added_model

README.md

@@ -1,13 +0,0 @@
----
-title: Phishing Email Detector
-emoji: 👀
-colorFrom: indigo
-colorTo: blue
-sdk: streamlit
-sdk_version: 1.40.2
-app_file: app.py
-pinned: false
-license: apache-2.0
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

app.py

@@ -0,0 +1,189 @@
+import streamlit as st
+import imaplib
+import email
+from email.header import decode_header
+import torch
+from transformers import BertTokenizer, BertForSequenceClassification
+import re
+
+class EmailProcessor:
+    @staticmethod
+    def decode_email_content(content, default_charset='utf-8'):
+        if isinstance(content, bytes):
+            try:
+                return content.decode(default_charset)
+            except UnicodeDecodeError:
+                try:
+                    return content.decode('iso-8859-1')
+                except UnicodeDecodeError:
+                    return content.decode(default_charset, errors='ignore')
+        return str(content)
+
+    @staticmethod
+    def clean_text(text):
+        text = re.sub(r'<[^>]+>', '', text)
+        text = re.sub(r'\s+', ' ', text)
+        return text.strip()
+
+    @staticmethod
+    def get_emails(email_address, password, imap_server, imap_port):
+        try:
+            imap = imaplib.IMAP4_SSL(imap_server, imap_port)
+            imap.login(email_address, password)
+            imap.select('INBOX')
+            
+            _, message_numbers = imap.search(None, 'ALL')
+            
+            emails = []
+            for num in message_numbers[0].split()[-5:]:
+                _, msg_data = imap.fetch(num, '(RFC822)')
+                email_body = msg_data[0][1]
+                message = email.message_from_bytes(email_body)
+                
+                subject = decode_header(message["subject"])[0][0]
+                if isinstance(subject, bytes):
+                    subject = EmailProcessor.decode_email_content(subject)
+                
+                if message.is_multipart():
+                    content = ''
+                    for part in message.walk():
+                        if part.get_content_type() == "text/plain":
+                            payload = part.get_payload(decode=True)
+                            if payload:
+                                charset = part.get_content_charset() or 'utf-8'
+                                content += EmailProcessor.decode_email_content(payload, charset)
+                else:
+                    payload = message.get_payload(decode=True)
+                    if payload:
+                        charset = message.get_content_charset() or 'utf-8'
+                        content = EmailProcessor.decode_email_content(payload, charset)
+                    else:
+                        content = ""
+                
+                emails.append({
+                    'subject': subject,
+                    'content': EmailProcessor.clean_text(content)
+                })
+            
+            imap.close()
+            imap.logout()
+            return emails, None
+            
+        except Exception as e:
+            return None, str(e)
+
+class PhishingDetector:
+    def __init__(self, model_path="./phishing_model"):
+        self.device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+        self.tokenizer = BertTokenizer.from_pretrained(model_path)
+        self.model = BertForSequenceClassification.from_pretrained(
+            model_path,
+            num_labels=2
+        ).to(self.device)
+        self.model.eval()
+
+    @torch.no_grad()
+    def predict(self, text):
+        cleaned_text = EmailProcessor.clean_text(text)
+        inputs = self.tokenizer(
+            cleaned_text,
+            return_tensors="pt",
+            truncation=True,
+            max_length=512,
+            padding=True
+        )
+        
+        inputs = {k: v.to(self.device) for k, v in inputs.items()}
+        outputs = self.model(**inputs)
+        probabilities = torch.nn.functional.softmax(outputs.logits, dim=1)
+        return probabilities[0][1].item()
+
+# Initialize the app
+st.title("📧 Email Phishing Detector")
+st.write("Connect your email account to analyze messages for potential phishing attempts.")
+
+# Email configuration in sidebar
+with st.sidebar:
+    st.header("Email Settings")
+    email_address = st.text_input("Email Address", key="email_address_input")
+    password = st.text_input("Password", type="password", key="password_input")
+    imap_server = st.text_input("IMAP Server", value="imap.gmail.com", key="imap_server_input")
+    imap_port = st.number_input("IMAP Port", value=993, key="imap_port_input")
+
+# Initialize the model using st.cache_resource
+@st.cache_resource
+def load_detector():
+    return PhishingDetector()
+
+try:
+    detector = load_detector()
+    model_loaded = True
+except Exception as e:
+    st.error(f"Error loading model: {str(e)}")
+    model_loaded = False
+
+# Add manual text analysis option
+st.markdown("### 📝 Manual Text Analysis")
+manual_text = st.text_area("Enter text to analyze:", height=100, key="manual_text_input")
+if st.button("Analyze Text", key="analyze_text_btn") and manual_text.strip():
+    with st.spinner("Analyzing text..."):
+        phishing_score = detector.predict(manual_text)
+        risk_color = "red" if phishing_score > 0.5 else "green"
+        st.markdown(f"**Phishing Risk Score:** <span style='color:{risk_color}'>{phishing_score:.2%}</span>", unsafe_allow_html=True)
+        
+        if phishing_score > 0.8:
+            st.error("⚠️ High Risk: This text shows strong indicators of being a phishing attempt!")
+        elif phishing_score > 0.5:
+            st.warning("⚠️ Medium Risk: This text shows some suspicious characteristics.")
+        else:
+            st.success("✅ Low Risk: This text appears to be legitimate.")
+
+st.markdown("### 📨 Email Analysis")
+if model_loaded and st.button("Analyze Emails", key="analyze_emails_btn"):
+    if not email_address or not password:
+        st.warning("Please enter your email credentials.")
+    else:
+        with st.spinner("Connecting to email..."):
+            emails, error = EmailProcessor.get_emails(email_address, password, imap_server, imap_port)
+            
+            if error:
+                st.error(f"Error connecting to email: {error}")
+            elif emails:
+                st.success("Successfully retrieved emails!")
+                
+                for i, email_data in enumerate(emails):
+                    with st.expander(f"Email {i+1}: {email_data['subject']}"):
+                        phishing_score = detector.predict(email_data['content'])
+                        
+                        risk_color = "red" if phishing_score > 0.5 else "green"
+                        st.markdown(f"**Phishing Risk Score:** <span style='color:{risk_color}'>{phishing_score:.2%}</span>", unsafe_allow_html=True)
+                        
+                        if phishing_score > 0.8:
+                            st.error("⚠️ High Risk: This email shows strong indicators of being a phishing attempt!")
+                        elif phishing_score > 0.5:
+                            st.warning("⚠️ Medium Risk: This email shows some suspicious characteristics.")
+                        else:
+                            st.success("✅ Low Risk: This email appears to be legitimate.")
+                        
+                        st.text_area("Email Content", email_data['content'], height=100, key=f"email_content_{i}")
+            else:
+                st.warning("No emails found in inbox.")
+
+st.sidebar.markdown("---")
+st.sidebar.markdown("""
+### Instructions
+1. Enter your email credentials
+2. For Gmail:
+   - Use an App Password instead of your regular password
+   - Enable 2FA and generate an App Password from Google Account settings
+3. Click "Analyze Emails" to scan your recent emails
+""")
+
+st.sidebar.markdown("---")
+st.sidebar.markdown("""
+### About
+This application uses a BERT-based model to detect phishing attempts in emails.
+You can either:
+1. Analyze your emails directly by connecting your email account
+2. Manually input text to analyze for phishing content
+""")

phishing_model/.gitattributes

@@ -0,0 +1,35 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

phishing_model/README.md

@@ -0,0 +1,43 @@
+
+
+# BERT FINETUNED ON PHISHING DETECTION
+
+This model is a fine-tuned version of [bert-large-uncased](https://huggingface.co/bert-large-uncased) on an [phishing dataset](https://huggingface.co/datasets/ealvaradob/phishing-dataset),
+capable of detecting phishing in its four most common forms: URLs, Emails, SMS messages and even websites. 
+
+It achieves the following results on the evaluation set:
+
+- Loss: 0.1953
+- Accuracy: 0.9717
+- Precision: 0.9658
+- Recall: 0.9670
+- False Positive Rate: 0.0249
+
+## Model description
+
+BERT is a transformers model pretrained on a large corpus of English data in a self-supervised fashion. 
+This means it was pretrained on the raw texts only, with no humans labelling them in any way (which is why 
+it can use lots of publicly available data) with an automatic process to generate inputs and labels from 
+those texts.
+
+
+
+## Motivation and Purpose
+
+Phishing is one of the most frequent and most expensive cyber-attacks according to several security reports. 
+This model aims to efficiently and accurately prevent phishing attacks against individuals and organizations. 
+To achieve it, BERT was trained on a diverse and robust dataset containing: URLs, SMS Messages, Emails and 
+Websites, which allows the model to extend its detection capability beyond the usual and to be used in various 
+contexts.
+
+
+### Training results
+
+| Training Loss | Epoch | Step  | Validation Loss | Accuracy | Precision | Recall | False Positive Rate |
+|:-------------:|:-----:|:-----:|:---------------:|:--------:|:---------:|:------:|:-------------------:|
+| 0.1487        | 1.0   | 3866  | 0.1454          | 0.9596   | 0.9709    | 0.9320 | 0.0203              |
+| 0.0805        | 2.0   | 7732  | 0.1389          | 0.9691   | 0.9663    | 0.9601 | 0.0243              |
+| 0.0389        | 3.0   | 11598 | 0.1779          | 0.9683   | 0.9778    | 0.9461 | 0.0156              |
+| 0.0091        | 4.0   | 15464 | 0.1953          | 0.9717   | 0.9658    | 0.9670 | 0.0249              |
+
+

phishing_model/config.json

@@ -0,0 +1,35 @@
+{
+  "_name_or_path": "bert-large-uncased",
+  "architectures": [
+    "BertForSequenceClassification"
+  ],
+  "attention_probs_dropout_prob": 0.1,
+  "classifier_dropout": null,
+  "gradient_checkpointing": false,
+  "hidden_act": "gelu",
+  "hidden_dropout_prob": 0.1,
+  "hidden_size": 1024,
+  "id2label": {
+    "0": "benign",
+    "1": "phishing"
+  },
+  "initializer_range": 0.02,
+  "intermediate_size": 4096,
+  "label2id": {
+    "benign": 0,
+    "phishing": 1
+  },
+  "layer_norm_eps": 1e-12,
+  "max_position_embeddings": 512,
+  "model_type": "bert",
+  "num_attention_heads": 16,
+  "num_hidden_layers": 24,
+  "pad_token_id": 0,
+  "position_embedding_type": "absolute",
+  "problem_type": "single_label_classification",
+  "torch_dtype": "float32",
+  "transformers_version": "4.34.1",
+  "type_vocab_size": 2,
+  "use_cache": true,
+  "vocab_size": 30522
+}

phishing_model/gitattributes

@@ -0,0 +1,35 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

phishing_model/pytorch_model.bin

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f7fc8fd8ff9eb431b5876bff2e94d0ba31987fc2301942b65d1306eba9d18646
+size 1340710638

phishing_model/special_tokens_map.json

@@ -0,0 +1,7 @@
+{
+  "cls_token": "[CLS]",
+  "mask_token": "[MASK]",
+  "pad_token": "[PAD]",
+  "sep_token": "[SEP]",
+  "unk_token": "[UNK]"
+}

phishing_model/tokenizer_config.json

@@ -0,0 +1,55 @@
+{
+  "added_tokens_decoder": {
+    "0": {
+      "content": "[PAD]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "100": {
+      "content": "[UNK]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "101": {
+      "content": "[CLS]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "102": {
+      "content": "[SEP]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "103": {
+      "content": "[MASK]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    }
+  },
+  "clean_up_tokenization_spaces": true,
+  "cls_token": "[CLS]",
+  "do_lower_case": true,
+  "mask_token": "[MASK]",
+  "model_max_length": 512,
+  "pad_token": "[PAD]",
+  "sep_token": "[SEP]",
+  "strip_accents": null,
+  "tokenize_chinese_chars": true,
+  "tokenizer_class": "BertTokenizer",
+  "unk_token": "[UNK]"
+}

phishing_model/training_args.bin

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7d104fd966c5439370d740371ebeae1a9b747a93c604762957f98ecfeec61108
+size 4536

requirements.txt

@@ -0,0 +1,8 @@
+transformers
+torch
+datasets
+scikit-learn
+streamlit
+tqdm
+email-validator
+regex>=2023.5.5

train.py

@@ -0,0 +1,80 @@
+from datasets import load_dataset, Dataset
+from transformers import AutoTokenizer, AutoModelForSequenceClassification, TrainingArguments, Trainer
+from sklearn.model_selection import train_test_split
+import torch
+
+# Step 1: Load Dataset
+dataset = load_dataset("ealvaradob/phishing-dataset", "combined_reduced", trust_remote_code=True)
+
+# Step 2: Convert to Pandas and Split
+df = dataset['train'].to_pandas()
+train_df, test_df = train_test_split(df, test_size=0.2, random_state=42)
+
+# Step 3: Convert Back to Hugging Face Dataset
+train_dataset = Dataset.from_pandas(train_df, preserve_index=False)
+test_dataset = Dataset.from_pandas(test_df, preserve_index=False)
+
+# Step 4: Tokenizer Initialization
+tokenizer = AutoTokenizer.from_pretrained("bert-large-uncased")
+
+# Step 5: Preprocess Function
+def preprocess_data(examples):
+    # Use the correct column name for the text data
+    return tokenizer(examples['text'], truncation=True, padding='max_length', max_length=512)
+
+# Step 6: Tokenize the Dataset
+tokenized_train = train_dataset.map(preprocess_data, batched=True)
+tokenized_test = test_dataset.map(preprocess_data, batched=True)
+
+# Remove unused columns and set format for PyTorch
+tokenized_train = tokenized_train.remove_columns(['text'])
+tokenized_test = tokenized_test.remove_columns(['text'])
+tokenized_train.set_format("torch")
+tokenized_test.set_format("torch")
+
+# Step 7: Model Initialization
+model = AutoModelForSequenceClassification.from_pretrained("bert-large-uncased", num_labels=2)
+
+# Step 8: Training Arguments
+training_args = TrainingArguments(
+    evaluation_strategy="epoch",
+    learning_rate=2e-5,
+    per_device_train_batch_size=16,
+    per_device_eval_batch_size=16,
+    num_train_epochs=3,
+    weight_decay=0.01,
+    save_strategy="epoch",
+    logging_steps=10,
+)
+
+# Step 9: Trainer Setup
+trainer = Trainer(
+    model=model,
+    args=training_args,
+    train_dataset=tokenized_train,
+    eval_dataset=tokenized_test,
+)
+
+# Step 10: Train the Model
+trainer.train()
+
+# Step 11: Save the Model
+model.save_pretrained("./phishing_model")
+tokenizer.save_pretrained("./phishing_model")
+
+# Step 12: Inference Example
+# Load the saved model for inference
+loaded_tokenizer = AutoTokenizer.from_pretrained("./phishing_model")
+loaded_model = AutoModelForSequenceClassification.from_pretrained("./phishing_model")
+
+# Example input
+text = "Your account has been compromised, please reset your password now!"
+inputs = loaded_tokenizer(text, return_tensors="pt", truncation=True, padding=True, max_length=512)
+
+# Run inference
+loaded_model.eval()
+with torch.no_grad():
+    outputs = loaded_model(**inputs)
+    prediction = torch.argmax(outputs.logits, dim=-1).item()
+
+print(f"Predicted label: {prediction}")  # 0 = non-phishing, 1 = phishing