Added spear phishing detection example (#97)

A spear phishing example based on this [work](https://developer.nvidia.com/blog/generative-ai-and-accelerated-computing-for-spear-phishing-detection/) was added to the experimental repo.

Authors:
  - https://github.com/shawn-davis

Approvers:
  - https://github.com/hsin-c
  - https://github.com/raykallen

URL: #97

Author: shawn-davis

.gitattributes

@@ -8,3 +8,10 @@ dga-detection/datasets/** filter=lfs diff=lfs merge=lfs -text
 dga-detection/models/** filter=lfs diff=lfs merge=lfs -text
 cyber-foundation/dataset/prefixed_azure_ad_logs.txt filter=lfs diff=lfs merge=lfs -text
 cyber-foundation/model/cyber-foundation-model-prefix.pt filter=lfs diff=lfs merge=lfs -text
+spear-phishing/datasets/train/** filter=lfs diff=lfs merge=lfs -text
+spear-phishing/datasets/test/** filter=lfs diff=lfs merge=lfs -text
+spear-phishing/models/intent_models/personalv2_checkpoint-2167/** filter=lfs diff=lfs merge=lfs -text
+spear-phishing/models/intent_models/crypto_checkpoint-2362/** filter=lfs diff=lfs merge=lfs -text
+spear-phishing/models/intent_models/moneyv2_checkpoint-2167/** filter=lfs diff=lfs merge=lfs -text
+spear-phishing/models/phishing_model/** filter=lfs diff=lfs merge=lfs -text
+spear-phishing/sender_sketches/** filter=lfs diff=lfs merge=lfs -text

spear-phishing/README.md

@@ -0,0 +1,16 @@
+# Protective Layers Against Targeted E-Mail (PlateMail)
+
+See overview and example results [here](https://developer.nvidia.com/blog/generative-ai-and-accelerated-computing-for-spear-phishing-detection/).
+
+## Exploring the example
+
+[Example notebook](/spear-phishing/trainin-tuning/spear_phishing.ipynb)
+
+### Intent models
+The example leverages pre-trained distilBERT intent models, i.e. models trained to detect specific intents within the text. The intents trained for the example are "asking for money", "asking for personally identifiable information (PII)", and "talking about crypto" (for crypto based scams). These intent models were trained using generative LLM techniques to allow for more robust and targeted models. These intent model classifiers then become features for the final spear phishing label for the email. 
+
+### Historical sketching
+The example also creates synthetic historic sender data in order to show how we try to catch spoofed spear phishing emails by building historical sender sketches that look at syntactic, temporal, and intention patterns for given senders.
+
+### Running through the example
+So the example shows how the workflow can be extensible as novel attacks are discovered. It begins by just using the "money" and "PII" intent classifiers for spear phishing detection. Crypto based attacks are then introduced and classified, where we see that these emails largely escape detection. The "crypto" intent is then added to the spear phishing feature list and training is updated. We then see that these new crpyto attacks are then detected.

spear-phishing/datasets/test/20231024_example_test.csv

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7068e5ccf3713cc0c0f10d46c97209f6c6e537d29d801bc83d61759fe24eb280
+size 1107455

spear-phishing/datasets/train/20231024_example_train.csv

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:300071da170fd004203ff66ab99c37a299761fe3b48da1a3f3d16c871a2b85c2
+size 4511425