A cybercrime incident architecture with adaptive response policy

Abstract

Handling and mitigating the cybercrime incidents (CIs) have attracted significant research attention, over the last years, due to their increasing frequency of occurrence. However, the term cybercrime is often used interchangeably with other technology-linked malicious acts, such as cyberwarfare, and cyberterrorism, leading to misconceptions. In addition, there does not exist a management framework which would classify CIs, qualitatively and quantitatively evaluate their occurrence and promptly align them with appropriate measures and policies. This work introduces a Cybercrime Incident Architecture that enables a comprehensive cybercrime embodiment through feature identification, offence classification mechanisms, threats’ severity labeling and a completely novel Adaptive Response Policy (ARP) that identifies and interconnects the relevant stakeholders with preventive measures and response actions. The proposed architecture consists of four separate complementary components that lead to a manually – and in the future automatically – generated ARP. The idea is to build a holistic framework toward automated cybercrime handling. A criminal case study is selected to validate the introduced framework and highlight its potentiality to evolve into a CI expert system.