{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T01:19:59Z","timestamp":1772500799778,"version":"3.50.1"},"reference-count":43,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,9,30]],"date-time":"2025-09-30T00:00:00Z","timestamp":1759190400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Expert Systems with Applications"],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1016\/j.eswa.2025.129920","type":"journal-article","created":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T05:54:51Z","timestamp":1759298091000},"page":"129920","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"PA","title":["A hybrid FAIR and XGBoost framework for cyber-risk intelligence and expected loss prediction"],"prefix":"10.1016","volume":"299","author":[{"given":"Chioma Ngozi","family":"Nwafor","sequence":"first","affiliation":[]},{"given":"Obumneme","family":"Nwafor","sequence":"additional","affiliation":[]},{"given":"Sanjukta","family":"Brahma","sequence":"additional","affiliation":[]},{"given":"Madhusudan","family":"Acharyya","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.eswa.2025.129920_b0005","article-title":"A robust statistical framework for cyber-vulnerability prioritisation under partial information in threat intelligence","volume":"25","author":"Angelelli","year":"2024","journal-title":"Expert Systems with Applications"},{"key":"10.1016\/j.eswa.2025.129920_b0010","doi-asserted-by":"crossref","DOI":"10.1016\/j.dajour.2023.100307","article-title":"A novel ensemble method for enhancing internet of things device security against botnet attacks","volume":"8","author":"Arshad","year":"2023","journal-title":"Decision Analytics Journal"},{"key":"10.1016\/j.eswa.2025.129920_b0015","article-title":"A survey of cross-validation procedures for model selection","author":"Arlot","year":"2009","journal-title":"ArXiv"},{"issue":"2","key":"10.1016\/j.eswa.2025.129920_b0020","doi-asserted-by":"crossref","DOI":"10.3390\/risks8020061","article-title":"A multivariate model to quantify and mitigate cybersecurity risk","volume":"8","author":"Bentley","year":"2020","journal-title":"Risks"},{"key":"10.1016\/j.eswa.2025.129920_b0030","doi-asserted-by":"crossref","unstructured":"Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5-32. Available at https:\/\/link.springer.com\/content\/pdf\/10.1023\/A%3A1010933404324.pdf. Accessed on 29\/08\/2025.","DOI":"10.1023\/A:1010933404324"},{"key":"10.1016\/j.eswa.2025.129920_b9015","series-title":"NIST Cybersecurity Framework: A pocket guide","author":"Calder","year":"2018"},{"key":"10.1016\/j.eswa.2025.129920_b0035","doi-asserted-by":"crossref","unstructured":"Chen, T., & Guestrin, C. (2016). XGBoost: A scalable tree boosting system. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 13-17-August-2016. https:\/\/doi.org\/10.1145\/2939672.2939785.","DOI":"10.1145\/2939672.2939785"},{"key":"10.1016\/j.eswa.2025.129920_b0040","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1023\/A:1022627411411","article-title":"Support-vector networks","volume":"20","author":"Cortes","year":"1995","journal-title":"Machine Learning"},{"key":"10.1016\/j.eswa.2025.129920_b9000","unstructured":"DIRECTIVE (EU) 2022\/2555 Of The European Parliament and Of The Council (December 2022). Available at https:\/\/eur-lex.europa.eu\/eli\/dir\/2022\/2555\/oj."},{"key":"10.1016\/j.eswa.2025.129920_b0045","unstructured":"Dubois, E., Omer Keskin, M. F., & Tatar, U. (2022). Cyber Risk Modelling Methods and Data Sets: A Systematic Interdisciplinary Literature Review for Actuaries Cyber Risk Modelling Methods and Data Sets A Systematic Interdisciplinary Literature Review for Actuaries. Available at https:\/\/www.soa.org\/4a81c2\/globalassets\/assets\/files\/resources\/research-report\/2022\/cyber-risk-modeling.pdf#:\u223c:text=approaches%20in%20the%20insurance%20industry,where%20random%20number%20generation%20is. Accessed on 29\/08\/2025."},{"issue":"1","key":"10.1016\/j.eswa.2025.129920_b0055","doi-asserted-by":"crossref","first-page":"717","DOI":"10.32604\/cmc.2023.041186","article-title":"Internet of things (IoT) security Enhancement using XGboost Machine Learning Techniques","volume":"77","author":"Doghramachi","year":"2023","journal-title":"Computers, Materials & Continua"},{"key":"10.1016\/j.eswa.2025.129920_b0060","unstructured":"EUR-Lex. (2022, December 14). Directive (EU) 2022\/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union (NIS2 Directive)."},{"issue":"3","key":"10.1016\/j.eswa.2025.129920_b0065","doi-asserted-by":"crossref","DOI":"10.1111\/itor.12726","article-title":"Conditional value-at-risk beyond finance: A survey","volume":"27","author":"Filippi","year":"2020","journal-title":"International Transactions in Operational Research"},{"issue":"2","key":"10.1016\/j.eswa.2025.129920_b0070","doi-asserted-by":"crossref","DOI":"10.3390\/math12020343","article-title":"Application of structural equation modelling to cybersecurity risk analysis in the era of industry 4.0","volume":"12","author":"Gomb\u00e1r","year":"2024","journal-title":"Mathematics"},{"key":"10.1016\/j.eswa.2025.129920_b0075","unstructured":"Goyal, P., Sanna N., & Tucker, T. (2025). A FAIR Framework for Effective Cyber Risk Management Leveraging the FAIR Model, FAIR-CAM, and FAIR-MAM to Align Cybersecurity Efforts with Business Priorities and Regulatory Compliance A FAIR Framework for Effective Cyber Risk Management. www.FAIRInstitute.org."},{"key":"10.1016\/j.eswa.2025.129920_b0080","doi-asserted-by":"crossref","unstructured":"Hastie, T., Tibshirani, R., & Friedman, J. (2009). The Elements of Statistical Learning: Data Mining, Inference, and Prediction (2nd ed.). Springer. Available at https:\/\/link.springer.com\/book\/10.1007\/978-0-387-84858-7.","DOI":"10.1007\/978-0-387-84858-7"},{"issue":"2","key":"10.1016\/j.eswa.2025.129920_b0085","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1287\/ijoc.2013.0572","article-title":"Conditional value-at-risk approximation to value-at-risk constrained programs: A remedy via Monte Carlo","volume":"26","author":"Hong","year":"2014","journal-title":"INFORMS Journal on Computing"},{"key":"10.1016\/j.eswa.2025.129920_b0090","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.119734","article-title":"Deep VULMAN: A deep reinforcement learning-enabled cyber vulnerability management framework","volume":"221","author":"Hore","year":"2023","journal-title":"Expert Systems with Applications"},{"key":"10.1016\/j.eswa.2025.129920_b0095","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2017.09.053","article-title":"Quantifying the resilience of machine learning classifiers used for cyber security","volume":"92","author":"Katzir","year":"2018","journal-title":"Expert Systems with Applications"},{"key":"10.1016\/j.eswa.2025.129920_b0100","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.121599","article-title":"A cyber risk prediction model using common vulnerabilities and exposures","volume":"237","author":"Kia","year":"2024","journal-title":"Expert Systems with Applications"},{"key":"10.1016\/j.eswa.2025.129920_b0105","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2025.110431","article-title":"Enhancing cybersecurity in Agriculture 4.0: A high-performance hybrid deep learning-based framework for DDoS attack detection","volume":"126","author":"Kaliyaperumal","year":"2025","journal-title":"Computers and Electrical Engineering"},{"key":"10.1016\/j.eswa.2025.129920_b0110","unstructured":"Kohavi, R. (1995). A study of cross-validation and bootstrap for accuracy estimation and model selection. Stanford University. Available at https:\/\/www.ijcai.org\/Proceedings\/95-2\/Papers\/016.pdf. Accessed on 29\/08\/2025."},{"key":"10.1016\/j.eswa.2025.129920_b0115","unstructured":"Locher, C. (2005). Association for Information Systems AIS Electronic Library (AISeL) Methodologies for Evaluating Information Security Investments-What Basel II Can Change in the Financial Industry. http:\/\/aisel.aisnet.org\/ecis2005."},{"key":"10.1016\/j.eswa.2025.129920_b0120","unstructured":"Lundberg, S. M., & Lee, S. I. (2017). A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems, 2017-December."},{"key":"10.1016\/j.eswa.2025.129920_b0125","series-title":"Quantitative risk management: Concepts, techniques, and tools","author":"McNeil","year":"2005"},{"issue":"5","key":"10.1016\/j.eswa.2025.129920_b0130","doi-asserted-by":"crossref","DOI":"10.1007\/s10796-017-9808-5","article-title":"Cyber risk assessment and mitigation (CRAM) framework using logit and probit models for cyber insurance","volume":"21","author":"Mukhopadhyay","year":"2019","journal-title":"Information Systems Frontiers"},{"key":"10.1016\/j.eswa.2025.129920_b0135","unstructured":"National Institute of Standards and Technology (NIST). (2024). Framework for Improving Critical Infrastructure Cybersecurity, Version 2.0. U.S. Department of Commerce. https:\/\/www.nist.gov\/cyberframework."},{"key":"10.1016\/j.eswa.2025.129920_b0140","article-title":"Perspective Chapter: Application of Monte Carlo Methods in Strategic Business Decisions","author":"Nwafor","year":"2023","journal-title":"In Data and decision sciences- recent advances and applications"},{"issue":"1","key":"10.1016\/j.eswa.2025.129920_b0145","doi-asserted-by":"crossref","first-page":"25174","DOI":"10.1038\/s41598-024-75026-8","article-title":"Enhancing transparency and fairness in automated credit decisions: An explainable novel hybrid machine learning approach","volume":"14","author":"Nwafor","year":"2024","journal-title":"Scientific Reports"},{"key":"10.1016\/j.eswa.2025.129920_b0150","doi-asserted-by":"crossref","DOI":"10.1016\/j.frl.2023.104084","article-title":"Determinants of non-performing loans: An explainable ensemble and deep neural network approach","volume":"56","author":"Nwafor","year":"2023","journal-title":"Finance Research Letters"},{"key":"10.1016\/j.eswa.2025.129920_b0155","article-title":"November 3). SolarWinds hack explained: Everything you need to know","author":"Oladimeji","year":"2024","journal-title":"TechTarget and Informa Tech\u2019s Digital Businesses Combine. Available at"},{"issue":"10","key":"10.1016\/j.eswa.2025.129920_b0160","doi-asserted-by":"crossref","DOI":"10.3390\/risks9100184","article-title":"Cyber risk quantification: Investigating the role of cyber value at risk","volume":"9","author":"Orlando","year":"2021","journal-title":"Risks"},{"key":"10.1016\/j.eswa.2025.129920_b0165","series-title":"Operational risk: Modeling analytics","author":"Panjer","year":"2006"},{"key":"10.1016\/j.eswa.2025.129920_b0170","unstructured":"Ramon, H. (2024). The Recipe for Cybersecurity Maturity Using NIST CSF 2.0. Available at https:\/\/cyesec.com\/blog\/recipe-cybersecurity-maturity-using-nist-csf-2-0#:\u223c:text=How%20can%20you%20measure%20the,organization%E2%80%94and%20then%20do%20the%20following. Accessed on 29\/08\/2025."},{"issue":"3","key":"10.1016\/j.eswa.2025.129920_b9010","doi-asserted-by":"crossref","first-page":"91","DOI":"10.3390\/risks7030091","article-title":"Bigger Is Not Always Safer: A Critical Analysis of the Subadditivity Assumption for Coherent Risk Measures","volume":"7","author":"Rau-Bredow","year":"2019","journal-title":"Risks"},{"key":"10.1016\/j.eswa.2025.129920_b0175","article-title":"\u201cWhy should I Trust you?\u201d: Explaining the predictions of any Classifier","author":"Ribeiro","year":"2016","journal-title":"ArXiv"},{"key":"10.1016\/j.eswa.2025.129920_b0180","unstructured":"Rieben, R (2022). How to Score HITRUST CSF\u00ae Controls. Available at https:\/\/linfordco.com\/blog\/hitrust-csf-controls-scoring\/#:\u223c:text=How%20are%20HITRUST%20Control%20Scores,Calculated. Accessed on 29\/08\/2025."},{"key":"10.1016\/j.eswa.2025.129920_b9005","author":"SEC"},{"key":"10.1016\/j.eswa.2025.129920_b0185","volume":"17","author":"Shapley","year":"2016","journal-title":"A Value for n-Person Games. In Contributions to the Theory of Games (AM-28), Volume II."},{"issue":"5","key":"10.1016\/j.eswa.2025.129920_b0190","doi-asserted-by":"crossref","DOI":"10.1007\/s10796-021-10232-7","article-title":"Cyber-risk management framework for online gaming firms: An Artificial neural network approach","volume":"25","author":"Sharma","year":"2023","journal-title":"Information Systems Frontiers"},{"key":"10.1016\/j.eswa.2025.129920_b0195","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1023\/B:STCO.0000035301.49549.88","article-title":"A tutorial on support vector regression","volume":"14","author":"Smola","year":"2004","journal-title":"Statistics and Computing"},{"key":"10.1016\/j.eswa.2025.129920_b9020","author":"Tucker"},{"key":"10.1016\/j.eswa.2025.129920_b0200","unstructured":"Watney, M. (2022). Cybersecurity Threats to and Cyberattacks on Critical Infrastructure: A Legal Perspective. https:\/\/www.npr.org\/2021\/04\/29\/991333036\/biden-."}],"container-title":["Expert Systems with Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0957417425035353?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0957417425035353?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T00:36:21Z","timestamp":1772498181000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0957417425035353"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":43,"alternative-id":["S0957417425035353"],"URL":"https:\/\/doi.org\/10.1016\/j.eswa.2025.129920","relation":{},"ISSN":["0957-4174"],"issn-type":[{"value":"0957-4174","type":"print"}],"subject":[],"published":{"date-parts":[[2026,3]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"A hybrid FAIR and XGBoost framework for cyber-risk intelligence and expected loss prediction","name":"articletitle","label":"Article Title"},{"value":"Expert Systems with Applications","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.eswa.2025.129920","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2025 The Authors. Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"129920"}}