Abstract
Phishing attacks are becoming increasingly sophisticated, underscoring the need for detection systems that strike a balance between high accuracy and computational efficiency. This paper presents a comparative evaluation of traditional Machine Learning (ML), Deep Learning (DL), and quantized small-parameter Large Language Models (LLMs) for phishing detection. Through experiments on a curated dataset, we show that while LLMs currently underperform compared to ML and DL methods in terms of raw accuracy, they exhibit strong potential for identifying subtle, context-based phishing cues. We also investigate the impact of zero-shot and few-shot prompting strategies, revealing that LLM-rephrased emails can significantly degrade the performance of both ML and LLM-based detectors. Our benchmarking highlights that models like DeepSeek R1 Distill Qwen 14B (Q8_0) achieve competitive accuracy, above 80%, using only 17GB of VRAM, supporting their viability for cost-efficient deployment. We further assess the models' adversarial robustness and cost-performance tradeoffs, and demonstrate how lightweight LLMs can provide concise, interpretable explanations to support real-time decision-making. These findings position optimized LLMs as promising components in phishing defence systems and offer a path forward for integrating explainable, efficient AI into modern cybersecurity frameworks.
Abstract (translated)
网络钓鱼攻击变得越来越复杂,这强调了需要开发一种既能保证高精度又具有计算效率的检测系统。本文通过在精心策划的数据集上进行实验,对传统机器学习(ML)、深度学习(DL)和量化小型参数大型语言模型(LLM)在网络钓鱼检测方面的性能进行了比较评估。 研究发现,尽管目前大型语言模型在原始准确性方面仍然不及机器学习和深度学习方法,但它们在识别细微、基于上下文的网络钓鱼线索方面表现出巨大潜力。我们还调查了零样本和少量样本提示策略对结果的影响,并揭示出由LLM重写的电子邮件会显著降低ML和基于LLM检测器的性能。 我们的基准测试显示,诸如DeepSeek R1 Distill Qwen 14B(Q8_0)这样的模型,在仅使用17GB显存的情况下即可达到超过80%的准确性,这表明它们在成本效益部署方面是可行的选择。此外,我们还评估了这些模型对对抗性攻击的鲁棒性和成本性能权衡,并展示了轻量级LLM如何提供简洁且可解释的说明来支持实时决策。 这些发现将优化后的大型语言模型定位为网络钓鱼防御系统中的有前景组件,并为进一步在现代网络安全框架中集成可解释、高效的AI技术铺平了道路。
URL
https://arxiv.org/abs/2507.07406
