Hugging Face's logo

SamSec007
/
phishbyte

Text Classification
Safetensors
PyTorch
English
phishbyte
phishing-detection
email-security
from-scratch
no-pretrained-weights
cascading-inference
lightweight
explainable-ai
Eval Results (legacy)
Model card Files
xet
 Community
SamSec007 commited on
Commit
deec82a
Β·
verified Β·
1 Parent(s): f4d77d7

Upload model card

Browse files
Files changed (1) hide show
  1. README.md +130 -20
README.md CHANGED
@@ -1,20 +1,130 @@
1
- ---
2
- library_name: phishbyte
3
- license: mit
4
- pipeline_tag: text-classification
5
- tags:
6
- - cascading-inference
7
- - email-security
8
- - from-scratch
9
- - lightweight
10
- - model_hub_mixin
11
- - no-pretrained-weights
12
- - phishing-detection
13
- - pytorch
14
- - pytorch_model_hub_mixin
15
- ---
16
-
17
- This model has been pushed to the Hub using the [PytorchModelHubMixin](https://huggingface.co/docs/huggingface_hub/package_reference/mixins#huggingface_hub.PyTorchModelHubMixin) integration:
18
- - Code: https://github.com/AnonymousSingh-007/Phish_Byte
19
- - Paper: [More Information Needed]
20
- - Docs: https://github.com/AnonymousSingh-007/Phish_Byte#readme
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ language: en
3
+ license: mit
4
+ library_name: phishbyte
5
+ pipeline_tag: text-classification
6
+ tags:
7
+ - phishing-detection
8
+ - email-security
9
+ - pytorch
10
+ - from-scratch
11
+ - no-pretrained-weights
12
+ - cascading-inference
13
+ - lightweight
14
+ - explainable-ai
15
+ datasets:
16
+ - CEAS-2008
17
+ metrics:
18
+ - f1
19
+ - precision
20
+ - recall
21
+ - accuracy
22
+ model-index:
23
+ - name: phishbyte
24
+ results:
25
+ - task:
26
+ type: text-classification
27
+ name: Phishing Email Detection
28
+ dataset:
29
+ name: CEAS-2008
30
+ type: ceas-2008
31
+ metrics:
32
+ - type: f1
33
+ value: 0.948
34
+ - type: accuracy
35
+ value: 0.944
36
+ - type: precision
37
+ value: 0.954
38
+ - type: recall
39
+ value: 0.943
40
+ ---
41
+
42
+ # Phish_Byte
43
+
44
+ A from-scratch PyTorch model for **email phishing detection**.
45
+ **F1 0.948** on CEAS-2008. **12,545 parameters** (β‰ˆ9,000Γ— smaller than DistilBERT).
46
+ **1,500+ emails/sec** on a laptop GPU. Every verdict explains itself.
47
+
48
+ ## Why this exists
49
+
50
+ Every phishing detection model on HuggingFace is currently a fine-tuned
51
+ transformer (DistilBERT, BERT, RoBERTa) β€” 65 to 110 million parameters,
52
+ ~250 MB on disk, ~50 ms per email on GPU. Phish_Byte takes a different
53
+ bet: a small custom MLP trained from scratch, fed by 29 carefully chosen
54
+ features, routed through a cascading inference pipeline. The model is
55
+ **9,000Γ— smaller** than DistilBERT, performs competitively, deploys
56
+ without a GPU, and explains every decision.
57
+
58
+ ## Usage
59
+
60
+ ```python
61
+ from phishbyte import PhishByteEngine
62
+
63
+ engine = PhishByteEngine.from_pretrained("AnonymousSingh-007/phishbyte")
64
+ verdict = engine.analyze(raw_email_string)
65
+
66
+ print(verdict.label) # 'phishing'
67
+ print(verdict.probability) # 0.9735
68
+ print(verdict.confidence) # 'high'
69
+ print(verdict.layer_used) # 2 β€” MLP made this call
70
+ print(verdict.feature_weights) # full per-feature attribution
71
+ ```
72
+
73
+ ## Architecture
74
+
75
+ ```
76
+ Layer 1 β€” rule scorers (~1 ms): domain + URL + SPF + subject
77
+ β”‚
78
+ β”œβ”€β”€β–Ί obvious phishing? short-circuit verdict
79
+ β”‚
80
+ └──► otherwise route to MLP
81
+ β”‚
82
+ Layer 2 β€” MLP (~3 ms): 29 β†’ 96 β†’ 48 β†’ 1 (sigmoid)
83
+ β”‚
84
+ β–Ό
85
+ PhishVerdict {label, probability, confidence, layer_used, feature_weights}
86
+ ```
87
+
88
+ ## Performance (CEAS-2008, n=2000 held-out)
89
+
90
+ | Metric | Value |
91
+ |------------------|----------:|
92
+ | F1 score | **0.948** |
93
+ | Accuracy | 94.40% |
94
+ | Precision | 0.9537 |
95
+ | Recall | 0.9432 |
96
+ | Parameters | 12,545 |
97
+ | Model size | ~50 KB |
98
+ | Throughput (GPU) | 1,527 /s |
99
+ | Throughput (CPU) | ~800 /s |
100
+
101
+ ## Features (29 inputs)
102
+
103
+ - **Domain (5)**: From/Reply-To/Return-Path mismatch, freemail flag, brand impersonation
104
+ - **URL (5)**: HTTPS ratio, anchor mismatch, suspicious TLD, urgency, link density
105
+ - **SPF (3)**: SPF fail, no record, no sending IP
106
+ - **Subject (7)**: urgency, security theme, brand name, currency, all caps, fake RE, fake transaction ID
107
+ - **Character-level (5)**: caps ratio, digit ratio, special chars, avg word length, HTML/text ratio
108
+ - **Composite (4)**: per-layer normalized scores
109
+
110
+ ## Limitations
111
+
112
+ - ~5% of decisions are wrong (F1 0.948, not 1.0). Use as one signal in defence-in-depth, not the only gate.
113
+ - Trained on CEAS-2008 β€” English-language phishing from 2008. Modern attack patterns and non-English emails will degrade performance.
114
+ - SPF validation is bypassed for training (historical domains don't resolve) but runs live at inference time.
115
+ - Adversarial emails crafted specifically to game these features will get through.
116
+
117
+ ## Citation
118
+
119
+ ```bibtex
120
+ @software{phishbyte2026,
121
+ author = {Singh, Samratth},
122
+ title = {Phish_Byte: A cascading from-scratch PyTorch model for email phishing detection},
123
+ year = {2026},
124
+ url = {https://github.com/AnonymousSingh-007/Phish_Byte}
125
+ }
126
+ ```
127
+
128
+ ## License
129
+
130
+ MIT