<p>Phishing practice has radically changed as automation and artificial intelligence have taken new forms, enabling attackers to produce highly believable domain-spoofed content that is nearly indistinguishable from natural communication. Existing detection techniques, such as rule-based, blacklist-based, and single-modality approaches, tend to be weak, fail to generalise to unfamiliar attacks, and lack interpretability. Although the latest deep learning-driven solutions have improved detection performance, they remain vulnerable to adversarial attacks and provide fewer explanations for security analysts. To mitigate such challenges, the current paper outlines a neuro-symbolic multimodal phishing detection system that combines textual, visual, and metadata features and links them via a cross-attention-based fusion module. The framework improves the consistency of decisions in data-driven representations by incorporating explicit symbolic reasoning, leading to better decision-making, particularly when considering obfuscated and adversarial phishing patterns. The diffusion-based adversarial augmentation approach improves accuracy against phishing attacks using AI-generated similes. Conversely, continuous learning can be achieved in an online adaptation module through a replay buffer in response to a time-varying attack distribution. The SHAP-based explainability module provides explanations for features, making predictions interpretable and transparent. Many experiments across a variety of publicly available phishing datasets demonstrate that the suggested approach is effective, achieving a potential ROC–AUC of up to 97% on clean test data. The model is also more resilient to adversarial perturbations and achieves absolute AUC gains of 6–7% in cross-dataset generalisation compared to competitive baselines. The results are reported as the mean and standard deviation of repeated runs, and statistical significance (<i>p</i> &lt; 0.05) is assessed to evaluate the reliability of the observed improvements. The suggested architecture provides a practical and reliable means of implementation, e.g., in security infrastructures such as email filters, web browsers, and enterprise threat intelligence systems, where robustness, generalisation, and interpretability are of utmost importance.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

NeuroSymbolicPhishDefend for adaptive multimodal phishing detection against evolving artificial intelligence driven threats

  • Gaddam Lakshmi,
  • Perumalla Swetha

摘要

Phishing practice has radically changed as automation and artificial intelligence have taken new forms, enabling attackers to produce highly believable domain-spoofed content that is nearly indistinguishable from natural communication. Existing detection techniques, such as rule-based, blacklist-based, and single-modality approaches, tend to be weak, fail to generalise to unfamiliar attacks, and lack interpretability. Although the latest deep learning-driven solutions have improved detection performance, they remain vulnerable to adversarial attacks and provide fewer explanations for security analysts. To mitigate such challenges, the current paper outlines a neuro-symbolic multimodal phishing detection system that combines textual, visual, and metadata features and links them via a cross-attention-based fusion module. The framework improves the consistency of decisions in data-driven representations by incorporating explicit symbolic reasoning, leading to better decision-making, particularly when considering obfuscated and adversarial phishing patterns. The diffusion-based adversarial augmentation approach improves accuracy against phishing attacks using AI-generated similes. Conversely, continuous learning can be achieved in an online adaptation module through a replay buffer in response to a time-varying attack distribution. The SHAP-based explainability module provides explanations for features, making predictions interpretable and transparent. Many experiments across a variety of publicly available phishing datasets demonstrate that the suggested approach is effective, achieving a potential ROC–AUC of up to 97% on clean test data. The model is also more resilient to adversarial perturbations and achieves absolute AUC gains of 6–7% in cross-dataset generalisation compared to competitive baselines. The results are reported as the mean and standard deviation of repeated runs, and statistical significance (p < 0.05) is assessed to evaluate the reliability of the observed improvements. The suggested architecture provides a practical and reliable means of implementation, e.g., in security infrastructures such as email filters, web browsers, and enterprise threat intelligence systems, where robustness, generalisation, and interpretability are of utmost importance.