Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference List
Ruofan Liu, Yun Lin, Xiwen Teoh, Gongshen Liu, Zhiyong Huang, Jin Song Dong
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
The digital landscape is under constant siege from sophisticated phishing attacks, a threat that has escalated dramatically from 26,000 reported victims in 2018 to an alarming 300,000 in 2023. This exponential growth underscores the critical need for more robust and adaptive detection mechanisms. Traditional **reference-based phishing detection** systems, while effective to a degree, are increasingly struggling to keep pace with the dynamic nature of these attacks, primarily due to their reliance on manually curated and static lists of known brands and their associated digital representations.
AI review
FishLM presents a robust, LM-driven phishing detection system that finally breaks free from the limitations of static reference lists. Its ability to dynamically infer brand identity and credential-taking intent, even across multi-stage attacks, offers a genuinely impactful and scalable solution for real-world defense. This is a significant step forward in proactive phishing mitigation.