Phishing detection in IoT: an integrated CNN-LSTM framework with explainable AI and LLM-enhanced analysis
Sara Mohammed Alasmari, Houneida Sakly, Naoufel Kraïem, Ali Algarni
Abstract
Phishing attacks pose a significant threat to Industrial Internet of Things (IoT) networks, with a documented 350% increase in IoT-targeted phishing attempts since 2020. This alarming trend necessitates robust security measures to protect critical infrastructure. We propose a novel methodology integrating a CNN-LSTM model for initial phishing detection and a sophisticated LLM for comprehensive analysis. Our approach combines spatial feature extraction via CNN layers with temporal pattern recognition through LSTM, enhanced by explainable AI techniques for transparency. Our CNN-LSTM model achieves 93.26% accuracy on the Web URL dataset and the DistilBERT model achieves an accuracy of 98.64% on text and email dataset. The addition of explainable AI improves transparency by 41% compared to black-box approaches, which is crucial for IoT security operations. This approach not only improves phishing detection accuracy but also contributes to adaptive security measures tailored to evolving cybersecurity threats. By reducing false positives by 41% compared to traditional methods and providing human-interpretable security insights through LLM integration, our framework ensures the resilience of IoT networks while maintaining operational efficiency.