Phishing Website Detection Model for User Decision Making Based on XAI

Abstract

Phishing websites based on social engineering are significant cyber threats in the web environment. Recently, a number of studies have been implemented to detect phishing websites using AI (Artificial Intelligence), and they have demonstrated excellent detection performance. However, most of the proposed AI models are black-box. By the nature of black-box, it is difficult to explain how AI models determine if a website is phishing or not. Moreover, false negative is inevitable in the detection system using AI models. Therefore, it is unreliable to detect phishing websites based on the prediction result of an AI model. Because of these limitations, users need to interpret the output of an AI model and make the final decision. In this paper, we propose an interpretable phishing website detection model based on the XAI (eXplainable Artificial Intelligence) techniques so that users can make a reasonable decision with the interpretation of the outputs from the AI model.