A hybrid framework using explainable AI (XAI) in cyber-risk management for defence and recovery against phishing attacks

Abstract

Phishing and social engineering contribute to various cyber incidents such as data breaches and ransomware attacks, financial frauds, and denial of service attacks. Often, phishers discuss these attack vectors in dark forums. Further, the probability of phishing attacks and the subsequent loss suffered by the firm are highly correlated. In this context, we propose a hybrid framework using explainable AI techniques to assess cyber-risks generated from correlated phishing attacks. The first phase computes the probability of expert phishers within a community of similar attackers with varying expertise. The second phase calculates the probability of phishing attacks upon a firm even after it has invested in IT security and adopted regulatory steps. The third phase categorises phishing and genuine URLs using various machine-learning-based classifiers. Next, it estimates the joint distribution of phishing attacks using an exponential-beta distribution and quantifies the expected loss using Archimedean Copula. Finally, we offer recommendations for firms through the computation of optimal investments in cyber-insurance versus IT security. First, based on the risk attitude of a firm, it can use this explainable-AI (XAI) framework to optimally invest in building security into its enterprise architecture and plan for cyber-risk mitigation strategies. Second, we identify a long-tail phenomenon demonstrated by the losses suffered during most cyber-attacks, which are not one-off incidents and are correlated. Third, contrary to the belief that cyber-insurance markets are ineffective, it may guide financial firms to design realistic cyber-insurance products.