Current Volume 9
AI-Integrated Phishing Detection and Automated Incident Response System Using n8n, VirusTotal, urlscan.io, and Large Language Models
Abstract
In today’s enterprise landscape, the top method for credential theft, ransomware delivery and business email compromise (BEC) is phishing. Highly targeted social-engineering attacks are outsmarting traditional, rule-based email security filters and signature-matching anti-virus tools, thanks to the use of legitimate cloud systems, obfuscated redirect chains and polymorphic file attachments. In this paper, we present the design and implementation of a fully automated pipeline for phishing detection and incident response (IDIR) using the n8n open-source workflow automation platform, and empirically test the system’s performance. It is integrated with Gmail as the (monitored) email surface, VirusTotal’s threat intelligence API to analyze file attachments as well as URLs (including over 70 antivirus engines), urlscan.io for URL behavior sandboxing and Groq-hosted LLaMA 3 large language models for AI-driven structured incident reports. A 41-node directed acyclic graph (DAG) workflow ensures a sender allowlist, categorizes incoming email messages into 4 threat scenarios, carries out multiple queries on threat intelligence with various APIs, produces HTML-based email phishing reports per branch via LLM inference, and sends automated Gmail notifications with quarantine labelling. Empirical testing has shown that the system is able to detect an incident after about 5 seconds and respond after 20–35 seconds, orders of magnitude quicker than the manual workflow for an analyst to respond. It is a modular, extensible and immediate use for SOC automation deployment and Security Orchestration, Automation and Response (SOAR) deployments.
Keywords
Phishing Detection, Email Security, VirusTotal, urlscan.io, Large Language Models, LLaMA 3, n8n, SOAR, Incident Response, Threat Intelligence, Cybersecurity Automation, Groq
Citations
IRE Journals:
Rohit Chaudhary, Shubham Mahajan, Shiksha Panday "AI-Integrated Phishing Detection and Automated Incident Response System Using n8n, VirusTotal, urlscan.io, and Large Language Models" Iconic Research And Engineering Journals Volume 9 Issue 11 2026 Page 2433-2442 https://doi.org/10.64388/IREV9I11-1718132
IEEE:
Rohit Chaudhary, Shubham Mahajan, Shiksha Panday
"AI-Integrated Phishing Detection and Automated Incident Response System Using n8n, VirusTotal, urlscan.io, and Large Language Models" Iconic Research And Engineering Journals, 9(11) https://doi.org/10.64388/IREV9I11-1718132
About IRE Journals
IRE Journals is an open access online journals established with an aim to publish high quality of research work in various diciplines. We have more than 6 years in publications. Over 2500+ papers already published.
Important Links
For Authors
Volume 8:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 7:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 6:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 5:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 4:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 3:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12