An Innovative Information Theory-based Approach to Tackle and Enhance The Transparency in Phishing Detection

TL;DR

This paper introduces a deep learning approach that enhances phishing detection by providing explainable insights into which parts of an email contribute to its classification, improving interpretability and performance.

Contribution

The proposed method uniquely combines phishing detection with automatic identification of key explanatory information, advancing explainability in AI-based phishing defense.

Findings

Achieves 1.5% to 3.5% higher performance than baselines.

Effectively identifies crucial phishing-related information in emails.

Demonstrates robustness across seven real-world datasets.

Abstract

Phishing attacks have become a serious and challenging issue for detection, explanation, and defense. Despite more than a decade of research on phishing, encompassing both technical and non-technical remedies, phishing continues to be a serious problem. Nowadays, AI-based phishing detection stands out as one of the most effective solutions for defending against phishing attacks by providing vulnerability (i.e., phishing or benign) predictions for the data. However, it lacks explainability in terms of providing comprehensive interpretations for the predictions, such as identifying the specific information that causes the data to be classified as phishing. To this end, we propose an innovative deep learning-based approach for email (the most common phishing way) phishing attack localization. Our method can not only predict the vulnerability of the email data but also automatically learn and figure out the most important and phishing-relevant information (i.e., sentences) in the phishing email data where the selected information indicates useful and concise explanations for the vulnerability. The rigorous experiments on seven real-world diverse email datasets show the effectiveness and advancement of our proposed method in selecting crucial information, offering concise explanations (by successfully figuring out the most important and phishing-relevant information) for the vulnerability of the phishing email data. Particularly, our method achieves a significantly higher performance, ranging from approximately 1.5% to 3.5%, compared to state-of-the-art baselines, as measured by the combined average performance of two main metrics Label-Accuracy and Cognitive-True-Positive.