LLM-Powered Intent-Based Categorization of Phishing Emails

TL;DR

This paper explores using Large Language Models to detect and categorize phishing emails based on their intent, offering a new taxonomy and demonstrating LLM effectiveness with curated datasets.

Contribution

It introduces an intent-based taxonomy for phishing email classification and demonstrates LLMs' capability to detect and categorize these emails effectively.

Findings

LLMs can accurately detect phishing emails.

The intent taxonomy enables actionable threat categorization.

Curated datasets support model training and evaluation.

Abstract

Phishing attacks remain a significant threat to modern cybersecurity, as they successfully deceive both humans and the defense mechanisms intended to protect them. Traditional detection systems primarily focus on email metadata that users cannot see in their inboxes. Additionally, these systems struggle with phishing emails, which experienced users can often identify empirically by the text alone. This paper investigates the practical potential of Large Language Models (LLMs) to detect these emails by focusing on their intent. In addition to the binary classification of phishing emails, the paper introduces an intent-type taxonomy, which is operationalized by the LLMs to classify emails into distinct categories and, therefore, generate actionable threat information. To facilitate our work, we have curated publicly available datasets into a custom dataset containing a mix of legitimate and phishing emails. Our results demonstrate that existing LLMs are capable of detecting and categorizing phishing emails, underscoring their potential in this domain.