A method and system for spam filtering based on adversarial cognitive boundary mining
By extracting user cognitive twin state vectors and generating adversarial examples, and combining them with adversarial boundary reinforcement learning, the problems of static user profiles and insufficient decision-making logic in the large model filtering layer are solved, achieving high accuracy and robustness in personalized spam filtering.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING INFORMATION SCI & TECH UNIV
- Filing Date
- 2026-04-01
- Publication Date
- 2026-06-09
Smart Images

Figure CN122174020A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of network security and artificial intelligence, specifically to a spam filtering method and system based on adversarial cognitive boundary mining. Background Technology
[0002] Currently, email anti-spam systems have formed a three-layer filtering architecture: rules, small models, and large models. The large model filtering layer mainly handles complex emails that the first two layers cannot determine, using deep semantic analysis to identify the nature of the email. Its core principle is to leverage the contextual understanding capabilities of the large model, combined with user profile data, to perform semantic parsing of the email text content, thus overcoming the limitations of traditional rules and small models in complex text recognition. However, the existing large model filtering layer still has core technical challenges: However, existing large-scale model filtering layers still have significant technical pain points: First, user profiles are static, relying solely on historical data to construct fixed feature dimensions, making it impossible to dynamically perceive changes in user cognitive boundaries, resulting in low accuracy in identifying emails in ambiguous areas (which resemble normal emails but also contain potential risk features); second, there is a lack of proactive exploration mechanisms, relying solely on existing samples to optimize the model, making it difficult to discover blind spots in user cognition, and insufficient defense capabilities against cognitively confusing spam emails specifically forged by attackers; third, the decision-making logic lacks adversarial adaptability, failing to consider attackers' imitation and avoidance of user cognitive patterns, making filtering strategies easily bypassed. Summary of the Invention
[0003] To address the shortcomings of existing methods and the needs of practical applications, and in order to solve the aforementioned problems, this invention provides a spam filtering method based on adversarial cognitive boundary mining, comprising the following steps: The system extracts user cognitive twin state vectors from email data; generates cognitive confusion adversarial samples through a boundary sample generation module; mines cognitive boundary information based on these adversarial samples using adversarial boundary reinforcement learning; calculates the causal correlation between email features and user judgment results to obtain core causal features; constructs personalized prompts by combining the user cognitive twin state vectors, the cognitive boundary information, and the core causal features; and outputs judgment results using an optimized large model based on the personalized prompts, few-shot examples, the emails to be detected, and the user cognitive twin state vectors.
[0004] Optionally, extracting the user's cognitive twin state vector from email data includes the following steps: Behavioral features, content features, and security features are extracted from email data; combined with these features, a time-series weighted fusion algorithm is used to extract the user's cognitive twin state vector.
[0005] Optionally, the cognitive confusion adversarial examples generated by the boundary sample generation module satisfy the following: in, This represents the generated cognitive confusion adversarial example. This indicates that the optimal adversarial sample is the one that maximizes the objective function. Let λ represent the cognitive inconsistency loss for sample m′, and let λ represent the perplexity penalty coefficient. Indicates the semantic perplexity of sample m′. This represents the difference between sample m′ and the base spam sample. The p-norm distance, where δ represents the spam feature retention threshold. This indicates that sample m′ is compared with the user's historical normal email samples. similarity, This represents a sample of a user's historical normal emails. This represents the similarity threshold for normal emails.
[0006] Optionally, the spam filtering method based on adversarial cognitive boundary mining further includes the following steps: Construct a cognitive inconsistency loss function for cognitive consistency verification; and use the cognitive inconsistency threshold with the user's historical decision-making patterns and the inconsistency loss function to complete adversarial cognitive boundary mining.
[0007] Optionally, the cognitive inconsistency loss function satisfies: in, This indicates cognitive inconsistency loss. This represents the expected value, or average loss, of all samples m in the user's historical email sample set Mu. This represents a sample set of the user's historical emails. This represents the inference function of a large model, with prompt words as input. The output is the probability of the email being spam, with a value in the range [0,1]. The closer the value is to 1, the more likely it is spam. This indicates the basic prompt words for email m. Represents the constraint function. This represents the transpose of the user's cognitive twin state vector. This represents the result of the matching degree calculation between the user's cognitive state and the email features. This represents the L2 norm.
[0008] Optionally, the step of mining cognitive boundary information based on the adversarial examples through adversarial boundary reinforcement learning includes the following steps: Set up a state, action, and reward function for reinforcement learning; establish a policy network using the state and action, and calculate an advantage function using the reward function; construct a loss function by combining the policy network and the advantage function, and train and update the policy network parameters using the loss function.
[0009] Optionally, calculating the causal correlation between email features and user judgment results to obtain core causal features includes the following steps: Causal interference quantum quantification is used to quantify the causal relationship between email features and user judgment results; a core causal feature filtering threshold is set, and the core causal features are obtained by combining the core causal feature filtering threshold and the causal relationship.
[0010] Optionally, the causal coherence econometrics satisfies: in, This represents the causal relationship value between email feature x and user judgment result Y based on the user's cognitive twin state vector. This indicates that the email must contain the email characteristic x. This indicates that the forced email does not contain the email characteristic x. This represents the conditional probability of the user's cognitive twin state vector.
[0011] Optionally, the step of constructing personalized prompt words by combining the user's cognitive twin state vector, the cognitive boundary information, and the core causal features includes the following steps: The core dimensions of the user's cognitive twin state vector are analyzed to generate a user cognitive description; core risk features and core normal features are listed to generate core feature attention; based on cognitive boundary information, the judgment principle of boundary area emails is clarified to generate boundary judgment rules; combined with the user cognitive description, the core feature attention, the boundary judgment rules, example guidance, and output format requirements, personalized prompt words are constructed.
[0012] This invention constructs a personalized user model by extracting user cognitive twin state vectors, employs adversarial example generation and reinforcement learning to mine user cognitive boundaries, enhancing the model's ability to distinguish ambiguous samples, and utilizes causal inference to screen core causal features to ensure decision interpretability. Finally, it integrates user state, boundary information, and causal features to construct personalized prompts, driving a large model for accurate judgment. This achieves highly personalized spam filtering, adapting to different users' cognitive preferences and decision-making patterns. Adversarial boundary mining improves the model's robustness to complex and obfuscated emails, causal features enhance decision interpretability and reliability, and the combination of a large model and few-shot learning maintains high accuracy in small-sample scenarios, effectively reducing false positives and false negatives.
[0013] Secondly, to efficiently execute the spam filtering method based on adversarial cognitive boundary mining provided by this invention, this invention also provides a spam filtering system based on adversarial cognitive boundary mining, comprising: an input device, an output device, a processor, and a memory, wherein the input device, output device, processor, and memory are interconnected, and the memory includes program instructions for using the spam filtering method based on adversarial cognitive boundary mining. The spam filtering system based on adversarial cognitive boundary mining of this invention has a compact structure and stable performance, and can stably execute the spam filtering method based on adversarial cognitive boundary mining provided by this invention, further improving the overall applicability and practical application capability of this invention. Attached Figure Description
[0014] Figure 1 A flowchart of a spam filtering method based on adversarial cognitive boundary mining is provided for an embodiment of the present invention; Figure 2 This is a framework diagram of a spam filtering system based on adversarial cognitive boundary mining, provided for an embodiment of the present invention. Detailed Implementation
[0015] Specific embodiments of the present invention will now be described in detail. It should be noted that the embodiments described herein are for illustrative purposes only and are not intended to limit the invention. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be apparent to those skilled in the art that these specific details are not necessary to practice the invention. In other instances, well-known circuits, software, or methods have not been specifically described to avoid obscuring the invention.
[0016] Throughout this specification, references to an embodiment, example, or illustration mean that a particular feature, structure, or characteristic described in connection with that embodiment or example is included in at least one embodiment of the invention. Therefore, phrases appearing in various places throughout the specification, such as "in one embodiment," "in an embodiment," "an example," or "an illustration," do not necessarily refer to the same embodiment or example. Furthermore, specific features, structures, or characteristics can be combined in any suitable combination and / or sub-combination in one or more embodiments or examples. Moreover, those skilled in the art will understand that the illustrations provided herein are for illustrative purposes and are not necessarily drawn to scale.
[0017] Please see Figure 1 To address the above problems, this invention provides a spam filtering method based on adversarial cognitive boundary mining. In one embodiment, the method includes the following steps: S1. Extract the user's cognitive twin state vector from email data.
[0018] In this embodiment, extracting the user's cognitive twin state vector from email data includes the following steps: First, behavioral features, content features, and security features are extracted from email data.
[0019] Email data refers to complex emails that cannot be determined after rule-based filtering and small model filtering. This includes the sender's / recipient's historical email data for the past 90 days, communication relationship records, historical filtering feedback logs, and user behavior data (such as email opening frequency, report records, and keyword tagging behavior).
[0020] Furthermore, three core features are extracted from the data, including: Behavioral characteristics: Sending and receiving preferences during work hours, frequency of interaction with frequently used contacts, and probability of clicking on unfamiliar links; Content characteristics: preference for technical terms, aversion to sensitive words, and a tendency towards certain themes; Security features: Scam sensitivity, advertising tolerance, and timely risk email feedback.
[0021] Then, combining the behavioral features, content features, and security features, a time-weighted fusion algorithm is used to extract the user's cognitive twin state vector.
[0022] Construct a user cognitive twin state vector based on extracted features. (With dimension d), a time-weighted fusion algorithm is used to dynamically update Cu: 1. Set a time decay factor α (recommended value 0.95) to assign weights to historical feature data based on timestamps, with more recent data receiving higher weights. The weight calculation formula is as follows: , where T is the current timestamp and t is the historical data timestamp; 2. Introduce a user feedback adjustment coefficient β (value range [0.8, 1.2]). When users provide explicit feedback on the filtering results (such as marking as misjudged or confirming blocking), adjust the weight of the corresponding feature dimension according to the feedback type. For example, when a user marks a certain type of advertising email as spam, increase the update weight of the advertising tolerance feature. 3. Employ a sliding window mechanism (window size set to 30 days) to remove expired data from cognitive states in real time, ensuring... It always reflects the user's recent cognitive patterns.
[0023] S2. Generate cognitive confusion adversarial samples through the boundary sample generation module, and mine cognitive boundary information based on the adversarial samples through adversarial boundary reinforcement learning.
[0024] First, we construct a cognitive inconsistency loss function for cognitive consistency verification; The cognitive inconsistency loss function satisfies: in, This represents the cognitive inconsistency loss, used to quantify the degree of difference between the output of a large model and the user's cognitive pattern. Its value ranges from [0,1], with larger values indicating more significant differences. This represents the expected value, or average loss, of all samples m in the user's historical email sample set Mu. This represents a sample set of the user's historical emails, including legitimate emails, spam emails, and feedback records marked by the user. The sample size is no less than 500 emails to ensure statistical validity. This represents the inference function of a large model, with prompt words as input. The output is the probability of the email being spam, with a value in the range [0,1]. The closer the value is to 1, the more likely it is spam. This represents the core instruction for determining whether an email (m) is spam, including basic prompts and outputting probability values. This represents a constraint function that maps input values to the [0,1] probability space to prevent numerical overflow. This represents the transpose of the user's cognitive twin state vector. This represents the result of the matching degree between the user's cognitive state and the email features, with a value range of [-∞, +∞]. L2 norm is used to calculate the distance between two vectors, measuring the degree of difference.
[0025] Secondly, adversarial cognitive boundary mining is completed by utilizing the cognitive inconsistency threshold with the user's historical decision-making patterns and the aforementioned inconsistency loss function.
[0026] Specifically, when the cognitive inconsistency loss exceeds a preset cognitive inconsistency threshold, a cognitive boundary exploration process is triggered, including: Boundary region delineation: based on user historical email samples The values and manually labeled results are divided into three regions: <0.2 indicates a clearly normal range. >0.8 is used to clearly define the garbage area. This is the cognitive boundary region; Blind spot location: Statistically analyze the feature distribution of emails within the boundary area, identify high-frequency feature combinations that are not covered by existing filtering rules, and mark them as cognitive blind spots; Prioritize exploration: Prioritize exploration of high-frequency, high-risk cognitive blind spots by the frequency of occurrence of blind spot feature combinations and the risk level of associated emails (based on historical feedback data). Explore trigger conditions dynamically: Adaptively adjust the cognitive inconsistency threshold value according to the frequency of user feedback. When user feedback is frequent, the cognitive inconsistency threshold is reduced (0.25) to increase the exploration frequency; when feedback is sparse, the cognitive inconsistency threshold is increased (0.35) to reduce invalid exploration.
[0027] Furthermore, the cognitive confusion adversarial examples generated by the boundary sample generation module satisfy the following: in, This represents the generated cognitive confusion adversarial example. This indicates that the optimal adversarial sample is the one that maximizes the objective function. Let represent the cognitive inconsistency loss for sample m′, and λ represent the perplexity penalty coefficient, used to balance cognitive inconsistency and semantic fluency of the sample, with a value of 0.1. This represents the semantic perplexity of sample m′, used to measure the naturalness and fluency of the text. The lower the value, the more fluent the semantics. It is calculated based on the probability distribution entropy of the text using a pre-trained language model (such as BERT). This represents the difference between sample m′ and the base spam sample. The p-norm distance is used to constrain m′ to retain the core features of spam, and δ represents the spam feature retention threshold, which is recommended to be 0.2, to ensure that m′ is consistent with the p-norm distance. The core characteristics of the basic spam samples differ by no more than 20%. Selected from recently blocked high-confidence spam emails, which must contain clear risk characteristics such as sensitive links or misleading language. This indicates that sample m′ is compared with the user's historical normal email samples. The similarity is calculated using cosine similarity, with values ranging from [0,1]. This represents a sample of normal emails from the user's history, selected from emails marked as normal by the user or emails that have not been reported for a long time. This represents the similarity threshold for normal emails. A value of 0.7 is recommended to ensure that m′ is sufficiently similar to the user's normal emails in terms of semantics and format.
[0028] Specifically, the process for generating cognitive confusion adversarial examples is as follows: Feature decomposition: breaking down basic spam samples Break it down into core risk characteristics (such as clicking a link to transfer money) and surface-level formal characteristics (such as sentence structure, vocabulary style, and sending time). Normal Feature Transfer: From User History Normal Email Samples Extract surface-level formal features (such as commonly used honorifics, professional terms, and paragraph structure). Feature fusion: Core risk characteristics and The surface features are fused, and initial adversarial samples are generated by means of synonym replacement, sentence rewriting, and format adjustment. Constraint verification: Calculate the initial sample's... and If the constraints are not met, the fusion ratio of the surface form features is iteratively adjusted until the constraints are met. Semantic optimization: Calculating the sample's If the value is too high (threshold 100), the sample will be optimized through syntax correction and semantic polishing to ensure natural and fluent performance.
[0029] Furthermore, the filtering decision is viewed as a Markov decision process, and the decision policy is updated online through proximal policy optimization (PPO). The process of mining cognitive boundary information based on the adversarial examples through adversarial boundary reinforcement learning includes the following steps: Configure the state, action, and reward function for reinforcement learning, where: state: , This represents the user's cognitive twin state vector at time t. This represents the feature vector of the email to be detected. This represents the cognitive confusion level of the email, with a value range of [0,1].
[0030] action: These correspond to allowing passage, intercepting, and requesting manual confirmation, respectively.
[0031] Reward function: Based on this, a policy network is established using the states and actions, and an advantage function is calculated using the reward function.
[0032] In this embodiment, a policy network is established using the states and actions. ,satisfy: ,in, This represents a 3-layer perceptron. These are network parameters.
[0033] The advantage function is calculated using the reward function, satisfying: in, , For the value network, γ is the discount factor (with a value of 0.99). The attenuation factor is 0.95.
[0034] Furthermore, a loss function is constructed by combining the policy network and the advantage function, and the policy network parameters are trained and updated using the loss function.
[0035] In the embodiment, the loss function ,satisfy: This represents the mathematical expectation at time t. The network parameters were set before the update. Let be the clipping factor (value 0.2), representing all possible "states" at time t. -action "Average the loss values of the sample pairs to ensure the stability and statistical validity of the loss calculation."
[0036] During training, every 1000 decision data points are accumulated as a batch, and the minimum value is minimized using gradient descent. Update policy network parameters Simultaneously train the value network Fitting state values improves decision-making accuracy.
[0037] S3. Calculate the causal correlation between email features and user judgment results to obtain core causal features.
[0038] In an optional embodiment, calculating the causal correlation between email features and user judgment results to obtain core causal features includes the following steps: First, let the set of email features be X = {x1, x2, ..., x...} n (e.g., clicking a link to receive free financial reconciliation), the user's judgment result is Y (Y=1 indicates spam, Y=0 indicates normal email), and then the causal relationship between email characteristics and the user's judgment result is quantified using causal interference quantum quantification.
[0039] The causal interference estimator satisfies: in, This represents the causal relationship value between email feature x and user judgment result Y based on the user's cognitive twin state vector. This indicates that the email must contain the email characteristic x. This indicates that the forced email does not contain the email characteristic x. This represents the conditional probability of the user's cognitive twin state vector.
[0040] Finally, a core causal feature filtering threshold is set, and the core causal features are obtained by combining the core causal feature filtering threshold and the causal relationship.
[0041] In the embodiment, for each feature x in the email feature set X, calculate ,filter Features with a value ≥0.8 are considered core risk features. Features with a value ≤0.2 are considered core normal features; Furthermore, from the user's historical email database, the Top-K (recommended K=3) samples that simultaneously contain core features and have the highest matching degree with the cognitive state of the email to be detected are retrieved as Few-shot examples to ensure that the examples are consistent with the causal logic of the email to be detected.
[0042] S4. Combine the user's cognitive twin state vector, the cognitive boundary information, and the core causal features to construct personalized prompt words.
[0043] In this embodiment, the step of constructing personalized prompt words by combining the user's cognitive twin state vector, the cognitive boundary information, and the core causal features includes the following steps: Generate user cognitive descriptions: Analyze the core dimensions of the user's cognitive twin state vector and transform them into natural language descriptions. For example, if the user is a corporate finance person, they are sensitive to words such as 'transfer', 'account', and 'invoice', have extremely low advertising tolerance (0.06), and have stricter criteria for judging working hours (9:00-18:00). Generate core feature focus: List core risk features and core normal features, and clarify the focus areas, such as the key features to focus on: core risk features (click the link to receive for free), core normal features (financial reconciliation, invoice submission); Generate boundary judgment rules: Based on cognitive boundary information, clarify the judgment principles for emails in the boundary area. For example, if an email contains both core risk characteristics and core normal characteristics, it is necessary to first check whether the link source is a trusted domain. If it is not trusted, it is judged as spam. Embedded Example Guidance: Few-shot examples are embedded with prompt words in the order of normal email examples - spam email examples, and the core features of the examples are annotated; Then, define the output of the large model, including the judgment result (spam / legitimate email), confidence level (0-100%), risk label (such as fraud / advertising), core judgment basis, and cognitive matching degree.
[0044] Based on this, personalized prompts are constructed by combining the user cognition description, the core feature focus, the boundary determination rules and example guidance, and the output format requirements.
[0045] S5. Based on the personalized prompts, Few-shot examples, emails to be detected, and the user's cognitive twin state vector, the optimized large model outputs the judgment result.
[0046] In this embodiment, the Tongyi Qianwen Qwen2-72B model is selected as the base model. This model supports 128K context windows and has powerful semantic understanding and reasoning capabilities. Supervised fine-tuning training is then performed, including: (1) Dataset construction: Collect 100,000+ labeled emails from 139 email addresses, including normal emails, spam emails (including scams, advertisements, phishing, etc.), and emails with ambiguous cognitive boundaries. Divide the data into training set, validation set, and test set in a ratio of 7:2:1. (2) Fine-tuning objectives: Optimize the model’s ability to identify specific features of the email domain (such as sensitive links, leading phrases, and technical terms) and its ability to adapt to the user’s cognitive state; (3) Fine-tuning strategy: LoRA (Low-Rank Adaptation) lightweight fine-tuning technique is adopted to freeze the basic model parameters, train only the low-rank adaptation layer, and optimize using the cross-entropy loss function.
[0047] Next, domain adaptation optimization is performed, including: Integrating email domain knowledge: Constructing an email security domain knowledge base (including common spam characteristics, phishing link identification rules, high-frequency terms in financial / office scenarios, etc.), and integrating the knowledge base information into the model reasoning process through RAG (retrieval augmented generation) technology; Adversarial example adaptation: The generated adversarial examples are added to the training set and fine-tuned in two rounds to improve the model's ability to identify cognitively confusing emails.
[0048] Finally, the optimized large model is used for inference and judgment, including: (1) Input concatenation: Concatenate the input text in the order of personalized prompt words → Few-shot example → user cognitive status description → content of the email to be tested, and ensure that the context logic is coherent; (2) Inference parameter settings: Temperature coefficient is set to 0.1 (to reduce randomness), maximum generation length is set to 512 tokens, and confidence threshold is set to 80% (output results directly if the value is higher than the threshold, and trigger manual review if the value is lower than the threshold). (3) Result generation: Based on the input information, the model combines the email domain knowledge learned through fine-tuning with the user's cognitive adaptation ability to output the judgment result, confidence level, risk label, core judgment basis and cognitive matching degree.
[0049] Furthermore, the system receives the judgment results from the large model, generates interception or allowance instructions, labels the filtering type as adversarial filtering using the large model, and synchronizes it to the anti-spam system to execute corresponding operations. The filtering results, cognitive state data, adversarial example information, and decision-making process logs are stored in a distributed database; sender / recipient profile fields are updated in real time; and logs are synchronized to the operations management platform to support issue tracing and performance monitoring.
[0050] In other embodiments, an email filtering interpretation report and a user behavior analysis report are also generated. The email filtering interpretation report includes basic email information, cognitive matching basis, core risk characteristics and causal correlation, and decision-making strategy explanation, making the judgment logic transparent. The user behavior analysis report includes email sending and receiving trends over the past 30 days, risk feature clustering, cognitive boundary change curves, etc., providing support for system optimization and user security prompts.
[0051] The following uses user B, a corporate finance professional, as an example to explain in detail the implementation process of the core algorithm. User B's core cognitive characteristics are: sensitivity to terms related to money transfers and accounts, low tolerance for advertising, and frequent use of financial terminology. Data preparation: The data layer extracts 3,000 historical emails from user B over the past 90 days. After cleaning, 2,800 valid emails are retained, including financial work emails, a small number of normal marketing emails, 150 marked fraud / spam emails, and user feedback records.
[0052] Feature extraction: Behavioral features: high frequency of sending and receiving messages on weekdays from 9:00 to 18:00 (weight 0.9), frequently used contacts are company colleagues and bank contacts (trust coefficient 0.95), probability of clicking unfamiliar links 0.02; Content features: matching weight of terms 'transfer', 'account', and 'invoice' 0.93, exclusion degree of words 'free' and 'promotion' 0.91; Security features: fraud sensitivity 0.94, advertising tolerance 0.06.
[0053] Generate a user cognitive twin state vector with core dimensions set to [0.9, 0.95, 0.02, 0.93, 0.91, 0.94, 0.06, ...] and other non-core features set to 0.5. Store the vector in the cognitive state database.
[0054] Cognitive consistency check: The email to be checked is a bank account reconciliation invoice from [XX Bank] that needs to be confirmed. Click the link to complete the information, calculate the cognitive inconsistency loss = 0.38 > 0.3, triggering boundary exploration.
[0055] Boundary Sample Generation: Based on the spam email sample of clicking a link to claim account subsidies, an adversarial sample is generated: "[XX Bank] Financial reconciliation requires supplementary invoice information. Click the official link to complete it." This sample retains the core risk characteristics of clicking links and incorporates commonly used financial reconciliation and invoice terminology. , The constraints are satisfied.
[0056] Boundary reinforcement learning: state By updating the policy network through the PPO algorithm, the decision threshold for emails containing financial terms and links is optimized, thereby improving the accuracy of interception.
[0057] Furthermore, causal association retrieval: the causal association degree of the core feature click link financial reconciliation was calculated to be 0.92 and 0.08 respectively. Three normal emails containing financial reconciliation but without risky links in the user's history were retrieved as examples of Few-shots.
[0058] Dynamic prompt generation: Personalized prompts are designed to be email security tools tailored for corporate finance personnel. These users are sensitive to terms related to transfers and accounts, have low tolerance for advertising, and frequently use financial terminology. Based on the following three historical normal email examples, we focus on identifying emails with the combination of 'financial terminology + unfamiliar links' to strictly determine suspected fraudulent emails: [Few-shot example] Email to be tested: [Target email] Output: {Judgment result, confidence level, risk label, personalized suggestions, cognitive matching analysis} The large model receives personalized prompts, few-shot examples, emails to be tested, and user cognitive twin state vectors, and outputs: Result: Spam; Confidence level: 98.7%; Risk tags: fraudulent inducement + sensitive links; Personalized suggestions: Block the email, mark the sender as high-risk, and remind users to be wary of unfamiliar links containing financial terminology; Cognitive matching analysis: The email contains sensitive terms such as "account" and "invoice" and contains high-risk clickable links, which highly overlap with the user's cognitive boundaries and are consistent with the blocking strategy.
[0059] The application layer pushes the judgment result to user B and synchronously stores the filtering result, cognitive state data, and adversarial example information to the data layer. Based on user feedback, the user's cognitive twin state vector is updated, and the adversarial boundary mining module includes the sample in the training set to continuously optimize boundary mining and decision-making capabilities, forming a closed-loop iteration.
[0060] Please see Figure 2 In an embodiment, to efficiently execute the spam filtering method based on adversarial cognitive boundary mining provided by this invention, this invention also provides a spam filtering system based on adversarial cognitive boundary mining, comprising: an input device 1, an output device 2, a processor 3, and a memory 4, wherein the input device 1, output device 2, processor 3, and memory 4 are interconnected, and the memory 4 contains program instructions for executing the steps of the spam filtering method based on adversarial cognitive boundary mining. The spam filtering system based on adversarial cognitive boundary mining of this invention has a compact structure and stable performance, and can stably execute the spam filtering method based on adversarial cognitive boundary mining of this invention, further improving the overall applicability and practical application capability of this invention.
[0061] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present invention, and they should all be covered within the scope of the present invention.
Claims
1. A spam filtering method based on adversarial cognitive boundary mining, characterized in that, Includes the following steps: Extracting user cognitive twin state vectors from email data; Cognitive confusion adversarial examples are generated through a boundary sample generation module. Based on these adversarial examples, cognitive boundary information is mined through adversarial boundary reinforcement learning. Calculate the causal correlation between email features and user judgment results to obtain core causal features; Personalized prompt words are constructed by combining the user's cognitive twin state vector, the cognitive boundary information, and the core causal features; Based on the personalized prompts, the few-shot examples, the email to be detected, and the user's cognitive twin state vector, the optimized large model outputs the judgment result.
2. The spam filtering method based on adversarial cognitive boundary mining according to claim 1, characterized in that, The extraction of user cognitive twin state vectors from email data includes the following steps: Extract behavioral, content, and security features from email data; Combining the aforementioned behavioral features, content features, and security features, a time-weighted fusion algorithm is used to extract the user's cognitive twin state vector.
3. The spam filtering method based on adversarial cognitive boundary mining according to claim 1, characterized in that, The cognitive confusion adversarial examples generated by the boundary sample generation module satisfy the following: in, This represents the generated cognitive confusion adversarial example. This indicates that the optimal adversarial sample is the one that maximizes the objective function. Let λ represent the cognitive inconsistency loss for sample m′, and let λ represent the perplexity penalty coefficient. This represents the semantic perplexity of sample m′. This represents the difference between sample m′ and the base spam sample. The p-norm distance, where δ represents the spam feature retention threshold. This indicates that sample m′ is compared with the user's historical normal email samples. similarity, This represents a sample of a user's historical normal emails. This represents the similarity threshold for normal emails.
4. The spam filtering method based on adversarial cognitive boundary mining according to claim 1, characterized in that, It also includes the following steps: Construct a cognitive inconsistency loss function for cognitive consistency verification; By utilizing the cognitive inconsistency threshold with the user's historical decision-making patterns and the aforementioned inconsistency loss function, adversarial cognitive boundary mining is completed.
5. The spam filtering method based on adversarial cognitive boundary mining according to claim 4, characterized in that, The cognitive inconsistency loss function satisfies: in, This indicates cognitive inconsistency loss. This represents the expected value, or average loss, of all samples m in the user's historical email sample set Mu. This represents a sample set of the user's historical emails. This represents the inference function of a large model, with prompt words as input. The output is the probability of the email being spam, with a value in the range [0,1]. The closer the value is to 1, the more likely it is spam. This indicates the basic prompt words for email m. Represents the constraint function. This represents the transpose of the user's cognitive twin state vector. This represents the result of the matching degree calculation between the user's cognitive state and the email features. This represents the L2 norm.
6. The spam filtering method based on adversarial cognitive boundary mining according to claim 1, characterized in that, The process of mining cognitive boundary information based on the adversarial examples through adversarial boundary reinforcement learning includes the following steps: Configure the state, action, and reward functions for reinforcement learning; A policy network is established using the states and actions, and an advantage function is calculated using the reward function. A loss function is constructed by combining the policy network and the advantage function, and the policy network parameters are trained and updated using the loss function.
7. The spam filtering method based on adversarial cognitive boundary mining according to claim 1, characterized in that, The calculation of the causal correlation between email features and user judgment results to obtain core causal features includes the following steps: Causal interference quantum quantification is used to quantify the causal relationship between email features and user judgment results; Set a core causal feature filtering threshold, and combine the core causal feature filtering threshold with the causal relationship to obtain the core causal features.
8. The spam filtering method based on adversarial cognitive boundary mining according to claim 7, characterized in that, The causal interference estimator satisfies: in, This represents the causal relationship value between email feature x and user judgment result Y based on the user's cognitive twin state vector. This indicates that the email must contain the email characteristic x. This indicates that the forced email does not contain the email characteristic x. This represents the conditional probability of the user's cognitive twin state vector.
9. The spam filtering method based on adversarial cognitive boundary mining according to claim 1, characterized in that, The process of constructing personalized prompt words by combining the user's cognitive twin state vector, the cognitive boundary information, and the core causal features includes the following steps: Analyze the core dimensions of the user's cognitive twin state vector to generate a description of the user's cognition; List the core risk characteristics and core normal characteristics, and generate core characteristics to focus on; Based on cognitive boundary information, the judgment principles for emails in the boundary area are clarified, and boundary judgment rules are generated; Personalized prompt words are constructed by combining the user's cognitive description, the core feature focus, the boundary determination rules and example guidance, and the output format requirements.
10. A spam filtering system based on adversarial cognitive boundary mining, characterized in that, The spam filtering system based on adversarial cognitive boundary mining includes: an input device, an output device, a processor, and a memory, wherein the input device, output device, processor, and memory are interconnected, and the memory includes program instructions for executing the spam filtering method based on adversarial cognitive boundary mining as described in any one of claims 1-9.