| --- |
| pipeline_tag: text-classification |
| license: apache-2.0 |
| base_model: bert-large-uncased |
| tags: |
| - generated_from_trainer |
| - phishing |
| - BERT |
| - cybersecurity |
| - text-classification |
| metrics: |
| - accuracy |
| - precision |
| - recall |
| model-index: |
| - name: phishing-email-detector-capstone |
| results: [] |
| widget: |
| - text: https://www.verif22.com |
| example_title: Phishing URL |
| - text: > |
| Dear colleague, |
| An important update about your email has exceeded your storage limit. |
| You will not be able to send or receive messages until you reactivate your account. |
| We will close all older versions of our Mailbox as of Friday, June 12, 2023. |
| To activate and complete the required information, click here (https://ec-ec.squarespace.com). |
| Your account must be reactivated today to regenerate new space. |
| — Management Team |
| example_title: Phishing Email |
| - text: > |
| You have access to FREE Video Streaming in your plan. |
| REGISTER with your email and password, then select the monthly subscription option. |
| https://bit.ly/3vNrU5r |
| example_title: Phishing SMS |
| - text: > |
| if(data.selectedIndex > 0){$('#hidCflag').val(data.selectedData.value);}; |
| var sprypassword1 = new Spry.Widget.ValidationPassword("sprypassword1"); |
| var sprytextfield1 = new Spry.Widget.ValidationTextField("sprypassword1", "email"); |
| example_title: Phishing Script |
| - text: Hi, this model is really accurate :) |
| example_title: Benign Message |
| language: |
| - en |
| --- |
| # 🧠 Phishing Detection Model (BERT-Large-Uncased) |
|
|
| A transformer-based model fine-tuned to detect **phishing content** across multiple formats — including **emails, URLs, SMS messages, and scripts**. |
| Built on **BERT-Large-Uncased**, it leverages deep contextual understanding of language to classify text as *phishing* or *benign* with high accuracy. |
|
|
| --- |
|
|
| ## 📌 Model Details |
|
|
| **Base model:** `bert-large-uncased` |
| **Architecture:** 24 layers • 1024 hidden size • 16 attention heads • ~336M parameters |
| **License:** Apache 2.0 |
| **Language:** English |
| **Pipeline tag:** `text-classification` |
|
|
| --- |
|
|
| ## 🧩 Model Description |
|
|
| This model was trained to identify phishing-related content by analyzing linguistic and structural patterns commonly found in malicious communications. |
| By leveraging BERT’s bidirectional transformer architecture, it effectively detects phishing attempts even when the message appears legitimate or well-written. |
|
|
| ### Key Features |
| - Detects **phishing attempts** in text, emails, URLs, and scripts |
| - Useful for **cybersecurity applications**, such as email gateways or web filtering systems |
| - Capable of identifying **varied phishing tactics** (impersonation, link manipulation, credential harvesting, etc.) |
|
|
| --- |
|
|
| ## 🎯 Intended Uses |
|
|
| **Recommended use cases:** |
| - Classify messages, emails, and URLs as *phishing* or *benign* |
| - Integrate into automated **security pipelines**, email filtering tools, or chat moderation systems |
| - Aid in **phishing research** or awareness programs |
|
|
| **Limitations:** |
| - May trigger **false positives** on legitimate content with financial or urgent language |
| - Optimized for **English text** only |
| - Should be part of a **multi-layered defense strategy**, not a standalone cybersecurity control |
|
|
| --- |
|
|
| ## 📊 Evaluation Results |
|
|
| | Metric | Score | |
| |--------|--------| |
| | **Loss** | 0.1953 | |
| | **Accuracy** | 0.9717 | |
| | **Precision** | 0.9658 | |
| | **Recall** | 0.9670 | |
| | **False Positive Rate** | 0.0249 | |
|
|
| --- |
|
|
| ## ⚙️ Training Details |
|
|
| ### Hyperparameters |
| | Parameter | Value | |
| |------------|--------| |
| | **Learning rate** | 2e-05 | |
| | **Train batch size** | 16 | |
| | **Eval batch size** | 16 | |
| | **Seed** | 42 | |
| | **Optimizer** | Adam (β₁=0.9, β₂=0.999, ε=1e-08) | |
| | **LR scheduler** | Linear | |
| | **Epochs** | 4 | |
|
|
| ### Training Results |
|
|
| | Training Loss | Epoch | Step | Validation Loss | Accuracy | Precision | Recall | False Positive Rate | |
| |:-------------:|:-----:|:-----:|:---------------:|:--------:|:---------:|:------:|:-------------------:| |
| | 0.1487 | 1.0 | 3866 | 0.1454 | 0.9596 | 0.9709 | 0.9320 | 0.0203 | |
| | 0.0805 | 2.0 | 7732 | 0.1389 | 0.9691 | 0.9663 | 0.9601 | 0.0243 | |
| | 0.0389 | 3.0 | 11598 | 0.1779 | 0.9683 | 0.9778 | 0.9461 | 0.0156 | |
| | 0.0091 | 4.0 | 15464 | 0.1953 | 0.9717 | 0.9658 | 0.9670 | 0.0249 | |
|
|
| --- |
|
|
| ## 🧠 Example Inference |
|
|
| Try the model in Python using the `transformers` library: |
|
|
| ```python |
| from transformers import pipeline |
| # Load the phishing detection model |
| classifier = pipeline("text-classification", model="your-username/phishing-email-detector-capstone") |
| # Example texts |
| examples = [ |
| "Dear colleague, your email storage is full. Click here to verify your account: https://secure-update-login.com", |
| "Hi team, the meeting starts at 2 PM today.", |
| "You have won a free gift card! Claim now at http://bit.ly/3xYzabc" |
| ] |
| # Run inference |
| for text in examples: |
| result = classifier(text)[0] |
| print(f"Text: {text}\nPrediction: {result['label']} (score: {result['score']:.4f})\n") |
| |
