A LITERATURE SURVEY ON ENHANCING CYBER RESILIENCE: A HYBRID EXPLAINABLE AI FRAMEWORK FOR MITIGATING PHISHING THREATS IN DEFENSE AND RECOVERY STRATEGIES
Keywords:
Phishing Attacks, Explainable AI (XAI), AI Transparency, Cybersecurity, Phishing Detection, AI Trust, Machine Learning, AI Interpretability, Model BiasAbstract
Advanced technology has exponentially increased the cyber threats and, mainly, phishing attacks, which account for more than 90% of data breaches. These attacks result in billions of dollars lost annually. Phishing attacks are countered with AI and ML models in heightened applications, including detecting malicious content and identifying patterns. However, most traditional AI models do not provide transparency, which undermines the user's belief in the decision-making process. Explainable AI addresses these issues because the interpretability and transparency of AI models can be significantly improved to enable users to understand why particular emails or URLs get flagged as phishing. This not only increases the trust in the AI systems but also improves accountability due to revelation of bias in the models and by explaining the effectiveness of various phishing attacks. This literature review discusses such studies that suggest XAI implementations in phishing detection systems. Such approaches potentially may lead to better transparency and trust in AI-powered cybersecurity solutions while ultimately enhancing their overall effectiveness.
References
Biswas, B., Mukhopadhyay, A., Bhattacharjee, S., Kumar, A., & Delen, D. (2021). A Text- Mining Based Cyber-Risk Assessment and Mitigation Framework for Critical Analysis of Online Hacker Forums: A Survey and Review. Decision Support Systems, 152, 113651.
Gunning, D., Stefik, M., Choi, J., Miller, T., Stumpf, S., & Yang, G.-Z. (2019). XAI - Explainable Artificial Intelligence. Science Robotics, 4(37), eaay7120.
Sameen, Maria, Kyunghyun Han, and Seong Oun Hwang. "PhishHaven—An efficient real- time AI phishing URLs detection system." IEEE Access 8 (2020): 83425-83443.
Chen, Yu-Hung, and Jiann-Liang Chen. "Ai@ ntiphish—machine learning mechanisms for cyber-phishing attack." IEICE Transactions on Information and Systems 102, no. 5 (2019): 878-887.
Greco, Francesco, Giuseppe Desolda, and Andrea Esposito. "Explaining Phishing Attacks: An XAI Approach to Enhance User Awareness and Trust." In ITASEC. 2023.
Poddar, Saranda, Deepraj Chowdhury, Ashutosh Dhar Dwivedi, and Raghava Rao Mukkamala. "Data Driven based Malicious URL Detection using Explainable AI." In 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1266-1272. IEEE, 2022.
Basit, Abdul, Maham Zafar, Xuan Liu, Abdul Rehman Javed, Zunera Jalil, and Kashif Kifayat. "A comprehensive survey of AI-enabled phishing attacks detection techniques." Telecommunication Systems 76 (2021): 139-154.
Tsikerdekis, Michail, and Sherali Zeadally. "Online deception in social media." Communications of the ACM 57, no. 9 (2014): 72-80.
Ebrahimi, Mohammadreza, Yidong Chai, Sagar Samtani, and Hsinchun Chen. "Cross- lingual cybersecurity analytics in the international dark web with adversarial deep representation learning." MIS quarterly 46, no. 2 (2022).
Bozkir, Ahmet Selman, Firat Coskun Dalgic, and Murat Aydos. "GramBeddings: a new neural network for URL based identification of phishing web pages through n-gram embeddings." Computers & Security 124 (2023): 102964.
Rjoub, Gaith, Jamal Bentahar, Omar Abdel Wahab, Rabeb Mizouni, Alyssa Song, Robin Cohen, Hadi Otrok, and Azzam Mourad. "A survey on explainable artificial intelligence for cybersecurity." IEEE Transactions on Network and Service Management 20, no. 4 (2023): 5115-5140.
Giudici, Paolo, and Emanuela Raffinetti. "Explainable AI methods in cyber risk management." Quality and reliability engineering international 38, no. 3 (2022): 1318-1326.
Ansari, Meraj Farheen, Pawan Kumar Sharma, and Bibhu Dash. "Prevention of phishing attacks using AI-based Cybersecurity Awareness Training." Prevention 3, no. 6 (2022): 61-72.
Al-Subaiey, Abdulla, Mohammed Al-Thani, Naser Abdullah Alam, Kaniz Fatema Antora, Amith Khandakar, and SM Ashfaq Uz Zaman. "Novel interpretable and robust web-based AI platform for phishing email detection." Computers and Electrical Engineering 120 (2024): 109625.
Govindaraaj, J. "The Role of Explainable AI in Understanding Phishing Susceptibility." Journal of recent trends in Computer Science and Engineering (jrtcse) 12, no. 1 (2024): 1-6.
Uddin, Mohammad Amaz, and Iqbal H. Sarker. "An Explainable Transformer-based Model for Phishing Email Detection: A Large Language Model Approach." arXiv preprint arXiv:2402.13871 (2024).
Ibrahim, Abubakr, Mohamed Mejri, and Fehmi Jaafar. "An Explainable Artificial Intelligence Approach for a Trustworthy Spam Detection." In 2023 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 160-167. IEEE, 2023.
Al-Fayoumi, Mustafa, Bushra Alhijawi, Qasem Abu Al-Haija, and Rakan Armoush. "XAI- PhD: Fortifying Trust of Phishing URL Detection Empowered by Shapley Additive Explanations." International Journal of Online & Biomedical Engineering 20, no. 11 (2024).
Shafin, Sakib Shahriar. "An Explainable Feature Selection Framework for Web Phishing Detection with Machine Learning." Data Science and Management (2024).
Alzahrani, Ahmed. "Explainable AI-based Framework for Efficient Detection of Spam from Text using an Enhanced Ensemble Technique." Engineering, Technology & Applied Science Research 14, no. 4 (2024): 15596-15601.
Mittal, Sangeeta. "Explaining URL phishing detection by glass box models."In Proceedings of the 2023 Fifteenth International Conference on Contemporary Computing, pp. 537-544. 2023
Published
Issue
Section
License
Copyright (c) 2025 Dipesh Chand, Jashmitha C M, Pooja B , Mohammed Zaid J, C Emilin Shyni (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
