ADVERSARIAL ATTACK ANALYSIS OF A PHISHING EMAIL DETECTION SYSTEM BASED ON MACHINELEARNING AND WORD ERROR CORRECTION

Phishing remains a critical cybersecurity threat, especially with the advent of large language models (LLMs) capable of generating highly convincing malicious content. Unlike earlier phishing attempts which are identifiable by grammatical errors, misspellings, incorrect phrasing, and inconsistent formatting, LLM generated emails are grammatically sound, contextually relevant, and linguistically natural. These advancements make phishing emails increasingly difficult to distinguish from legitimate ones, challenging traditional detection mechanisms. Conventional phishing detection systems often fail when faced with emails crafted by LLMs or manipulated using adversarial perturbation techniques. To address this challenge, we propose a robust phishing email detection system featuring an enhanced text preprocessing pipeline. This pipeline includes spelling correction and compound word splitting to counteract adversarial modifications and improve detection accuracy.

Our approach integrates three widely used feature extraction techniques - TF-IDF, Word2Vec, and GloVe with five machine learning classifiers - Support Vector Machine (SVM), Logistic Regression (LR), Random Forest (RF), Multi-Layer Perceptron (MLP), and K-Nearest Neighbors (KNN). We evaluate our system on publicly available datasets comprising both phishing and legitimate emails, achieving a detection accuracy of 94.34\%. To assess robustness, we further test the system using adversarial examples generated by four attack strategies - DeepWordBug, Pruthi, TextBugger, and a custom character-level substitution method. Additionally, we evaluate its performance against phishing emails generated by LLMs such as ChatGPT and LLaMA. Results highlight the system’s resilience against evolving, AI-powered phishing threats.