ChatSpamDetector: Leveraging Large Language Models for Effective Phishing Email Detection
Takashi Koide, Naoki Fukushi, Hiroki Nakano, Daiki Chiba
TL;DR
This work presents ChatSpamDetector, a system that leverages large language models to detect phishing emails and, crucially, to provide detailed, evidence-backed explanations for each decision. By converting emails into structured prompts and analyzing both headers and body content, the approach achieves 99.70% accuracy with GPT-4 on a multilingual dataset and outperforms multiple baselines. The method emphasizes interpretability through explicit rationales, phishing scores, and brand-impersonation indicators, with a robust evaluation on a diverse dataset of phishing and legitimate emails. The study also discusses deployment considerations, costs, and potential extensions (e.g., RAG) to maintain up-to-date domain knowledge, highlighting practical implications for augmenting or replacing existing email defenses.
Abstract
The proliferation of phishing sites and emails poses significant challenges to existing cybersecurity efforts. Despite advances in malicious email filters and email security protocols, problems with oversight and false positives persist. Users often struggle to understand why emails are flagged as potentially fraudulent, risking the possibility of missing important communications or mistakenly trusting deceptive phishing emails. This study introduces ChatSpamDetector, a system that uses large language models (LLMs) to detect phishing emails. By converting email data into a prompt suitable for LLM analysis, the system provides a highly accurate determination of whether an email is phishing or not. Importantly, it offers detailed reasoning for its phishing determinations, assisting users in making informed decisions about how to handle suspicious emails. We conducted an evaluation using a comprehensive phishing email dataset and compared our system to several LLMs and baseline systems. We confirmed that our system using GPT-4 has superior detection capabilities with an accuracy of 99.70%. Advanced contextual interpretation by LLMs enables the identification of various phishing tactics and impersonations, making them a potentially powerful tool in the fight against email-based phishing threats.