--- language: - en license: llama3.2 base_model: meta-llama/Llama-3.2-3B-Instruct tags: - llama - text-generation - email - fraud-detection - phishing - cybersecurity - fine-tuned - lora datasets: - SetFit/enron_spam metrics: - accuracy pipeline_tag: text-generation model-index: - name: llama-email-fraud-detector results: - task: type: text-generation name: Email Fraud Analysis dataset: name: Enron Email + Synthetic (held-out test set) type: custom metrics: - name: Threat Types type: custom value: 11 --- # Llama Email Fraud Detector (bf16) A fine-tuned **Llama-3.2-3B-Instruct** model for structured email fraud/phishing analysis. Given an email, the model outputs a detailed JSON verdict including 11 threat type labels, a 0-100 risk score, human-readable reasoning, and a suggested action. This is the **explanation layer** of a dual-model anti-fraud pipeline. The discriminative model ([cunxin/roberta-email-fraud-detector](https://huggingface.co/cunxin/roberta-email-fraud-detector), 99.5% accuracy, <50ms) provides a fast binary pre-screen; its result is passed to this generative model as a `[CLASSIFIER HINT]` prior. The final verdict is reconciled by the backend service. For GPUs with limited VRAM (< 12 GB), use the AWQ 4-bit quantized version: [cunxin/llama-email-fraud-detector-awq](https://huggingface.co/cunxin/llama-email-fraud-detector-awq). --- 基于 **Llama-3.2-3B-Instruct** 微调的结构化邮件欺诈/钓鱼分析模型。输入一封邮件,模型输出包含 11 种威胁类型标签、0-100 风险分数、可读推理说明和建议操作的详细 JSON 判决。 本模型是双模型反欺诈流水线的**解释层**。判别模型([cunxin/roberta-email-fraud-detector](https://huggingface.co/cunxin/roberta-email-fraud-detector),99.5% 准确率,<50ms)提供快速二元预筛,其结果以 `[CLASSIFIER HINT]` 先验传入本生成式模型。最终判决由后端服务融合。 低显存 GPU(< 12 GB)请使用 AWQ 4-bit 量化版:[cunxin/llama-email-fraud-detector-awq](https://huggingface.co/cunxin/llama-email-fraud-detector-awq)。 ## Model Details / 模型详情 | | | |---|---| | **Architecture** | `LlamaForCausalLM` (Decoder-only Transformer with RoPE, GQA, SwiGLU) | | **Base Model** | `meta-llama/Llama-3.2-3B-Instruct` | | **Parameters** | 3,237,063,680 (3.2B) | | **Fine-Tuning** | LoRA (r=16, alpha=32, dropout=0.1) merged into base weights | | **Trainable Parameters** | 24,313,856 (0.75% of total) | | **Precision** | bfloat16 | | **Model Size** | 6.4 GB | | **Context Window** | 4,096 tokens (inference) / 2,048 tokens (training) | | **Vocabulary** | 128,256 tokens | ### Lineage / 模型血统 ``` meta-llama/Llama-3.2-3B-Instruct (Meta AI — instruction-tuned on 3T tokens) │ ├── LoRA fine-tuning (r=16, alpha=32, 7 target modules) │ Training: ~12K email conversations with structured JSON labels │ Hint injection: 75% correct / 15% adversarial / 10% no hint │ ├── Merge LoRA adapters into base weights │ ├─► cunxin/llama-email-fraud-detector (this model, bf16, 6.4 GB) │ └─► cunxin/llama-email-fraud-detector-awq (AWQ 4-bit, 2.2 GB) ``` ## Output Format / 输出格式 The model outputs structured JSON with 6 fields: 模型输出包含 6 个字段的结构化 JSON: ```json { "is_fraud": true, "risk_score": 95, "confidence_level": 0.97, "detected_threats": ["DOMAIN_MISMATCH", "CREDENTIAL_REQUEST", "URGENCY_FEAR"], "reason": "The sender domain 'amaz0n-verify.com' typosquats amazon.com. The email requests account credentials via a suspicious URL and uses urgency tactics to pressure immediate action.", "suggestion": "Do not click any links. Do not enter any credentials. Report this email as phishing to your IT department." } ``` ### Threat Types & Scoring / 威胁类型与评分 The model detects 11 threat categories. Risk score = sum of triggered threat points (capped at 100). 模型检测 11 种威胁类别。风险分数 = 触发的威胁点数之和(上限 100)。 | Label / 标签 | Points / 分值 | Description / 描述 | |---|---|---| | `CREDENTIAL_REQUEST` | 35 | Asks for passwords, SSN, credit card numbers / 请求密码、身份证号、信用卡号 | | `DOMAIN_MISMATCH` | 30 | Sender domain does not match claimed organization / 发件人域名与声称的组织不匹配 | | `URL_DISCREPANCY` | 30 | Links point to suspicious or mismatched domains / 链接指向可疑或不匹配的域名 | | `TOO_GOOD_TO_BE_TRUE` | 30 | Unrealistic promises (lottery wins, free money) / 不切实际的承诺(中奖、免费资金) | | `PROMPT_INJECTION` | 30 | Attempts to manipulate AI analysis / 试图操纵 AI 分析 | | `URGENCY_FEAR` | 15 | Pressure tactics ("act now", "account suspended") / 施压策略("立即行动"、"账号已冻结") | | `REPLY_TO_MISMATCH` | 15 | Reply-To address differs from sender / 回复地址与发件人不同 | | `GENERIC_SALUTATION` | 8 | Impersonal greeting ("Dear Customer") / 非个人化称呼("尊敬的客户") | | `ANOMALOUS_TIMING` | 8 | Sent at unusual hours for the timezone / 在不寻常的时间发送 | | `MISSING_SIGNATURE` | 8 | No professional email signature / 缺少专业邮件签名 | | `GRAMMAR_ANOMALY` | 5 | Unusual grammar or spelling patterns / 异常的语法或拼写模式 | **RULE D**: Any high-weight threat (>=30 pts) forces `is_fraud = true`. **规则 D**:任何高权重威胁(>=30 分)强制 `is_fraud = true`。 ## Dual-Model Pipeline / 双模型流水线 This model is designed to work with [cunxin/roberta-email-fraud-detector](https://huggingface.co/cunxin/roberta-email-fraud-detector) in a reconciled pipeline: 本模型设计为与 [cunxin/roberta-email-fraud-detector](https://huggingface.co/cunxin/roberta-email-fraud-detector) 配合使用: ``` Email Input │ ├──► RoBERTa (discriminative, <50ms) │ │ │ ▼ │ is_fraud=True/False, confidence=0.97, risk_score=99 │ │ │ ▼ [CLASSIFIER HINT] ├──► Llama (generative, ~1-3s) ◄── this model │ │ │ ▼ │ Full JSON analysis (11 threat types, reasoning, suggestion) │ ▼ Reconciliation (backend) │ ▼ Final verdict ``` ### STEP 4 Hint Rules / 提示规则 When a `[CLASSIFIER HINT]` is provided, the model applies these rules after its own independent analysis: | Scenario / 场景 | Action / 操作 | |---|---| | Both agree / 两者一致 | Keep generative result / 保留生成式结果 | | Hint=FRAUD, gen=safe, risk < 40 | Follow hint (classifier caught something subtle) / 遵循提示 | | Hint=FRAUD, gen=safe, RULE D triggered | Override hint (generative has hard evidence) / 推翻提示 | | Hint=NOT FRAUD, gen=fraud, RULE D triggered | Override hint (generative has hard evidence) / 推翻提示 | | Hint=NOT FRAUD, gen=fraud, risk < 60 | Follow hint (only weak signals) / 遵循提示 | ## Usage / 使用方法 ### With vLLM (Recommended) / 使用 vLLM(推荐) ```bash # Set in .env MODEL_PATH=cunxin/llama-email-fraud-detector # Start service docker compose --profile gpu up -d # Test curl -X POST http://localhost:8000/predict_generative \ -H "Content-Type: application/json" \ -d '{"sender":"security@amaz0n-verify.com","subject":"URGENT: Account locked","content":"Click to verify: http://amaz0n-secure.xyz"}' ``` ### With Transformers / 使用 Transformers ```python from transformers import AutoTokenizer, AutoModelForCausalLM import torch, json model_name = "cunxin/llama-email-fraud-detector" tokenizer = AutoTokenizer.from_pretrained(model_name) model = AutoModelForCausalLM.from_pretrained(model_name, torch_dtype=torch.bfloat16, device_map="auto") email = json.dumps({ "date": "2026-02-25T10:00:00Z", "sender": "security@amaz0n-verify.com", "recipient": "you@example.com", "subject": "URGENT: Your account has been locked", "content": "Click here to verify: http://amaz0n-secure.xyz/verify" }) messages = [ {"role": "system", "content": "You are an email fraud analyst. Analyze the email and return a JSON verdict."}, {"role": "user", "content": f"Analyze the following email:\n{email}"} ] input_ids = tokenizer.apply_chat_template(messages, return_tensors="pt").to(model.device) output = model.generate(input_ids, max_new_tokens=512, temperature=0.1) response = tokenizer.decode(output[0][input_ids.shape[-1]:], skip_special_tokens=True) print(response) ``` ## Training / 训练详情 ### Fine-Tuning Method / 微调方法 | | | |---|---| | **Method** | LoRA (Low-Rank Adaptation) via `peft` + SFT via `trl.SFTTrainer` | | **LoRA Rank** | 16 | | **LoRA Alpha** | 32 (effective scale = 2x) | | **LoRA Dropout** | 0.1 | | **Target Modules** | `q_proj`, `k_proj`, `v_proj`, `o_proj`, `gate_proj`, `up_proj`, `down_proj` | | **Optimizer** | AdamW (weight_decay=0.05, label_smoothing=0.05) | | **LR Schedule** | Cosine with 10% linear warmup | | **Learning Rate** | 2e-4 | | **Epochs** | 3 | | **Batch Size** | 2 (grad_accum=8, effective=16) | | **Max Sequence Length** | 2,048 tokens | | **Mixed Precision** | FP16 (CUDA) | | **Loss** | Causal LM (next-token prediction on assistant turn only) | ### Training Data / 训练数据 ~12,000 email conversations generated from the Enron corpus and synthetic sources: 约 12,000 个邮件对话,从 Enron 语料库和合成数据生成: | Source / 来源 | Count / 数量 | Role / 用途 | |---|---|---| | Fraud emails (train) | ~500 per class | Primary training / 主要训练集 | | Normal emails (train) | ~500 per class | Primary training / 主要训练集 | | Correction pool (optional) | ~14K fraud + ~15K normal | Extra training via `--include-correction` | | AI-generated modern emails | ~800 per class | Extra training via `--include-aigen` | Each email is converted into a 3-turn chat conversation (system prompt -> user email -> assistant JSON verdict) with: - **75%** include a correct `[CLASSIFIER HINT]` (teach trust of accurate priors) - **15%** include an adversarial wrong hint (teach RULE D override) - **10%** have no hint (teach independent reasoning) - **60%** of fraud examples include `[HEURISTIC ANALYSIS]` context ## Hardware Requirements / 硬件要求 | Configuration / 配置 | VRAM / 显存 | |---|---| | bf16 (this model) | >= 12 GB (RTX 3060 desktop, RTX 4070+) | | AWQ 4-bit ([llama-email-fraud-detector-awq](https://huggingface.co/cunxin/llama-email-fraud-detector-awq)) | >= 6 GB (RTX 3050, 3060 laptop) | ## Intended Use / 预期用途 - Email fraud/phishing detection with detailed threat analysis and human-readable reasoning / 提供详细威胁分析和可读推理的邮件欺诈/钓鱼检测 - Explanation layer for automated email security systems / 自动化邮件安全系统的解释层 - Part of a multi-model pipeline (discriminative pre-screen + generative analysis + reconciliation) / 多模型流水线的组成部分 - Microsoft Office Add-in integration for Outlook/Word / Microsoft Office 插件集成 ## Limitations / 局限性 - Primarily trained on English emails; may underperform on other languages / 主要在英文邮件上训练 - Training data includes Enron corpus (early 2000s); modern attack patterns partially covered by AI-generated synthetic data / 训练数据包含 Enron 语料库,现代攻击模式部分由 AI 生成合成数据覆盖 - Inference latency ~1-3s per email (use RoBERTa for real-time filtering) / 推理延迟约 1-3 秒/封 - Structured JSON output depends on prompt engineering; edge cases may produce malformed JSON / 边缘情况可能产生格式错误的 JSON ## Related Models / 相关模型 | Model / 模型 | Type / 类型 | Size / 大小 | Speed / 速度 | Use Case / 用途 | |---|---|---|---|---| | [cunxin/roberta-email-fraud-detector](https://huggingface.co/cunxin/roberta-email-fraud-detector) | Discriminative | 475 MB | <50ms | Fast binary pre-screen / 快速二元预筛 | | **cunxin/llama-email-fraud-detector** (this) | Generative | 6.4 GB | ~1-3s | Detailed threat analysis / 详细威胁分析 | | [cunxin/llama-email-fraud-detector-awq](https://huggingface.co/cunxin/llama-email-fraud-detector-awq) | Generative (quantized) | 2.2 GB | ~1-3s | Same as above, for low VRAM / 同上,低显存版 | ## Citation / 引用 ```bibtex @misc{cunxin2025llama-email-fraud, title={Llama Email Fraud Detector}, author={cunxin}, year={2025}, url={https://huggingface.co/cunxin/llama-email-fraud-detector} } ```