FusionPhishGuard: A Phishing Detection System Based on Multimodal Deep Learning

Core Views

FusionPhishGuard is a multi-branch phishing detection framework that integrates attention mechanisms, Transformer, BiLSTM, and large language models. It aims to address the problem that traditional rule/blacklist methods struggle to handle complex phishing techniques (such as AI-generated content), improving detection accuracy and robustness.

Project Source

• Original author/maintainer: bytemonkk
• Source platform: GitHub
• Original link: https://github.com/bytemonkk/FusionPhishGuard
• Update time: 2026-05-25T04:43:18Z

Phishing is a prevalent and harmful threat in the current cybersecurity field. Attackers trick users into revealing sensitive information through fake websites, fraudulent emails, etc. Traditional rule-based or blacklist-based detection methods are no longer able to handle increasingly complex phishing techniques, especially realistic phishing content generated by AI. FusionPhishGuard proposes a multi-branch detection framework to address this challenge.

Multi-branch Architecture

• Text branch: Uses Word Embeddings and Transformer to extract semantic features from URLs, page titles, and content
• Structure branch: BiLSTM captures temporal dependencies in HTML structure
• Visual branch: Analyzes web page screenshots/visual elements to detect deceptive features
• Behavior branch: Monitors user interactions and page dynamic features

Core Innovations

• Attention mechanism: Automatically identifies key features (e.g., URL similar substrings, persuasive content paragraphs)
• LLM integration: Uses large language models to identify semantic-level phishing features (veiled threats, social engineering tactics)
• Feature fusion: Attention-weighted dynamic adjustment of feature contributions from each branch, adaptively combining optimal features

Dataset Construction

Supports training on public datasets such as PhishTank and OpenPhish, and provides data augmentation tools (synthetic samples, adversarial training to expand the dataset)

Training Strategy

Phased training: First train each branch independently, then perform end-to-end joint fine-tuning; use regularization methods like Dropout and label smoothing to prevent overfitting

Performance Optimization

Provides model compression and acceleration solutions such as knowledge distillation, quantization, and pruning, adapting to resource-constrained scenarios like mobile devices and edge servers

Evaluated on multiple public datasets, the accuracy, recall, and F1 score outperform single-model baselines; it has strong generalization ability for zero-day phishing attack detection.

Ablation experiments verify: The attention mechanism improves the ability to focus on key features, LLM enhances semantic feature recognition, and multi-branch fusion fully utilizes complementary information.

Applicable to various security scenarios:

1. Browser security plugin (real-time interception of phishing websites)
2. Email security gateway (scan links to identify phishing emails)
3. Mobile application protection (defend against mobile phishing)
4. Enterprise SOC component (provide threat intelligence)
5. API service (provide detection capabilities for third-party applications)

FusionPhishGuard represents an important attempt in the development of phishing detection towards multimodality and intelligence, integrating the advantages of traditional deep learning and LLM to improve detection accuracy and robustness. For cybersecurity practitioners, it is an open-source project worth paying attention to, providing a reference for multimodal security analysis research. As phishing techniques evolve, detection solutions integrating AI technology will become more important.