PhishAgent: A Robust Multimodal Agent for Phishing Webpage Detection
Tri Cao, Chengyu Huang, Yuexin Li, Huilin Wang, Amy He, Nay Oo, Bryan Hooi
TL;DR
PhishAgent tackles phishing webpage detection by unifying online and offline knowledge with Multimodal Large Language Models to achieve low-latency, high-accuracy detection. It introduces a Multimodal Retriever to pull top-$k$ brands from a Brand Knowledge Base using both webpage text concepts and logos, complemented by an online knowledge search. The framework demonstrates strong performance across three real-world datasets with notable robustness to adversarial HTML and image-based attacks, and an ablation study confirms the value of each component. The work advances practical phishing defenses by enabling reliable, scalable detection that handles local brands and evolving threats in real time.
Abstract
Phishing attacks are a major threat to online security, exploiting user vulnerabilities to steal sensitive information. Various methods have been developed to counteract phishing, each with varying levels of accuracy, but they also face notable limitations. In this study, we introduce PhishAgent, a multimodal agent that combines a wide range of tools, integrating both online and offline knowledge bases with Multimodal Large Language Models (MLLMs). This combination leads to broader brand coverage, which enhances brand recognition and recall. Furthermore, we propose a multimodal information retrieval framework designed to extract the relevant top k items from offline knowledge bases, using available information from a webpage, including logos and HTML. Our empirical results, based on three real-world datasets, demonstrate that the proposed framework significantly enhances detection accuracy and reduces both false positives and false negatives, while maintaining model efficiency. Additionally, PhishAgent shows strong resilience against various types of adversarial attacks.