
Gaussian Naive Bayes had relatively lower performance, and KNN performed the worst,
demonstrating its limitations in high-dimensional text classification tasks.

The analysis of sample emails confirmed the reliability of the best-performing models,
reinforcing their potential for deployment in real-world email filtering applications. These
findings highlight the importance of selecting appropriate algorithms for NLP tasks and
emphasize the role of data preprocessing in enhancing model performance.

6.2 Future Work

While this project achieved high accuracy in spam detection, there are several areas for
future improvement:

1. Hybrid Models: Combining multiple models, such as SVM and Random Forest,
into an ensemble approach could further improve classification accuracy and
robustness against adversarial spam emails.

2. Deep Learning Approaches: Neural networks, such as Long Short-Term Memory

(LSTM) and Transformer-based models (e.g., BERT), could be explored to capture
contextual information more effectively.

63
 3. Feature Engineering: Advanced feature extraction techniques, including word
embeddings (Word2Vec, GloVe) and contextual embeddings (BERT embeddings),
could enhance model understanding of email content.

4. Handling Imbalanced Data: Techniques such as oversampling, under sampling, or

synthetic data generation (SMOTE) could help improve spam detection rates,
especially for minority classes.

5. Real-Time Deployment: Implementing the trained models in a real-time email

filtering system and integrating them into platforms like Gmail or Outlook could
provide practical benefits.

6. Adaptive Learning: Incorporating an adaptive learning approach where the model

continuously learns from new spam trends could enhance its effectiveness.

7. Explainability and Interpretability: Implementing explainable AI (XAI)

techniques could help users understand why an email is classified as spam or ham,
improving trust in automated systems.

8. Cybersecurity Integration: Expanding spam detection to include phishing email

detection could help mitigate email-based cyber threats.

9. Cross-Language Spam Detection: Extending the model to detect spam in multiple

languages could make it more versatile and globally applicable.

10. User Feedback Mechanism: Allowing users to provide feedback on misclassified

emails could improve model adaptability and accuracy over time.

By addressing these areas, the project could significantly enhance email spam detection
accuracy, making it a more reliable tool for real-world applications. The continued
development of NLP and machine learning techniques offers exciting possibilities for
improving cybersecurity measures against email-based threats.

64
 7. REFERENCES

[1] T. Deshpande, J. Girkar, and R. Mangrulkar, ‘‘Security enhancement and analysis of

images using a novel sudoku-based encryption algorithm,’’J. Inf. Telecommun., vol. 7, no.
3, pp. 270–303, Jul. 2023.

[2] D. Goel and A. K. Jain, ‘‘Mobile phishing attacks and defence mechanisms: State of art
and open research challenges,’’ Comput. Secur.,vol. 73, pp. 519–544, Mar. 2018.

[3] J. Doshi, K. Parmar, R. Sanghavi, and N. Shekokar, ‘‘A comprehensive dual-layer

architecture for phishing and spam email detection,’’ [Link]., vol. 133, Oct. 2023,
Art. no. 103378.

[4] F. Salahdine and N. Kaabouch, ‘‘Social engineering attacks: A survey,’’Future Internet,

vol. 11, no. 4, p. 89, Apr. 2019.

[5] M. Alawida, A. E. Omolara, O. I. Abiodun, and M. Al-Rajab, ‘‘A deeperlook into

cybersecurity issues in the wake of COVID-19: A survey,’’J. King Saud Univ. Comput. Inf.
Sci., vol. 34, no. 10, pp. 8176–8206, Nov. 2022.

[6] B. Parmar, ‘‘Protecting against spear-phishing,’’ Comput. Fraud Secur.,vol. 2012, no. 1,
pp. 8–11, Jan. 2012.

[7] E. G. Dada, J. S. Bassi, H. Chiroma, S. M. Abdulhamid, A. [Link], and O. E.

Ajibuwa, ‘‘Machine learning for email spam filtering: Review, approaches and open
research problems,’’ Heliyon,vol. 5, no. 6, Jun. 2019, Art. no. e01802.

[8] (2023). Statista. [Online]. Available: [Link]

number-of-e-mails-worldwide/

[9] O. Fonseca, E. Fazzion, I. Cunha, P. H. B. Las-Casas, D. Guedes,W. Meira, C. Hoepers,

K. Steding-Jessen, and M. H. P. Chaves,‘‘Measuring, characterizing, and avoiding spam
traffic costs,’’ IEEEInternet Comput., vol. 20, no. 4, pp. 16–24, Jul. 2016.

[10] S. Ogwu, P. Sice, S. Keogh, and C. Goodlet, ‘‘An exploratory study of theapplication
of mindsight in email communication,’’ Heliyon, vol. 6, no. 7,Jul. 2020, Art. no. e04305.

[11] O. A. Okunade. (2017). Manipulating e-mail Server feedback for SpamPrevention.

65
[Online]. Available: [Link]

[12] (2023). Firms. Accessed: Dec. 28, 2023. [Online].

Available:[Link]

[13] S. Dhanaraj and V. Karthikeyani, ‘‘A study on e-mail image spam filteringtechniques,’’
in Proc. Int. Conf. Pattern Recognit., Informat. Mobile Eng.,Feb. 2013, pp. 49–55.

[14] A. Bhowmick and S. M. Hazarika, ‘‘Machine learning for e-mail spamfiltering:

Review, techniques and trends,’’ 2016, arXiv:1606.01042v1.

[15] C. Laorden, X. Ugarte-Pedrero, I. Santos, B. Sanz, J. Nieves, andP. G. Bringas, ‘‘Study

on the effectiveness of anomaly detection for spam filtering,’’ Inf. Sci., vol. 277, pp. 421–
444, Sep. 2014.

[16] N. Ahmed, R. Amin, H. Aldabbas, D. Koundal, B. Alouffi, and T. Shah,‘‘Machine

learning techniques for spam detection in email and IoTplatforms: Analysis and research
challenges,’’ Secur. Commun. Netw.,

vol. 2022, pp. 1–19, Feb. 2022.

[17] S. Gibson, B. Issac, L. Zhang, and S. M. Jacob, ‘‘Detecting spamemail with machine
learning optimized with bio-inspired metaheuristicalgorithms,’’ IEEE Access, vol. 8, pp.
187914–187932, 2020.

[18] T. Gangavarapu, C. D. Jaidhar, and B. Chanduka, ‘‘Applicability ofmachine learning

in spam and phishing email filtering: Review and approaches,’’ Artif. Intell. Rev., vol. 53,
no. 7, pp. 5019–5081, Oct. 2020.

[19] S. Zavrak and S. Yilmaz, ‘‘Email spam detection using hierarchicalattention hybrid
deep learning method,’’ Expert Syst. Appl., vol. 233,Dec. 2023, Art. no. 120977.

[20] P. K. Roy, J. P. Singh, and S. Banerjee, ‘‘Deep learning to filter SMSspam,’’ Future
Gener. Comput. Syst., vol. 102, pp. 524–533, Jan. 2020.

[21] S. Magdy, Y. Abouelseoud, and M. Mikhail, ‘‘Efficient spam and phishingemails

filtering based on deep learning,’’ Comput. Netw., vol. 206,

Apr. 2022, Art. no. 108826.

66
[22] S. Kaddoura, G. Chandrasekaran, D. Elena Popescu, and J. H. Duraisamy,‘‘A
systematic literature review on spam content detection and classification,’’ PeerJ Comput.
Sci., vol. 8, p. e830, Jan. 2022.

[23] T. Lin, D. E. Capecci, D. M. Ellis, H. A. Rocha, S. Dommaraju,D. S. Oliveira, and N.

C. Ebner, ‘‘Susceptibility to spear-phishing emails,’’ ACM Trans. Comput.-Hum. Interact.,
vol. 26, no. 5, pp. 1–28,

Oct. 2019.

[24] K. Thakur, M. L. Ali, M. A. Obaidat, and A. Kamruzzaman, ‘‘A systematic review on

deep-learning-based phishing email detection,’’Electronics, vol. 12, no. 21, p. 4545, Nov.
2023.

[25] R. Li, Z. Zhang, J. Shao, R. Lu, X. Jia, and G. Wei, ‘‘The potential harm of email
delivery: Investigating the HTTPS configurations of webmail services,’’ IEEE Trans.
Dependable Secur. Comput., vol. 21, no. 1,

pp. 1–14, Aug. 2023.

[26] A. Abayomi-Alli, O. Abayomi-Alli, S. Misra, and L. Fernandez-Sanz,‘‘Study of the

yahoo-yahoo hash-tag tweets using sentiment analysis and opinion mining algorithms,’’
Information, vol. 13, no. 3, p. 152, Mar. 2022.

[27] S. A. Ebad, ‘‘Lessons learned from offline assessment of security-critical systems: The
case of microsoft’s active directory,’’ Int. J. Syst. Assurance Eng. Manage., vol. 13, no. 1,
pp. 535–545, Feb. 2022.

[28] A. Kumar, ‘‘An empirical examination of the effects of design elements of email
newsletters on consumers’ email responses and their purchase,’’J. Retailing Consum.
Services, vol. 58, Jan. 2021, Art. no. 102349.

[29] V. Y. Oviedo and J. E. Fox Tree, ‘‘Meeting by text or video-chat: Effects on confidence
and performance,’’ Comput. Hum. Behav. Rep., vol. 3,Jan. 2021, Art. no. 100054.

67
 DEPARTMENT OF INFORMATION TECHNOLOGY

VISION AND MISSION

VISION
• To become a nationally recognized quality education center in the domain of Computer
Science and Information Technology through teaching, training, learning, research and
consultancy.

MISSION
• The Department offers undergraduate program in Information Technology and Post
graduate program in Software Engineering to produce high quality information
technologists and software engineers by disseminating knowledge through
contemporary curriculum, competent faculty and adopting effective teaching-learning
methodologies.
• Igniting passion among students for research and innovation by exposing them to real
time systems and problems
• Developing technical and life skills in diverse community of students with modern
training methods to solve problems in Software Industry.
• Inculcating values to practice engineering in adherence to code of ethics in multicultural
and multi discipline teams.

68
 Program Outcomes (PO’s)

1. Apply the knowledge of mathematics, science, engineering fundamentals, and

an engineering specialization to the solution of complex engineering problems
(Engineering knowledge).

2. Identify, formulate, review research literature, and analyze complex

engineering problems reaching substantiated conclusions using first principles of
mathematics, natural sciences, and engineering sciences (Problem analysis).

3. Design solutions for complex engineering problems and design system

components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and
environmental considerations (Design/development of solutions).

4. Use research-based knowledge and research methods including design of

experiments, analysis and interpretation of data, and synthesis of the information
to provide valid conclusions (Conduct investigations of complex problems).

5. Create, select, and apply appropriate techniques, resources, and modern

engineering and IT tools including prediction and modeling to complex engineering
activities with an understanding of the limitations (Modern tool usage).

6. Apply reasoning informed by the contextual knowledge to assess societal,

health, safety, legal and cultural issues and the consequent responsibilities relevant
to the professional engineering practice (The engineer and society).

7. Understand the impact of the professional engineering solutions in societal and

environmental contexts, and demonstrate the knowledge of, and need for
sustainable development (Environment and sustainability).

8. Apply ethical principles and commit to professional ethics and responsibilities

and norms of the engineering practice (Ethics).

9. Function effectively as an individual, and as a member or leader in diverse

teams, and in multidisciplinary settings (Individual and team work).

10. Communicate effectively on complex engineering activities with the

engineering community and with society at large, such as, being able to
comprehend and write effective reports and design documentation, make effective

69
presentations,and give receive clear instructions(Communication).

11. Demonstrate knowledge and understanding of the engineering and management

principles and apply these to one’s own work, as a member and leader in a team, to
manage projects and in multidisciplinary environments (Project management and
finance).

12. Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change
( Life-long learning).

70
 Program Specific Outcomes (PSO’s)

On successful completion of the Program, the graduates of B. Tech (IT) program will
be able to:

PSO1 Design and develop database systems, apply data analytics techniques, and use
advanced databases for data storage, processing and retrieval.

PSO2 Apply network security techniques and tools for the development of highly secure
systems.
Analyze, design and develop efficient algorithms and software applications to
PSO3 deploy in secure environment to support contemporary services using
programming languages, tools and technologies.

71
 Program Educational Objectives (PEO’s)

After few years of graduation, the graduates of [Link] (IT) will:

1. Enrolled or completed higher education in the core or allied areas of Computer

Science and Information Technology or management.

2. Successful entrepreneurial or technical career in the core or allied areas of Computer

Science and Information Technology.

3. Continued to learn and to adapt to the world of constantly evolving technologies in

the core or allied areas of Computer Science and Information Technology.

72
 COURSE OUTCOMES (COs)

After successful completion of this course, the students will be able to:

[Link]/Design algorithms and software to solve complex Computer Science,

Information Technology and allied problems using appropriate tools and techniques
following relevant standards, codes, policies, regulations and latest developments.

[Link] society, health, safety, environment, sustainability, economics and

project management in solving complex Computer Science, Information Technology and
allied problems.

[Link] individually or in a team besides communicating effectively in written,

oral and graphical forms on Computer Science, and Information Technology based
systems or processes.

Mapping of Course Outcomes with POs and PSOs:

Program
Program Outcomes Specific
Course
Outcomes
Outcomes
PO1 PO1 PO1 PSO PSO PSO
PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9
0 1 2 1 2 3
CO1 3 3 3 3 3 - - 3 - - - 3 3 3 3
CO2 - - - - - 3 3 - - - 3 - 3 3 3
CO3 - - - - - - - - 3 3 - - 3 3 3
Average 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3

Level of
correlatio
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
n of the
course

73