Exploring the impact of how criminals interact with cyber-networks—a mathematical modeling approach

ABSTRACT

There is a growing interest in using mathematical models to understand crime dynamics, crime prevention, and detection. The past decade has experienced a relative reduction in conventional crimes, but this has been replaced by significant increases in cybercrime. In this paper, we use deterministic modelling to describe the spread of cybercrime across a cyber-network by describing the heterogeneity of interactions between individuals using a nonlinear interaction between individuals in the network, and we allow criminals to operate either internally or externally to the cyber-network. We are able to determine the impact of the location of the criminal relative to the cyber-network which is being attacked. The model structure incorporates key elements of a social network structure thereby allowing for limited rates of victimisation. Both model structure and our observations are novel and provide a new contribution to the theoretical discussion of cybercrime dynamics, offering potential avenues to consider control strategies. Using steady-state analysis and extensive numerical simulations, we find that the location of criminals relative to the network does not impact the system qualitatively, although there are quantitative differences. Cyber-networks that are more clustered are likely to experience greater levels of cybercrime, but there is also a saturation effect that limits the level of victimisation as the number of criminals attempting to undertake crimes on given network increases. We discuss model limitations and describe how the model might be used with datasets to translate the theoretical findings into a useful tool in the fight to detect and eradicate cybercrime activity.

KEYWORDS:

• mathematical model
• cybercrime
• victims
• criminals
• steady-state analysis

1. Introduction

Cybercrime, as categorised in Bossler and Berenblum (2019), Furnell (2002), and Sabillon et al. (2016), is a global problem (Internet Society, 2015; Walker, 2019) which has the potential to disrupt the positive benefits of internet use such as access to information and social networking for the individual and economic and development opportunities for governments. Recognising this problem, the United Nations created a Global Programme on Cybercrime (United Nations Office on Drugs and Crime, 2013) to support countries to develop and deliver effective responses to cybercrime threats and activity; it has been in operation for almost a decade now. A study published in 2016 (Tcherni et al., 2016) analyzed cybercrime data from several sources, and its findings certainly support the case for a global response to cybercrime. It demonstrated that, in contrast to falling rates of traditional crime, cybercrime activity continues to increase. In Chuanying (2018), the driving force behind cybercrime is identified as an economic benefit.

Although cybercrime is a global problem, regional differences in terms of cyber-attacks and cyber-threats are emerging. In particular, the African continent has been identified as vulnerable to high levels of criminal activity, partly driven by limited cyber-security capacity (Kshetri, 2013, 2019; Lebogang et al., 2022; Mwangi et al., 2022; Richard Mphatheni & Maluleke, 2022; Saeed & Osakwe, 2021). The impact of such cybercrime activity is felt far beyond the point of crime, with the potential to disrupt efforts to meet a wide range of UN Sustainability Goals 2030 (United Nations Department of Economic and Social Affairs, 2015). Whilst the definition of cybercrime (Furnell, 2002) as a crime committed with the assistance of a computer or computer technology is concise, the scope of activities that fall within this remit is not (Sabillon et al., 2016). In particular, a single cybercrime may operate at the individual, organisational, national, or global level.

We are interested in understanding the impact of different mechanisms on the scale of cybercrime that might be observed in a network of individuals. Consequently, we are interested in creating a deterministic mathematical model that simplifies the processes involved in cybercrime activity to basic levels to elucidate the mechanisms that drive cybercrime. The use of mechanistic (deterministic) models to explore crime dynamics in general is a growing field. It makes use of classic ecological structures (McMillon et al., 2014; Sayaji, 2013; Sooknanan et al., 2013) such as competition and predation (see, for example, Sooknanan et al., 2012, 2016) and epidemiological structures (Comissiong et al., 2012; Kumar Saini, 2011; Nguyen, 2017; Shankar Rao et al., 2017; Sooknanan et al., 2013a, 2013b). There have been attempts to integrate the dynamics of criminal activity with crime control such as policing effort (Bertozzi et al., 2016; Chikore et al., 2023; Coclite et al., 2017; Pitcher, 2010) and the impact of a range of heterogeneities (Banerjee et al., 2015; Brantingham et al., 2005; Jane White et al., 2021; Lacey & Tsardakas, 2016; Manasevich et al., 2013; Nathan & Jackob, 2019; Short et al., 2010, 2010, 2010; Wikstrom, 2019). Network theory (Jia et al., 2018; Omar et al., 2014), and graph theory (Pourhabibi et al., 2020) have also been used to explore problems in the field of crime dynamics.

Despite the growing interest in deterministic models to describe crime dynamics, mathematical models for cybercrime have been focussed more on other areas such as social network analysis, machine learning, and, most recently, AI.

Social network analysis has been employed to better understand criminal activity (Drury et al., 2022) and cybercrime (William Johnsen & Franke, 2020) in, for example, crime detection or prevention (Berlusconi, 2017; Burcher & Whelan, 2018; Johnson & David Reitzel, 2011); particular contexts such knife crime (Bailey et al., 2020; Mithoo & Kumar, 2023) and hacking patterns (Perkins et al., 2023); and in broader contexts such as spatial heterogeneity (Tita & Boessen, 2012) or exploration of general crime properties (Bright et al., 2022).

The availability of large volumes of data from social media sites gives room for data-driven cybercrime solutions to be formulated using machine learning techniques. So it is not surprising that machine learning models have been developed to explore detection of cyber criminals (Abdullah Al-Khater et al., 2020; Aschi et al., 2022; Bilen & Bedri Özer, 2021; Mahor et al., 2021; Mangilal Chayal & Patel, 2021) and to understand the impact of different prevention techniques (Arshey & Angel Viji, 2021; Uchenna Chinedu et al., 2021) including on the African continent (Goni & Mohammad, 2020).

The explosion of growth in AI availability means that AI provides both a mechanism to undertake cybercrime (see, for example, Folds, 2022; Parti et al., 2023) and to detect and/or prevent cybercrime (Dash et al., 2022; Mijwil et al., 2023; Mohammed Shamiulla, 2019).

Returning to the approach we take here, we will use a deterministic modelling structure to describe the spread of cybercrime across a cyber-network of individuals. This requires a significant simplification of the system to allow us to extract predictions from the model results. In particular, we describe the cyber-network in terms of a nonlinear interaction between individuals in the network, and we allow interaction with a criminal to result in victimisation. This is a novel application of a well-known heterogeneous infection process, and our results are linked directly to the nature and scale of that heterogeneity. Moreover, the structure that we employ additionally allows us to determine the impact of the location of the criminal relative to the cyber-network which is being attacked. The deterministic model structure incorporates key elements of a social network structure, allowing also for limited rates of victimisation. We are not aware of any similar such study and therefore this work represents a unique and novel contribution to the theoretical discussion of cybercrime dynamics and offers potential avenues to consider control strategies.

In Section 2, the model formulation is presented. In Section 3, we present the model analysis and results which focus on steady-state analysis, and lastly, in Section 4, a discussion on the work presented is given.

2. Model formulation

We consider a closed population of size N connected through an online network. At time t, this population comprises the following classes:

• $U(t)=$ Number of individuals susceptible to vicitmisation at time $t,$

• $V(t)=$ Number of victimised individuals at time $t,$

• $W(t)=$ Number of individuals recovered from victimisation at time $t,$

together with a fixed number of criminals C which may or may not be part of the closed population N.

We use the indicator variable

$\psi =\{\begin{array}{ll}0& \text{if the criminal population operates}\\ & \text{externally to the cyber-network},\\ 1& \text{if the criminal population operates}\\ & \text{internally to the cyber-network},\end{array}$

which allows us to write

$\begin{array}{l}N=U(t)+V(t)+W(t)+\psi C.\end{array}$

Since N is constant, the model system, once derived, can be reduced to a 2-dimensional system. In this case, we choose to describe the dynamics of U(t) and $V(t).$

Figure 1 shows the key features of the model. We simplify the hugely complex process of victimisation and describe it through two distinct mechanisms: an initial victimisation which infiltrates the cyber-network and an onward victimisation which uses the online network structure to facilitate criminal activity.

Figure 1. Flow diagram for the dynamics of cybercrime depicting how people transition between compartments as individuals experience cybercrime.

2.1. External victimisation process

The approach which we take here follows that of Holling (Holling, 1959; Liu et al., 2006; Tewa et al., 2012) to describe the predation rate as a function of prey density. For a single criminal, suppose that the number of individuals that are victimised from the sub-population U in time T is Q_u, and the number of individuals from the sub-population V that are re-victimised is Q_v. With this assumption, we see that the number of new victimisations per criminal per unit time is

(1) $f(U,V)=\frac{Q_u}{T}.$(1)

Next assume that the amount of time it takes to secure a crime from each class is τ_u and τ_v, respectively (this is equivalent to a handling time in predator-prey dynamics). Therefore, the amount of time available to search for new victims either from class U or class V is reduced from T to

$\begin{array}{l}T-{\tau }_u{Q}_u-{\tau }_v{Q}_v.\end{array}$

Assuming that both Q_u and Q_v are proportional to the time available to search for new victims and the number of individuals available to be victimised, we obtain the expressions

$\begin{array}{l}\begin{array}{l}{Q}_u={\kappa }_u(T-{\tau }_u{Q}_u-{\tau }_v{Q}_v)U\text{and}\\ Q_v={\kappa }_v(T-{\tau }_u{Q}_u-{\tau }_v{Q}_v)V\end{array}\end{array}$

where κ_u and κ_v are positive constants of proportionality.

Solving this pair of equations simultaneously and using the relation given in (1(1) $f(U,V)=\frac{Q_u}{T}.$(1) ) we obtain the expression

(2) $\begin{array}{ll}f(U,V)& =\frac{{\kappa }_{u}U}{1+{\kappa }_v{\tau }_{v}V+{\kappa }_u{\tau }_{u}U}.\end{array}$(2)

2.2. Internal victimisation process

The scale-free nature of online social networks is well documented (Cui et al., 2012; Fronczak, 2018; Serafino et al., 2021) and suggests that the degree distribution of nodes within the network can be described using power law distributions (Artico et al., 2020; Clark et al., 1999; Zhou et al., 2020). We use this, together with previous modelling work describing heterogeneous contact rates for infectious diseases (Liu 1986 etc.) and epidemic spread on a social network (Lee & Zhu, 2021; Wang et al., 2021; Zhang et al., 2015) to describe the per capita victimisation rate

(3) $h(X)={\nu }_X{X}^{\alpha },$(3)

where ν_X, $X=C,V$, α are positive constants and X corresponds to C, the number of criminals in the network or V the number of victims in the network. This assumes that victimisation can arise either due to interaction on the network between a susceptible individual and a criminal or due to onward transmission from a victim of crime to a susceptible individual. The parameter α is a measure of the heterogeneity in the network. A small α value corresponds to a more heterogeneous network with a small number of nodes with many connections and many nodes with very few connections. In particular, $0<\alpha <1$ has been shown to describe well the incidence of infection on a social network (Clarke et al., 2013) and so we choose this range for our study. The parameter ν corresponds to the likelihood of contact between criminal/victim and a susceptible individual resulting in new victimisation per unit time. It combines the probability that a connection between a criminal/victim node and a susceptible node results in victimisation with the likelihood that a criminal/victim node is linked to a susceptible node at any given time. This representation is well described in (Clarke et al., 2013).

Combining these terms with the flow from victim to immune and/or return to susceptible, we obtain the model system:

(4) $\begin{array}{ll}{\displaystyle \frac{dU}{dt}=}& -(1-\psi )f(U,V)C-h(V)U-\psi h(C)U\\ & +(1-p)\delta V+\omega W,\\ \\ {\displaystyle \frac{dV}{dt}=}& (1-\psi )f(U,V)C+h(V)U+\psi h(C)U-\delta V,\\ \\ {\displaystyle \frac{dW}{dt}=}& p\delta V-\omega W,\end{array}$(4)

where all additional model parameters are also positive constants. The parameter δ⁻¹ measures the average time that an individual remains a victim of cybercrime, p is the fraction of victims that become immune to cybercrime following victimisation and ω⁻¹ is the average amount of time that an individual remains immune before returning to the susceptible class.

Using the relation $N=U+V+W+\psi C$ we reduce (4(4) $\begin{array}{ll}{\displaystyle \frac{dU}{dt}=}& -(1-\psi )f(U,V)C-h(V)U-\psi h(C)U\\ & +(1-p)\delta V+\omega W,\\ \\ {\displaystyle \frac{dV}{dt}=}& (1-\psi )f(U,V)C+h(V)U+\psi h(C)U-\delta V,\\ \\ {\displaystyle \frac{dW}{dt}=}& p\delta V-\omega W,\end{array}$(4) ) to give:

(5) $\begin{array}{ll}\frac{dU}{dt}& =-(1-\psi )f(U,V)C-h(V)U-\psi h(C)U\\ & +(1-p)\delta V+\omega (N-\psi C-U-V),\\ \frac{dV}{dt}& =(1-\psi )f(U,V)C+h(V)U+\psi h(C)U-\delta V.\end{array}$(5)

To non-dimensionalize the model system (4(4) $\begin{array}{ll}{\displaystyle \frac{dU}{dt}=}& -(1-\psi )f(U,V)C-h(V)U-\psi h(C)U\\ & +(1-p)\delta V+\omega W,\\ \\ {\displaystyle \frac{dV}{dt}=}& (1-\psi )f(U,V)C+h(V)U+\psi h(C)U-\delta V,\\ \\ {\displaystyle \frac{dW}{dt}=}& p\delta V-\omega W,\end{array}$(4) ), we set,

$\begin{array}{l}x=\frac{U}{N},y=\frac{V}{N},z=\frac{W}{N},c=\frac{C}{N}\text{and }\tau =\delta t,\end{array}$

and choose dimensionless parameter groupings

$\begin{array}{l}\begin{array}{lll}{\sigma }_1={\displaystyle \frac{{\kappa }_{u}C}{\delta },}& {\sigma }_2={\kappa }_v{\tau }_{v}N,& {\sigma }_3={\kappa }_u{\tau }_{u}N,\\ {\sigma }_{4X}={\displaystyle \frac{{\nu }_X{N}^{\alpha }}{\delta },}& {\sigma }_5={\displaystyle \frac{\omega }{\delta },}& \lambda ={\displaystyle \frac{{\sigma }_5}{p+{\sigma }_5}.}\end{array}\end{array}$

We note that $0\le \lambda \le 1.$ This parameter is clearly identifiable in the solution profiles presented in the next section.

Note also that the parameter σ₁ incorporates the number of criminals seeking to find victims within a cyber-network of which they are not a member whilst the parameter c measures the proportion of the population within the cyber-network who are criminal. Since our analysis excludes the case in which both activities may be taking place at the same time, we are able to explore the effects of criminal population size and location (relative to the cyber-network) on levels of victimisation robustly without concern of double counting the effects.

Next, we set

(6) $\mathrm{\Gamma }(x,y)=\frac{(1-\psi ){\sigma }_1}{1+{\sigma }_{2}y+{\sigma }_{3}x}+({\sigma }_{4y}{y}^{\alpha }+\psi {\sigma }_{4c}{c}^{\alpha })$(6)

which represents the per capita victimisation rate. Without loss of generality, we set $\tau =t$ and then the dimensionless model can be written:

(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7)

To fully specify the model system we assign arbitrary initial conditions $x(0)=x_0$, $y(0)=y_0$ where $0\le x_0,y_0\le 1.$

3. Model analysis

We begin this section by demonstrating the existence of an invariant region for the model system (7(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7) ) and we discuss the properties of Γ, the per capita victimisation rate of susceptible individuals. The analysis which follows focuses on steady state behaviour. We demonstrate that the model will admit a single non-trivial steady state, and we explore the impact of parameter values on the size of this state. Following on from this, we demonstrate that, under a wide range of parameter conditions, the steady state is globally stable.

3.1. Preliminary considerations

3.1.1. Invariant region

The region $D=\{(x,y):x\ge 0,y\ge 0,x+y\le 1-\psi c\}$ is invariant for our model system. This is verified as follows:

1. On the boundary x = 0, by setting x = 0 in the relevant equation of (7(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7) ) we have

   $\begin{array}{ll}\frac{dx}{dt}& =(1-p)y+{\sigma }_5(1-\psi c-y),\\ & >0.\end{array}$

2. On the boundary y = 0, by setting y = 0 in the relevant equation of (7(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7) ) we have

   $\begin{array}{ll}\frac{dy}{dt}& ={\sigma }_1(1-\psi c)\frac{x}{1+{\sigma }_{3}x},\\ & >0.\end{array}$

3. For the boundary $x+y=1-\psi c$ we set $q=x+y$ and note that

   $\begin{array}{ll}{\displaystyle \frac{dq}{dt}}& =-py+{\sigma }_5(1-\psi c-q),\\ & =-py\text{on}q=1-\psi c,\\ & <0.\end{array}$

Combining these three results gives us the invariant region as defined above.

3.1.2. Properties of $\mathrm{\Gamma }(x,y)$

The per capita victimisation rate, $\mathrm{\Gamma }(x,y)$ is the cumulative rate of primary victimisation (from criminals either external or internal to the network) and onward victimisation through the network structure.

The partial derivatives ${\mathrm{\Gamma }}_x$ and ${\mathrm{\Gamma }}_y$ provide insights which are highlighted later in the paper. They are given as:

(8) $\begin{array}{l}{\mathrm{\Gamma }}_x={\displaystyle -\frac{(1-\psi ){\sigma }_1{\sigma }_3}{[1+{\sigma }_{2}y+{\sigma }_{3}x{]}^2}}\\ \\ {\mathrm{\Gamma }}_y={\displaystyle -\frac{(1-\psi ){\sigma }_1{\sigma }_2}{[1+{\sigma }_{2}y+{\sigma }_{3}x{]}^2}+{\sigma }_{4y}\alpha y^{\alpha -1}.}\end{array}$(8)

When victimisation occurs external to the network (ψ = 0), Γ is a decreasing function of the susceptible population (${\mathrm{\Gamma }}_x<0$) whilst there is no dependence, ${\mathrm{\Gamma }}_x=0$, when ψ = 1. The corresponding properties in relation to victimised individuals are more complex. With ψ = 1, Γ is an increasing function of the victimised population (${\mathrm{\Gamma }}_y>0$). However, with ψ = 0, ${\mathrm{\Gamma }}_y$ may be positive or negative depending on the relative strength of external versus within network victimisation. If the wasted effort of attempting to victimise individuals that are already victims has greater impact on the per capita victimisation rate than onward victimisation within the network, then ${\mathrm{\Gamma }}_y<0$ and the per capita rate decreases with increased numbers of victims; if this scenario is reversed, we find that ${\mathrm{\Gamma }}_y>0.$

3.2. Steady-state solutions

At steady state, the rate equations given in (7(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7) ) are set to zero, resulting in the coupled, nonlinear algebraic equations:

$\begin{array}{l}y=\mathrm{\Gamma }(x,y)x,\end{array}$

and

$\begin{array}{l}{\displaystyle \mathrm{\Gamma }(x,y)x=(1-p)y+{\sigma }_5(1-\psi c-x-y),}\end{array}$

solutions of which give the steady states for the system.

Rearranging these equations, we find that the steady state solutions of (7(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7) ) must simultaneously satisfy the two equations

(9) $\begin{array}{ll}x=& 1-\psi c-\frac{1}{\lambda }y,\\ G(y)=& F_1(y)-F_2(y)=0,\end{array}$(9)

where

(10) $\begin{array}{ll}{F}_1(y)=& y^2[{\sigma }_2-\frac{{\sigma }_3}{\lambda }]+y[{\sigma }_3(1-\psi c)+1+\frac{(1-\psi c){\sigma }_1}{\lambda }]\\ & -{\sigma }_1(1-\psi c{)}^2,\end{array}$(10)

and

(11) $\begin{array}{ll}{F}_2(y)=& [{\sigma }_{4y}{y}^{\alpha }+\psi {\sigma }_{4c}{c}^{\alpha }](1-\psi c-\frac{y}{\lambda })\\ & \times (1+{\sigma }_{2}y+{\sigma }_3(1-\psi c-\frac{1}{\lambda }y)).\end{array}$(11)

Note that we require $y\le \lambda (1-\psi c)$ to ensure that $0\le x\le 1$.

Considering $F_1(y)$ we note that

$\begin{array}{l}\begin{array}{l}{F}_1(0)=-{\sigma }_1(1-\psi c{)}^2<0\text{and}\\ F_1(\lambda (1-\psi c))=\lambda (1-\psi c)[\lambda (1-\psi c){\sigma }_2+1]>0.\end{array}\end{array}$

Moreover, F₁ is a quadratic function, and therefore it will at most have a single maximum turning point in the domain of interest.

The equivalent properties for $F_2(y)$ are

$\begin{array}{l}\begin{array}{lll}{F}_2(0)={\sigma }_{4c}\psi c^{\alpha }(1-\psi c)>0& \text{and}& F_2(\lambda (1-\psi c))=0.\end{array}\end{array}$

The function F₂ is composite, combining a quadratic with a monotonically increasing function $({\sigma }_{4y}{y}^{\alpha }+\psi {\sigma }_{4c}{c}^{\alpha })$ and therefore, considering the values that F₂ takes when y = 0 and $y=\lambda (1-\psi c)$, the composite function will at most have a single maximum turning point in the domain of interest.

Given that $F_2(0)>F_1(0)$ and $F_2^{\prime }(0)>F_1^{\prime }(0)$ (for $0<\alpha <1$), and noting the behaviours described above, we conclude that $F_1(y)$ and $F_2(y)$ intersect once in the domain of interest $0\le y\le \lambda (1-\psi c)$ and therefore that the system attains a unique, admissible steady state $(x_e,y_e)$ within the domain D. This is the case whether or not criminals operate internally or externally to the cyber-network.

3.3. Impact of parameters on steady-state levels

In exploring the impact of parameters on the amount of victimisation occurring within a cyber-network, we consider three key measures:

• The degree of heterogeneity in the network (as measured by α);

• The size of the criminal population;

• The difference in connectedness of criminals and non-criminals within the network (for the case where ψ = 1).

Our findings are summarised in three figures.

Firstly, Figure 2 shows how the proportion of victims in the network at steady state (y_e) changes with α and with σ₁ (the dimensionless parameter which increases in direct proportion to the number of criminals external to the network).

Figure 2. Plots of the steady-state proportion of the network that is victimised when the criminals are external to the network, i.e. with ψ = 0. Model parameters used: ${\sigma }_2=2$, ${\sigma }_3=1$, ${\sigma }_{4y}={\sigma }_{4c}=2$, ${\sigma }_5=1$, p = 0.75. In (a) ${\sigma }_1=0.5$, in (b) α = 0.5.

Recalling that increasing α corresponds to considering a less clustered (heterogeneous) network, we see that the more clustered the network, the greater the level of victimisation in the system. In this case, criminal activity is undertaken from outside the network environment and targets activity randomly across the entire network. Thus, when the network is highly clustered, a single successful contact within a cluster will have a greater impact than when the network is more evenly spread. We believe that this is a reasonable explanation for what we observe in Figure 2a.

When we increase the number of criminals attempting to infiltrate a network (σ₁ increasing) we see that the level of victimisation in the network increases but at a decreasing rate such that we observe a saturation effect, most likely linked to the connectivity of the network. What this means in practice is that, for a given network, there is a maximum victimisation level which is independent of the number of criminals, determined by the structure of the network.

Next, we consider the case where criminals form part of the cyber-network (ψ = 1) and again look at the impact of varying the network structure (varying α) and number of criminals (varying c). Because c forms part of the network population, we need to consider two measures of victimisation on the network. If we explore y_e as a function of the parameters, we are showing the fraction of the total population which is victimised. This does not take into account that a fraction c of this population cannot be victimised because they are themselves criminal. Therefore, in Figure 3 we also plot

Figure 3. Plots of the steady-state proportion of the network that is victimised when the criminals are internal to the network, i.e. with ψ = 1. The solid blue line is the value y_e whilst the red crosses are given by $y_e/(1-\psi c)$ which is the proportion of available population in the network that are victimised at steady state. Model parameters used: ${\sigma }_2=2$, ${\sigma }_3=1$, ${\sigma }_{4y}={\sigma }_{4c}=2$, ${\sigma }_5=1$, p = 0.75. In (a) $c_e=0.01$, in (b) α = 0.5.

$\begin{array}{l}{\displaystyle \frac{y_e}{1-\psi c}}\end{array}$

which restricts the count to include only those individuals who are not themselves criminal within the network.

The behaviour of the system is qualitatively the same as for the case where criminal activity occurs external to the network as we change the degree of heterogeneity in the network through the parameter α. This is only true as we vary the number of criminals in the network if we calculate the fraction of available victims in the network to measure levels of victimisation. If we simply consider the value y_e, we see that there is a peak in this value for some intermediate value $c.$ This occurs because the heterogeneity of the network structure prevents onward victimisation because susceptible individuals are able to “hide” from the criminals. This contrasts with the case where the criminal acts externally to the network because there is no such mechanism to avoid contact with a criminal.

Finally, in Figure 4, we confirm the intuitively sensible observation that as the rate of interaction between criminals and susceptibles increases, so does the level of victimisation.

Figure 4. Plot of the proportion of available network members that are victimised at steady state as the rate of successful contact between susceptible and criminal individuals increases. Model parameters used: ${\sigma }_2=2$, ${\sigma }_3=1$, ${\sigma }_{4y}=2$, ${\sigma }_5=1$, p = 0.75, α = 0.5 and c = 0.02.

3.4. Stability of steady states

The Jacobian matrix J for our model system (7(7) $\begin{array}{ll}\frac{dx}{dt}=& -\mathrm{\Gamma }(x,y)x+(1-p)y+{\sigma }_5(1-\psi c-x-y),\\ \frac{dy}{dt}=& \mathrm{\Gamma }(x,y)x-y.\end{array}$(7) ) is given as

(12) $J=\left[\begin{array}{ll}-\mathrm{\Gamma }-x{\mathrm{\Gamma }}_x-{\sigma }_5& -x{\mathrm{\Gamma }}_y+(1-p)-{\sigma }_5\\ x{\mathrm{\Gamma }}_x+\mathrm{\Gamma }& x{\mathrm{\Gamma }}_y-1\end{array}\right],$(12)

where ${\mathrm{\Gamma }}_x$ and ${\mathrm{\Gamma }}_y$ are the partial derivatives of $\mathrm{\Gamma }(x,y)$ given in (8(8) $\begin{array}{l}{\mathrm{\Gamma }}_x={\displaystyle -\frac{(1-\psi ){\sigma }_1{\sigma }_3}{[1+{\sigma }_{2}y+{\sigma }_{3}x{]}^2}}\\ \\ {\mathrm{\Gamma }}_y={\displaystyle -\frac{(1-\psi ){\sigma }_1{\sigma }_2}{[1+{\sigma }_{2}y+{\sigma }_{3}x{]}^2}+{\sigma }_{4y}\alpha y^{\alpha -1}.}\end{array}$(8) ).

As was mentioned when discussing the properties of Γ, we see that ${\mathrm{\Gamma }}_x\le 0$ (with equality arising for ψ = 1) whilst the sign for ${\mathrm{\Gamma }}_y$ may be positive or negative.

Using standard results, we note that the steady state is stable if $\text{tr}(J)<0$ and $det(J)>0$.

After some algebraic rearrangements, we have

(13) $\begin{array}{l}\text{tr}(J)=-(\mathrm{\Gamma }+x{\mathrm{\Gamma }}_x)+(x{\mathrm{\Gamma }}_y-1)-{\sigma }_5\\ det(J)=-{\sigma }_5(x{\mathrm{\Gamma }}_y-1)+(p+{\sigma }_5)(x{\mathrm{\Gamma }}_x+\mathrm{\Gamma })\end{array}\}$(13)

From (13(13) $\begin{array}{l}\text{tr}(J)=-(\mathrm{\Gamma }+x{\mathrm{\Gamma }}_x)+(x{\mathrm{\Gamma }}_y-1)-{\sigma }_5\\ det(J)=-{\sigma }_5(x{\mathrm{\Gamma }}_y-1)+(p+{\sigma }_5)(x{\mathrm{\Gamma }}_x+\mathrm{\Gamma })\end{array}\}$(13) ) we notice that sufficient conditions for the steady state to be locally stable are

$\begin{array}{l}\begin{array}{lll}\mathrm{\Gamma }+x{\mathrm{\Gamma }}_x>0& \text{and}& x{\mathrm{\Gamma }}_y-1<0\end{array}\end{array}$

The first of these conditions can be rewritten as:

$\begin{array}{ll}\mathrm{\Gamma }+x{\mathrm{\Gamma }}_x=& {\displaystyle \frac{(1-\psi ){\sigma }_1}{1+{\sigma }_{2}y+{\sigma }_{3}x}[1-{\displaystyle \frac{{\sigma }_{3}x}{1+{\sigma }_{2}y+{\sigma }_{3}x}}]+{\sigma }_{4y}{y}^{\alpha }}\\ & +\psi {\sigma }_{4c}{c}^{\alpha }.\end{array}$

Since ${\displaystyle \frac{{\sigma }_{3}x}{1+{\sigma }_{2}y+{\sigma }_{3}x}<1}$, we confirm that the first inequality, $\mathrm{\Gamma }+x{\mathrm{\Gamma }}_x>0$, is satisfied.

Rearranging the second inequality in a similar manner gives

(14) $x{\mathrm{\Gamma }}_y-1=x\left[{\displaystyle -\frac{(1-\psi ){\sigma }_1{\sigma }_2}{(1+{\sigma }_{2}y+{\sigma }_{3}x{)}^2}+{\sigma }_{4y}\alpha y^{\alpha -1}}\right]-1.$(14)

From (14(14) $x{\mathrm{\Gamma }}_y-1=x\left[{\displaystyle -\frac{(1-\psi ){\sigma }_1{\sigma }_2}{(1+{\sigma }_{2}y+{\sigma }_{3}x{)}^2}+{\sigma }_{4y}\alpha y^{\alpha -1}}\right]-1.$(14) ), we observe that, provided ${\sigma }_{4y}$ is sufficiently small, the inequality $x{\mathrm{\Gamma }}_y-1<0$ will be satisfied. This is not the only criterion which could be invoked to ensure that the inequality is satisfied, but it provides a scenario which would ensure that the nontrivial steady state is stable.

The stability result described here was verified through extensive numerical exploration. Moreover, since the model system is bounded in the positive quadrant and there is a single locally stable steady state, then using the Poincare-Bendixson theorem we deduce that this steady state is globally stable and all solution trajectories will approach that state over time.

4. Discussion

In this paper, we have explored how the positioning of a criminal internal or external to a cyber-network influences the scale of cybercrime within that network. We did this using a simple deterministic representation of the network which assumed that each individual in the network is either susceptible to victimisation, is a victim, or is immune following a period of victimisation. Our analysis indicated that the greater the heterogeneity in the network structure, the more victimisation was likely to occur, independent of where the criminal was located relative to the network. We also observed a saturation effect relative to the size of the criminal population—the rate of increase in victimisation is a concave function of the criminal population size.

Of course, our model is a caricature of a highly complex system. However, it does demonstrate a “super-spreader” effect—networks with highly heterogeneous structure ($\alpha \ll 1$) produce more victims because once the “super-spreader” node has been successfully targeted, it will create a large number of onward victimisation opportunities. From a protection perspective, the advice here would be to create more egalitarian cyber-networks with a fixed number of nodes. The model also demonstrates that there is no significant difference between criminal activity being initiated externally to the network and that which is embedded within the network. Finally, the saturating nature of victimisation (Figures 2(b), 3(b)) suggests that with some manipulation cyber-networks could be made more safe as measured by the level of saturating victimisation observed when large numbers of criminals are attacking a cyber-network. We were able to demonstrate the potential for damped oscillations in this system, although an extensive scour of parameter space did not yield a large effect. In any dynamical system, there is less certainty when oscillations are observed, which suggests that cyber-networks subject to victimisation may be “stabilised” by modifying some of the key demographic parameters. This will become particularly insightful once time-series data are available to help estimate some of these parameters.

Clearly, our model structure is a significantly simplified description of a real cyber-network and the mechanisms by which cyber-crimes are committed. As discussed in the introduction, this simplification is intentional because it allows us to identify how basic mechanisms affect levels of cybercrime. This is simply a starting point, but it does provide some avenues for future consideration. The importance of clustering in the network has been identified which contrasts with the location of the criminal within our external to the network which they are targeting. This second point, in particular, may be of interest to those trying to identify and disable cyber-criminals. Now that the model has been developed and its key properties identified, it would be useful to explore its predictions using data on cybercrimes to estimate model parameters. An ideal exploration would use data from different types of cybercrime to see if they produce significantly different parameter estimates; if they did, this would provide a mechanism to classify cybercrime activities and may provide useful groupings for future approaches to detection and prevention. In this way, we anticipate that our model could act as a catalyst for further exploration into the dynamics occurring in a cyber-network under attack by criminals. Given the scale of the global problem and the rate of growth in cyber-networks for work, pleasure, and commerce, it will be really important to understand the dynamics in order to implement robust and effective solutions to control the spiralling growth of cybercrime activity.

Acknowledgements

This work was undertaken within the UK-Africa Postgraduate Advanced Study Institute in Mathematical Sciences funded by UKRI Global Challenges Research Fund, grant number EP/T00410X/1.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Supplementary material

Supplemental data for this article can be accessed online at https://doi.org/10.1080/27684830.2023.2295059.

Additional information

Funding

The work was supported by the UK Research and Innovation [EP/T00410X/1].