Adversarially Robust Multi-Stage Phishing Detection Framework with Formal Guarantees

Adversarially Robust Multi-Stage Phishing Detection Framework with Formal Guarantees | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Adversarially Robust Multi-Stage Phishing Detection Framework with Formal Guarantees Vaibhav Narkhede, Pratik Shetty This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-9263588/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 4 You are reading this latest preprint version Abstract Phishing attacks exploit semantic obfuscation, ephemeral infrastructure, andLLM-generated content. Traditional approaches fail against adaptive, targetedcampaigns. We propose an adaptive, multi-stage phishing detection frameworkcombining dual-stage semantic NLP, risk-aware URL analysis, adaptive proba-bilistic sandboxing, population-level weakly supervised behavior modeling, andlightweight graph intelligence. The framework employs asynchronous Bayesian fu-sion, formal Cost of Evasion (C e) metrics, and contextual incongruence detectionvia Mahalanobis distance. Evaluation on heterogeneous datasets shows accuracy of98.5%, false positive rate below 1.2%, and resilience against spear-phishing, stallingmalware, and coordinated campaigns. Phishing Detection NLP Sandbox Analysis Weak Supervision Graph Intelligence Bayesian Fusion Enterprise Security Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Reviewers invited by journal 20 Apr, 2026 Editor assigned by journal 30 Mar, 2026 Submission checks completed at journal 30 Mar, 2026 First submitted to journal 30 Mar, 2026 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-9263588","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":629472856,"identity":"0df1cc06-8b8a-4a09-9205-b606255a81cd","order_by":0,"name":"Vaibhav Narkhede","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA50lEQVRIie3RMQrCMBSA4ZQHcYl2fYKYK6QI6qSj14gUdHIXFIwIeoU6eQV7g5RAXQpeQfACBRcnMXVwbDsK5h8CgfdBeCHE5frBfPCUlst193PD4oAK0j7AVudZ2qtPxLWxS457mKr6LzOeMozS+WliktuQjDhpNHWp8HYFYZ1FnM1CgSQMFLRkKQEoCNJFHLE+IgFJgIlSQj9EwDyI2OCJZFNNmCVJJEFyZH27MVNNsPiXXKfBmc1CRHEJ9lVkfL3c8+lrzfnBJA9crrjvZ+Xkm9B2F2iHab15G1d243ntcZfL5fqn3hdOPRq9QNCNAAAAAElFTkSuQmCC","orcid":"","institution":"North Maharashtra University","correspondingAuthor":true,"prefix":"","firstName":"Vaibhav","middleName":"","lastName":"Narkhede","suffix":""},{"id":629472857,"identity":"f6c7f058-071f-4a03-89d5-911bc0bc86cd","order_by":1,"name":"Pratik Shetty","email":"","orcid":"","institution":"University of York","correspondingAuthor":false,"prefix":"","firstName":"Pratik","middleName":"","lastName":"Shetty","suffix":""}],"badges":[],"createdAt":"2026-03-30 07:25:31","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-9263588/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-9263588/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":108029770,"identity":"13036c4e-6221-4327-92a2-6f6d792955dc","added_by":"auto","created_at":"2026-04-28 15:46:38","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":145970,"visible":true,"origin":"","legend":"","description":"","filename":"AdversariallyRobustMultiStagePhishingDetectionFrameworkwithFormalGuarantees4.pdf","url":"https://assets-eu.researchsquare.com/files/rs-9263588/v1_covered_c077fbd4-18df-47be-8c06-aac39ddf0a3f.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"\u003cp\u003eAdversarially Robust Multi-Stage Phishing Detection Framework with Formal Guarantees\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"journal-of-computer-virology-and-hacking-techniques","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jicv","sideBox":"Learn more about [Journal of Computer Virology and Hacking Techniques](http://link.springer.com/journal/11416)","snPcode":"11416","submissionUrl":"https://submission.springernature.com/new-submission/11416/3","title":"Journal of Computer Virology and Hacking Techniques","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Phishing Detection, NLP, Sandbox Analysis, Weak Supervision, Graph Intelligence, Bayesian Fusion, Enterprise Security","lastPublishedDoi":"10.21203/rs.3.rs-9263588/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-9263588/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Phishing attacks exploit semantic obfuscation, ephemeral infrastructure, andLLM-generated content. Traditional approaches fail against adaptive, targetedcampaigns. We propose an adaptive, multi-stage phishing detection frameworkcombining dual-stage semantic NLP, risk-aware URL analysis, adaptive proba-bilistic sandboxing, population-level weakly supervised behavior modeling, andlightweight graph intelligence. The framework employs asynchronous Bayesian fu-sion, formal Cost of Evasion (C e) metrics, and contextual incongruence detectionvia Mahalanobis distance. Evaluation on heterogeneous datasets shows accuracy of98.5%, false positive rate below 1.2%, and resilience against spear-phishing, stallingmalware, and coordinated campaigns.","manuscriptTitle":"Adversarially Robust Multi-Stage Phishing Detection Framework with Formal Guarantees","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-04-28 15:46:32","doi":"10.21203/rs.3.rs-9263588/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"reviewersInvited","content":"","date":"2026-04-20T12:15:51+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2026-03-30T14:01:47+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2026-03-30T14:01:26+00:00","index":"","fulltext":""},{"type":"submitted","content":"Journal of Computer Virology and Hacking Techniques","date":"2026-03-30T07:09:07+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"journal-of-computer-virology-and-hacking-techniques","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jicv","sideBox":"Learn more about [Journal of Computer Virology and Hacking Techniques](http://link.springer.com/journal/11416)","snPcode":"11416","submissionUrl":"https://submission.springernature.com/new-submission/11416/3","title":"Journal of Computer Virology and Hacking Techniques","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"daa93510-44ac-411a-ac1c-e3f9b137a41b","owner":[],"postedDate":"April 28th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2026-04-28T15:46:32+00:00","versionOfRecord":[],"versionCreatedAt":"2026-04-28 15:46:32","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-9263588","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-9263588","identity":"rs-9263588","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}