{"id":"https://openalex.org/W7128537058","doi":"https://doi.org/10.1007/s10207-026-01218-0","title":"Hybrid AI-Based dynamic risk assessment framework with explainable AI practices for composite product cybersecurity certification","display_name":"Hybrid AI-Based dynamic risk assessment framework with explainable AI practices for composite product cybersecurity certification","publication_year":2026,"publication_date":"2026-02-10","ids":{"openalex":"https://openalex.org/W7128537058","doi":"https://doi.org/10.1007/s10207-026-01218-0"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-026-01218-0","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01218-0","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01218-0.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01218-0.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Shareeful Islam","orcid":null},"institutions":[{"id":"https://openalex.org/I51216347","display_name":"Anglia Ruskin University","ror":"https://ror.org/0009t4v78","country_code":"GB","type":"education","lineage":["https://openalex.org/I51216347"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Shareeful Islam","raw_affiliation_strings":["School of Computing and Information Science, Anglia Ruskin University, Cambridge, U.K"],"affiliations":[{"raw_affiliation_string":"School of Computing and Information Science, Anglia Ruskin University, Cambridge, U.K","institution_ids":["https://openalex.org/I51216347"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119666426","display_name":"Bilal Sardar","orcid":null},"institutions":[{"id":"https://openalex.org/I51216347","display_name":"Anglia Ruskin University","ror":"https://ror.org/0009t4v78","country_code":"GB","type":"education","lineage":["https://openalex.org/I51216347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Bilal Sardar","raw_affiliation_strings":["School of Computing and Information Science, Anglia Ruskin University, Cambridge, U.K"],"affiliations":[{"raw_affiliation_string":"School of Computing and Information Science, Anglia Ruskin University, Cambridge, U.K","institution_ids":["https://openalex.org/I51216347"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125558214","display_name":"Eleni Maria Kalogeraki","orcid":null},"institutions":[{"id":"https://openalex.org/I4210150367","display_name":"BH Consulting (Ireland)","ror":"https://ror.org/04sbmz064","country_code":"IE","type":"company","lineage":["https://openalex.org/I4210150367"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Eleni Maria Kalogeraki","raw_affiliation_strings":["Security Lab Consulting, Cork, Ireland"],"affiliations":[{"raw_affiliation_string":"Security Lab Consulting, Cork, Ireland","institution_ids":["https://openalex.org/I4210150367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053994100","display_name":"Kostas I. Lampropoulos","orcid":"https://orcid.org/0000-0002-6220-0222"},"institutions":[{"id":"https://openalex.org/I174878644","display_name":"University of Patras","ror":"https://ror.org/017wvtq80","country_code":"GR","type":"education","lineage":["https://openalex.org/I174878644"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Kostas Lampropoulos","raw_affiliation_strings":["Emerging Networks & Vertical Applications, p-NET, Patras, Greece"],"affiliations":[{"raw_affiliation_string":"Emerging Networks & Vertical Applications, p-NET, Patras, Greece","institution_ids":["https://openalex.org/I174878644"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011195262","display_name":"Spyridon Papastergiou","orcid":null},"institutions":[{"id":"https://openalex.org/I154757721","display_name":"University of Piraeus","ror":"https://ror.org/02qs84g94","country_code":"GR","type":"education","lineage":["https://openalex.org/I154757721"]},{"id":"https://openalex.org/I4210096652","display_name":"Ospedale di Rivoli","ror":"https://ror.org/00swfce58","country_code":"IT","type":"healthcare","lineage":["https://openalex.org/I4210096652"]}],"countries":["GR","IT"],"is_corresponding":false,"raw_author_name":"Spyridon Papastergiou","raw_affiliation_strings":["Department of Informatics, University of Piraeus, Piraeus, Greece","Research and Innovation, MAGGIOLI S.P.A., Santarcangelo di Romagna, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, University of Piraeus, Piraeus, Greece","institution_ids":["https://openalex.org/I154757721"]},{"raw_affiliation_string":"Research and Innovation, MAGGIOLI S.P.A., Santarcangelo di Romagna, Italy","institution_ids":["https://openalex.org/I4210096652"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I51216347"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":67.0333,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.99553099,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"25","issue":"2","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.7653999924659729,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.7653999924659729,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.028599999845027924,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.02590000070631504,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.6100000143051147},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6051999926567078},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.5555999875068665},{"id":"https://openalex.org/keywords/workgroup","display_name":"Workgroup","score":0.5443999767303467},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5435000061988831},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5042999982833862},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.47209998965263367},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4528000056743622},{"id":"https://openalex.org/keywords/conformity-assessment","display_name":"Conformity assessment","score":0.44600000977516174},{"id":"https://openalex.org/keywords/conformity","display_name":"Conformity","score":0.4374000132083893}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7476000189781189},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6676999926567078},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.6100000143051147},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6051999926567078},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.5555999875068665},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5480999946594238},{"id":"https://openalex.org/C95423123","wikidata":"https://www.wikidata.org/wiki/Q622178","display_name":"Workgroup","level":2,"score":0.5443999767303467},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5435000061988831},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5042999982833862},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.47209998965263367},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4528000056743622},{"id":"https://openalex.org/C5911748","wikidata":"https://www.wikidata.org/wiki/Q4072285","display_name":"Conformity assessment","level":2,"score":0.44600000977516174},{"id":"https://openalex.org/C142172996","wikidata":"https://www.wikidata.org/wiki/Q221284","display_name":"Conformity","level":2,"score":0.4374000132083893},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4050999879837036},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3952000141143799},{"id":"https://openalex.org/C514067365","wikidata":"https://www.wikidata.org/wiki/Q16155280","display_name":"Product certification","level":3,"score":0.39489999413490295},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.35920000076293945},{"id":"https://openalex.org/C90673727","wikidata":"https://www.wikidata.org/wiki/Q901718","display_name":"Product (mathematics)","level":2,"score":0.35019999742507935},{"id":"https://openalex.org/C188087704","wikidata":"https://www.wikidata.org/wiki/Q369577","display_name":"Standardization","level":2,"score":0.3384000062942505},{"id":"https://openalex.org/C95609273","wikidata":"https://www.wikidata.org/wiki/Q5975208","display_name":"IT risk management","level":3,"score":0.3271999955177307},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3077000081539154},{"id":"https://openalex.org/C2777306048","wikidata":"https://www.wikidata.org/wiki/Q1116124","display_name":"Common Criteria","level":2,"score":0.304500013589859},{"id":"https://openalex.org/C164403151","wikidata":"https://www.wikidata.org/wiki/Q7336280","display_name":"Risk management framework","level":4,"score":0.2946000099182129},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.2913999855518341},{"id":"https://openalex.org/C2780513070","wikidata":"https://www.wikidata.org/wiki/Q5318946","display_name":"Dynamic assessment","level":2,"score":0.2874000072479248},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2802000045776367},{"id":"https://openalex.org/C2778868856","wikidata":"https://www.wikidata.org/wiki/Q18394273","display_name":"Threat assessment","level":2,"score":0.27639999985694885},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.25380000472068787},{"id":"https://openalex.org/C37945671","wikidata":"https://www.wikidata.org/wiki/Q7336207","display_name":"Risk-based testing","level":5,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-026-01218-0","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01218-0","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01218-0.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-026-01218-0","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01218-0","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01218-0.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.4194044768810272}],"awards":[{"id":"https://openalex.org/G1897885129","display_name":null,"funder_award_id":"101120779","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G1925047496","display_name":null,"funder_award_id":"101120684","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G6599198790","display_name":null,"funder_award_id":"101120779","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"},{"id":"https://openalex.org/G8051717526","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8318064016","display_name":null,"funder_award_id":"Horizon","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7128537058.pdf","grobid_xml":"https://content.openalex.org/works/W7128537058.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W2039240409","https://openalex.org/W2102636708","https://openalex.org/W2122825543","https://openalex.org/W2143481518","https://openalex.org/W2314720829","https://openalex.org/W2896632748","https://openalex.org/W2911964244","https://openalex.org/W3205925097","https://openalex.org/W4308328479","https://openalex.org/W4323652629","https://openalex.org/W4362584647","https://openalex.org/W4387619790","https://openalex.org/W4391933803","https://openalex.org/W4391937098","https://openalex.org/W4391986380","https://openalex.org/W4402811615","https://openalex.org/W4403605016","https://openalex.org/W4403911793","https://openalex.org/W4404212864","https://openalex.org/W4404716900","https://openalex.org/W4406882703","https://openalex.org/W4407163436","https://openalex.org/W4412704046","https://openalex.org/W4412822240","https://openalex.org/W4412855161","https://openalex.org/W4413305319","https://openalex.org/W4413680099","https://openalex.org/W6921834859"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Cybersecurity":[1,93],"certification":[2,261],"generally":[3],"relies":[4],"on":[5,141,170],"risk":[6,37,82,143,208,252],"assessment":[7,38,66,89],"results":[8,192],"to":[9,34,107,120,132,186,244],"identify":[10,108],"suitable":[11],"controls":[12,19,222],"and":[13,24,39,57,104,116,128,137,175,254],"assess":[14],"the":[15,36,44,58,64,91,109,122,147,152,171,188,195,214,219,233,246],"completeness":[16],"of":[17,29,149,154,238],"these":[18],"for":[20,80,201,210,258],"security":[21,26,45,130,134,221,229,239,255],"requirement":[22,138,256],"satisfaction":[23,139,257],"overall":[25,40],"assurance.":[27],"Prioritization":[28],"relevant":[30],"vulnerabilities":[31],"is":[32],"essential":[33],"support":[35],"conformity":[41,65,88,211],"assessment.":[42,212],"However,":[43],"context":[46,153],"has":[47],"continuously":[48],"evolved":[49],"with":[50,78,180],"variations":[51],"in":[52,151,226],"attack":[53],"surfaces,":[54],"vulnerability":[55,114,202,250],"exploitation,":[56],"regulatory":[59],"landscape\u2013factors":[60],"that":[61,194,218],"significantly":[62],"impact":[63],"process.":[67],"This":[68,145],"research":[69],"proposes":[70],"a":[71,181],"hybrid":[72,196],"AI":[73,99],"framework":[74,234],"integrating":[75],"ensemble":[76],"learning":[77],"GPT-3.5":[79],"effective":[81],"management":[83],"within":[84],"composite":[85],"product":[86],"cybersecurity":[87,155],"under":[90],"European":[92],"Certification":[94],"Scheme.":[95],"It":[96],"operationalizes":[97],"Explainable":[98],"(XAI)":[100],"practices":[101],"using":[102],"SHAP":[103],"LIME":[105],"methods":[106],"most":[110],"influential":[111],"features":[112],"affecting":[113],"predictions,":[115,251],"applies":[117],"marginal":[118],"analysis":[119,216],"measure":[121],"quantifiable":[123,236],"gap":[124],"closure":[125],"between":[126,249],"required":[127],"actual":[129],"postures":[131],"validate":[133],"control":[135,240],"adequacy":[136],"based":[140,169],"calculated":[142],"levels.":[144],"facilitates":[146],"adoption":[148],"XAI":[150,215],"certification,":[156],"extending":[157],"its":[158],"utility":[159],"beyond":[160],"general":[161],"AI-enabled":[162],"application":[163],"scenarios.":[164],"An":[165],"industrial":[166],"pilot":[167],"scenario":[168],"P-NET":[172],"5G/6G":[173],"Testing":[174],"Integration":[176],"Service":[177],"infrastructure,":[178],"along":[179],"dataset-based":[182],"experiment,":[183],"was":[184],"conducted":[185],"evaluate":[187],"proposed":[189],"framework.":[190],"The":[191],"indicate":[193],"model":[197],"achieved":[198],"89%":[199],"accuracy":[200],"exploitation":[203],"score":[204],"prediction,":[205],"enabling":[206,242],"accurate":[207],"calculation":[209],"Furthermore,":[213],"revealed":[217],"identified":[220],"demonstrate":[223],"adequate":[224],"performance":[225],"satisfying":[227],"mapped":[228],"functional":[230],"requirements.":[231],"Ultimately,":[232],"provides":[235],"validation":[237],"effectiveness,":[241],"auditors":[243],"trace":[245],"logical":[247],"connections":[248],"calculations,":[253],"an":[259],"informed":[260],"decision.":[262]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-17T18:11:37.981687","created_date":"2026-02-11T00:00:00"}