Despite the rapid escalation of cyber threats, there has still been little research into the foundations of the subject or methodologies that could serve to guide information systems researchers and practitioners who deal with cybersecurity. In addition, little is known about crime-as-a-service (CaaS), a criminal business model that underpins the cybercrime underground. This research gap and the practical cybercrime problems we face have motivated us to investigate the cybercrime underground economy by taking a data analytics approach from a design science perspective. To achieve this goal, we: (1) propose a data analysis framework for analyzing the cybercrime underground; (2) propose CaaS and crimeware definitions; (3) propose an associated classification model, and (4) develop an example application to demonstrate how the proposed framework and classification model could be implemented in practice. We then use this application to investigate the cybercrime underground economy by analyzing a large data set obtained from the online hacking community. By taking a design science research approach, this paper contributes to the design artifacts, foundations, and methodologies in this area. Moreover, it provides useful practical insights to practitioners by suggesting guidelines as to how governments and organizations in all industries can prepare for attacks by the cybercrime underground.
Bibliographical noteFunding Information:
This work was supported in part by the Ministry of Education of South Korea and the National Research Foundation of Korea under Grant NRF-2015S1A3A2046711 and in part by the Barun ICT Research Center, Yonsei University, under Grant 2018-22-0003.
All Science Journal Classification (ASJC) codes
- Computer Science(all)
- Materials Science(all)