Asal, BurcakOyucu, SaadinDogan, FerdiPolat, OnurAksoz, Ahmet2026-02-272026-02-2720251302-09002147-942910.2339/politeknik.1745083http://dx.doi.org/10.2339/politeknik.1745083https://hdl.handle.net/20.500.14669/4559In the changing landscape of cybersecurity threats, phishing emails indicate a persistent and damaging attack vector. This study investigates the effectiveness of deep learning models on a phishing email classification task using tabular data and focusing on TabNet, NODE (Neural Oblivious Decision Ensembles), and FT-Transformer architectures. The utilized dataset includes eight input features capturing linguistic and structural characteristics of emails, with a binary label indicating phishing or normal classification. Additionally, the NearMiss under-sampling approach is applied to address the significant class imbalance. Experimental results demonstrate that while all three models achieve strong performance, the FT-Transformer model outperforms TabNet and NODE by achieving the highest classification accuracy and balanced precision-recall scores. Additionally, explainable artificial intelligence (XAI) methods, SHAP and LIME, are employed to interpret the FT-Transformer model's decision-making process, which highlights the critical role of spelling errors, unique word counts, and urgency-related keywords in phishing detection. The findings emphasize the potential of transformer-based approaches for tabular cybersecurity applications and indicate the importance of interpretable AI in enhancing trust and transparency in phishing detection systems.trinfo:eu-repo/semantics/openAccessExplainable Artificial Intelligence (XAI)TabNetNODEFT-TransformerEmail Phishing ClassificationSHAPLIMEArticle; Early AccessWOS:001609051000001