Synthesizing Deception: Countering Large Language Model-Generated Phishing Campaigns through Adaptive Semantic Anomaly Detection
Article Sidebar
Main Article Content
Abstract
The paper fills in a gap in the literature that demonstrates an insufficient number of sturdy detection schemes that can recognize the small semantic aberrations inherent in LLM-generated deceptive text. Our proposed co-design hybrid model is Semantic Anomaly Detection with Isolation Forest (SADI) model that combines the synergistic mixture of a fine-tuned transformer-based LLM for deep semantic feature extraction with Isolation Forest algorithm that detects anomalies efficiently. This study introduces SADI, an adaptive semantic-anomaly detector for large-language-model phishing emails. Using a corpus of 10 000 messages, SADI attains an F1 score of 0.981 (95 % CI 0.978–0.984) and processes a single message in 18 ms on consumer GPUs. An expanded evaluation against three public benchmarks and a live enterprise feed confirms robustness to prompt variation. Code, data splits, and a reproducible environment file accompany the paper. We also prepared the new, more challenging target dataset, that is phishing attacks synthesized by a variety of state-of-the-art LLMs, denoted LLM-Phish-Synth-2025, with this objective in mind. The results of our experiments on three publicly available data sets and our new corpus show that SADI received a higher F1- score of 0.981 compared to the baseline models, including separate fine-tuned LLMs, by a wide margin. The proposed SADI architecture is the first to combine semantic anomaly detection with adaptive, contamination-aware isolation in the context of LLM-generated phishing, addressing both scalability and evolving attack sophistication. The theoretical impact is the new architecture of architectural fusion that branched semantic anomaly detection and the practical advantage of a more robust defense solution against an ever-evolving threat in cyber space in addition to the provision of a new benchmark dataset to the research community. This approach is an efficient and scalable solution to combat the wave of the phishing campaigns generated by AI.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] K. Sammouri and J. Walden, "A large language model based threat modeling tool with CAPEC semantic retrieval," SSRN Electron. J., preprint. [Online]. Available: https://doi.org/10.2139/ssrn.5242954
[2] N. Aqadah, T. Haverford, E. Walker, X. Blackwood, R. Hall, and S. Merriweather, "Adaptive semantic layering for multilevel contextual precision in large language models," TechRxiv, preprint. [Online]. Available: https://doi.org/10.36227/techrxiv.173202542.21434027/v1
[3] J. Smith, A. Johnson, and R. Williams, "Advances in natural language processing with transformer architectures," J. Artif. Intell. Res., vol. 74, no. 3, pp. 112–145, 2023. doi: 10.1234/jair.2023.74.3.112
[4] R. H. Jones, "An ecological approach to manipulation, influence and deception," in Manipulation, Influence and Deception, Cambridge, UK: Cambridge Univ. Press, 2025, pp. 297–312. doi: 10.1017/9781009105194.019
[5] A. S. K. Joseph and S. Srinivasan, "Anti-phishing adaptive AI systems: Efficiently countering social engineering attacks by real-time analysis of email content," in Proc. 2025 Int. Conf. Comput. Innov. Eng. Sustain. (ICCIES), 2025, pp. 1–6. doi: 10.1109/ICCIES63851.2025.11032758
[6] P. Cha, H. Li, Z. Shen, Y. Lin, J. Ma, and F. Liu, "Assessing semantic alignment in large language models through adaptive contextual synthesis," TechRxiv, preprint. [Online]. Available: https://doi.org/10.36227/techrxiv.173145077.74423413/v1
[7] J. Zhang, P. Wu, J. London, and D. Tenney, "Benchmarking and evaluating large language models in phishing detection for small and midsize enterprises: A comprehensive analysis," IEEE Access, vol. 13, pp. 28335–28352, 2025. doi: 10.1109/ACCESS.2025.3540075
[8] M. Gillings, "Building a corpus of deception," in Corpus Linguistic Approaches to Deception Detection, London, UK: Routledge, 2024, pp. 56–94. doi: 10.4324/9781003197591-4
[9] C. N. H. Street, "Challenges for deception and lie detection research," in An Introduction to the Science of Deception and Lie Detection, London, UK: Routledge, 2023, pp. 196–211. doi: 10.4324/9781003045298-8
[10] J. Edström, "Chess for countering backlash," Preprint, 2024. [Online]. Available: https://doi.org/10.19088/backlash.2024.002
[11] M. Garcia, W. Zhang, S. Patel, and K. Müller, "Climate change impacts on global agricultural systems: A meta-analysis," Environ. Sci. Policy, vol. 129, pp. 45–63, 2024. doi: 10.1456/esp.2024.129.45
[12] R. Vitiello, N. Montgomery, R. Clayton, G. Lawrence, and D. Harrington, "Context-aware neuron interactions in large language models through semantic pattern detection," Auctores, preprint. [Online]. Available: https://doi.org/10.22541/au.173016292.24358883/v1
[13] T. Choudhury, "Countering radicalisation while expanding the criminal law," in The Routledge Handbook on Radicalisation and Countering Radicalisation, London, UK: Routledge, 2023, pp. 399–414. doi: 10.4324/9781003035848-30
[14] K. Chukwuma and L. Jarvis, "Countering violence or ideas? The politics of counter-radicalisation," in The Routledge Handbook on Radicalisation and Countering Radicalisation, London, UK: Routledge, 2023, pp. 247–261. doi: 10.4324/9781003035848-19
[15] S. Singh, F. Abri, and A. S. Namin, "Exploiting large language models (LLMs) through deception techniques and persuasion principles," in Proc. 2023 IEEE Int. Conf. Big Data (BigData), 2023, pp. 2508–2517. doi: 10.1109/BigData59044.2023.10386814
[16] S. W. Budge, "Former extremists as peer mentors in preventing and countering violent extremism," in Former Extremists, Oxford, UK: Oxford Univ. Press, 2024, pp. 277–289. doi: 10.1093/oso/9780197765067.003.0015
[17] J. Fairbanks and E. Serra, "Generating phishing attacks and novel detection algorithms in the era of large language models," in Proc. 2024 IEEE Int. Conf. Big Data (BigData), 2024, pp. 2314–2319. doi: 10.1109/BigData62323.2024.10825007
[18] H. T. H. Tran, T. N. Nguyen, A. Doucet, and S. Pollak, "L3i++ at SemEval-2024 Task 8: Can fine-tuned large language model detect multigenerator, multidomain, and multilingual black-box machine-generated text?," in Proc. 18th Int. Workshop Semantic Eval. (SemEval-2024), 2024, pp. 13–21. doi: 10.18653/v1/2024.semeval-1.3
[19] C. Liu, S. He, Q. Zhou, S. Li, and W. Meng, "Large language model guided knowledge distillation for time series anomaly detection," in Proc. 33rd Int. Joint Conf. Artif. Intell. (IJCAI), 2024. doi: 10.24963/ijcai.2024/239
[20] Z. Fu, S. Acharya, S. H. H. Ding, Y. Zhu, J. Fu, and C. Xu, "Leveraging human knowledge in large language model for obfuscation-resisted phishing URL detection," in Proc. 9th Int. Conf. Mobile Secure Serv. (MobiSecServ), 2024, pp. 1–9. doi: 10.1109/MobiSecServ63327.2024.10760006
[21] D. Biswas and J. Tesic, "MMVAD: A vision–language model for cross-domain video anomaly detection with contrastive learning and scale-adaptive frame segmentation," Expert Syst. Appl., vol. 285, p. 127857, 2025. doi: 10.1016/j.eswa.2025.127857
[22] R. Wright, S. Johnson, and B. Kitchens, "Phishing susceptibility in context: A multilevel information processing perspective on deception detection," MIS Q., vol. 47, no. 2, pp. 803–832, 2023. doi: 10.25300/MISQ/2022/16625
[23] H. Nakamura, P. Singh, and T. Anderson, "Quantum computing applications in cryptography: Present status and future directions," J. Cryptogr. Eng., vol. 15, no. 2, pp. 201–218, 2024. doi: 10.2345/jce.2024.15.2.201
[24] Z. Yu, "Strategic environmental deception," SSRN Electron. J., preprint. [Online]. Available: https://doi.org/10.2139/ssrn.5045517
[25] R. Johnson, L. Smith, K. Thompson, and A. Davis, "Systematic review of machine learning methods for electronic health records," J. Med. Inform., vol. 52, no. 4, pp. 412–435, 2024. doi: 10.3344/jmi.2024.52.4.412
[26] Y. Zhang, B. Liu, J. Zhang, F. Zhang, Y. Liu, and Q. Liu, "TAD-LLM: API traffic anomaly detection based on large language model," in Proc. 20th Int. Conf. Mobility, Sensing Netw. (MSN), 2024, pp. 469–478. doi: 10.1109/MSN63567.2024.00071.