Phishing attacks increasingly span multiple surfaces (URLs, spoofed emails, malicious PDFs, and image/QR-based lures), making single-modality detectors brittle in real deployments. We propose UEP-IQ, a unified multi-modal phishing detection framework that combines (i) lightweight Random Forest (RF) classifiers for structured artifacts (URL lexical/structural features, email header anomalies, and PDF metadata descriptors) with (ii) a vision module using EfficientNet-B0 as a frozen backbone and an RF head for phishing screenshots and QR-code misuse. We curate and harmonize heterogeneous public data sources into a consolidated benchmark covering four major phishing vectors, and design modality-specific preprocessing pipelines including a QR to URL linkage to exploit cross-modal signals. Across held-out test sets, UEP-IQ achieves strong per-modality performance (e.g., 93% accuracy for URLs, 99% for email headers and PDFs, and 85–88% for images/QR), outperforming common classical baselines and offering a favorable accuracy–latency trade-off compared to heavier end-to-end models. We further analyze the aggregation layer via fusion sensitivity and provide a learned fusion alternative to justify decision combining beyond heuristics. Finally, we validate deployability through a web application and browser extension, achieving sub-200 ms end-to-end latency on a CPU backend. These results indicate that a production-oriented hybrid architecture can provide scalable, accurate, and practical defense against contemporary multi-surface phishing campaigns.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

UEP-IQ: A Deployable Multi-modal Phishing Detection Framework

  • Trong-Thua Huynh,
  • Hy Phan Thanh,
  • Gioi Ho Le,
  • Tri Nguyen Dinh Quoc,
  • Tien Tran Phuc,
  • Kien Nguyen Trung

摘要

Phishing attacks increasingly span multiple surfaces (URLs, spoofed emails, malicious PDFs, and image/QR-based lures), making single-modality detectors brittle in real deployments. We propose UEP-IQ, a unified multi-modal phishing detection framework that combines (i) lightweight Random Forest (RF) classifiers for structured artifacts (URL lexical/structural features, email header anomalies, and PDF metadata descriptors) with (ii) a vision module using EfficientNet-B0 as a frozen backbone and an RF head for phishing screenshots and QR-code misuse. We curate and harmonize heterogeneous public data sources into a consolidated benchmark covering four major phishing vectors, and design modality-specific preprocessing pipelines including a QR to URL linkage to exploit cross-modal signals. Across held-out test sets, UEP-IQ achieves strong per-modality performance (e.g., 93% accuracy for URLs, 99% for email headers and PDFs, and 85–88% for images/QR), outperforming common classical baselines and offering a favorable accuracy–latency trade-off compared to heavier end-to-end models. We further analyze the aggregation layer via fusion sensitivity and provide a learned fusion alternative to justify decision combining beyond heuristics. Finally, we validate deployability through a web application and browser extension, achieving sub-200 ms end-to-end latency on a CPU backend. These results indicate that a production-oriented hybrid architecture can provide scalable, accurate, and practical defense against contemporary multi-surface phishing campaigns.