Towards Robust SEA Detection: Leveraging Model Diversity and Randomization Against Adversarial Attacks

Deep Learning-based Social Engineering Attack (SEA) detectors have shown promising results in identifying malicious content. However, these models remain vulnerable to adversarial attacks, where carefully crafted inputs can significantly impact their performance. This paper presents a novel defense mechanism that leverages model diversity and randomization to counter black-box adversarial attacks. Unlike traditional approaches that rely on a single model with fixed parameters, our method automatically utilizes multiple base model variants during inference, each trained on different data distributions with distinct settings. We use a random selection method from these variants for the final predictions, adding an element of unpredictability that increases the difficulty for attackers in creating successful adversarial examples. Our experimental results across various transformer-based architectures demonstrate that our approach maintains robust performance while effectively defending against 12 different types of black-box attacks targeting words, sentences, and characters. The proposed method achieves an average performance improvement of 2-3% over existing defense mechanisms on clean data and a significant 17% improvement in resistance to adversarial settings. It outperforms existing approaches by 13-44% in accuracy under adversarial attacks, all without substantially increasing computational complexity or compromising clean data performance. This work enhances the reliability and trustworthiness of SEA detection systems while addressing practical challenges in deploying robust defense mechanisms.