A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection
Lohith Srikanth Pentapalli, Jon Salisbury, Josette Riep, Kelly Cohen
TL;DR
Phishing URL detection requires both high accuracy and explainability to support cybersecurity workflows. We propose a gradient-optimized first-order Takagi-Sugeno-Kang (TSK) fuzzy system with Gaussian membership functions, where end-to-end learning is performed via the Adam optimizer to minimize the binary cross-entropy loss with L2 regularization: $\min_{\theta} \mathcal{L}(\theta) = \frac{1}{N} \sum_{k=1}^N \mathrm{BCE}(y_k, \hat{y}_k) + \lambda \|\theta\|_2^2$. Each rule uses a linear consequent $f_k(x) = b_k + \sum_i w_{ki} x_i$, with firing strengths $\alpha_k$ computed by product t-norms and a final output $y$ obtained as a weighted average, transformed to probability via $p = \sigma(y) = \frac{1}{1 + e^{-y}}$. On a dataset of 235,795 URLs, the approach achieves average accuracy $= 99.95\%$, F1 $= 99.96\%$, and AUC $= 1.00$ across 5-fold cross-validation, while maintaining interpretable rule activations that support transparency and debugging. The results are competitive with ensemble methods (Random Forest, XGBoost, LightGBM) yet offer explicit explainability through the fuzzy rule base, making the framework suitable for security-critical deployment and auditability. The work also demonstrates rapid convergence and the ability to visualize how specific rules drive decisions, enabling practical adoption in real-world phishing defenses.
Abstract
Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high accuracy and explainability, either failing to detect novel attacks or operating as opaque black-box models. To address this critical gap, we propose a novel phishing URL detection system based on a first-order Takagi-Sugeno-Kang (TSK) fuzzy inference model optimized through gradient-based techniques. Our approach intelligently combines the interpretability and human-like reasoning capabilities of fuzzy logic with the precision and adaptability provided by gradient optimization methods, specifically leveraging the Adam optimizer for efficient parameter tuning. Experiments conducted using a comprehensive dataset of over 235,000 URLs demonstrate rapid convergence, exceptional predictive performance (accuracy averaging 99.95% across 5 cross-validation folds, with a perfect AUC i.e. 1.00). Furthermore, optimized fuzzy rules and membership functions improve interoperability, clearly indicating how the model makes decisions - an essential feature for cybersecurity applications. This high-performance, transparent, and interpretable phishing detection framework significantly advances current cybersecurity defenses, providing practitioners with accurate and explainable decision-making tools.