IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i1p31-d1320799.html
   My bibliography  Save this article

Investigation of Phishing Susceptibility with Explainable Artificial Intelligence

Author

Listed:
  • Zhengyang Fan

    (Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA 22030, USA)

  • Wanru Li

    (Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA 22030, USA)

  • Kathryn Blackmond Laskey

    (Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA 22030, USA)

  • Kuo-Chu Chang

    (Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA 22030, USA)

Abstract

Phishing attacks represent a significant and growing threat in the digital world, affecting individuals and organizations globally. Understanding the various factors that influence susceptibility to phishing is essential for developing more effective strategies to combat this pervasive cybersecurity challenge. Machine learning has become a prevalent method in the study of phishing susceptibility. Most studies in this area have taken one of two approaches: either they explore statistical associations between various factors and susceptibility, or they use complex models such as deep neural networks to predict phishing behavior. However, these approaches have limitations in terms of providing practical insights for individuals to avoid future phishing attacks and delivering personalized explanations regarding their susceptibility to phishing. In this paper, we propose a machine-learning approach that leverages explainable artificial intelligence techniques to examine the influence of human and demographic factors on susceptibility to phishing attacks. The machine learning model yielded an accuracy of 78%, with a recall of 71%, and a precision of 57%. Our analysis reveals that psychological factors such as impulsivity and conscientiousness, as well as appropriate online security habits, significantly affect an individual’s susceptibility to phishing attacks. Furthermore, our individualized case-by-case approach offers personalized recommendations on mitigating the risk of falling prey to phishing exploits, considering the specific circumstances of each individual.

Suggested Citation

  • Zhengyang Fan & Wanru Li & Kathryn Blackmond Laskey & Kuo-Chu Chang, 2024. "Investigation of Phishing Susceptibility with Explainable Artificial Intelligence," Future Internet, MDPI, vol. 16(1), pages 1-18, January.
    • Handle: RePEc:gam:jftint:v:16:y:2024:i:1:p:31-:d:1320799
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/1/31/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/16/1/31/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Matthew Canham & Clay Posey & Delainey Strickland & Michael Constantino, 2021. "Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards," SAGE Open, , vol. 11(1), pages 21582440219, January.
    2. Andronicus A. Akinyelu & Aderemi O. Adewumi, 2014. "Classification of Phishing Email Using Random Forest Machine Learning Technique," Journal of Applied Mathematics, Hindawi, vol. 2014, pages 1-6, April.
    3. Michael Workman, 2008. "Wisecrackers: A theory‐grounded investigation of phishing and pretext social engineering threats to information security," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 59(4), pages 662-674, February.
    4. Padmalochan Panda & Alekha Kumar Mishra & Deepak Puthal, 2022. "A Novel Logo Identification Technique for Logo-Based Phishing Detection in Cyber-Physical Systems," Future Internet, MDPI, vol. 14(8), pages 1-17, August.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Manuel J. García Rodríguez & Vicente Rodríguez Montequín & Francisco Ortega Fernández & Joaquín M. Villanueva Balsera, 2019. "Public Procurement Announcements in Spain: Regulations, Data Analysis, and Award Price Estimator Using Machine Learning," Complexity, Hindawi, vol. 2019, pages 1-20, November.
    2. Brent Pethers & Abubakar Bello, 2023. "Role of Attention and Design Cues for Influencing Cyber-Sextortion Using Social Engineering and Phishing Attacks," Future Internet, MDPI, vol. 15(1), pages 1-19, January.
    3. Jingguo Wang & Yuan Li & H. Raghav Rao, 2017. "Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences," Information Systems Research, INFORMS, vol. 28(2), pages 378-396, June.
    4. Matthew Canham & Clay Posey & Delainey Strickland & Michael Constantino, 2021. "Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards," SAGE Open, , vol. 11(1), pages 21582440219, January.
    5. Naci Akdemir & Serkan Yenal, 2021. "How Phishers Exploit the Coronavirus Pandemic: A Content Analysis of COVID-19 Themed Phishing Emails," SAGE Open, , vol. 11(3), pages 21582440211, July.
    6. Qi Wu & Qiang Li & Dong Guo & Xiangyu Meng, 2022. "Exploring the vulnerability in the inference phase of advanced persistent threats," International Journal of Distributed Sensor Networks, , vol. 18(3), pages 15501329221, March.
    7. Frank Kun-Yueh Chou & Abbott Po-Shun Chen & Vincent Cheng-Lung Lo, 2021. "Mindless Response or Mindful Interpretation: Examining the Effect of Message Influence on Phishing Susceptibility," Sustainability, MDPI, vol. 13(4), pages 1-25, February.
    8. Telmo Fernández De Barrena Sarasola & Ander García & Juan Luis Ferrando, 2024. "IIoT Protocols for Edge/Fog and Cloud Computing in Industrial AI: A High Frequency Perspective," International Journal of Cloud Applications and Computing (IJCAC), IGI Global, vol. 14(1), pages 1-30, January.
    9. Bruning, Patrick F. & Alge, Bradley J. & Lin, Hsin-Chen, 2020. "Social networks and social media: Understanding and managing influence vulnerability in a connected society," Business Horizons, Elsevier, vol. 63(6), pages 749-761.
    10. Ryan T. Wright & Matthew L. Jensen & Jason Bennett Thatcher & Michael Dinger & Kent Marett, 2014. "Research Note ---Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance," Information Systems Research, INFORMS, vol. 25(2), pages 385-400, June.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:1:p:31-:d:1320799. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.