Phishing is still one of the most common and most flexible kinds of cyberattack, often targeting human behaviour by means of deceit and manipulation instead of depending solely on technical vulnerabilities. As phishing techniques develop in complexity, recent studies have increasingly focused on intelligent detection systems that include user behaviour as a fundamental analytical component. This systematic literature review explores how user behaviour is defined, modelled, and interpreted in phishing detection systems using machine learning, deep learning, and explainable artificial intelligence (XAI) approaches. The review identifies four main forms of user behaviour: interaction-based, session or navigation-based, contextual or environmental, and user response to phishing stimuli. These behavioural categories are examined in relation to the modeling approaches used, including random forest, long short-term memory networks (LSTM), bidirectional encoder representations from transformers (BERT), and capsule networks. The review also considers how interpretability techniques such as SHAP (SHapley Additive exPlanations), attention-based mechanisms, and natural language explanation frameworks are integrated to improve model transparency. By combining phishing detection, user behaviour analysis, and model interpretability, this review offers a behaviour-centric classification framework and synthesises the current state of research at their intersection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

User Behaviour Analysis Based Intelligent Phishing Detection Systems: A Systematic Literature Review

  • Tumelo Mantsha,
  • Moses Olaifa,
  • Chunling Du

摘要

Phishing is still one of the most common and most flexible kinds of cyberattack, often targeting human behaviour by means of deceit and manipulation instead of depending solely on technical vulnerabilities. As phishing techniques develop in complexity, recent studies have increasingly focused on intelligent detection systems that include user behaviour as a fundamental analytical component. This systematic literature review explores how user behaviour is defined, modelled, and interpreted in phishing detection systems using machine learning, deep learning, and explainable artificial intelligence (XAI) approaches. The review identifies four main forms of user behaviour: interaction-based, session or navigation-based, contextual or environmental, and user response to phishing stimuli. These behavioural categories are examined in relation to the modeling approaches used, including random forest, long short-term memory networks (LSTM), bidirectional encoder representations from transformers (BERT), and capsule networks. The review also considers how interpretability techniques such as SHAP (SHapley Additive exPlanations), attention-based mechanisms, and natural language explanation frameworks are integrated to improve model transparency. By combining phishing detection, user behaviour analysis, and model interpretability, this review offers a behaviour-centric classification framework and synthesises the current state of research at their intersection.