Building a Taxonomy for Cybercrimes

Cybercrime incurs an estimate of $110 billion per annum globally (Norton Cybercrime Report 2012). This excludes the non-financial impact. The combined impact presents an enormous problem worldwide, from the point of view of overall management (detection, monitoring and prevention). While there are lists/categories of cybercrimes published in books, government websites, security and crime-related websites, these categories were constructed for different purposes. Moreover, they are not comprehensive, nor are they rigorously developed using empirical data. Their similarities and differences have not been elucidated, accounted for, and reconciled, and we are not confident that all cybercrimes can be classified using existing taxonomies. Creating a single comprehensive taxonomy on cybercrimes has a number of benefits. This paper first summarises the background on “taxonomies”, existing taxonomies that have been constructed in Information Systems, and potential benefits of such a taxonomy. It then proposes a methodology for developing and validating a cybercrime taxonomy, and discusses the next steps for this project

An ontological representation of a taxonomy for cybercrime

The modern phenomenon of cybercrime raises issues and challenges on a scale that has few precedents. A particular central concern is that of establishing clarity about the conceptualization of cybercrime and its growing economic cost to society. A further related concern is focused on developing appropriate legal and policy responses in a context where crime transcends national jurisdictions and physical boundaries. Both are predicated on a better understanding of cybercrime. Efforts at defining and classifying cybercrime by the use of taxonomies to date have largely been descriptive with resulting ambiguities. This paper contributes a semi-formal approach to the development of a taxonomy for cybercrime and offers the conceptual language and accompanying constraints with which to describe cybercrime examples. The approach uses the ontology development platform, Protégé and the Unified Modeling Language (UML) to present an initial taxonomy for cybercrime that goes beyond the descriptive accounts previously offered. The taxonomy is illustrated with examples of cybercrimes both documented in the Protégé toolset and also using UML

An ontological representation of a taxonomy for cybercrime

The modern phenomenon of cybercrime raises issues and challenges on a scale that has few precedents. A particular central concern is that of establishing clarity about the conceptualization of cybercrime and its growing economic cost to society. A further related concern is focused on developing appropriate legal and policy responses in a context where crime transcends national jurisdictions and physical boundaries. Both are predicated on a better understanding of cybercrime. Efforts at defining and classifying cybercrime by the use of taxonomies to date have largely been descriptive with resulting ambiguities. This paper contributes a semi-formal approach to the development of a taxonomy for cybercrime and offers the conceptual language and accompanying constraints with which to describe cybercrime examples. The approach uses the ontology development platform, Protégé and the Unified Modeling Language (UML) to present an initial taxonomy for cybercrime that goes beyond the descriptive accounts previously offered. The taxonomy is illustrated with examples of cybercrimes both documented in the Protégé toolset and also using UML

Intrusion Detection System using Bayesian Network Modeling

Computer Network Security has become a critical and important issue due to ever increasing cyber-crimes. Cybercrimes are spanning from simple piracy crimes to information theft in international terrorism. Defence security agencies and other militarily related organizations are highly concerned about the confidentiality and access control of the stored data. Therefore, it is really important to investigate on Intrusion Detection System (IDS) to detect and prevent cybercrimes to protect these systems. This research proposes a novel distributed IDS to detect and prevent attacks such as denial service, probes, user to root and remote to user attacks. In this work, we propose an IDS based on Bayesian network classification modelling technique. Bayesian networks are popular for adaptive learning, modelling diversity network traffic data for meaningful classification details. The proposed model has an anomaly based IDS with an adaptive learning process. Therefore, Bayesian networks have been applied to build a robust and accurate IDS. The proposed IDS has been evaluated against the KDD DAPRA dataset which was designed for network IDS evaluation. The research methodology consists of four different Bayesian networks as classification models, where each of these classifier models are interconnected and communicated to predict on incoming network traffic data. Each designed Bayesian network model is capable of detecting a major category of attack such as denial of service (DoS). However, all four Bayesian networks work together to pass the information of the classification model to calibrate the IDS system. The proposed IDS shows the ability of detecting novel attacks by continuing learning with different datasets. The testing dataset constructed by sampling the original KDD dataset to contain balance number of attacks and normal connections. The experiments show that the proposed system is effective in detecting attacks in the test dataset and is highly accurate in detecting all major attacks recorded in DARPA dataset. The proposed IDS consists with a promising approach for anomaly based intrusion detection in distributed systems. Furthermore, the practical implementation of the proposed IDS system can be utilized to train and detect attacks in live network traffi

A Cybercrime Taxonomy: Case of the Jamaican Jurisdiction

Cybercrimes over the years have become both increasingly numerous and sophisticated. This paper presents a taxonomy for cybercrimes that can be used for the analysis and categorization of such crimes, as well as providing consistency in language when describing cybercrimes. This taxonomy is designed to be useful to information bodies such as the Jamaican Cybercrime Unit, who have to handle and categorize an ever increasing number of cybercrimes on a daily basis. Additionally, cybercrime investigators could use the taxonomy to communicate more effectively as the taxonomy would provide a common classification scheme. The proposed taxonomy uses the concept of characteristics structure. That is, the taxonomy classifies properties about that which is being classified and not by the object itself. The taxonomy consists of characteristics which provide a holistic taxonomy in order to deal with inherent problems in the cybercrime field

Assessing the Effectiveness of the Implementation of Cybercrimes Mitigation Strategies in Selected Commercial Banks in Tanzania

This study aimed to assess the effectiveness of implemented cybercrime mitigation strategies for commercial banks in Tanzania. Most financial sectors, like banks, are vulnerable to continuous attacks from external and internal cybercriminals such that the majority of banks spend their time updating and maintaining cybercrime mitigation strategies against cyber attacks. Despite the ongoing efforts to prevent cyber attacks the studies and experiences show that such attacks still occur regardless of the strong measures implemented against cyber attacks. It is articulated with different researchers that there is a gap to make a resilient and stronger systems against cybercrimes. This research assessed the effectiveness of cybercrime mitigation strategies by analyzing public awareness, budget allocation, support from management, and availability of skilled personnel. The study used a sample of 885 respondents from five biggest banks in Tanzania. The collected data were analyzed using descriptive statistical methods. The implications emanating from the study were discussed.&nbsp

A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

Cybercrime against critical infrastructure such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mix methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises of hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management

A new Systemic Taxonomy of Cyber Criminal activity

Cybercrime commonly refers to a broad range of different criminal activities that involve computers and information systems, either as primary tools or as primary targets. Cybercrime Science combines the methodology of Crime Science with the technology of Information Security. The few existing taxonomies of Cybercrime provide only general insights into the benefits of information structures; they are neither complete nor elaborated in a systemic manner to provide a proper framework guided by real system-principles. The main problem with such taxonomies is the inability to dynamically upgrade, which is why there is no timely cybersecurity actions. The current and past approaches were based mainly on the technical nature of cyberattacks and such approaches classified the impact of the activities from a criminological perspective. In this article, we present a systemic taxonomy of Cybercrime, based on definitions of the field items and the related data specifications. We develop a new method for estimating the fractal dimension of networks to explore a new taxonomy of Cybercrime activity. This method can serve to dynamically upgrade taxonomy and thus accelerate the prevention of cybercrime

Criminal markets and networks in cyberspace

This is an introduction to the special issue of Trends in Organized Crime on ‘criminal markets and networks in cyberspace’. All the contributions to this special issue, even if from different standpoints and focuses, help us understand how cyberspace is (re)shaping offenses and offenders