English

PhishIntel: Toward Practical Deployment of Reference-Based Phishing Detection

Cryptography and Security 2025-02-17 v2

Abstract

Phishing is a critical cyber threat, exploiting deceptive tactics to compromise victims and cause significant financial losses. While reference-based phishing detectors (RBPDs) have achieved notable advancements in detection accuracy, their real-world deployment is hindered by challenges such as high latency and inefficiency in URL analysis. To address these limitations, we present PhishIntel, an end-to-end phishing detection system for real-world deployment. PhishIntel intelligently determines whether a URL can be processed immediately or not, segmenting the detection process into two distinct tasks: a fast task that checks against local blacklists and result cache, and a slow task that conducts online blacklist verification, URL crawling, and webpage analysis using an RBPD. This fast-slow task system architecture ensures low response latency while retaining the robust detection capabilities of RBPDs for zero-day phishing threats. Furthermore, we develop two downstream applications based on PhishIntel: a phishing intelligence platform and a phishing email detection plugin for Microsoft Outlook, demonstrating its practical efficacy and utility.

Keywords

Cite

@article{arxiv.2412.09057,
  title  = {PhishIntel: Toward Practical Deployment of Reference-Based Phishing Detection},
  author = {Yuexin Li and Hiok Kuek Tan and Qiaoran Meng and Mei Lin Lock and Tri Cao and Shumin Deng and Nay Oo and Hoon Wei Lim and Bryan Hooi},
  journal= {arXiv preprint arXiv:2412.09057},
  year   = {2025}
}

Comments

Accepted by WWW 2025 (Demo Track)

R2 v1 2026-06-28T20:32:08.133Z