TL;DR
MemoPhishAgent is a memory-augmented multi-modal LLM system that dynamically uses episodic memories and tools to improve phishing URL detection, outperforming state-of-the-art methods on multiple datasets and real-world deployment.
Contribution
It introduces a novel memory-augmented multi-modal LLM agent that leverages episodic memories and tool orchestration for enhanced phishing detection.
Findings
MPA improves recall by 13.6% on public datasets.
On real-world URL benchmark, MPA improves recall by 20%.
Episodic memory contributes up to 27% recall gain without extra computation.
Abstract
Traditional phishing website detection relies on static heuristics or reference lists, which lag behind rapidly evolving attacks. While recent systems incorporate large language models (LLMs), they are still prompt-based, deterministic pipelines that underutilize reasoning capability. We present MemoPhishAgent (MPA), a memory-augmented multi-modal LLM agent that dynamically orchestrates phishing-specific tools and leverages episodic memories of past reasoning trajectories to guide decisions on recurring and novel threats. On two public datasets, MPA outperforms three state-of-the-art (SOTA) baselines, improving recall by 13.6%. To better reflect realistic, user-facing phishing detection performance, we further evaluate MPA on a benchmark of real-world suspicious URLs actively crawled from five social media platforms, where it improves recall by 20%. Detailed analysis shows episodic…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
