IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v25y2023i5d10.1007_s10796-021-10232-7.html
   My bibliography  Save this article

Cyber-risk Management Framework for Online Gaming Firms: an Artificial Neural Network Approach

Author

Listed:
  • Kalpit Sharma

    (Indian Insititute of Management Lucknow)

  • Arunabha Mukhopadhyay

    (Indian Insititute of Management Lucknow)

Abstract

Hackers have used Distributed-Denial-of-Service attacks to overwhelm a firm’s cyber-resources resulting in disrupted access to legitimate end-users. Globally, DDoS attacks cost firms between US$ 120 K to US$ 2 M for each incident. Apart from the monetary loss, they also disrupt service quality and damage the brand reputation of firms. In 2018-2019, Massively Multiplayer Online Gaming (MMOG) firms witnessed 74% of the total DDoS attacks. MMOG firms form a lucrative segment for hackers because of their large customer base and the massive incentive to cause disruptions and losses. Our Feedforward Neural Network-based Cyber-risk Assessment and Mitigation (FNN-CRAM) model consists of three modules: assessment, quantification, and mitigation. The cyber-risk assessment module uses FNN, which takes seven inputs comprising DDoS attack intensity and duration for five DDoS attack types, vulnerability data (i.e., their counts and score), and the vulnerability trends over time. This layer is connected to a ten-neuron hidden layer and one neuron output layer that estimates the probability of these attacks. We also observe that the probability of these DDoS attacks follows a Weibull distribution. Next, our cyber-risk quantification module computes the expected loss. We note that expected losses due to these DDoS attacks follow a gamma distribution. Our cyber-risk mitigation module uses a heat matrix to help the CTO (i) prioritize the cyber-risk associated with a DDoS attack and (ii) decide whether to reduce, accept, or pass the cyber-risk using technological and cyber-insurance interventions.

Suggested Citation

  • Kalpit Sharma & Arunabha Mukhopadhyay, 2023. "Cyber-risk Management Framework for Online Gaming Firms: an Artificial Neural Network Approach," Information Systems Frontiers, Springer, vol. 25(5), pages 1757-1778, October.
    • Handle: RePEc:spr:infosf:v:25:y:2023:i:5:d:10.1007_s10796-021-10232-7
    DOI: 10.1007/s10796-021-10232-7
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-021-10232-7
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-021-10232-7?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Wu, Shu-Ling & Hsu, Chiu-Ping, 2018. "Role of authenticity in massively multiplayer online role playing games (MMORPGs): Determinants of virtual item purchase intention," Journal of Business Research, Elsevier, vol. 92(C), pages 242-249.
    2. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    3. Vijay Desai & Rakesh Bharati, 1998. "A comparison of linear regression and neural network methods for predicting excess returns on large stocks," Annals of Operations Research, Springer, vol. 78(0), pages 127-163, January.
    4. Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
    5. Paul R. Kleindorfer & Howard Kunreuther, 1999. "The Complementary Roles of Mitigation and Insurance in Managing Catastrophic Risks," Risk Analysis, John Wiley & Sons, vol. 19(4), pages 727-738, August.
    6. Huseyin Cavusoglu & Srinivasan Raghunathan & Hasan Cavusoglu, 2009. "Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems," Information Systems Research, INFORMS, vol. 20(2), pages 198-217, June.
    7. Saini Das & Arunabha Mukhopadhyay & Debashis Saha & Samir Sadhukhan, 2019. "A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs," Information Systems Frontiers, Springer, vol. 21(5), pages 959-977, October.
    8. Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Dan J. Kim & Indranil Bose & Arunabha Mukhopadhyay, 2023. "Special Issue on Bright Information and Communication Technologies in the 21st Century," Information Systems Frontiers, Springer, vol. 25(5), pages 1661-1665, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Arora, Ashish & Forman, Chris & Nandkumar, Anand & Telang, Rahul, 2010. "Competition and patching of security vulnerabilities: An empirical analysis," Information Economics and Policy, Elsevier, vol. 22(2), pages 164-177, May.
    2. Terrence August & Duy Dao & Marius Florin Niculescu, 2022. "Economics of Ransomware: Risk Interdependence and Large-Scale Attacks," Management Science, INFORMS, vol. 68(12), pages 8979-9002, December.
    3. Ashish Arora & Ramayya Krishnan & Rahul Telang & Yubao Yang, 2010. "An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure," Information Systems Research, INFORMS, vol. 21(1), pages 115-132, March.
    4. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    5. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    6. Vijay Mookerjee & Radha Mookerjee & Alain Bensoussan & Wei T. Yue, 2011. "When Hackers Talk: Managing Information Security Under Variable Attack Rates and Knowledge Dissemination," Information Systems Research, INFORMS, vol. 22(3), pages 606-623, September.
    7. Zan Zhang & Guofang Nan & Yong Tan, 2020. "Cloud Services vs. On-Premises Software: Competition Under Security Risk and Product Customization," Information Systems Research, INFORMS, vol. 31(3), pages 848-864, September.
    8. Ravi Sen & Joobin Choobineh & Subodha Kumar, 2020. "Determinants of Software Vulnerability Disclosure Timing," Production and Operations Management, Production and Operations Management Society, vol. 29(11), pages 2532-2552, November.
    9. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    10. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    11. Alain Bensoussan & Vijay Mookerjee & Wei T. Yue, 2020. "Managing Information System Security Under Continuous and Abrupt Deterioration," Production and Operations Management, Production and Operations Management Society, vol. 29(8), pages 1894-1917, August.
    12. Xiao Lin, 2020. "Feeling Is Believing? Evidence From Earthquake Shaking Experience and Insurance Demand," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 87(2), pages 351-380, June.
    13. Kai-Lung Hui & Ping Fan Ke & Yuxi Yao & Wei T. Yue, 2019. "Bilateral Liability-Based Contracts in Information Security Outsourcing," Information Systems Research, INFORMS, vol. 30(2), pages 411-429, June.
    14. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    15. Debabrata Dey & Atanu Lahiri & Guoying Zhang, 2015. "Optimal Policies for Security Patch Management," INFORMS Journal on Computing, INFORMS, vol. 27(3), pages 462-477, August.
    16. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    17. Song, Hanqun & Yang, Huijun & Ma, Emily, 2022. "Restaurants’ outdoor signs say more than you think: An enquiry from a linguistic landscape perspective," Journal of Retailing and Consumer Services, Elsevier, vol. 68(C).
    18. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    19. Harish Guda & Milind Dawande & Ganesh Janakiraman, 2021. "“Seemingly‐Beneficial” Interventions," Production and Operations Management, Production and Operations Management Society, vol. 30(10), pages 3337-3353, October.
    20. Yonghua Ji & Subodha Kumar & Vijay Mookerjee, 2016. "When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security," Information Systems Research, INFORMS, vol. 27(4), pages 897-918, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:25:y:2023:i:5:d:10.1007_s10796-021-10232-7. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.