Search Results (269)

Phishing websites pose a major cybersecurity threat, exploiting unsuspecting users and causing significant financial and organisational harm. Traditional machine learning approaches for phishing detection often require extensive feature engineering, continuous retraining, and costly infrastructure maintenance. At the same time, proprietary large language models (LLMs) have demonstrated strong performance in phishing-related classification tasks, but their operational costs and reliance on external providers limit their practical adoption in many business environments. This paper presents a detection pipeline for malicious websites and investigates the feasibility of Small Language Models (SLMs) using raw HTML code and URLs. A key advantage of these models is that they can be deployed on local infrastructure, providing organisations with greater control over data and operations. We systematically evaluate 15 commonly used SLMs, ranging from 1 billion to 70 billion parameters, benchmarking their classification accuracy, computational requirements, and cost-efficiency. Our results highlight the trade-offs between detection performance and resource consumption. While SLMs underperform compared to state-of-the-art proprietary LLMs, the gap is moderate: the best SLM achieves an F1-score of 0.893 (Llama3.3:70B), compared to 0.929 for GPT-5.2, indicating that open-source models can provide a viable and scalable alternative to external LLM services. Full article

This paper introduces a multi-turn large language model (LLM) jailbreaking attack called Defamiliarization, in which malicious queries are embedded within ostensibly harmless narratives. By reframing requests in “unmarked” contexts, LLMs can be coerced into producing undesirable outputs. A range of scenarios is documented, from planning ethically dubious actions to selectively overlooking critical events in literary texts, thereby exposing the limitations of alignment strategies predicated on detecting trigger words or semantic cues. Rather than substituting vocabulary, defamiliarization manipulates context and presentation, highlighting vulnerabilities that cannot be addressed by token-level fixes alone. Beyond demonstrating the effectiveness of defamiliarization as an attack strategy, evidence is presented of a systematic relationship between model scale and susceptibility. Experiments reveal that smaller-parameter models are significantly easier to manipulate using defamiliarized prompts. This finding raises important concerns regarding the growing popularity of lightweight, locally hosted LLMs, which are favored for their lower computational requirements but may lack alignment safeguards. A more holistic approach to LLM safety is advocated—one that incorporates insights from literary theory, ethics, and user experience—treating these models as interpretive agents. By doing so, defenses against covert manipulations can be strengthened and AI systems can remain aligned with human values. Full article

User behavior anomaly detection plays a vital role in network security for identifying malicious access and abnormal activities in high-dimensional internet user behavior data. Although Transformer architectures have been widely adopted in anomaly detection tasks, and their integration with Variational Autoencoders (VAEs) has often been used to further improve detection accuracy, existing integration methods have failed to effectively balance global feature dependency modeling and generative data distribution learning. This results in limited capability in identifying complex anomalous patterns. To address this issue, this paper proposes DF-TransVAE, a novel deeply integrated framework that advances the integration of a Transformer and a VAE for supervised anomaly detection. The framework first fuses global contextual representations from the Transformer encoder with original input features, then maps the fused representation into the latent space via the VAE encoder. A cross-attention mechanism is introduced as the core of deep integration, enabling dynamic, bidirectional interaction between the fused features and latent variables to enhance information fusion. Lastly, a fully connected classifier equipped with residual connections outputs anomaly probabilities for supervised binary classification. Experimental results on two public datasets demonstrate that the proposed framework achieves better performance than existing deep learning methods in terms of accuracy, precision, recall, and F1-score, particularly in detecting complex anomalous patterns. Our results indicate that the deep integration mechanism we propose effectively addresses the limitations of conventional Transformer–VAE combinations. Full article

One of the most harmful and deceptive forms of cybercrime is phishing, which targets users with malicious emails and websites. In this paper, we focus on the use of natural language processing (NLP) techniques and transformer models for phishing email detection. The Nazario Phishing Corpus is preprocessed and blended with real emails from the Enron dataset to create a robustly balanced dataset. Urgency, deceptive phrasing, and structural anomalies were some of the neglected features and sociolinguistic traits of the text, which underwent tokenization, lemmatization, and noise filtration. We fine-tuned two transformer models, Bidirectional Encoder Representations from Transformers (BERT) and the Robustly Optimized BERT Pretraining Approach (RoBERTa), for binary classification. The models were evaluated on the standard metrics of accuracy, precision, recall, and F1-score. Given the context of phishing, emphasis was placed on recall to reduce the number of phishing attacks that went unnoticed. The results show that RoBERTa has more general performance and fewer false negatives than BERT and is therefore a better candidate for deployment on security-critical tasks. Full article

The rapid adoption of large language models (LLMs) in corporate and governmental systems has raised critical security concerns, particularly prompt injection attacks exploiting LLMs’ inability to differentiate control instructions from untrusted user inputs. This study systematically benchmarks neural network architectures for malicious prompt detection, emphasizing robustness against character-level adversarial perturbations—an aspect that remains comparatively underemphasized in the specific context of prompt-injection detection despite its established significance in general adversarial NLP. Using the Malicious Prompt Detection Dataset (MPDD) containing 39,234 labeled instances, eight architectures—Dense DNN, CNN, BiLSTM, BiGRU, Transformer, ResNet, and character-level variants of CNN and BiLSTM—were evaluated based on standard performance metrics (accuracy, F1-score, and AUC-ROC), adversarial robustness coefficients against spacing and homoglyph perturbations, and inference latency. Results indicate that the word-level 3_Word_BiLSTM achieved the highest performance on clean samples (accuracy = 0.9681, F1 = 0.9681), whereas the Transformer exhibited lower accuracy (0.9190) and significant vulnerability to spacing attacks (adversarial robustness ${\mathsf{\rho }}_{spacing}=0.61$). Conversely, the Character-level BiLSTM demonstrated superior resilience (${\mathsf{\rho }}_{spacing}=1.0$, ${\mathsf{\rho }}_{homoglyph}=0.98$), maintaining high accuracy (0.9599) and generalization on external datasets with only 2–4% performance decay. These findings highlight that character-level representations provide intrinsic robustness against obfuscation attacks, suggesting Char_BiLSTM as a reliable component in defense-in-depth strategies for LLM-integrated systems. Full article

Instant messaging services are the main modern means of communication because they allow the exchange of messages between people anywhere and through many types of devices. Smishing involves sending text messages spoofing banks, government institutions, or companies in order to deceive. These messages often include malicious links that redirect users to fraudulent websites designed to steal personal information and commit financial fraud, identity theft, and extortion, among other crimes. Detecting smishing requires techniques to prevent access to dynamic links generated by cybercriminals to take control of devices or to consult blacklists of malicious links. Optical Character Recognition (OCR) recognizes text embedded in images without accessing links. This paper presents a conceptual model that uses OCR to extract text from messages suspected of smishing from a screenshot of a mobile device so that further processing can analyze whether it is smishing. Full article

Deceptive and evolving conversations on online platforms threaten trust, security, and user safety, particularly when concept drift obscures malicious intent. Large Language Models (LLMs) offer strong natural language reasoning but remain unreliable in risk-sensitive scenarios due to contextual ambiguity and hallucinations. This article introduces a domain knowledge-enhanced Dual-LLM framework that integrates structured cues with pretrained models to improve fraud detection and drift classification. The proposed approach achieves 98% accuracy on benchmark datasets, significantly outperforming zero-shot LLMs and traditional classifiers. The results highlight how domain-grounded prompts enhance both accuracy and interpretability, offering a trustworthy path for applying LLMs in safety-critical applications. Beyond advancing the state of the art in fraud detection, this work has the potential to benefit domains such as cybersecurity, e-commerce, financial fraud prevention, and online content moderation. Full article

Large Language Models (LLMs) are vulnerable to Indirect Prompt Injection Attacks (IPIAs), where malicious instructions are embedded within external content rather than direct user input. This study presents an embedding-based detection approach that analyses the semantic relationship between user intent and external content, enabling the early identification of IPIAs that conventional defences overlook. We also provide a dataset of 70,000 samples, constructed using 35,000 malicious instances from the Benchmark for Indirect Prompt Injection Attacks (BIPIA) and 35,000 benign instances generated using ChatGPT-4o-mini. Furthermore, we performed a comparative analysis of three embedding models, namely OpenAI text-embedding-3-small, GTE-large, and MiniLM-L6-v2, evaluated in combination with XGBoost, LightGBM, and Random Forest classifiers. The best-performing configuration using OpenAI embeddings with XGBoost achieved an accuracy of 97.7% and an F1-score of 0.977, matching or exceeding the performance of existing IPIA detection methods while offering practical deployment advantages. Unlike prevention-focused approaches that require modifications to the underlying LLM architecture, the proposed method operates as a model-agnostic external detection layer with an average inference time of 0.001 ms per sample. This detection-based approach complements existing prevention mechanisms by providing a lightweight, scalable solution that can be integrated into LLM pipelines without requiring architectural changes. Full article

The rapid growth of Artificial Intelligence of Things (AIoT) environments in various sectors has introduced major security challenges, as these smart devices can be exploited by malicious users to form Botnets of Things (BoT). Limited computational resources and weak encryption mechanisms in such devices make them attractive targets for attacks like Distributed Denial of Service (DDoS), Man-in-the-Middle (MitM), and malware distribution. In this paper, we propose a novel multi-layered architecture to mitigate BoT threats in AIoT environments. The system leverages edge traffic inspection, sandboxing, and machine learning techniques to analyze, detect, and prevent suspicious behavior, while uses centralized monitoring and response automation to ensure rapid mitigation. Experimental results demonstrate the necessity and superiority over or parallel to existing models, providing an early detection of botnet activity, reduced false positives, improved forensic capabilities, and scalable protection for large-scale AIoT areas. Overall, this solution delivers a comprehensive, resilient, and proactive framework to protect AIoT assets from evolving cyber threats. Full article

With the rapid advancements in technology, there has been a noticeable increase in phishing attacks that exploit users by impersonating trusted entities. The primary attack vectors include fraudulent websites and carefully crafted emails. Early detection of such threats enables the more effective blocking of malicious sites and timely user warnings. One of the key elements in phishing detection is identifying the entity being impersonated. In this article, we conduct a comparative analysis of methods for detecting phishing websites that rely on website screenshots and recognizing their impersonation targets. The two main research objectives include binary phishing detection to identify malicious intent and multiclass classification of impersonated targets to enable specific incident response and brand protection. Three approaches are compared: two state-of-the-art methods, Phishpedia and VisualPhishNet, and a third, proposed in this work, which uses perceptual hash similarity as a baseline. To ensure consistent evaluation conditions, a dedicated framework was developed for the study and shared with the community via GitHub. The obtained results indicate that Phishpedia and the Baseline method were the most effective in terms of detection performance, outperforming VisualPhishNet. Specifically, the proposed Baseline method achieved an F1 score of 0.95 on the Phishpedia dataset for binary classification, while Phishpedia maintained a high Identification Rate (>0.9) across all tested datasets. In contrast, VisualPhishNet struggled with dataset variability, achieving an F1 score of only 0.17 on the same benchmark. Moreover, as our proposed Baseline method demonstrated superior stability and binary classification performance, it should be considered as a robust candidate for preliminary filtering in hybrid systems. Full article

Machine learning (ML) techniques have significantly enhanced decision support systems to render them more accurate, efficient, and faster. ML classifiers in securing networks, on the other hand, face a disproportionate risk from the sophisticated adversarial attacks compared to other areas, such as spam filtering, intrusion, and virus detection, and this introduces a continuous competition between malicious users and preventers. Attackers test ML models with inputs that have been specifically crafted to evade these models and obtain inaccurate forecasts. This paper presents a comprehensive review of attack and defensive techniques in ML-based NIDSs. It highlights the current serious challenges that the systems face in preserving robustness against adversarial attacks. Based on our analysis, with respect to their current superior performance and robustness, ML-based NIDS require urgent attention to develop more robust techniques to withstand such attacks. Finally, we discuss the current existing approaches in generating adversarial attacks and reveal the limitations of current defensive approaches. In this paper, the most recent advancements, such as hybrid defensive techniques that integrate multiple strategies to prevent adversarial attacks in NIDS, have highlighted the ongoing challenges. Full article

Insider threats remain one of the most challenging security risks in modern enterprises due to their subtle behavioral patterns and the difficulty of distinguishing malicious intent from legitimate activity. This paper presents a unified and adaptive generative framework for insider threat detection that integrates Variational Autoencoders (VAEs) and Transformer Autoencoder architectures to learn personalized behavioral baselines from sequential user event logs. Anomalies are identified as significant deviations from these learned baseline distributions. The proposed framework incorporates an adaptive learning mechanism to address both cold-start scenarios and concept drift, enabling continuous model refinement as user behavior evolves. In addition, we introduce a privacy-preserving latent-space design and evaluate the framework under formal privacy attacks, including membership inference and reconstruction attacks, demonstrating strong resilience against data leakage. Experiments performed on the CERT Insider Threat Dataset (v5.2) show that our approach outperforms traditional and deep learning baselines, with the Transformer Autoencoder achieving an F1-score of 0.66 and an AUPRC of 0.59. The results highlight the effectiveness of generative sequence models for privacy-conscious and adaptive insider threat detection in enterprise environments, providing a comparative analysis of two powerful architectures for practical implementation. Full article

Jailbreak attacks (JAs) represent a sophisticated subclass of adversarial threats wherein malicious actors craft strategically engineered prompts that subvert the intended operational boundaries of large language models (LLMs). These attacks exploit latent vulnerabilities in generative AI architectures, allowing adversaries to circumvent established safety protocols and illicitly induce the model to output prohibited, unethical, or harmful content. The emergence of such exploits underscores critical gaps in the security and controllability of modern AI systems, raising profound concerns about their societal impact and deployment in sensitive environments. In response, this study introduces an innovative defense framework that synergistically integrates language model perplexity analysis with a Multi-Agent System (MAS)-oriented detection architecture. This hybrid design aims to fortify the resilience of LLMs by proactively identifying and neutralizing jailbreak attempts, thereby ensuring the protection of user privacy and ethical integrity. The experimental setup adopts a query-driven adversarial probing strategy, in which jailbreak prompts are dynamically generated and injected into the open-source LLaMA-2 model to systematically explore potential vulnerabilities. To ensure rigorous validation, the proposed framework will be evaluated using a custom jailbreak detection benchmark encompassing metrics such as Attack Success Rate (ASR), Defense Success Rate (DSR), Defense Pass Rate (DPR), False Positive Rate, Benign Pass Rate (BPR), and End-to-End Latency. Through iterative experimentation and continuous refinement, this work endeavors to advance the defensive capabilities of LLM-based systems, enabling more trustworthy, secure, and ethically aligned deployment of generative AI in real-world environments. Full article

In recent years, the frequent emergence of Android malware has posed a significant threat to user security. The redundancy of features in malicious software samples and the instability of individual model performance have also introduced numerous challenges to malware detection. To address these issues, this paper proposes a malware detection framework named Mass-Droid, based on Multi-feature and Multi-layer Screening for adaptive Stacking integration. First, three types of features are extracted from APK files: permission features, API call features, and opcode sequences. Then, a three-layer feature screening mechanism is designed to effectively eliminate feature redundancy, improve detection accuracy, and reduce the computational complexity of the model. To tackle the problem of high performance fluctuations and limited generalization ability in single models, this paper proposes an adaptive Stacking integration method (Adaptive-Stacking). By dynamically adjusting the weights of base classifiers, this method significantly enhances the stability and generalization performance of the ensemble model when dealing with complex and diverse malware samples. The experimental results demonstrate that the MaSS-Droid framework can effectively mitigate overfitting, improve the model’s generalization capability, reduce feature redundancy, and significantly enhance the overall stability and accuracy of malware detection. Full article

This study presents a comprehensive examination of the risks associated with SQL Injection attacks, with a particular focus on the Union Select technique. This method is frequently exploited by attackers to retrieve unauthorized data by appending malicious queries to legitimate database calls. We analyzed multiple real-world cases where personal information was leaked through such attacks, underscoring the urgent need for robust countermeasures in modern web applications. To address these threats, we developed and implemented a multi-layered defense strategy. This strategy includes using PHP Data Objects (PDO) with Prepared Statements to safely handling user inputs, rigorous input pattern validation to detect and reject suspicious payloads, and a redirection-based filtering mechanism to disrupt abnormal access attempts. Through controlled experiments, we validated the effectiveness of these techniques in mitigating SQL Injection attacks. The results demonstrate that our approach successfully blocked malicious queries and prevented unauthorized data access or manipulation. These findings represent a significant contribution to enhancing the security, stability, and trustworthiness of web-based systems, especially those handling sensitive user information. Finally, this work is presented as an educational comparative study, not as a proposal of new defense mechanisms, aiming to provide a clear and reproducible evaluation of standard SQL injection countermeasures. The contributions of this work are threefold: (i) it provides a unified comparative evaluation of three representative SQL injection defense methods—PDO, pattern validation, and attacker redirection—under identical experimental conditions; (ii) it analyzes their strengths, weaknesses, and practical applicability in PHP–MySQL environments; and (iii) it serves as an educational reference that bridges theoretical understanding and practical implementation. The study also suggests directions for extending this work through machine-learning-based anomaly detection and runtime self-protection (RASP) frameworks. Full article