English

CATBERT: Context-Aware Tiny BERT for Detecting Social Engineering Emails

Cryptography and Security 2020-10-08 v1

Abstract

Targeted phishing emails are on the rise and facilitate the theft of billions of dollars from organizations a year. While malicious signals from attached files or malicious URLs in emails can be detected by conventional malware signatures or machine learning technologies, it is challenging to identify hand-crafted social engineering emails which don't contain any malicious code and don't share word choices with known attacks. To tackle this problem, we fine-tune a pre-trained BERT model by replacing the half of Transformer blocks with simple adapters to efficiently learn sophisticated representations of the syntax and semantics of the natural language. Our Context-Aware network also learns the context representations between email's content and context features from email headers. Our CatBERT(Context-Aware Tiny Bert) achieves a 87% detection rate as compared to DistilBERT, LSTM, and logistic regression baselines which achieve 83%, 79%, and 54% detection rates at false positive rates of 1%, respectively. Our model is also faster than competing transformer approaches and is resilient to adversarial attacks which deliberately replace keywords with typos or synonyms.

Keywords

Cite

@article{arxiv.2010.03484,
  title  = {CATBERT: Context-Aware Tiny BERT for Detecting Social Engineering Emails},
  author = {Younghoo Lee and Joshua Saxe and Richard Harang},
  journal= {arXiv preprint arXiv:2010.03484},
  year   = {2020}
}
R2 v1 2026-06-23T19:08:13.800Z