Malay Phishing Scam Detection System: AI Security Application for Low-Resource Languages

This article focuses on the cybersecurity needs of Malay, a low-resource language, and explores machine learning-based phishing detection techniques to bridge the "language gap" where existing NLP security tools lack sufficient support for non-English languages. By building a community-driven scam identification system, it addresses NLP challenges specific to Malay such as morphology, code-mixing, and writing variations, providing effective protection against online scams for users in Southeast Asia.

Millions of phishing attempts occur globally every day, resulting in billions of dollars in economic losses. Traditional detection methods relying on URL features have shown limitations, and content-based NLP technologies have become a new line of defense—however, existing tools are mainly designed for English. Users of Southeast Asian languages like Malay face greater security risks due to resource scarcity (insufficient labeled data, limited pre-trained models). Modern phishing attacks are more sophisticated (e.g., spear phishing, business email compromise), and the multilingual environment plus low-resource language characteristics further increase detection difficulty.

The Malay phishing detection system uses a multi-layer architecture: The data layer collects data from public sample libraries, user reports, honeypots, etc., and labels it by native speakers; Feature engineering extracts lexical (sensitive words, sentiment), syntactic (sentence complexity), and stylistic (formality) features; The model layer combines traditional classifiers (Naive Bayes, SVM), deep learning (CNN/LSTM), and pre-trained models (multilingual BERT); Integration strategies enhance robustness. To address low-resource issues, strategies like data augmentation (back-translation, synonym replacement), transfer learning (fine-tuning mBERT/XLM-RoBERTa), active learning, and crowdsourcing collaboration are employed.

Evaluation needs to balance precision and recall, using F1 score and ROC-AUC for comprehensive measurement. Cross-domain generalization tests ensure the model adapts to different channels like emails and social media; Adversarial robustness tests simulate attacker bypass strategies (e.g., homophone replacement); Real-time performance is optimized via model compression (pruning, quantization) and efficient inference engines, supporting edge deployment to protect privacy.

The system is deployed via browser extensions, email client plugins, and mobile app SDKs to mark suspicious content in real time. A user feedback loop incorporates missed or false-positive samples to improve the model; Explainable AI features enhance user trust. Privacy protection uses a local-first architecture, differential privacy technology, and transparent policies to clarify data usage scope.

Southeast Asia's internet is growing rapidly but security infrastructure lags behind, making localized security solutions crucial. The experience from the Malay project can be extended to languages like Thai and Vietnamese, with regional collaboration to share technical data. Combining education and technology is fundamental: Security education resources, simulation drills, and technical tools are equally important.

Future directions include multimodal detection (integrating text, images, audio), graph neural networks to model attack relationship networks, continuous learning to adapt to evolving attacks, and explainable AI to assist security analysis. These technologies will drive phishing detection toward more intelligent and comprehensive development.

The Malay phishing detection system overcomes data scarcity barriers through innovative strategies, providing protection tools for low-resource language communities. Its experience can be extended to other languages, promoting global cybersecurity inclusion. With technological advancements, multilingual and multimodal phishing detection will become a standard feature, protecting users worldwide from scams.