Profiling the Cybercriminal: A Systematic Review of Research

TL;DR

This systematic review analyzes 39 studies from 2006-2020 to understand how cybercriminals are characterized and profiled, highlighting gaps like inconsistent definitions and the need for further research on personality traits and law enforcement roles.

Contribution

It provides an up-to-date characterization of cybercriminal profiling research and identifies open issues and future directions in the field.

Findings

Lack of a common definition of cyber-offender profiling.

Focus mainly on hackers using deductive approaches.

Highlights need for research on personality traits and law enforcement roles.

Abstract

As cybercrime becomes one of the most significant threats facing society today, it is of utmost importance to better understand the perpetrators behind such attacks. In this article, we seek to advance research and practitioner understanding of the cybercriminal (cyber-offender) profiling domain by conducting a rigorous systematic review. This work investigates the aforementioned domain to answer the question: what is the state-of-the-art in the academic field of understanding, characterising and profiling cybercriminals. Through the application of the PRISMA systematic literature review technique, we identify 39 works from the last 14 years (2006-2020). Our findings demonstrate that overall, there is lack of a common definition of profiling for cyber-offenders. The review found that one of the primary types of cybercriminals that studies have focused on is hackers and the majority of papers used the deductive approach as a preferred one. This article produces an up-to-date characterisation of the field and also defines open issues deserving of further attention such as the role of security professionals and law enforcement in supporting such research, as well as factors including personality traits which must be further researched whilst exploring online criminal behaviour. By understanding online offenders and their pathways towards malevolent behaviours, we can better identify steps that need to be taken to prevent such criminal activities.