EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A hybrid framework using explainable AI (XAI) in cyber-risk management for defence and recovery against phishing attacks

Baidyanath Biswas, Arunabha Mukhopadhyay, Ajay Kumar (akumar@em-lyon.com) and Dursun Delen
Additional contact information
Baidyanath Biswas: Trinity College Dublin
Arunabha Mukhopadhyay: IIM Lucknow - Indian Institute of Management Lucknow
Ajay Kumar: EM - EMLyon Business School
Dursun Delen: OSU - Oklahoma State University [Stillwater], Istinye University

Post-Print from HAL

Abstract: "Phishing and social engineering contribute to various cyber incidents such as data breaches and ransomware attacks, financial frauds, and denial of service attacks. Often, phishers discuss these attack vectors in dark forums. Further, the probability of phishing attacks and the subsequent loss suffered by the firm are highly correlated. In this context, we propose a hybrid framework using explainable AI techniques to assess cyber-risks generated from correlated phishing attacks. The first phase computes the probability of expert phishers within a community of similar attackers with varying expertise. The second phase calculates the probability of phishing attacks upon a firm even after it has invested in IT security and adopted regulatory steps. The third phase categorises phishing and genuine URLs using various machine-learning-based classifiers. Next, it estimates the joint distribution of phishing attacks using an exponential-beta distribution and quantifies the expected loss using Archimedean Copula. Finally, we offer recommendations for firms through the computation of optimal investments in cyber-insurance versus IT security. First, based on the risk attitude of a firm, it can use this explainable-AI (XAI) framework to optimally invest in building security into its enterprise architecture and plan for cyber-risk mitigation strategies. Second, we identify a long-tail phenomenon demonstrated by the losses suffered during most cyber-attacks, which are not one-off incidents and are correlated. Third, contrary to the belief that cyber-insurance markets are ineffective, it can guide financial firms to design realistic cyber-insurance products."

Keywords: Information security; Explainable AI; Cyber insurance; Bivariate distributions; Copula (search for similar items in EconPapers)
Date: 2024-02
References: Add references at CitEc
Citations:

Published in Decision Support Systems, 2024, 177, 14 p. ⟨10.1016/j.dss.2023.114102⟩

There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:hal:journl:hal-04337020

DOI: 10.1016/j.dss.2023.114102

Access Statistics for this paper

More papers in Post-Print from HAL
Bibliographic data for series maintained by CCSD (hal@ccsd.cnrs.fr).

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to econpapers@oru.se.

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:hal:journl:hal-04337020