PhishStake

🐟🥩 PhishSteak is a real-time, on-device phishing detection and warning system that is continuously improved through financially incentivised threat intelligence crowdsourcing. PhishSteak monitors for potential phishing attacks appearing directly on a user's screen.

How it works: A lightweight desktop app runs continuously, capturing screen data or accessibility text every few milliseconds. It uses local inference to classify content and detect phishing patterns based on a community-maintained threat database. When a threat is detected, an overlay appears, warning the user and providing the option to report the incident to authorities, which also provides data labelling signals for the effectiveness of the crowdsourced threat intelligence.

PhishSteak combines AI-driven detection with an open crowdsourcing model for threat definitions. Contributors stake crypto to submit phishing patterns. These phishing patterns are distributed via stake-weighted sampling methods, and end-user feedback for phishing alerts is used to rate the quality of the phishing patterns. For any incorrect/unused phishing detection patterns submitted, the submitter's stake will be slashed if the patterns are not useful (unused), while the submitters who submit valid patterns will receive cash flow

Rewards are distributed to pattern submitters based on stake-weighted sampling and are subjected to end-user review. High-quality definitions earn rewards; poor ones are removed with stake penalties. User feedback from real-world detections provides continuous feedback to evolve the database.

The system is designed with privacy in mind: detection works offline, no raw screen data is transmitted unless the user reports an incident, and reporting is encrypted. The entire process aligns incentives to grow coverage, improve accuracy, and resist abuse.

Client App: Runs on macOS using native screen capture APIs, with GPU-optional LLM inference via LM-Studio. UI overlay built with Electron for minimal intrusion.

Threat Detection: Local LLM (7-13B parameter, quantised) performs few-shot classification on screen content using crowdsourced definitions.

Data Sync: Definitions distributed over gRPC with TLS, using weighted sampling based on contributor stakes.

Backend:

• Crowd portal for stake locking, definition submission, and contributor rewards.
• Authoritative definition database with version control and audit trails. Smart contracts on EVM chains handle staking, rewards, and penalties.
• Evaluation engine performing monthly batch reviews based on detection reports.

Notable technical details:

• Incentive Alignment: Proportional staking mechanism combining economic incentives with distributed moderation to scale threat coverage without central bottlenecks.
• Weighted Sampling Algorithm: Uses Vose alias tables or cumulative-stake arrays for efficient, stake-proportional distribution of unverified definitions, ensuring fairness while resisting manipulation.
• Privacy-centric design: Detection runs entirely offline unless the user consents to report data, addressing privacy concerns. Async-inference of quantisation models does not rely on cloud APIs.