Distributed Denial Of Service Research Articles

Network Traffic Classification Against Adversarial Attacks Based Deep Learning

Background: Cybersecurity is a prominent concern in today's interconnected world, encompassing both local and remote wireless and wired access across diverse communication technology platforms. It is important to recognize the threat posed by hackers who are currently compromising organizational functionalities, bypassing security measures, and stealing hypersensitive information. Common hacking techniques such as Portscan, Distributed Denial of Service (DDoS) attacks, and the use of Botnets, are frequently utilized by hackers. Materials and Methods: The authors explore the advantages of using Machine Learning (ML) to classify attacks such as Port Scanning, DDoS, Botnet, and Botnet-Attempt in a mixture of both benign and attack traffic. They use various Artificial Neural Networks (ANN) structures, each having distinct properties, to train and test on a benchmark dataset (CICIDS2017). The aim is to identify the most effective ANN model and the optimal number of input features required to classify data that contains events of Portscan, DDoS, Botnet, and Botnet-Attempt attacks. Results: Various features are used as inputs for an ML model with single and multiple hidden layers, each with different neurons, to evaluate their impact on classification accuracy using a Python language. The best accuracy obtained is 99.71%, achieved by using all features of the dataset and 4 hidden layers, while the accuracy obtained using only 7 features is 97.6%. Conclusion: ANN models can perform well in classifying network traffic against adversarial attacks by using an optimal combination of features as input and hidden layers.

Securing IoT Networks from DDoS Attacks Using a Temporary Dynamic IP Strategy.

The progression of the Internet of Things (IoT) has brought about a complete transformation in the way we interact with the physical world. However, this transformation has brought with it a slew of challenges. The advent of intelligent machines that can not only gather data for analysis and decision-making, but also learn and make independent decisions has been a breakthrough. However, the low-cost requirement of IoT devices requires the use of limited resources in processing and storage, which typically leads to a lack of security measures. Consequently, most IoT devices are susceptible to security breaches, turning them into "Bots" that are used in Distributed Denial of Service (DDoS) attacks. In this paper, we propose a new strategy labeled "Temporary Dynamic IP" (TDIP), which offers effective protection against DDoS attacks. The TDIP solution rotates Internet Protocol (IP) addresses frequently, creating a significant deterrent to potential attackers. By maintaining an "IP lease-time" that is short enough to prevent unauthorized access, TDIP enhances overall system security. Our testing, conducted via OMNET++, demonstrated that TDIP was highly effective in preventing DDoS attacks and, at the same time, improving network efficiency and IoT network protection.

An intelligent security mechanism in mobile Ad-Hoc networks using precision probability genetic algorithms (PPGA) and deep learning technique (Stacked LSTM)

The Mobile Ad-hoc Networks (MANETs) have gained a significant attention in the recent years due to their proliferation and huge application purposes. To defend from many types of modern cyber dangers like Distributed Denial of Service (DDoS) attacks, Advanced Persistent Threats (APTs), Insider Threats, Ransomware, Zero-Day Exploits, Social Engineering tactics, and etc is not easy when it comes to keeping MANETs security. These complex assaults focus on network infrastructure, take advantage of weaknesses in communication protocols and control user actions. Although there have been improvements in intrusion detection systems (IDS), it is still difficult to fully safeguard MANETs. The purpose of this research is to create advanced methods that can accurately find and decrease attacks inside MANETs. Applying Sensor-based Feature Extraction (SFE) to extract useful network features such as Received Signal Strength Indication (RSSI) and Time of Travel (TOT) from datasets NSL-KDD and CICIDS-2017. Utilizing the fresh method of Precise Probability Genetic Algorithm (PPGA) optimization for removing unrelated details, which enhances precision in detecting attacks. Predicting normal and attacking labels by applying Stacked Recurrent Long Short Term Memory (SRLSTM) method, fine-tuning classifier's parameters in every layer to improve outcomes. In order to authenticate and compare the suggested methods with current attack detection tactics, this study will make use of various evaluation measurements. The NSL-KDD, which is a benchmark dataset in network intrusion detection research, has a wide variety of network traffic data with instances that are labeled as normal and different attacks. CICIDS-2017 is similar because it contains an extensive dataset too - this includes real-world traces from network traffic where there's both regular activity and harmful actions. The purpose is to enhance the existing status of MANET security so as it can withstand more strongly against cyber dangers. According to the outcomes, it is analyzed that the attack detection accuracy has improved greatly 99 % when compared to other methods, as shown by the detailed assessment measurements. Better handling of big datasets with top detection accuracy reduces the time needed 8.9 s for training and testing models. Decrease in misclassification results and better ability to differentiate normal network actions from harmful intrusions. Improved resistance of MANETs to different cyber dangers, guaranteeing the safety and dependability of network communication in changing and non-centralized settings.

تدريب خوارزميات التعلم الآلي للكشف عن هجمات رفض الخدمة الموزعة

Cyber-attacks are becoming more and more sophisticated, posing a serious threat to our technologically dependent society. Such an attack is the Distributed Denial of Service (DDoS) attack, which is becoming a serious threat to businesses that have integrated their technology with public networks since they enable numerous attackers to obtain data or provide services to major corporations or nations. When a company's servers are overloaded with fraudulent requests while legitimate users' requests are denied, Distributed Denial of Service (DDoS) attacks disrupt Web service availability for an arbitrary amount of time. This results in financial losses since services are rendered unavailable. This paper provides a comparative analysis of popular ML algorithms, including Logistic Regression, Random Forest, and Neural Network, in terms of their effectiveness in DDoS attack detection. Along with a comprehensive evaluation of its performance. The study incorporates numerical data analysis and relevant diagrams to offer insights into the comparative efficacy of different ML techniques for DDoS attack detection. Keywords: DDoS attacks, machine learning, random forest, Logistic Regression, Neural Network

Enhanced Anomaly-Based Detection of the Distributed Denial of Service Attack using Modular Memetic Behavioral Analysis

The Internet’s popularity has proven to be an effective mode for data dissemination, and also advance the proliferation of adversaries whose exploits network for personal gain via unauthorized access that compromises a user device. Adversaries have achieved such feats via socially-engineered, subterfuge schemes – some of which deny users of network resources. These distributed denial of service (DDoS) attacks are carefully crafted to impact a large magnitude with the capability to wreak havoc at high levels of network infrastructures. This study posits a deep learning approach to distinguish between benign exchange of data and malicious attacks from data traffic. With benchmark ensemble such as XGBoost, Random Forest and Decision Tree – the results shows our proposed ensemble yields F1 of 0.9945, and outperforms XGBoost, RF and DT (with F1 of 0.9925, 0.9881 and 0.9805 respectively); And with an Accuracy of 0.9984 to outperform XGBoost, RF and DT (with 0.9981, 0.9964 and 0.9815 respectively). The proposed ensemble incorrectly classified only 283-instances with 13,418 correctly classified test instances with a 99.84% accuracy. Result shows our use of the deep learning memetic model effectively differentiate between genuine and malicious packets via anomaly-based detection. Keywords: Memetic Algorithm, Random Forest, XGBoost, feature selection, imbalanced dataset Aims Research Journal Reference Format: Sulu, G.A., Akazue, M.I., Edje, A.E., (2024): Enhancing computer network intrusion detection using the network behaviour analysis technique: a pilot study. Advances in Multidisciplinary and Scientific Research Journal Vol. 10. No. 2. Pp 125-142 www.isteams.net/aimsjournal. dx.doi.org/10.22624/AIMS/V10N2P11

A Classification Data Packets Using the Threshold Method for Detection of DDoS

Computer communication is done by first synchronizing one computer with another computer. This synchronization contains Data Packages which can be detrimental if done continuously, it will be categorized as an attack. This type of attack, when performed against a target by many computers, is called a distributed denial of service (DDoS) attack. Technology and the Internet are growing rapidly, so many DDoS attack applications result in these attacks still being a serious threat. This research aims to apply the Threshold method in detecting DDoS attacks. The Threshold method is used to process numeric attributes so obtained from the logfile in a computer network so that data packages can be classified into 2, namely normal access and attack access. Classification results using the Threshold method after going through the fitting process, namely detecting 8 IP Addresses as computer network users and 6 IP addresses as perpetrators of DDoS attacks with optimal accuracy.

Unveiling the core of IoT: comprehensive review on data security challenges and mitigation strategies

The Internet of Things (IoT) is a collection of devices such as sensors for collecting data, actuators that perform mechanical actions on the sensor's collected data, and gateways used as an interface for effective communication with the external world. The IoT has been successfully applied to various fields, from small households to large industries. The IoT environment consists of heterogeneous networks and billions of devices increasing daily, making the system more complex and this need for privacy and security of IoT devices become a major concern. The critical components of IoT are device identification, a large number of sensors, hardware operating systems, and IoT semantics and services. The layers of a core IoT application are presented in this paper with the protocols used in each layer. The security challenges at various IoT layers are unveiled in this review paper along with the existing mitigation strategies such as machine learning, deep learning, lightweight encryption techniques, and Intrusion Detection Systems (IDS) to overcome these security challenges and future scope. It has been concluded after doing an intensive review that Spoofing and Distributed Denial of Service (DDoS) attacks are two of the most common attacks in IoT applications. While spoofing tricks systems by impersonating devices, DDoS attacks flood IoT systems with traffic. IoT security is also compromised by other attacks, such as botnet attacks, man-in-middle attacks etc. which call for strong defenses including IDS framework, deep neural networks, and multifactor authentication system.

Enhanced Network Intrusion Detection System for Internet of Things Security Using Multimodal Big Data Representation with Transfer Learning and Game Theory.

Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

Quick service during DDoS attacks in the container-based cloud environment

Distributed Denial of Service (DDoS) attacks are one of the biggest internet security risks. As DDoS attacks directly target the availability of the victim’s services, defending against them is one of the most challenging tasks for the victim organization’s cyber security personnel. Service disruptions, resource conflicts, reputation harm, and financial losses are just a few of the many direct and indirect effects of DDoS attacks. There are several DDoS attack solutions, however, victim organization(s) cyber security personnel still struggle to mitigate it. Among the several ways of mitigating DDoS attacks, it was observed that the most effective approaches include bandwidth limiting and resource reservations. Individually, these solutions have a drawback of increasing the average response time during a DDoS attack for both the malicious and the benign users. We propose a two-line defense system that combines both of these strategies in addition to containerization to minimize DDoS attack effects. First line defense system separates incoming requests based upon the number of connections made for target web-service at any particular instant and sends them to second line defense system. At second line defense system, we limit the bandwidth of intermediate machines that transmit requests to the destination web-service(s). Additionally, the load balancer at the second line defense system routes incoming requests to different containers on the target computers based on line defense system decisions. By segregating incoming requests, we are able to serve benign users requests which send lesser number of requests than threshold value even in the presence of DDoS attacks. The proposed technique shows that benign users’ average response time under DDoS attack is nearly equivalent to that obtained under normal network conditions. The proposed technique is able to preserve the service availability to ∼98% of benign requests even in the presence of massive DDoS attack.

Detecting DDoS based on attention mechanism for Software-Defined Networks

In this paper, we propose a deep learning model based on a novel Divide and Conquer Attention (DCA) mechanism, for efficient detection of Distributed Denial of Service (DDoS) attacks in a virtual Software Defined Networking(SDN) environment. DDoS is a cyber-attack that depletes the resources of the target victim through excessive traffic attacks, preventing users from using the server normally. As network infrastructure evolves, the threat of cyber-attacks such as DDoS is increasing, and DDoS attack methods are also becoming very diverse. DDoS attacks are more dangerous in SDN because a failure occurring in the SDN controller paralyzes the entire network managed by the controller and has recently received a lot of attention. Therefore, our proposed DCA based detection model learns complex attack patterns and network traffic, providing enhanced detection. The DCA based detection model that focuses on various functions of network traffic based on importance provides a better understanding of abnormal behavior patterns. Our results obtained from virtual network attack scenario experiments with Open Network Operating System (ONOS) SDN controller and Mininet network simulator show that DCA based model outperforms traditional machine learning methods and other deep learning models. Then, we conduct performance evaluations against various recent deep learning-based network analysis studies to provide various advantages for the utilization of DCA based detection model.

NÂNG CAO HIỆU QUẢ AN NINH MẠNG DỰA TRÊN MỘT SỐ KỸ THUẬT GIẢM CHIỀU DỮ LIỆU

This paper focuses on proposing a network intrusion detection model applying fundamental machine learning techniques to enhance early detection of network intrusions (rapid detection of attack behaviors) for improved efficiency in preventing network attacks. The system must still ensure technical accuracy in providing high-precision alerts. The research employs several dimensionality reduction techniques to detect abnormal network intrusions caused by Distributed Denial of Service (DDoS) attacks. The proposed model aims to reduce computation time for early attack detection. The results show that the proposed system performs best across all three datasets through the combination of the KNN algorithm and the Feature Importance dimensionality reduction technique. After calculating and returning the number of important features in attack detection using the Importance technique, the performance of the KNN algorithm is enhanced. By retaining only important features, as the dimensionality of the data decreases, the computation speed of KNN increases. Therefore, although the accuracy may slightly decrease, the computation time is significantly reduced. This is acceptable for practical purposes.

An optimized deep strategy for recognition and alleviation of DDoS attack in SD-IoT

ABSTRACT The attacks like distributed denial-of-service (DDoS) are termed as severe defence issues in data centres, and are considered real network threat. These types of attacks can produce huge disturbances in information technologies. In addition, it is a complex task to determine and fully alleviate DDoS attacks. The new strategy is developed to identify and alleviate DDoS attacks in the Software-Defined Internet of Things (SD-IoT) model. SD-IoT simulation is executed to gather data. The data collected through nodes of SD-IoT are fed to the selection of feature phases. Here, the hybrid process is considered to select features, wherein features, like wrapper-based technique, cosine similarity-based technique, and entropy-based technique are utilized to choose the significant features. Thereafter, the attack discovery process is done with Elephant Water Cycle (EWC)-assisted deep neuro-fuzzy network (DNFN). The EWC is adapted to train DNFN, and here EWC is obtained by grouping Elephant Herd Optimization (EHO) and water cycle algorithm (WCA). Finally, attack mitigation is carried out to secure the SD-IoT. The EWC-assisted DNFN revealed the highest accuracy of 96.9%, TNR of 98%, TPR of 90%, precision of 93%, and F1-score of 91%, when compared with other related techniques.

Enhancing honeynet-based protection with network slicing for massive Pre-6G IoT Smart Cities deployments

Internet of Things (IoT) coupled with 5G and upcoming pre-6G networks will provide the scalability and performance required to deploy a wide range of new digital services in Smart Cities. This new digital services will undoubtedly contribute to an improvement in the quality of life of citizens. However, security is a major concern in IoT where low-powered constrained devices are a target for attackers who identify them as a vulnerable entry point to exploit the network weaknesses. This concern is exacerbated in Smart Cities where it is expected to deploy millions of heterogeneous yet unattended and vulnerable IoT devices throughout vast urban areas. A security breach in a Smart City allows attackers to target critical services such as the power grid network or the road traffic control or to expose sensitive health data to intruders. Thus, the security and privacy of citizens could be seriously compromised. Honeynets are an effective security mechanism to distract attackers from legitimate targets and collect valuable information on how they operate. Meanwhile, current honeynets lack functionality to protect the real and lure networks from large-scale volumetric Distributed Denial of Service (DDoS) attacks. This paper provides a novel solution to empower honeynet security tools with Network Slicing capabilities as an innovative way to isolate and minimize the network resources available from attackers. The proposed system supports the ambitious IoT scalability requirements associated to 5G networks and the forthcoming 6G networks. The solution has been empirically evaluated in a emulated testbed where promising results have been achieved when dealing with mMTC and eMBB traffic profiles. In mMTC scenarios where scalability is a challenge, the solution is able to deal with up to 1000 slices and 1 Million IoT devices sending traffic simultaneously. In eMBB use cases, the solution is able to cope with up to 19 Gbps of combined bandwidth. The gathered results demonstrate that the proposed solution is suitable as a security tool in 5G IoT multi-tenant infrastructures as those expected in Smart Cities deployments.

Pioneering advanced security solutions for reinforcement learning-based adaptive key rotation in Zigbee networks

In the rapidly evolving landscape of Internet of Things (IoT), Zigbee networks have emerged as a critical component for enabling wireless communication in a variety of applications. Despite their widespread adoption, Zigbee networks face significant security challenges, particularly in key management and network resilience against cyber attacks like distributed denial of service (DDoS). Traditional key rotation strategies often fall short in dynamically adapting to the ever-changing network conditions, leading to vulnerabilities in network security and efficiency. To address these challenges, this paper proposes a novel approach by implementing a reinforcement learning (RL) model for adaptive key rotation in Zigbee networks. We developed and tested this model against traditional periodic, anomaly detection-based, heuristic-based, and static key rotation methods in a simulated Zigbee network environment. Our comprehensive evaluation over a 30-day period focused on key performance metrics such as network efficiency, response to DDoS attacks, network resilience under various simulated attacks, latency, and packet loss in fluctuating traffic conditions. The results indicate that the RL model significantly outperforms traditional methods, demonstrating improved network efficiency, higher intrusion detection rates, faster response times, and superior resource management. The study underscores the potential of using artificial intelligence (AI)-driven, adaptive strategies for enhancing network security in IoT environments, paving the way for more robust and intelligent Zigbee network security solutions.

A Deep Intelligent Hybrid Intrusion Detection Framework with LIME

Network security has grown to be a major issue as a result of the development of Internet of Things (IoT) devices. Attacks known as Distributed Denial of Service (DDoS) can overwhelm and impair networks. In order to identify DDoS and other network intrusion threats in real-time, accurately, and with justification, this study suggests a unique deep learning-driven fog computing architecture named as Deep Intelligent Hybrid Intrusion Detection Framework with LIME (DIHIF-LIME). The main advancement is the creation of a hybrid intrusion detection system that integrates randomness measurements taken from network traffic with a K-Nearest Neighbor (KNN) machine learning classifier. The justification for predictions is explained using Local Interpretable Model-Agnostic Explanations (LIME), which promotes explainability. Using datasets including network assaults, Long-Short-Term Memory (LSTM) neural networks are created and compared. Utilizing 5-fold cross-validation, LSTM outperformed benchmarks with the maximum accuracy of 99.97%. In conclusion, the proposed fog computing intrusion detection framework with LIME explainability offers a rapid, precise, scalable, and interpretable end-to-end solution from IoT devices to the cloud. A thorough test shows that the method is effective in protecting IoT networks from DDoS and other assaults. The two main advances th­­at are presented are hybrid detection and LIME explainability.

Who's Got My Back? Measuring the Adoption of an Internet-wide BGP RTBH Service

Distributed Denial-of-Service (DDoS) attacks continue to threaten the availability of Internet-based services. While countermeasures exist to decrease the impact of these attacks, not all operators have the resources or knowledge to deploy them. Unwanted Traffic Removal Service (UTRS), being one of the oldest community-based anti-DDoS services aims at mitigating major DDoS attacks through the Border Gateway Protocol (BGP). In this paper we develop and evaluate a methodology to automatically detect UTRS participation in the wild. To this end, we deploy a measurement infrastructure and devise a methodology to detect UTRS-based traffic blocking. Using this methodology, we conducted a longitudinal analysis of UTRS participants over ten weeks. Our results show that at any point in time, there were 562 participants, including multihomed, stub, transit, and IXP ASes. Moreover, we surveyed 245 network operators to understand why they would (not) join UTRS. Results show that threat and coping appraisal significantly influence the intention to participate in UTRS.

A novel CNN‐based approach for detection and classification of DDoS attacks

SummaryAmong the recent network security issues, Distributed Denial of Service (DDoS) attack is one of the most dangerous threats in today's cyberspace that can disrupt essential services. These attacks compromise network security by flooding the target with malicious traffic. Several researchers have designed effective DDoS detection mechanisms using machine learning (ML) and deep learning (DL)‐based techniques. However, existing detection approaches paid less attention to issues such as class imbalance, multi‐classification, or computational cost of the models, especially time. In this study, we propose a novel framework for detecting and classifying DDoS attacks with high accuracy and low computational cost. To address the class imbalance, we employ random sampling, while feature selection techniques such as low information gain, quasi‐constant elimination, and principal component analysis are utilized for optimal feature selection and reduction. Our proposed CNN‐based model achieves outstanding performance, boasting an accuracy of 99.99% for binary classification and 98.44% for multi‐classification. The proposed model is compared to existing works and baseline line models and found to be effective in binary and multi‐classification.

An effective DDoS attack mitigation strategy for IoT using an optimization-based adaptive security model

The Internet of Things enables the creation of transmitted use cases for interconnected devices and complementary channels. The varied structure of it creates additional security needs and problems. In particular, the safeguards used in the IoT should adjust to the changing environment. One of the major dangers to the World Wide Web (WWW) things is Distributed Denial of Service (DDoS). Therefore, in this work, an intelligent Game Theory-based Adaptive security (GT-AS) mathematical model was developed to maximize the effectiveness of DDoS attack mitigation. Moreover, this strategy can strongly derive the five parameters such as energy channel, memory, intruder, and hybrid. These all can achieve a stronger defense posture against DDoS attacks from the newly designed IoT. Consequently, the Recurrent Bat (RB) framework is developed to classify the nodes into two classes such as trusted node and malicious node. In addition, the proposed frameworks analyze how protection effectiveness and energy consumption interact when evaluating adaptive security techniques. To analyze the effectiveness of the suggested paradigm, researchers also give the outcomes of simulation experiments. Researchers demonstrate that, in comparison to existing models, the developed approach has increased the lifespan of the connected objects by 47 %. Also, the developed strategy has attained better accuracy and lower error rates when comparing traditional strategies. Moreover, the packet delivery ratio is 60 KB, energy consumption is 116 KJ, Mean Location Error is 0.078 and resource usage is 148.

Distributed denial of service attacks classification system using features selection and ensemble techniques

Distributed denial-of-service (DDoS) attacks are expanding threat to online services and websites. These attacks overwhelm targets with traffic from multiple sources to exhaust resources and make services unavailable. The frequency of DDoS attacks exhibits an ongoing upward trajectory over time. This persistent escalation highlights the need for effective countermeasures. While machine learning approaches have been extensively investigated for binary classification of DDoS attacks, multi-class classification has received comparatively less examination in the literature despite its greater practical utility. In this paper, we propose an intrusion detection system for detecting and classifying DDoS attacks, based on two main axes: feature selection for selecting the best relevant features and ensemble learning technique for improving performance by combining weak learners. The proposed model has been trained and evaluated on the CICDDoS2019 dataset. Experimental evaluation demonstrates improved performance using a subset of 16 relevant features identified, with a test accuracy of 82.35% attained for discriminating between the 12 classes represented in the dataset. By aggregating attacks sharing common characteristics resulting in 7 classes, the approach achieves surpassing 97% accuracy. Additionally, a binary classification delineating benign and DDoS attacks attain 99.90% accuracy.

A Data Analytics Strategy to the Underground Economy of Cybercrime

Massive cyberattacks and cybercrimes such as ransomware and distributed denial of service (DDoS) attacks have become more and more of a danger, and individuals, organizations, and governments have struggled to discover effective means to defend against them. In 2017, the WannaCry ransomware was to blame for roughly 45,000 strikes across almost 100 nations. Governments have come under pressure to enhance their cybersecurity spending as a result of the increasing impact of cybercrime. In his fiscal year 2017 budget, United States President Barack Obama suggested investing more than $19 billion in cybersecurity, a rise of more than 35% from 2016.Thus, a new sort of organizationknown as the "cybercrime underground" has developed, one that both runs underground marketsand fosters the growth of cybercrime conspiracies. The threat posed by the emergence of highly skilled network-based cybercrime business models, such as Crimeware-as-a-Service (CaaS), is mostly invisible to governments, organizations, and individuals becausecybercrime networks are lateral, diffuse, fluid, and dynamic. Although cyber dangers are rapidly increasing, there hasn't been much research done on the methodology or theoretical underpinnings of the field that could help inform information systems researchers and practitioners whowork in the field of cyber security. Additionally, little is understood about Crime-as-a-Service (CaaS), the illegal business model that supports the underground world of cybercrime.