A Digital Service for Citizens: Multi-Parameter Optimization Model for Cost-Benefit Analysis of Cybercrime and Cyberdefense

Constantinos Halkiopoulos, Anastasios Papadopoulos, Yannis C. Stamatiou, Leonidas Theodorakopoulos, Vasileios Vlachos

Abstract


Objectives: This study discusses work performed within the context of the SAINT R&D project concerning the correlation of the prices of cybercrime services with the costs of investing in cyber security technologies. The main goal is to investigate how various financial and business-related cybercrime parameters relate to cybersecurity costs. In this context, the paper also examines the involved stakeholders and how they interact with each other. Methods/Analysis: Given the above considerations, from a theoretical standpoint, it is to describe a generic model for pricing illicit cybercrime products and services. This model, namely the Capacity Value Based Pricing (CVBP) model, has been proposed in the context of pricing “normal” products and services. Our study adapts this model suitably to apply the pricing modeling of illicit cybercrime products and services. Findings: The findings elucidate the professionalization of cybercrime, the significance of the emerging market for illicit services, and the pressing need for advanced AI methods to process qualitative data into quantitative insights. Novelty/Improvement:This paper contributes to establishing theoretical and econometric models vital for stakeholders navigating the financial terrain of the cybercrime economy. Future research should refine the methodologies presented and enhance data reliability for such critical analyses.

 

Doi: 10.28991/ESJ-2024-08-04-06

Full Text: PDF


Keywords


Cyber-Crime; Cyber-Defense; Cost-Benefit Analysis; CVBP Model; Decision-Makers; Pricing Modeling; Stakeholders.

References


Kshetri, N. (2009). Positive externality, increasing returns, and the rise in cybercrimes. Communications of the ACM, 52(12), 141–144. doi:10.1145/1610252.1610288.

Bilen, A., & Özer, A. B. (2021). Cyber-attack method and perpetrator prediction using machine learning algorithms. PeerJ Computer Science, 7, e475. doi:10.7717/PEERJ-CS.475.

Rot, A., & Olszewski, B. (2017). Advanced Persistent Threats Attacks in Cyberspace. Threats, Vulnerabilities, Methods of Protection. Position Papers of the 2017 Federated Conference on Computer Science and Information Systems, 113-117. doi:10.15439/2017f488.

Limba, T., Plėta, T., Agafonov, K., & Damkus, M. (2017). Cyber security management model for critical infrastructure. Entrepreneurship and Sustainability Issues, 4(4), 559–573. doi:10.9770/jesi.2017.4.4(12).

Renaud, K., Flowerday, S., Warkentin, M., Cockshott, P., & Orgeron, C. (2018). Is the responsibilization of the cyber security risk reasonable and judicious? Computers & Security, 78, 198–211. doi:10.1016/j.cose.2018.06.006.

Lagazio, M., Sherif, N., & Cushman, M. (2014). A multi-level approach to understanding the impact of cyber-crime on the financial sector. Computers & Security, 45, 58–74. doi:10.1016/j.cose.2014.05.006.

Bruzzone, A. G., Massei, M., & Poggi, S. (2016). Infrastructures protection based on heterogeneous networks. International Journal of Simulation and Process Modeling, 11(1), 24–35. doi:10.1504/IJSPM.2016.075078.

Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M. J. G., Levi, M., Moore, T., & Savage, S. (2013). Measuring the cost of cybercrime. The Economics of Information Security and Privacy, 265–300. doi:10.1007/978-3-642-39498-0_12.

Ospina, J., Venkataramanan, V., & Konstantinou, C. (2023). CPES-QSM: A Quantitative Method Toward the Secure Operation of Cyber-Physical Energy Systems. IEEE Internet of Things Journal, 10(9), 7577–7590. doi:10.1109/JIOT.2022.3210402.

Alomiri, A., Mishra, S., & AlShehri, M. (2024). Machine learning-based security mechanism to detect and prevent cyber-attack in IoT networks. International Journal of Computing and Digital Systems, 16(1), 645-659. doi:10.12785/ijcds/160148.

Ioannou, G., Louvieris, P., & Clewley, N. (2019). A Markov Multi-Phase Transferable Belief Model for Cyber Situational Awareness. IEEE Access, 7, 39305–39320. doi:10.1109/access.2019.2897923.

Armin, J., Thompson, B., Kijewski, P. (2016). Cybercrime Economic Costs: No Measure No Solution. Combatting Cybercrime and Cyberterrorism. Advanced Sciences and Technologies for Security Applications, Springer, Cham, Switzerland. doi:10.1007/978-3-319-38930-1_8.

Dupont, B., Côté, A. M., Boutin, J. I., & Fernandez, J. (2017). Darkode: Recruitment Patterns and Transactional Features of “the Most Dangerous Cybercrime Forum in the World.” American Behavioral Scientist, 61(11), 1219–1243. doi:10.1177/0002764217734263.

Coleman, E. G. (2015). Hacker, hoaxer, whistleblower, spy: the many faces of Anonymous. Choice Reviews Online, 52(08), 52-4477-52–4477. doi:10.5860/choice.188504.

Rani, S., Kataria, A., Sharma, V., Ghosh, S., Karar, V., Lee, K., & Choi, C. (2021). Threats and Corrective Measures for IoT Security with Observance of Cybercrime: A Survey. Wireless Communications and Mobile Computing, 2021. doi:10.1155/2021/5579148.

Yip, M., Webber, C., & Shadbolt, N. (2013). Trust among cybercriminals? Carding forums, uncertainty and implications for policing. Policing and Society, 23(4), 516–539. doi:10.1080/10439463.2013.780227.

Holt, T. J., Freilich, J. D., & Chermak, S. M. (2017). Exploring the Subculture of Ideologically Motivated Cyber-Attackers. Journal of Contemporary Criminal Justice, 33(3), 212–233. doi:10.1177/1043986217699100.

Lusthaus, J., & Varese, F. (2017). Offline and Local: The Hidden Face of Cybercrime. Policing: A Journal of Policy and Practice, 15(1), 4–14. doi:10.1093/police/pax042.

Welburn, J. W., & Strong, A. M. (2021). Systemic Cyber Risk and Aggregate Impacts. Risk Analysis, 42(8), 1606–1622. doi:10.1111/risa.13715.

Kshetri, N. (2016). Cybersecurity and Development. Markets, Globalization & Development Review: The Official Journal of the International Society of Markets and Development, 1(2), 3. doi:10.23860/mgdr-2016-01-02-03.

Broadhurst, R., Grabosky, P., Alazab, M., & Chon, S. (2014). Organizations and cybercrime: An analysis of the nature of groups engaged in cybercrime. International Journal of Cyber Criminology, 8(1), 1–20.

FBI. (2010). S.R. Chabinsky, Deputy Assistant Director, Cyber Division, GovSec/FOSE Conference, talk delivered on 23/3/2010. It is, also, available, as a transcript. Available online: https://archives.fbi.gov/archives/news/speeches/the-cyber-threat-whos-doing-what-to-whom (accessed on June 2024).

FireEye Company. (2018). M-TRENDS 2018: Special Report. FireEye Company, Milpitas, United States. Available online: https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html (accessed on June 2024).

Algarni, A. M., & Malaiya, Y. K. (2014). Software vulnerability markets: Discoverers and buyers. International Journal of Computer and Information Engineering, 8(3), 480-490.

Paulheim, H. (2017). Knowledge graph refinement: A survey of approaches and evaluation methods. Semantic Web, 8(3), 489–508. doi:10.3233/SW-160218.

Deloitte. (2016). Beneath the surface of a Cyberattack: a deeper look at business impacts. Deloitte, Baku, Azerbaijan. Available online: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-beneath-the-surface-of-a-cyber-attack.pdf (accessed on May 2024).

EUGDPR. (2017). GDPR Portal: Site Overview. General Data Protection Regulation. Council of the European Union. Available online: https://gdpr.eu/ (accessed on May 2024).

Alpcan, T., & Basar, T. (2003). A game theoretic approach to decision and analysis in network intrusion detection. 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475), 3, 2595–2600. doi:10.1109/cdc.2003.1273013.

Fudenberg, D., & Tirole, J. (1991). Game theory. MIT press. Cambridge, United States.

Wardell, C. L., Wynter, L., & Helander, M. (2008). Capacity and value based pricing model for professional services. Journal of Revenue and Pricing Management, 7(4), 326–340. doi:10.1057/rpm.2008.18.

Antonopoulou, I. (2002). A user authentication protocol based on the intractability of the 3-coloring problem. Journal of Discrete Mathematical Sciences and Cryptography, 5(1), 17–21. doi:10.1080/09720529.2002.10697934.

Antonopoulou, S., Stamatiou, Y. C., & Vamvakari, M. (2007). An asymptotic expansion for the q-binomial series using singularity analysis for generating functions. Journal of Discrete Mathematical Sciences and Cryptography, 10(3), 313–328. doi:10.1080/09720529.2007.10698122.

Train, K. E. (2009). Discrete choice methods with simulation. Cambridge university press, Cambridge, United Kingdom.

Greene, W. H. (2003). Econometric Analysis. Prentice Hall, Saddle River, New Jersey.

McFadden, D. (1973) Conditional Logit Analysis of Qualitative Choice Behavior. Frontiers in Econometrics, Academic Press, Cambridge, United States.

Gujarati, D. N., & Porter, D. C. (2009). Basic econometrics. McGraw-hill, New York, United States.

Gkintoni, E., Halkiopoulos, C., & Antonopoulou, H. (2022). Neuroleadership as an Asset in Educational Settings: An Overview. Emerging Science Journal, 6(4), 893–904. doi:10.28991/ESJ-2022-06-04-016.

Antonopoulou, H., Giannoulis, A., Theodorakopoulos, L., & Halkiopoulos, C. (2022). Socio-Cognitive Awareness of Inmates through an Encrypted Innovative Educational Platform. International Journal of Learning, Teaching and Educational Research, 21(9), 52–75. doi:10.26803/ijlter.21.9.4.

Gousteris, S., Stamatiou, Y. C., Halkiopoulos, C., Antonopoulou, H., & Kostopoulos, N. (2023). Secure Distributed Cloud Storage based on the Blockchain Technology and Smart Contracts. Emerging Science Journal, 7(2), 469–479. doi:10.28991/ESJ-2023-07-02-012.

Lin, J., Zhang, H., Adams, B., & Hassan, A. E. (2023). Vulnerability management in linux distributions: An empirical study on debian and fedora. Empirical Software Engineering, 28(2), 47. doi:10.1007/s10664-022-10267-7.

Kshetri, N. (2006). The simple economics of cybercrimes. IEEE Security and Privacy, 4(1), 33–39. doi:10.1109/MSP.2006.27.

Security Intelligence. (2016). Lessons Learned From 11 Years of Cost of Data Breach Research. IBM, United States. Available online: https://securityintelligence.com/cost-of-a-data-breach-2016/ (accessed on May 2024).

Jovanović, J. (2015). Graph-Based Knowledge Models. Available online: http://ai.fon.bg.ac.rs/wp-content/uploads/2015/04/Graph-based-KBs-eng.pdf (accessed on May 2024).

Gómez-Pérez, A., Fernández-López, M., & Corcho, O. (2004). Ontological engineering: with examples from the areas of knowledge management, e-commerce and the Semantic Web, Springer, London, United Kingdom. doi:10.1007/b97353.

Telang, R., & Wattal, S. (2007). An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price. IEEE Transactions on Software Engineering, 33(8), 544–557. doi:10.1109/tse.2007.70712.

Merrick, K., Hardhienata, M., Shafi, K., & Hu, J. (2016). A Survey of Game Theoretic Approaches to Modeling Decision-Making in Information Warfare Scenarios. Future Internet, 8(3), 34. doi:10.3390/fi8030034.

D. Palmer. (2016). Cybercrime Inc: How hacking gangs are modeling themselves on big business. ZDNet, New York, United States. Available online: https://www.zdnet.com/article/cybercrime-inc-how-hacking-gangs-are-modeling-themselves-on-big-business/ (accessed on June 2024 ).

Armin, J., Foti, P., & Cremonini, M. (2015). 0-Day Vulnerabilities and Cybercrime. 2015 10th International Conference on Availability, Reliability and Security. doi:10.1109/ares.2015.55.

Lund, M. S., Solhaug, B., & Stølen, K. (2011). Model-driven risk analysis: The CORAS approach. Springer, Berlin, Germany. doi:10.1007/978-3-642-12323-8.

Vlachou, E., Karras, A., Karras, C., Theodorakopoulos, L., Halkiopoulos, C., & Sioutas, S. (2023). Distributed Bayesian Inference for Large-Scale IoT Systems. Big Data and Cognitive Computing, 8(1), 1. doi:10.3390/bdcc8010001.

Antonopoulou, H., Theodorakopoulos, L., Halkiopoulos, C., & Mamalougkou, V. (2023). Utilizing Machine Learning to Reassess the Predictability of Bank Stocks. Emerging Science Journal, 7(3), 724–732. doi:10.28991/ESJ-2023-07-03-04.


Full Text: PDF

DOI: 10.28991/ESJ-2024-08-04-06

Refbacks

  • There are currently no refbacks.


Copyright (c) 2024 Constantinos Halkiopoulos, Anastasios Papadopoulos, Yannis C. Stamatiou, Leonidas Theodorakopoulos, Vasileios Vlachos