This paper introduces a machine learning system that detects phishing emails by analyzing contextual features from the entire email body content, achieving 95.41% accuracy using Logistic Regression.

This paper develops an explainable and deployable machine learning system for highly accurate phishing detection across diverse, heterogeneous datasets, achieving up to 99.78% accuracy using transform…

This paper demonstrates that visual phishing detectors can be completely bypassed by employing simple timing-based attacks that delay the rendering of key webpage elements.

The paper proposes a graph-based framework for detecting attacks in LLM agent tool-call traffic, finding that content-level embeddings are crucial for high accuracy and that tree ensembles on these em…

CyberCane is a neuro-symbolic framework that enhances phishing detection by combining symbolic rule analysis with privacy-preserving RAG and formal ontology reasoning, achieving high recall against AI…

The paper introduces GuardPhish, a large-scale dataset and evaluation framework, demonstrating that even high-performing open-source LLMs can generate actionable phishing content despite accurate inte…

PhishSigma++ is a novel entity-relation-based detector that improves malicious email detection by focusing on invariant functional relationships between typed entities, significantly outperforming tex…

This paper proposes a hybrid CNN-LSTM framework to enhance cyber attack detection and prevention in U.S. critical digital infrastructure by evaluating multiple machine learning models on the CSE-CIC-I…

The paper demonstrates that generative AI can automate and scale highly personalized, context-aware spear-phishing attacks using only public social media data, resulting in messages that are significa…

TraceScope is an interactive, sandboxed triage pipeline that analyzes complex phishing URLs by simulating human interaction and verifying suspicious behavior against a detailed checklist, achieving hi…

This paper develops and evaluates supervised machine learning models to detect malicious tool descriptions within the Model Context Protocol (MCP), achieving high detection rates in both binary and mu…

This paper compares lightweight machine learning models (like Random Forest) against computationally intensive deep learning methods for botnet detection on the CTU-13 dataset, showing that these simp…

The study analyzed TLS certificate and domain features in the Danish .dk namespace to distinguish phishing sites, concluding that while combined features are useful, no single attribute reliably ident…

This paper proposes a structured pipeline using LLMs to generate and evaluate obfuscated XSS payloads, demonstrating that while LLMs can generate samples, they currently struggle to ensure payloads ma…

The paper proposes a novel structural invariant approach, derived from the economic constraints of fraud, that amplifies weak, low-precision signals into highly accurate fraud detections without requi…

The paper introduces a synthetic dataset of multi-round conversations to detect conversational smishing, finding that XGBoost with TF-IDF features achieved the best performance (72.5% accuracy).

PHANTOM is a novel framework that generates highly convincing, context-aware honeytokens by incorporating deep organizational knowledge, significantly improving their believability and detection resis…

The paper proposes RPM-Net, a novel framework using a reciprocal point mechanism and adversarial margin constraints to achieve superior detection of unknown network security threats in imbalanced mult…

The paper introduces Smart-SIEM, an AI module for Wazuh that significantly improves web attack detection by incorporating behavioral context vectors and utilizing a hybrid LightGBM/XGBoost cascade.

The paper introduces Honeyval, a comprehensive evaluation framework, to rigorously test LLM-powered HTTP honeypots, demonstrating that these honeypots provide substantially longer and harder-to-detect…