An Explainable Hybrid SVM Framework for Spam and Malicious Email Detection in Enterprise Information Systems

Journal of Cybersecurity and Information Management JCIM 2690-6775 2769-7851 10.54216/JCIM https://www.americaspg.com/journals/show/4303 2019 2019 An Explainable Hybrid SVM Framework for Spam and Malicious Email Detection in Enterprise Information Systems Asso. prof. Faculty of Artificial Intelligence and Information, Horus University (HUE), Egypt Mahmoud Mahmoud Asso. prof. Faculty of Computers and Information, Egypt Nabil M. Eldakhly Email has been a key communication and information-management tool in contemporary organizations, yet it is also one of the most misused avenues to spam, fraud, credential theft, and malicious code delivery. Lightweight and reproducible detection models are especially useful to universities, public institutions, and small-to-medium enterprises which might not have access to costly proprietary filtering infrastructures because of the operational relevance of email security. In this paper I suggest an Explainable Hybrid SVM Framework (EHSF) to detect spam and malicious-risk email in a business information system. The framework integrates TF–IDF representation of text with lightweight risk-based email indicators, such as structural and lexical cues that can be obtained at low computation cost. An external Enron- Spam data were used so that it may be reproducible and will be checked later by the reviewers and readers. The experimentation process was coded in Python and assessed in terms of accuracy, precision, recall, F1-score, ROC-AUC, and confusion-matrix. These findings demonstrate that the suggested Linear SVM-based framework has the highest overall performance with accuracy of 0.9853, precision of 0.9818, recall of 0.9893, F1-score of 0.9855, and ROC-AUC of 0.9981 on the held-out test set. The confusion matrix shows that there were only 34 false negatives and 58 false positives which show that there was a good discrimination between ham and spam classes. Besides the predictive performance, the framework provides an interpretable layer based on the analysis of influential lexical indicators related to risky and legitimate enterprise emails. The research adds a replicable and operationally viable methodology that complies with the needs of cybersecurity and information-management, and is lightweight enough to be implemented in the real-life setting within an organization. 2026 2026 45 55 10.54216/JCIM.180103 https://www.americaspg.com/articleinfo/2/show/4303