CyberCane Logo

CyberCane: Neuro-Symbolic RAG for Privacy-Preserving Phishing Detection with Formal Ontology Reasoning

Safayat Bin Hakim1, Aniqa Afzal1, Qi Zhao1, Vigna Majmundar1, Pawel Sloboda2, Houbing Herbert Song1
1University of Maryland, Baltimore County
2Bowie State University
Under Review

Phase 1: Symbolic Rules

  • Zero cost ($0)
  • Explainable decisions
  • No PHI exposure
  • Lower precision (83.0%)
  • Higher FPR (2.9%)

Phase 2: RAG Pipeline

  • High precision (99.5%)
  • Low FPR (0.16%)
  • PII redacted
  • Ontology reasoning
  • Cost-effective ($0.0017)

GPT-4 Direct Baseline

  • High recall (99.0%)
  • Lowest cost ($0.0001)
  • Lower precision (93.2%)
  • High FPR (5.9%)
  • 53.2% PHI exposure
99.5%
Phase 2 Precision
0.16%
False Positive Rate
542×
Healthcare ROI
0%
PHI Exposure

Abstract

Privacy-critical domains require phishing detection systems that satisfy contradictory constraints: near-zero false positives to prevent workflow disruption, transparent explanations for non-expert staff, strict regulatory compliance prohibiting sensitive data exposure to external APIs, and robustness against AI-generated attacks. Existing rule-based systems are brittle to novel campaigns, while LLM-based detectors violate privacy regulations through unredacted data transmission. We introduce CyberCane, a neuro-symbolic framework integrating deterministic symbolic analysis with privacy-preserving retrieval-augmented generation (RAG). Our dual-phase pipeline applies lightweight symbolic rules to email metadata, then escalates borderline cases to semantic classification via RAG with automated sensitive data redaction and retrieval from a phishing-only corpus. We further introduce PhishOnt, an OWL ontology enabling verifiable attack classification through formal reasoning chains. Evaluation on DataPhish 2025 (12.3k emails; mixed human/LLM) and Nazario/SpamAssassin demonstrates a 78.6-point recall gain over symbolic-only detection on AI-generated threats, with precision exceeding 98% and FPR as low as 0.16%. Healthcare deployment projects a 542× ROI; tunable operating points support diverse risk tolerances, with open-source implementation at github.com/sbhakim/Cybercane.

System Architecture

CyberCane Neuro-Symbolic Architecture

Dual-phase neuro-symbolic pipeline with privacy-preserving RAG and formal ontology reasoning.

Healthcare Application: Domain-Specific Threat Taxonomy

Domain-Specific Phishing Threat Taxonomy for Healthcare

Healthcare-specific threat taxonomy showing attack distribution: 34% Social Engineering, 26% AI Content, 20.5% Insurance Phishing, 19.5% Appointment Scams. Framework generalizes to finance, legal, and government domains.

Results

Table 1: Detection Performance (Precision/Recall/FPR)

Dataset (test) Method Precision Recall FPR
Nazario.clean + SpamAssassin
(n=1,110)
Phase 1 (Rules) 83.0% 17.8% 2.9%
Phase 2 (RAG, k=8) 99.5% 37.2% 0.16%
DataPhish 2025
(n=2,337; ~75% LLM-generated)
Phase 1 (Rules) 93.4% 20.5%
Phase 2 (RAG, k=8) 98.2% 99.1%

Table 2: Privacy and Cost Tradeoffs vs Direct LLM Baseline

Method Precision Recall F1 FPR Cost/email PHI Exposure
CyberCane (RAG, k=8) 99.5% 37.2% 54.1% 0.16% $0.0017 0%
TF-IDF LR + Redaction § 98.8% 97.4% 98.1% 0.98% $0 0%
GPT-4 Direct (unredacted) 93.2% 99.0% 96.0% 5.9% $0.0001 53.2%

Table 3: Operating Modes (Tunable Thresholds)

Mode Similarity Threshold Precision Recall F1 FPR
Conservative 0.50 99.3% 29.5% 45.5% 0.16%
Baseline 0.45 99.5% 37.2% 54.1% 0.16%
Balanced (Default) 0.40 99.5% 40.0% 57.1% 0.16%
Moderate 0.35 99.5% 42.2% 59.3% 0.16%
Aggressive 0.30 99.5% 44.6% 61.6% 0.16%

Note: FPR remains constant at 0.16% across all modes via shared Phase 1 high-confidence threshold (score ≥ 5). † PHI redacted before API transmission. § Privacy-constrained fair comparison using same redaction pipeline as CyberCane. CyberCane provides 6× lower FPR (0.16% vs. 0.98%), PhishOnt verifiable reasoning chains, and tunable operating points.

Table 4: PhishOnt Ontology Coverage

Split Coverage Description
Overall (n=1,110) 85.0% All test emails
Phishing (n=495) 76.8% Phishing emails classified
Benign (n=615) 91.7% Legitimate emails classified

Notable Findings

Layered Defense: Phase 2 Closes Phase 1 Blind Spots

79.5% of phishing emails evade Phase 1 symbolic rules (rising to 95.8% for Neutral-tone and 97.2% for Greed-tone emails). Phase 2 RAG recovers 99.0% of these Phase 1-evaded attacks, resulting in a combined two-phase miss rate of only 0.8%. This demonstrates that the dual-phase architecture is essential: neither phase alone achieves healthcare-grade performance.

PII Quantification: Redaction Scope

50.7% of DataPhish 2025 emails contain at least one PII item (mean 1.63 items/email), confirming that unredacted transmission to external APIs exposes sensitive data at scale. CyberCane's automated redaction pipeline eliminates this exposure entirely before any API call, achieving 0% PHI leakage across all test conditions.

Confidence Discriminability

Phase 2 RAG produces meaningfully separated confidence distributions: phishing emails receive a mean similarity score of 54.6% versus 52.8% for benign emails. Critically, 85.5% of benign emails fall below the phishing mean, providing a clear statistical basis for the conservative 0.40 threshold that drives the 0.16% FPR.

Methodology

Phase 1: Deterministic Symbolic Analysis

Applies rule-based heuristics without external API calls:

Phase 2: Privacy-Preserving RAG

Escalates ambiguous cases through a privacy-first pipeline:

  1. PII Redaction: Regex-based entity removal (emails, phone numbers, SSNs, medical IDs)
  2. Embedding: OpenAI text-embedding-3-small (1536-dim vectors)
  3. HNSW Retrieval: k=8 nearest neighbors from phishing-only corpus (pgvector)
  4. LLM Reasoning: GPT-4.1-mini generates explanations with retrieved context
  5. Conservative Thresholds: Top similarity ≥ 0.40, Avg-Top-3 ≥ 0.35

PhishOnt: Formal Ontology Reasoning

OWL-based ontology with SWRL rules maps observed indicators to formal attack classifications:

Multi-Layer Explanation System

Multi-Layer Explanation Generation Example

Example Medicare phishing detection showing three explanation layers: (1) Symbolic evidence from DNS/SMTP analysis, (2) Retrieved similar phishing examples with similarity scores, (3) GPT-4.1-mini contextual reasoning. Final verdict: 94% confidence with actionable recommendations.

Reproducibility

All evaluation scripts, datasets, and threshold configurations are available in the repository:

Quick Start

Docker Deployment (Recommended)

docker compose up --build
# Web: http://localhost:3000 | API: http://localhost:8000 | Docs: http://localhost:8000/docs

Try the API

# Phase 1: Rules-based scan (no API key required)
curl -X POST http://localhost:8000/scan \
  -H "Content-Type: application/json" \
  -d '{"sender":"alert@bank.com","subject":"Urgent: verify account","body":"Click: http://bit.ly/x","url":1}'

# Phase 2: Full RAG analysis (requires OPENAI_API_KEY)
curl -X POST http://localhost:8000/ai/analyze \
  -H "Content-Type: application/json" \
  -d '{"sender":"alert@bank.com","subject":"Urgent: verify account","body":"Click: http://bit.ly/x","url":1}'

Citation

@article{hakim2026cybercane,
  author    = {S. B. Hakim and A. Afzal and Q. Zhao and V. Majmundar and P. Sloboda and H. H. Song},
  title     = {{CyberCane}: Neuro-Symbolic {RAG} for Privacy-Preserving Phishing Detection with Formal Ontology Reasoning},
  journal   = {arXiv preprint arXiv:2604.23563},
  year      = {2026},
  note      = {[Online]. Available: \url{https://arxiv.org/abs/2604.23563}},
  primaryclass = {cs.CR}
}