Phishing attacks are a significant societal threat, disproportionately harming vulnerable populations and eroding trust in essential digital services. Current defenses are often reactive, failing against modern evasive tactics like cloaking that conceal malicious content. To address this, we introduce PhishLumos, an adaptive multi-agent system that proactively mitigates entire attack campaigns. It confronts a core cybersecurity imbalance: attackers can easily scale operations, while defense remains an intensive expert task. Instead of being blocked by evasion, PhishLumos treats it as a critical signal to investigate the underlying infrastructure. Its Large Language Model (LLM)-powered agents uncover shared hosting, certificates, and domain registration patterns. On real-world data, our system identified 100% of campaigns in the median case, over a week before their confirmation by cybersecurity experts. PhishLumos demonstrates a practical shift from reactive URL blocking to proactive campaign mitigation, protecting users before they are harmed and making the digital world safer for all.
翻译:钓鱼攻击是一种重大的社会威胁,对弱势群体造成不成比例的伤害,并侵蚀对关键数字服务的信任。当前的防御措施通常是反应式的,难以应对诸如隐藏恶意内容的伪装技术等现代规避策略。为解决这一问题,我们提出了PhishLumos,一种自适应多智能体系统,能够主动缓解整个攻击活动。它直面网络安全中的一个核心失衡问题:攻击者可以轻易扩大其操作规模,而防御工作仍是一项需要密集专家投入的任务。PhishLumos不因规避技术而受阻,而是将其视为调查底层基础设施的关键信号。该系统由大型语言模型驱动的智能体,能够发现共享托管、证书和域名注册模式。在真实世界数据上,我们的系统在网络安全专家确认之前,于中位情况下提前一周以上识别出100%的攻击活动。PhishLumos展示了一种从被动的URL拦截到主动的攻击活动缓解的实用转变,在用户受到伤害之前提供保护,为所有人创造一个更安全的数字世界。