A Cognitive BDI–BiLSTM Hybrid Framework for Interpretable Email Threat Detection

Email threats continue to pose a significant challenge in cybersecurity, exploiting human vulnerabilities through highly deceptive and context-aware content. This study introduced a novel hybrid detection framework that integrated semantic deep learning with cognitively inspired symbolic reasoning to address these evolving risks. The proposed system utilized a Bidirectional Long Short-Term Memory (BiLSTM) network to capture sequential and linguistic patterns from email content, while a Belief–Desire–Intention (BDI) cognitive agent modeled behavioral indicators, including urgency cues, sender anomalies, and irregular sending patterns. These complementary components were fused within a unified architecture designed to achieve both high predictive accuracy and meaningful cognitive interpretability. To further enhance transparency and facilitate human-in-the-loop decision-making, the BDI-SHAP-X module was developed, combining rule-based symbolic explanations with SHapley Additive exPlanations (SHAP) for localized feature attribution. An experimental evaluation of a comprehensive, enriched email corpus demonstrates the effectiveness of the proposed model, achieving 98.31% accuracy, 97.80% precision, 98.85% recall, 98.32% F1-score, and a ROC-AUC of 99.78%. These results emphasize the framework’s capacity to deliver state-of-the-art detection performance while ensuring interpretable, trustworthy insights essential for safeguarding enterprise and critical communication infrastructures.