{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T15:13:25Z","timestamp":1777043605911,"version":"3.51.4"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,2,27]],"date-time":"2025-02-27T00:00:00Z","timestamp":1740614400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,2,27]],"date-time":"2025-02-27T00:00:00Z","timestamp":1740614400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004769","name":"Universit\u00e0 degli Studi di Pavia","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100004769","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Artif Intell Rev"],"abstract":"Abstract<\/jats:title>\n Several explainable AI methods are available, but there is a lack of a systematic comparison of such methods. This paper contributes in this direction, by providing a framework for comparing alternative explanations in terms of complexity and robustness. We exemplify our proposal on a real case study in the cybersecurity domain, namely, phishing website detection. In fact, in this domain explainability is a compelling issue because of its potential benefits for the detection of fraudulent attacks and for the design of efficient security defense mechanisms. For this purpose, we apply our methodology to the machine learning models obtained by analyzing a publicly available dataset containing features extracted from malicious and legitimate web pages. The experiments show that our methodology is quite effective in selecting the explainability method which is, at the same time, less complex and more robust.<\/jats:p>","DOI":"10.1007\/s10462-025-11141-w","type":"journal-article","created":{"date-parts":[[2025,2,27]],"date-time":"2025-02-27T06:28:12Z","timestamp":1740637692000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["An assessment framework for explainable AI with applications to cybersecurity"],"prefix":"10.1007","volume":"58","author":[{"given":"Maria Carla","family":"Calzarossa","sequence":"first","affiliation":[]},{"given":"Paolo","family":"Giudici","sequence":"additional","affiliation":[]},{"given":"Rasha","family":"Zieni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,2,27]]},"reference":[{"key":"11141_CR1","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1016\/j.eswa.2018.07.067","volume":"115","author":"M Adebowale","year":"2019","unstructured":"Adebowale M, Lwin K, S\u00e1nchez E, Hossain M (2019) Intelligent web-phishing detection and protection scheme using integrated features of images, frames and text. Expert Syst Appl 115:300\u2013313","journal-title":"Expert Syst Appl"},{"key":"11141_CR2","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2024.125239","volume":"259","author":"G Babaei","year":"2025","unstructured":"Babaei G, Giudici P, Raffinetti E (2025) A rank graduation box for SAFE Artificial Intelligence. Expert Syst Appl 259:125239","journal-title":"Expert Syst Appl"},{"issue":"1","key":"11141_CR3","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1007\/s11235-020-00733-2","volume":"76","author":"A Basit","year":"2021","unstructured":"Basit A, Zafar M, Liu X, Javed A, Jalil Z, Kifayat K (2021) A comprehensive survey of AI-enabled phishing attacks detection techniques. Telecommun Syst 76(1):139\u2013154","journal-title":"Telecommun Syst"},{"key":"11141_CR4","doi-asserted-by":"crossref","unstructured":"Bracke P, Datta A, Jung C, Shayak S (2019) Machine learning explainability in finance: an application to default risk analysis. Technical report, Staff Working Paper No. 816, Bank of England","DOI":"10.2139\/ssrn.3435104"},{"key":"11141_CR5","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1613\/jair.1.12228","volume":"70","author":"N Burkart","year":"2021","unstructured":"Burkart N, Huber M (2021) A survey on the explainability of supervised machine learning. J Artif Intell Res 70:245\u2013317","journal-title":"J Artif Intell Res"},{"key":"11141_CR6","series-title":"Communications in Computer and Information Science","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1007\/978-3-031-44064-9_28","volume-title":"Explain Artif Intell","author":"M Calzarossa","year":"2023","unstructured":"Calzarossa M, Giudici P, Zieni R (2023) Explainable machine learning for bag of words-based phishing detection. In: Longo L (ed) Explain Artif Intell, vol 1901. Communications in Computer and Information Science. Springer, Cham., pp 531\u2013543"},{"key":"11141_CR7","doi-asserted-by":"crossref","first-page":"362","DOI":"10.1002\/qre.3411","volume":"40","author":"M Calzarossa","year":"2024","unstructured":"Calzarossa M, Giudici P, Zieni R (2024) Explainable machine learning for phishing feature detection. Qual Reliab Eng Int 40:362\u2013373","journal-title":"Qual Reliab Eng Int"},{"key":"11141_CR38","doi-asserted-by":"crossref","unstructured":"Calzarossa M, Giudici P, Zieni R (2025) How robust are ensemble machine learning explanations? Neurocomputing","DOI":"10.2139\/ssrn.4958080"},{"key":"11141_CR8","doi-asserted-by":"crossref","first-page":"93575","DOI":"10.1109\/ACCESS.2022.3204171","volume":"10","author":"N Capuano","year":"2022","unstructured":"Capuano N, Fenza G, Loia V, Stanzione C (2022) Explainable artificial intelligence in cybersecurity: a survey. IEEE Access 10:93575\u201393600","journal-title":"IEEE Access"},{"key":"11141_CR9","doi-asserted-by":"crossref","first-page":"671","DOI":"10.1109\/COMST.2019.2957750","volume":"22","author":"A Das","year":"2020","unstructured":"Das A, Baki S, El Aassal A, Verma R, Dunbar A (2020) SoK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun Surv Tutor 22:671\u2013708","journal-title":"IEEE Commun Surv Tutor"},{"key":"11141_CR10","unstructured":"European Commission: White Paper on Artificial Intelligence: a European approach to excellence and trust. COM\/2020\/65 (2020)"},{"key":"11141_CR11","doi-asserted-by":"crossref","unstructured":"Galego\u00a0Hernandes P, Floret C, Cardozo De\u00a0Almeida K, Da\u00a0Silva V, Papa J, Pontara Da\u00a0Costa K (2021) Phishing detection using URL-based XAI techniques. In: Proceedings of the IEEE symposium series on computational intelligence (SSCI). IEEE, Piscataway, pp. 01\u201306","DOI":"10.1109\/SSCI50451.2021.9659981"},{"key":"11141_CR12","doi-asserted-by":"crossref","unstructured":"Garera S, Provos N, Chew M, Rubin A (2007) A framework for detection and measurement of phishing attacks. In: Proceedings of the ACM workshop on recurring malcode (WORM). ACM, New York, pp. 1\u20138","DOI":"10.1145\/1314389.1314391"},{"issue":"3","key":"11141_CR13","doi-asserted-by":"crossref","first-page":"754","DOI":"10.1007\/s00357-019-09358-w","volume":"37","author":"P Giudici","year":"2020","unstructured":"Giudici P, Raffinetti E (2020) Lorenz model selection. J Classif 37(3):754\u2013768","journal-title":"J Classif"},{"issue":"895","key":"11141_CR14","volume":"167","author":"P Giudici","year":"2021","unstructured":"Giudici P, Raffinetti E (2021) Shapley-lorenz explainable artificial intelligence. Expert Syst Appl 167(895):114104","journal-title":"Expert Syst Appl"},{"key":"11141_CR15","doi-asserted-by":"publisher","DOI":"10.1007\/s11634-023-00574-2","author":"P Giudici","year":"2024","unstructured":"Giudici P, Raffinetti E (2024) RGA: a unified measure of predictive accuracy. Adv Data Anal Classif. https:\/\/doi.org\/10.1007\/s11634-023-00574-2","journal-title":"Adv Data Anal Classif"},{"issue":"5","key":"11141_CR16","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3236009","volume":"51","author":"R Guidotti","year":"2018","unstructured":"Guidotti R, Monreale A, Ruggieri S, Turini F, Giannotti F, Pedreschi D (2018) A survey of methods for explaining black box models. ACM Comput Surv (CSUR) 51(5):1\u201342","journal-title":"ACM Comput Surv (CSUR)"},{"key":"11141_CR17","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.comcom.2021.04.023","volume":"175","author":"B Gupta","year":"2021","unstructured":"Gupta B, Yadav K, Razzak I, Psannis K, Castiglione A, Chang X (2021) A novel approach for phishing URLs detection using lexical based machine learning in a real-time environment. Comput Commun 175:47\u201357","journal-title":"Comput Commun"},{"issue":"4","key":"11141_CR18","doi-asserted-by":"crossref","first-page":"687","DOI":"10.1007\/s11235-017-0414-0","volume":"68","author":"A Jain","year":"2018","unstructured":"Jain A, Gupta B (2018) Towards detection of phishing websites on client-side using machine learning based approach. Telecommun Syst 68(4):687\u2013700","journal-title":"Telecommun Syst"},{"issue":"7","key":"11141_CR19","doi-asserted-by":"crossref","first-page":"9233","DOI":"10.1007\/s12652-022-04426-3","volume":"14","author":"S Jalil","year":"2023","unstructured":"Jalil S, Usman M, Fong A (2023) Highly accurate phishing URL detection based on machine learning. J Ambient Intell Humaniz Comput 14(7):9233\u20139251","journal-title":"J Ambient Intell Humaniz Comput"},{"issue":"19","key":"11141_CR20","doi-asserted-by":"crossref","first-page":"29431","DOI":"10.1007\/s11042-023-14731-4","volume":"82","author":"A Jha","year":"2023","unstructured":"Jha A, Muthalagu R, Pawar P (2023) Intelligent phishing website detection using machine learning. Multimed Tools Appl 82(19):29431\u201329456","journal-title":"Multimed Tools Appl"},{"key":"11141_CR21","doi-asserted-by":"crossref","first-page":"36805","DOI":"10.1109\/ACCESS.2023.3252366","volume":"11","author":"A Karim","year":"2023","unstructured":"Karim A, Shahroz M, Mustofa K, Belhaouari S, Joga S (2023) Phishing detection system through hybrid machine learning based on URL. IEEE Access 11:36805\u201336822","journal-title":"IEEE Access"},{"issue":"434","key":"11141_CR22","doi-asserted-by":"crossref","first-page":"873","DOI":"10.1080\/01621459.1996.10476955","volume":"91","author":"G Koshevoy","year":"1996","unstructured":"Koshevoy G, Mosler K (1996) The Lorenz Zonoid of a multivariate distribution. J Am Stat Assoc 91(434):873\u2013882","journal-title":"J Am Stat Assoc"},{"key":"11141_CR23","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/j.future.2018.11.004","volume":"94","author":"Y Li","year":"2019","unstructured":"Li Y, Yang Z, Chen X, Yuan H, Liu W (2019) A stacking model using URL and HTML features for phishing webpage detection. Future Gener Comput Syst 94:27\u201339","journal-title":"Future Gener Comput Syst"},{"issue":"70","key":"11141_CR24","first-page":"209","volume":"9","author":"M Lorenz","year":"1905","unstructured":"Lorenz M (1905) Methods of measuring the concentration of wealth. Publ Am Stat Assoc 9(70):209\u2013219","journal-title":"Publ Am Stat Assoc"},{"key":"11141_CR25","unstructured":"Lundberg SM, Lee S-I (2017) A unified approach to interpreting model predictions. In: Guyon, I., Luxburg, U.V., Bengio, S., Wallach, H., Fergus, R., Vishwanathan, S., Garnett, R. (eds.) Proceedings of the 31st international conference on neural information processing systems (NIPS). Curran Associates, New York, pp. 4768\u20134777"},{"key":"11141_CR26","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.artint.2018.07.007","volume":"267","author":"T Miller","year":"2019","unstructured":"Miller T (2019) Explanation in artificial intelligence: insights from the social sciences. Artif Intell 267:1\u201338","journal-title":"Artif Intell"},{"key":"11141_CR27","doi-asserted-by":"crossref","first-page":"3503","DOI":"10.1007\/s10462-021-10088-y","volume":"55","author":"D Minh","year":"2022","unstructured":"Minh D, Wang X, Li F, Nguyen N (2022) Explainable artificial intelligence: a comprehensive review. Artif Intell Rev 55:3503\u20133568","journal-title":"Artif Intell Rev"},{"key":"11141_CR28","doi-asserted-by":"crossref","unstructured":"Nadeem A, Vos D, Cao C, Pajola L, Dieck S, Baumgartner R, Verwer S (2023) Sok: explainable machine learning for computer security applications. In: Proceedings of the IEEE 8th European symposium on security and privacy (EuroS &P). IEEE, Piscataway, pp. 221\u2013240","DOI":"10.1109\/EuroSP57164.2023.00022"},{"issue":"4","key":"11141_CR29","doi-asserted-by":"crossref","first-page":"881","DOI":"10.1007\/s10207-023-00672-4","volume":"22","author":"P Pandey","year":"2023","unstructured":"Pandey P, Mishra N (2023) Phish-sight: a new approach for phishing detection using dominant colors on web pages and machine learning. Int J Inf Secur 22(4):881\u2013891","journal-title":"Int J Inf Secur"},{"key":"11141_CR30","doi-asserted-by":"crossref","unstructured":"Poddar S, Chowdhury D, Dwivedi A, Mukkamala R (2022) Data driven based malicious URL detection using explainable AI. In: Proceedings of the IEEE international conference on trust, security and privacy in computing and communications (TrustCom), pp. 1266\u20131272","DOI":"10.1109\/TrustCom56396.2022.00176"},{"issue":"8","key":"11141_CR31","doi-asserted-by":"crossref","first-page":"3851","DOI":"10.1007\/s00521-017-3305-0","volume":"31","author":"R Rao","year":"2019","unstructured":"Rao R, Pais A (2019) Detection of phishing websites using an efficient feature-based machine learning framework. Neural Comput Appl 31(8):3851\u20133873","journal-title":"Neural Comput Appl"},{"key":"11141_CR32","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1016\/j.eswa.2018.09.029","volume":"117","author":"O Sahingoz","year":"2019","unstructured":"Sahingoz O, Buber E, Demir O, Diri B (2019) Machine learning based phishing detection from URLs. Expert Syst Appl 117:345\u2013357","journal-title":"Expert Syst Appl"},{"key":"11141_CR33","first-page":"307","volume-title":"Contributions to the theory of games II","author":"L Shapley","year":"1953","unstructured":"Shapley L (1953) A value for $$n$$-person games. In: Kuhn H, Tucker A (eds) Contributions to the theory of games II. Princeton University Press, Princeton, pp 307\u2013317"},{"key":"11141_CR34","doi-asserted-by":"publisher","DOI":"10.17632\/h3cgnj8hft","author":"C Tan","year":"2018","unstructured":"Tan C (2018) Phishing dataset for machine learning: feature evaluation. Mendeley Data. https:\/\/doi.org\/10.17632\/h3cgnj8hft","journal-title":"Mendeley Data"},{"key":"11141_CR35","doi-asserted-by":"crossref","unstructured":"Tupsamudre H, Singh A, Lodha S (2019) Everything is in the name - a URL based approach for phishing detection. In: Dolev S, Hendler D, Lodha S, Yung M (eds) Cyber security cryptography and machine learning, vol 11527. Lecture Notes in Computer Science. Springer, Cham, pp 231\u2013248","DOI":"10.1007\/978-3-030-20951-3_21"},{"key":"11141_CR36","doi-asserted-by":"crossref","first-page":"93104","DOI":"10.1109\/ACCESS.2022.3204051","volume":"10","author":"Z Zhang","year":"2022","unstructured":"Zhang Z, Al Hamadi H, Damiani E, Yeun C, Taher F (2022) Explainable artificial intelligence applications in cyber security: state-of-the-art in research. IEEE Access 10:93104\u201393139","journal-title":"IEEE Access"},{"key":"11141_CR37","doi-asserted-by":"crossref","first-page":"18499","DOI":"10.1109\/ACCESS.2023.3247135","volume":"11","author":"R Zieni","year":"2023","unstructured":"Zieni R, Massari L, Calzarossa M (2023) Phishing or not phishing? A survey on the detection of phishing websites. IEEE Access 11:18499\u201318519","journal-title":"IEEE Access"}],"container-title":["Artificial Intelligence Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-025-11141-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10462-025-11141-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-025-11141-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,4]],"date-time":"2025-04-04T07:19:03Z","timestamp":1743751143000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10462-025-11141-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,27]]},"references-count":38,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2025,5]]}},"alternative-id":["11141"],"URL":"https:\/\/doi.org\/10.1007\/s10462-025-11141-w","relation":{},"ISSN":["1573-7462"],"issn-type":[{"value":"1573-7462","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,27]]},"assertion":[{"value":"6 February 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 February 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"150"}}