Sayak Saha Roy (The University of Texas at Arlington), Shirin Nilizadeh (The University of Texas at Arlington)

We present PhishLang, the first fully client-side anti-phishing framework implemented as a Chromium-based browser extension. PhishLang enables real-time, on-device detection of phishing websites by utilizing a lightweight language model (MobileBERT). Unlike traditional heuristic or static feature-based models that struggle with evasive threats, and deep learning approaches that are too resource-intensive for client-side use, PhishLang analyzes the contextual structure of a page’s source code, achieving detection performance on par with several state-of-the-art models while consuming up to 7 times less memory than comparable architectures. Over a 3.5-month period, we deployed the framework in real-time, successfully identifying approximately 26k phishing URLs, many of which were undetected by popular antiphishing blocklists, thus demonstrating PhishLang's potential to aid current detection measures. On the other hand, the browser extension outperformed several anti-phishing tools, detecting over 91% of the threats during zero-day. PhishLang also showed strong adversarial robustness, resisting 16 categories of realistic problem space evasions through a combination of parser-level defenses and adversarial retraining. To aid both end-users and the research community, we have open-sourced both the PhishLang framework and the browser extension.

View More Papers

When Cache Poisoning Meets LLM Systems: Semantic Cache Poisoning...

Guanlong Wu (SUSTech), Taojie Wang (SUSTech), Yao Zhang (ByteDance Inc.), Zheng Zhang (SUSTech), Jianyu Niu (SUSTech), Ye Wu (ByteDance Inc.), Yinqian Zhang (SUSTech)

Read More

Accurate Identification of the Vulnerability-Introducing Commit based on Differential...

Qixuan Guo (Beijing Jiaotong University), Yongzhong He (Beijing Jiaotong University)

Read More

The 1-RTT Penalty: Quantifying the Recurring Cost of PQC...

Young Eun Kwon (Korea University), Ji Won Yoon (Korea University)

Read More