A unified framework for phishing detection and propagation control on social media, powered by LLaMA and advanced graph-based intervention strategies.
This repository implements the complete research framework described in "Joint Semantic Detection and Dissemination Control of Phishing Attacks on Social Media via LLaMA-Based Modeling", featuring deep semantic understanding, adversarial robustness, and targeted intervention for comprehensive phishing mitigation.
Alternative view: Architecture Diagram PNG
graph TB
subgraph "Data Layer"
TD[Twitter Data<br/>~100k tweets] --> DP[Data Preprocessing<br/>β’ Deduplication<br/>β’ Language filtering<br/>β’ Text standardization]
ED[Edge Data<br/>User interactions] --> GC[Graph Construction<br/>β’ Social network<br/>β’ Temporal patterns]
end
subgraph "Model Architecture"
DP --> LLaMA[LLaMA Encoder<br/>β’ Semantic embeddings<br/>β’ Attention mechanisms<br/>β’ LoRA fine-tuning]
LLaMA --> SE[Semantic Enhancement<br/>β’ Deep projection<br/>β’ Phishing-specific attention<br/>β’ Risk assessment]
SE --> CLS[Classifier Head<br/>β’ 2-way classification<br/>β’ Confidence scoring]
end
subgraph "Training Framework"
CLS --> L1[Classification Loss<br/>L_cls = CrossEntropy]
SE --> ADV[Adversarial Training<br/>β’ Semantic perturbation<br/>β’ KL divergence<br/>β’ Distribution sharpening]
ADV --> L2[Adversarial Loss<br/>KL divergence robustnes
57AF
s]
GC --> PG[Propagation Graph<br/>G with nodes V and edges E<br/>β’ User nodes<br/>β’ Interaction edges]
PG --> IC[Independent Cascade<br/>β’ Diffusion simulation<br/>β’ Spread estimation ΟS]
IC --> L3[Propagation Loss<br/>L_prop = Expected spread]
L1 --> JO[Joint Optimization<br/>L_total = L_cls + λ·L_adv + μ·L_prop]
L2 --> JO
L3 --> JO
end
subgraph "Intervention System"
PG --> RA[Risk Assessment<br/>β’ Model predictions<br/>β’ Network centrality<br/>β’ Behavioral patterns]
RA --> CS[Candidate Selection<br/>β’ Influence ranking<br/>β’ Activity analysis]
CS --> GI[Greedy Intervention<br/>β’ Budget optimization<br/>β’ Marginal gain<br/>β’ Impact evaluation]
end
subgraph "Output"
JO --> PM[Trained Model<br/>β’ Phishing detection<br/>β’ Risk scoring]
GI --> IN[Intervention Nodes<br/>β’ Optimal selection<br/>β’ Spread minimization]
PM --> MT[Metrics<br/>β’ Accuracy: 85-95%<br/>β’ F1-Score: 80-92%<br/>β’ AUC: 90-98%]
IN --> PR[Propagation Reduction<br/>β’ 15-40% spread decrease<br/>β’ Cost-effectiveness]
end
style LLaMA fill:#e1f5fe
style JO fill:#f3e5f5
style GI fill:#e8f5e8
style MT fill:#fff3e0
style PR fill:#fff3e0
- LLaMA-2-7B Integration: Deep semantic understanding with fallback to DistilBERT for CPU deployment
- Enhanced Architecture: Multi-layer semantic projection with phishing-specific attention mechanisms
- LoRA/PEFT Support: Parameter-efficient fine-tuning for resource-constrained environments
- Robust Preprocessing: Automated deduplication, language filtering, and text standardization
- Semantic Perturbations: Embedding-space adversarial examples with βΞ΄β < Ξ΅ constraints
- KL Divergence Training: Maximize distribution differences between clean and perturbed inputs
- Multiple Attack Strategies: FGSM, PGD, and semantic perturbation methods
- Temperature Scaling: Enhanced distribution sharpening for better robustness
- Graph Construction: Automated social network building from user interactions and temporal patterns
- Independent Cascade Model: Monte Carlo simulation of information diffusion with influence decay
- Multi-factor Risk Assessment: Combines model predictions, network centrality, and behavioral patterns
- Real-time Propagation Control: Dynamic loss computation based on actual graph structure
- Greedy Optimization: Budget-constrained intervention node selection with marginal gain analysis
- Influence-aware Selection: PageRank, betweenness centrality, and risk-based candidate ranking
- Impact Quantification: Measurable spread reduction with cost-effectiveness metrics
- Scalable Implementation: Efficient algorithms for large social networks (100k+ users)
- Mixed Precision Training: FP16 support for memory efficiency
- Gradient Checkpointing: Training large models on limited hardware
- Comprehensive Logging: Detailed metrics and progress tracking
- Checkpoint Management: Model state preservation and recovery
- Real Data Integration: Twitter API collection and dataset formatting tools
- MLflow Integration: Complete experiment tracking, model registry, and reproducible runs
- Ray Tune Hyperparameter Optimization: Automated hyperparameter search with early stopping
- Ray Train Distributed Training: Multi-GPU and multi-node training capabilities
- Experiment Comparison: Grid search automation and result visualization
- Advanced Schedulers: ASHA, Hyperband, and Optuna integration for efficient tuning
# 1. Install dependencies
pip install -r requirements.txt
# 2. Generate realistic demo data
python scripts/generate_demo_data.py --tweets 5000 --users 1000
# 3. Train the model
python -m training.train --config configs/config.yaml
# 4. View results
cat runs/phishguard_exp/final_results.yaml# 1. Install dependencies
pip install -r requirements.txt tweepy
# 2. Get Twitter API access (developer.twitter.com)
export TWITTER_BEARER_TOKEN="your_bearer_token_here"
# 3. Collect real data (10-15 minutes)
python scripts/collect_twitter_data.py
# 4. Train with real data
python -m training.train --config configs/config.yaml# Format existing phishing dataset
python scripts/format_existing_data.py \
--input your_dataset.csv \
--output data/tweets.csv \
--text-col "tweet_content" \
--label-col "is_phishing"
# Train on formatted data
python -m training.train --config configs/config.yaml# 1. Install MLflow and Ray dependencies
pip install -r requirements.txt
# 2. Quick start with MLflow and Ray
python scripts/quick_start_mlflow_ray.py --setup
# 3. Run single experiment with tracking
python scripts/quick_start_mlflow_ray.py --single-experiment
# 4. Start MLflow UI to view results
python scripts/quick_start_mlflow_ray.py --start-ui
# Access at: http://localhost:5000# 1. Run automated hyperparameter search
python scripts/quick_start_mlflow_ray.py --tune-hyperparams
# 2. Or run advanced hyperparameter tuning
python -m training.ray_tune_hyperparams --num-samples 20 --max-epochs 5
# 3. Use best configuration found
python -m training.train_mlflow --config configs/best_config_ray.yaml- First Time? Start Here - Get up and running in 5 minutes
- Prerequisites & Installation - System requirements and setup
- Basic Usage - Simple training and evaluation
- Advanced Features - MLflow, Ray Tune, distributed training
- Real Data - Twitter API and custom datasets
- Configuration - Customize model and training settings
- Troubleshooting - Common issues and solutions
- Optimization - Speed up training and improve quality
- Production - Deploy trained models
-
System Requirements:
# Check Python version (3.8+ required) python --version # Check available GPU (optional but recommended) nvidia-smi # For NVIDIA GPUs
-
Install Dependencies:
# Clone the repository git clone <your-repo-url> cd phishguard-scaffold # Install Python dependencies pip install -r requirements.txt # Optional: Install development dependencies pip install black ruff pytest # For code formatting and testing
-
Verify Installation:
# Test basic imports python -c "from training.train import run; print('β Installation successful!')"
# Generate synthetic demo data (5K tweets, 1K users)
python scripts/generate_demo_data.py --tweets 5000 --users 1000
# Run basic training with demo data
python -m training.train --config configs/config.yaml
# View results
cat runs/phishguard_exp/final_results.yaml# Create custom config (copy and modify)
cp configs/config.yaml configs/my_config.yaml
# Edit configs/my_config.yaml as needed
# Run with custom config
python -m training.train --config configs/my_config.yaml# Evaluate with pre-trained model checkpoints
python -m training.train --config configs/config.yaml --eval-only# 1. Set up MLflow experiment tracking
python scripts/quick_start_mlflow_ray.py --setup
# 2. Run single tracked experiment
python -m training.train_mlflow --config configs/mlflow_config.yaml \
--experiment-name "PhishGuard_Research" \
--run-name "baseline_experiment"
# 3. Start MLflow UI to view results
mlflow ui --host 0.0.0.0 --port 5000
# Open: http://localhost:5000# Basic hyperparameter search (20 trials)
python -m training.ray_tune_hyperparams \
--config configs/mlflow_config.yaml \
--num-samples 20 \
--max-epochs 5
# Advanced hyperparameter search with custom parameters
python scripts/run_mlflow_experiments.py \
--experiment-type lr \
--config configs/mlflow_config.yaml# Multi-GPU training (if available)
python -m training.ray_tune_hyperparams \
--config configs/mlflow_config.yaml \
--distributed
# Check GPU utilization
watch -n 1 nvidia-smi# 1. Get Twitter API credentials from developer.twitter.com
export TWITTER_BEARER_TOKEN="your_bearer_token_here"
# 2. Collect real tweets
python scripts/collect_twitter_data.py \
--output data/tweets.csv \
--count 10000 \
--keywords "phishing,scam,bitcoin,cryptocurrency"
# 3. Train with real data
python -m training.train --config configs/config.yaml# Format your existing CSV dataset
python scripts/format_existing_data.py \
--input your_dataset.csv \
--output data/tweets.csv \
--text-col "message_content" \
--label-col "is_malicious" \
--user-col "user_id"
# Verify data format
head -n 5 data/tweets.csv
# Train with formatted data
python -m training.train --config configs/config.yaml# Essential settings in configs/config.yaml
model:
model_name_or_path: "meta-llama/Llama-2-7b-hf" # Main model
fallback_model: "distilbert-base-uncased" # CPU fallback
peft: lora # Enable LoRA
max_length: 512 # Token length
train:
batch_size: 8 # Adjust based on GPU memory
num_epochs: 5 # Training epochs
lr: 1e-4 # Learning rate
fp16: true # Mixed precision (saves memory)
loss:
lambda_cls: 1.0 # Classification loss weight
lambda_adv: 0.3 # Adversarial loss weight
mu_prop: 0.2 # Propagation loss weight# For limited GPU memory (< 8GB)
# Edit configs/config.yaml:
# - Set batch_size: 4 or 2
# - Set fp16: true
# - Set gradient_checkpointing: true
# - Use fallback_model: "distilbert-base-uncased"
# For CPU-only training
# Edit configs/config.yaml:
# - Set model_name_or_path: "distilbert-base-uncased"
# - Set peft: null
# - Set fp16: false# Terminal 1: Start training
python -m training.train_mlflow --config configs/mlflow_config.yaml
# Terminal 2: Monitor with MLflow UI
mlflow ui --host 0.0.0.0 --port 5000
# Terminal 3: Monitor system resources
watch -n 2 'nvidia-smi; echo ""; free -h'# Basic evaluation metrics
python -c "
from training.train import run
results = run('configs/config.yaml', eval_only=True)
print(f'Accuracy: {results[\"test_metrics\"][\"accuracy\"]:.3f}')
print(f'F1-Score: {results[\"test_metrics\"][\"f1\"]:.3f}')
print(f'AUC: {results[\"test_metrics\"][\"auc\"]:.3f}')
"
# Detailed analysis with intervention impact
python scripts/analyze_results.py runs/phishguard_exp/1. CUDA Out of Memory:
# Solution: Reduce batch size and enable optimizations
# In configs/config.yaml:
train:
batch_size: 2 # Reduce from 8
fp16: true
gradient_checkpointing: true2. Model Loading Failures:
# Check if model name is correct
python -c "
from transformers import AutoTokenizer
try:
tokenizer = AutoTokenizer.from_pretrained('meta-llama/Llama-2-7b-hf')
print('β
Model accessible')
except Exception as e:
print(f'β Model error: {e}')
"
# Use fallback model
# In configs/config.yaml set: model_name_or_path: "distilbert-base-uncased"3. Data Loading Issues:
# Check data file format
python -c "
import pandas as pd
df = pd.read_csv('data/tweets.csv')
print(f'Data shape: {df.shape}')
print(f'Columns: {list(df.columns)}')
print(f'Sample:\\n{df.head(2)}')
"
# Regenerate demo data if needed
python scripts/generate_demo_data.py --tweets 1000 --users 2004. Import Errors:
# Check Python path
python -c "import sys; print('\\n'.join(sys.path))"
# Install missing dependencies
pip install -r requirements.txt
# Run from project root
cd /path/to/phishguard-scaffold
python -m training.train --config configs/config.yaml# 1. Use mixed precision
# Set fp16: true in config
# 2. Increase batch size (if memory allows)
# Set batch_size: 16 or 32
# 3. Use LoRA for faster fine-tuning
# Set peft: lora, lora_r: 16
# 4. Pre-compile model (PyTorch 2.0+)
# Set compile_model: true in config# 1. Use more training epochs
# Set num_epochs: 10
# 2. Tune loss weights
# Experiment with lambda_adv: 0.5, mu_prop: 0.3
# 3. Use larger model (if resources allow)
# Set model_name_or_path: "meta-llama/Llama-2-13b-hf"
# 4. Collect more/better training data
python scripts/collect_twitter_data.py --count 50000# Format code
black training/ scripts/ --line-length 88
# Check for issues
ruff check .
# Run tests (if available)
pytest tests/ -v# Compare multiple experiments
python scripts/run_mlflow_experiments.py --experiment-type lr
python scripts/run_mlflow_experiments.py --experiment-type loss-weights
# View comparisons in MLflow UI
mlflow ui# Save model for inference
python -c "
from training.train import run
from models.llama_classifier import PhishGuardClassifier
import torch
# Load trained model
model = PhishGuardClassifier('path/to/checkpoint')
torch.save(model.state_dict(), 'phishguard_production.pth')
print('Model saved for production use')
"# Run inference on new data
python scripts/batch_inference.py \
--model runs/phishguard_exp/best_model.pth \
--input new_tweets.csv \
--output predictions.csv- Accuracy: 85-95%
- F1-Score: 80-92%
- AUC: 90-98%
- Precision: 82-94%
- Recall: 78-90%
- Spread Reduction: 15-40%
- Intervention Efficiency: Budget-optimal node selection
- Cost-Effectiveness: 2-8 nodes per 1% spread reduction
- Graph Coverage: Supports 10k-100k+ user networks
- CPU Training: 2-6 hours (DistilBERT)
- GPU Training: 30-90 minutes (LLaMA + LoRA + FP16)
- Memory Requirements: 4-16GB depending on model choice
- Data Processing: 5-15 minutes for 50k tweets
phishguard_scaffold/
βββ README.md, requirements.txt
βββ configs/
β βββ config.yaml # Main configuration file
β βββ mlflow_config.yaml # MLflow and Ray configuration
βββ data/
β βββ dataset.py # Enhanced data loading & preprocessing
β βββ tweets.csv # Tweet dataset (text, labels, metadata)
β βββ edges.csv # Social network edges
βββ models/
β βββ llama_classifier.py # LLaMA-based classifier with LoRA
βββ training/
β βββ train.py # Joint optimization training loop
β βββ train_mlflow.py # MLflow-enhanced training with experiment tracking
β βββ ray_tune_hyperparams.py # Ray Tune hyperparameter optimization
β βββ adversarial.py # Adversarial training components
βββ propagation/
β βββ graph.py # Social network & IC simulation
β βββ intervene.py # Intervention strategies
βββ eval/
β βββ metrics.py # Evaluation metrics
βββ scripts/
β βββ collect_twitter_data.py # Real Twitter data collection
β βββ format_existing_data.py # Dataset formatting utility
β βββ generate_demo_data.py # Synthetic data generation
β βββ run_mlflow_experiments.py # Automated experiment grid search
β βββ quick_start_mlflow_ray.py # MLflow and Ray quick start guide
βββ runs/ # Training outputs and checkpoints
βββ mlruns/ # MLflow experiment tracking data
βββ ray_results/ # Ray Tune optimization results
The framework is highly configurable via configs/config.yaml:
model:
model_name_or_path: meta-llama/Llama-2-7b-hf # Primary model
fallback_model: distilbert-base-uncased # CPU fallback
peft: lora # Enable LoRA
lora_r: 16 # LoRA rank
max_length: 512 # Input sequence length
train:
batch_size: 8 # Batch size
num_epochs: 5 # Training epochs
lr: 1e-4 # Learning rate
fp16: true # Mixed precision
loss:
lambda_cls: 1.0 # Classification weight
lambda_adv: 0.3 # Adversarial weight
mu_prop: 0.2 # Propagation weight
propagation:
ic_samples: 100 # IC simulation samples
budget: 20 # Intervention budget
topk_candidates: 200 # Candidate pool size| Column | Type | Description |
|---|---|---|
text |
string | Tweet content |
label |
int | 0=legitimate, 1=phishing |
user_id |
string | Unique user identifier |
timestamp |
string | ISO format timestamp |
parent_user_id |
string | For retweets/replies (optional) |
url |
string | Extracted URLs (optional) |
| Column | Type | Description |
|---|---|---|
src |
string | Source user ID |
dst |
string | Destination user ID |
weight |
float | Influence probability [0,1] |
timestamp |
string | Interaction timestamp (optional) |
- β Deep Semantic Modeling: LLaMA-based semantic representations
- β Adversarial Training: Enhanced robustness against deceptive messages
- β Social Network Analysis: Influence-based diffusion modeling
- β Targeted Intervention: High-risk propagation path disruption
- β Joint Optimization: Unified loss combining all components
- β Comprehensive Evaluation: Multiple metrics and intervention impact
L_total = Ξ»_cls Γ L_cls + Ξ»_adv Γ L_adv + ΞΌ_prop Γ L_prop
Where:
- L_cls: Standard cross-entropy classification loss
- L_adv: KL(clean vs perturbed) adversarial robustness loss
- L_prop: Graph-based propagation control loss
from models.llama_classifier import PhishGuardClassifier
# Initialize with custom model
model = PhishGuardClassifier(
"microsoft/DialoGPT-medium",
peft_cfg={"peft": "lora", "lora_r": 8}
)from training.train import run
# Run training programmatically
results = run("configs/config.yaml", eval_only=False)
print(f"Final accuracy: {results['test_metrics']['accuracy']:.3f}")from propagation.intervene import evaluate_intervention_impact
impact = evaluate_intervention_impact(graph, intervention_nodes, risk_scores)
print(f"Spread reduction: {impact['relative_reduction']:.1%}")import mlflow
from training.train_mlflow import MLflowPhishGuardTrainer, TrainingConfig
# Configure experiment
config = TrainingConfig(
experiment_name="PhishGuard_Research",
run_name="adversarial_loss_study",
lambda_adv=0.4, # Custom adversarial weight
num_epochs=10
)
# Run tracked experiment
trainer = MLflowPhishGuardTrainer(config)
results = trainer.train()
# View in MLflow UI: mlflow uifrom ray import tune
from training.ray_tune_hyperparams import run_hyperparameter_optimization
# Define custom search space
search_space = {
"lr": tune.loguniform(1e-5, 1e-3),
"lambda_adv": tune.uniform(0.1, 0.5),
"batch_size": tune.choice([8, 16, 32])
}
# Run optimization
results, best_trial = run_hyperparameter_optimization(
num_samples=50,
max_num_epochs=10,
gpus_per_trial=0.25
)
print(f"Best F1 score: {best_trial.metrics['f1']:.4f}")from training.ray_tune_hyperparams import distributed_training_example
# Run distributed training across multiple GPUs
results = distributed_training_example("configs/mlflow_config.yaml")- Implement in
src/models/following thePhishGuardClassifierinterface - Update configuration options in
configs/config.yaml - Test with the existing training pipeline
- Add new loss components in
src/training/adversarial.py - Integrate into joint optimization in
src/training/train.py - Configure weights via YAML settings
- Implement new algorithms in
src/propagation/intervene.py - Follow the interface expected by
greedy_minimize_spread - Evaluate using provided impact metrics
We welcome contributions! Please see our Contributing Guide for details.
git clone <repository-url>
cd phishguard_scaffold
pip install -r requirements.txt
pip install -r requirements-dev.txt # Additional dev dependencies
# Run tests
python -m pytest tests/
# Format code
black src/ scripts/Performance on various dataset sizes:
| Dataset Size | Training Time (GPU) | Memory Usage | Accuracy | F1-Score |
|---|---|---|---|---|
| 1k tweets | 10 minutes | 4GB | 89% | 87% |
| 10k tweets | 45 minutes | 8GB | 92% | 90% |
| 50k tweets | 2.5 hours | 14GB | 94% | 92% |
| 100k tweets | 4 hours | 16GB | 95% | 93% |
Benchmarks run on NVIDIA A100 with LLaMA-2-7B + LoRA
This project is licensed under the MIT License - see the LICENSE file for details.
If you use this framework in your research, please cite:
@article{phishguard2024,
title={Joint Semantic Detection and Dissemination Control of Phishing Attacks on Social Media via LLaMA-Based Modeling},
author={Rui Wang},
journal={[ICCEA 2025 Proceedings]},
year={2024},
url={https://ieeexplore.ieee.org/document/11103392}
}- π Documentation: See
docs/DATA_INTEGRATION_GUIDE.mdanddocs/REQUIREMENTS_ANALYSIS.md - π Issues: Report bugs and feature requests via GitHub Issues
- π¬ Discussions: Join our community discussions
- π§ Contact: [contact information]
- Multi-language support beyond English
- Real-time deployment pipeline
- Integration with Twitter API v2 streaming
- Advanced visualization dashboard
- Federated learning capabilities h
β Star this repository if you find it useful for your research or applications!
Built with β€οΈ for the cybersecurity and social media safety community