Phishing attacks represent one of the most persistent and impactful threats in modern cybersecurity, exploiting human trust through deceptive communication, fraudulent links, and impersonation techniques. These attacks continue to evolve in sophistication, making detection a persistent challenge for both individuals and organizations [1]. This paper presents PhishGuard Lite, a lightweight and interpretable hybrid phishing detection system that integrates rule-based heuristic analysis with machine learning classification. The proposed system employs a structured pipeline consisting of text preprocessing, rule-based detection, risk scoring, and an explainability module. The detection engine leverages predefined heuristics, including suspicious keywords, urgency patterns, domain indicators, and URL analysis, to identify phishing characteristics. A weighted scoring mechanism computes a risk score mapped to categorical risk levels (Low, Medium, High) [2]. The inclusion of an explainability module enables the system to provide clear, human-readable justifications for each classification decision [3]. Experimental evaluation was conducted on a dataset comprising both publicly sourced and synthetically generated phishing and legitimate samples. Results indicate that PhishGuard Lite achieves competitive performance while maintaining full interpretability and low computational cost. The final implementation incorporates a lightweight Logistic Regression classifier alongside the rule-based engine, forming a hybrid phishing detection framework that balances explainability, computational efficiency, and predictive performance [4]. The findings suggest that hybrid systems combining rule-based reasoning with machine learning offer a viable solution for phishing detection, particularly in environments where explainability and resource constraints are critical [5]. Future work will explore adaptive rule generation and integration of transformer-based models to enhance detection performance.

This paper presented PhishGuard Lite, a lightweight and explainable hybrid phishing detection system that combines rule-based analysis with machine learning-based classification [2]. The system integrates preprocessing, heuristic detection, risk scoring, and explainability into a unified framework that supports real-time deployment [12]. Experimental results demonstrate that the system achieves competitive performance while maintaining full transparency and low computational overhead [4]. Unlike many machine learning approaches, PhishGuard Lite provides clear and interpretable outputs, making it suitable for practical cybersecurity applications [3]. The results reinforce the importance of explainable cybersecurity systems, particularly in environments where transparency and rapid deployment are critical [5]. The complete source code and deployment configuration for PhishGuard Lite are available at the project’s GitHub repository, enabling further research, replication, and extension by the community.

[1] R. Basnet, S. Mukkamala, and A. H. Sung, “Detection of phishing attacks: A machine learning approach,” in Proceedings of the International Conference on Security and Management (SAM), 2014. [2] A. Jadhav and P. Chandre, “A hybrid heuristic-machine learning framework for phishing detection using multi-domain feature analysis,” Engineering, Technology & Applied Science Research, vol. 15, no. 5, pp. 27219–27226, Oct. 2025. [3] M. T. Ribeiro, S. Singh, and C. Guestrin, “Why should I trust you? Explaining the predictions of any classifier,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp. 1135–1144, 2016. [4] A. Vennela, R. B. Akarapu, B. L. Rakshith, L. G. Asirvatham, and G. Sunil, “Intelligent cybersecurity systems for phishing attack detection: An overview,” Computers & Security, 2025. [5] R. Ahmed and S. EP, “An intelligent phishing email detection system using ensemble methods and explainable AI,” Knowledge-Based Systems, vol. 295, 2026. [6] S. Garera, N. Provos, M. Chew, and A. D. Rubin, “A framework for detection and measurement of phishing attacks,” in Proceedings of the ACM Workshop on Recurring Malcode (WORM), pp. 1–8, 2007. [7] D. R. Palavali and S. Pothireddy, “Explainable ensemble learning for detecting phishing URLs using lightweight cyber threat intelligence,” in 2025 9th International Conference on Electronics, Communication and Aerospace Technology (ICECA), Coimbatore, India, Nov. 2025, pp. 207-214. [8] M. Munoz and M. Islam, “A balanced dataset for spam and smishing detection using large language models (LLMs),” Mendeley Data, V1, doi: 10.17632/vmg875v4xs.1, 2025. [9] R. M. Mohammad, F. Thabtah, and L. McCluskey, “Predicting phishing websites using neural network,” in Proceedings of the International Conference on Computer Science and Information Technology (CSIT), 2014. [10] A. Aljofey, Q. Jiang, A. Rasool, et al., “An effective detection approach for phishing websites using deep learning,” Applied Sciences, vol. 12, no. 3, pp. 1–16, 2022. [11] M. Osmanoglu, D. Gupta, M. Ozkan-Okay, Y. Ar, and O. Aslan, “A comprehensive review of malicious URLs: Detection techniques, features and datasets,” Computers & Electrical Engineering, vol. 136, p. 111186, 2026. [12] O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, “Machine learning based phishing detection from URLs,” Expert Systems with Applications, vol. 117, pp. 345–357, 2019. [13] W. Y. Wang, “Liar, liar pants on fire: A new benchmark dataset for fake news detection,” in Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics, Vancouver, Canada, 2017, pp. 422–426. [14] S. M. Alasmari, H. Sakly, N. Kraiem, and A. Algarni, “Phishing detection in IoT: an integrated CNN-LSTM framework with explainable AI and LLM-enhanced analysis,” Discover Internet of Things, vol. 5, no. 1, article 102, 2025. [15] R. Verma and N. Hossain, “Semantic feature selection for phishing detection,” in Proceedings of the International Conference on Information Security and Cryptology (ISCT), 2017.