基于智能体工作流的高级钓鱼邮件检测方法

金建栋; 黄正; 胡占宇; 邹远鑫; 秦辉东; 赖清楠; 杨加; 周昌令

doi:10.11959/j.issn.1000-436x.2024243

您当前的位置：

首页 >

文章列表页 >

基于智能体工作流的高级钓鱼邮件检测方法

网络安全 | 更新时间：2024-12-31

- 基于智能体工作流的高级钓鱼邮件检测方法
- PhishingAgent: an agentic workflow method for advanced phishing email detection
- 通信学报 2024年45卷第Z2期页码：59-68
- 作者机构：
  
  北京大学计算中心，北京 100871
- 作者简介：
  
  [ "金建栋（1994- ），男，蒙古族，内蒙古通辽人，北京大学工程师，主要研究方向为网络空间安全、开源情报、智能推理决策等。" ]
  黄正（2002- ），男，浙江舟山人，北京大学硕士生，主要研究方向为网络空间安全、软件漏洞挖掘等。
  胡占宇（1988- ），男，河北邢台人，北京大学硕士生，主要研究方向为网络空间安全、多智能体决策等。
  邹远鑫（2002- ），男，安徽濉溪人，北京大学硕士生，主要研究方向为网络空间安全、自动化渗透测试等。
  秦辉东（1994- ），男，河南鹿邑人，博士，北京大学工程师，主要研究方向为数据分析与可视化、工程应用。
  赖清楠（1990- ），男，江西兴国人，北京大学工程师，主要研究方向为攻防对抗、人工智能、网络安全管理等。
  杨加（1975- ），男，重庆人，博士，北京大学高级工程师、硕士生导师，主要研究方向为人工智能与网络安全。
  周昌令，zclfly@pku.edu.cn
- 基金信息：
- DOI：10.11959/j.issn.1000-436x.2024243
  中图分类号： TP181
- 收稿日期：2024-10-28，
  
  纸质出版日期：2024-11-30
- 稿件说明：
移动端阅览
金建栋,黄正,胡占宇等.基于智能体工作流的高级钓鱼邮件检测方法[J].通信学报,2024,45(Z2):59-68.

JIN Jiandong,HUANG Zheng,HU Zhanyu,et al.PhishingAgent: an agentic workflow method for advanced phishing email detection[J].Journal on Communications,2024,45(Z2):59-68.
金建栋,黄正,胡占宇等.基于智能体工作流的高级钓鱼邮件检测方法[J].通信学报,2024,45(Z2):59-68. DOI： 10.11959/j.issn.1000-436x.2024243.

JIN Jiandong,HUANG Zheng,HU Zhanyu,et al.PhishingAgent: an agentic workflow method for advanced phishing email detection[J].Journal on Communications,2024,45(Z2):59-68. DOI： 10.11959/j.issn.1000-436x.2024243.

摘要

为了应对日益复杂的高级持续性威胁（APT）及钓鱼邮件攻击，提出了一种基于智能体工作流的钓鱼邮件检测方法——PhishingAgent。该方法结合多源知识库和安全工具，充分发挥LLM的推理能力，提升对复杂钓鱼邮件攻击的识别精度与推理深度。智能体工作流基于双系统推理技术：首先通过快速检测系统实现高效的初步威胁识别，随后利用深度推理系统进行精细的语义分析和上下文推理，显著增强结果的可解释性。实验结果表明，PhishingAgent在保证检测精度的前提下提高了检测效率，并在APT钓鱼邮件检测中表现优于现有主流邮件安全防护机制。

Abstract

To address the increasing complexity of advanced persistent threat (APT) and phishing email attacks

an intelligent agentic workflow method for phishing email detection called PhishingAgent was proposed. PhishingAgent integrated multi-source knowledge bases and security tools to fully leverage the reasoning capabilities of large language model (LLM)

enhancing the precision and depth of identifying complex phishing email attacks. The agentic workflow was built on a dual-system reasoning framework

a rapid detection system facilitates efficient preliminary threat identification

followed by a deep reasoning system that conducted detailed semantic analysis and contextual inference

significantly improving the interpretability of results. Experimental results demonstrate that the PhishingAgent increases detection efficiency without sacrificing accuracy and outperforms existing mainstream email security mechanisms in detecting APT-related phishing emails.

关键词

Keywords

references

DEVORE M R , LEE S . APT (advanced persistent threat) s and influence: cyber weapons and the changing calculus of conflict [J ] . The Journal of East Asian Affairs , 2017 , 31 ( 1 ): 39 - 64 .

SRIVASTAVA S , GUPTA S . Phishing detection techniques: a comparative study [C ] // Proceedings of the 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) . 2021 : 1 - 6 .

DEBARR D , RAMANATHAN V , WECHSLER H . Phishing detection using traffic behavior, spectral clustering, and random forests [C ] // Proceedings of the 2013 IEEE International Conference on Intelligence and Security Informatics . Piscataway : IEEE Press , 2013 : 67 - 72 .

Email spoofing backlashes [R ] . 2019 .

LEMAY A , CALVET J , MENET F , et al . Survey of publicly available reports on advanced persistent threat actors [J ] . Computers & Security , 2018 , 72 : 26 - 59 .

MITRE Corporation . Phishing, technique T1566 - enterprise | MITRE ATT&CK® [R ] . 2023 .

BANDLA K , CASTRO S . APT notes [R ] . 2022 .

CIMPANU C . The scariest hacks and vulnerabilities of 2019 [R ] . 2019 .

Threat Intelligence Team . Patchwork APT caught in its own Web [R ] . 2022 .

HUSS D , LARSON S . Triple threat: North Korea-Aligned TA406 steals, scams, and spies [R ] . 2021 .

ADINEH R . Advanced persistent threats (APTs) and the MITRE ATT&CK framework [R ] . 2023 .

BROWN T B , MANN B , RYDER N , et al . Language models are few-shot learners [J ] . arXiv Preprint , arXiv: 2005.14165 , 2020 .

WANG Z , CHENG Z , ZHU H , et al . What are tools anyway? a survey from the language model perspective [J ] . arXiv Preprint , arXiv: 2403.15452 , 2024 .

LAZARIDOU A , GRIBOVSKAYA E , STOKOWIEC W , et al . Internet-augmented language models through few-shot prompting for open-domain question answering [J ] . arXiv Preprint , arXiv: 2203.05115 , 2022 .

PARISI A , ZHAO Y , FIEDEL N . TALM: tool augmented language models [J ] . arXiv Preprint , arXiv: 2205.12255 , 2022 .

LI M , ZHAO Y , YU B , et al . API-Bank: a comprehensive benchmark for tool-augmented LLMs [J ] . arXiv Preprint , arXiv: 2304.08244 , 2023 .

SLOMAN S A . The empirical case for two systems of reasoning [J ] . Psychological Bulletin , 1996 , 119 ( 1 ): 3 - 22 .

KAHNEMAN D . Thinking fast and slow [M ] . New York : Farrar, Straus and Giroux , 2011 .

WEI J , WANG X , SCHUURMANS D , et al . Chain-of-thought prompting elicits reasoning in large language models [C ] // Proceedings of the 36th International Conference on Neural Information Processing Systems . Massachusetts : MIT Press , 2024 : 24824 - 24837 .

YAO S , YU D , ZHAO J , et al . Tree of thoughts: deliberate problem solving with large language models [C ] // Proceedings of the 37th International Conference on Neural Information Processing Systems . Massachusetts : MIT Press , 2024 : 11809 - 11822 .

BESTA M , BLACH N , KUBICEK A , et al . Graph of thoughts: solving elaborate problems with large language models [J ] . Proceedings of the AAAI Conference on Artificial Intelligence , 2024 , 38 ( 16 ): 17682 - 17690 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据