An Explainable Hybrid SVM Framework for Spam and
Malicious Email Detection in Enterprise Information
Systems
Mahmoud A. Zaher1,∗, Nabil M. Eldakhly2
1Asso. prof. Faculty of Artificial Intelligence and Information, Horus University (HUE), Egypt
2Asso. prof. Faculty of Computers and Information, Egypt
Emails: mzaher@horus.edu.eg; nabil.omr@sadatacademy.edu.eg
Abstract
Email has been a key communication and information-management tool in contemporary organizations, yet
it is also one of the most misused avenues to spam, fraud, credential theft, and malicious code delivery.
Lightweight and reproducible detection models are especially useful to universities, public institutions, and
small-to-medium enterprises which might not have access to costly proprietary filtering infrastructures because
of the operational relevance of email security. In this paper I suggest an Explainable Hybrid SVM Framework
(EHSF) to detect spam and malicious-risk email in a business information system. The framework integrates
TF–IDF representation of text with lightweight risk-based email indicators, such as structural and lexical cues
that can be obtained at low computation cost. An external Enron- Spam data were used so that it may be
reproducible and will be checked later by the reviewers and readers. The experimentation process was coded
in Python and assessed in terms of accuracy, precision, recall, F1-score, ROC-AUC, and confusion-matrix.
These findings demonstrate that the suggested Linear SVM-based framework has the highest overall perfor-
mance with accuracy of 0.9853, precision of 0.9818, recall of 0.9893, F1-score of 0.9855, and ROC-AUC
of 0.9981 on the held-out test set. The confusion matrix shows that there were only 34 false negatives and
58 false positives which show that there was a good discrimination between ham and spam classes. Besides
the predictive performance, the framework provides an interpretable layer based on the analysis of influential
lexical indicators related to risky and legitimate enterprise emails. The research adds a replicable and opera-
tionally viable methodology that complies with the needs of cybersecurity and information-management, and
is lightweight enough to be implemented in the real-life setting within an organization.
Keywords: Email security; Spam detection; Support vector machine; Cybersecurity; Information manage-
ment; Text mining; Explainable machine learning