research papers on cyber crime in india

Advertisement

Cybercrime and cybersecurity in India: causes, consequences and implications for the future

• Published: 10 September 2016
• Volume 66 , pages 313–338, ( 2016 )

Cite this article

• Nir Kshetri 1  

2981 Accesses

16 Citations

4 Altmetric

Explore all metrics

Cybercrime is rising rapidly in India. Developing economies such as India face unique cybercrime risks. This paper examines cybercrime and cybersecurity in India. The literature on which this paper draws is diverse, encompassing the work of economists, criminologists, institutionalists and international relations theorists. We develop a framework that delineates the relationships of formal and informal institutions, various causes of prosperity and poverty and international relations related aspects with cybercrime and cybersecurity and apply it to analyze the cybercrime and cybersecurity situations in India. The findings suggest that developmental, institutional and international relations issues are significant to cybercrime and cybersecurity in developing countries.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Similar content being viewed by others

Cyber Victimisation, Restorative Justice and Victim-Offender Panels

Migrants and Crime in Sweden in the Twenty-First Century

Shared Sovereignties and Criminal Governances in the Context of the Pandemic in Colombia

It is important to recognize that, as is the case of any underground economy [ 17 ], estimating the size of a country’s cybercrime industry and its ingredients such as reporting rate is a challenging task. Cybercrime-related studies and surveys are replete with methodological shortcomings, conceptual confusions, logical challenges and statistical problems [ 18 ].

KPMG (2014). Cybercrime survey report 2014 . Retrieve from www.kpmg.com/in .

indolink.com (2012). India battles against cyber crime. Retrieved from http://www.indolink.com/displayArticleS.php?id=102112083833 .

Rid, T. (2012). Think again: cyberwar. Foreign Policy, 192 , 1–11.

Google Scholar  

bbc.co.uk (2012). ‘Spam capital’ India arrests six in phishing probe. Retrieved from http://www.bbc.co.uk/news/technology-16392960 .

King, R. (2011). Cloud, mobile hacking more popular: Cisco. Retrieved from http://www.zdnet.com/cloud-mobile-hacking-more-popular-cisco-1339328060/ .

Aaron, G., & Rasmussen, R. (2012). Global phishing survey: Trends and domain name use in 2H2011, APWG, Retrieved from http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H2011.pdf .

Kshetri, N. (2010). The economics of click fraud. IEEE Security and Privacy, 8 (3), 45–53.

Article   Google Scholar  

Internet Crime Complaint Center (2011). 2010 internet crime report. Retrieved from http://www.ic3.gov/media/annualreport/2010_ic3report.pdf .

Kshetri, N. (2009). Positive externality, increasing returns and the rise in cybercrimes. Communications of the ACM, 52 (12), 141–144.

cio.de (2014). India’s biometric ID project is back on track. Retrieve from http://www.cio.de/index.cfm?pid=156&pk=2970283&p=1 .

Thomas, T.K. (2012). Govt will help fund buys of foreign firms with high-end cyber security tech . Retrieved from http://www.thehindubusinessline.com/industry-and-economy/info-tech/article3273658.ece?homepage=true&ref=wl_home .

Chockalingam, K. (2003). Criminal victimization in four major cities in southern India. Forum on Crime and Society, 3 (1/2), 117–126.

Holtfreter, K., VanSlyke, S., & Blomberg, T. G. (2005). Sociolegal change in consumer fraud: from victim-offender interactions to global networks. Crime Law and Social Change, 44 , 251–275.

Kumar, J. (2006). Determining jurisdiction in cyberspace. The Social Science Research Network ( SSRN ). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=919261 .

Sharma, V. D. (2002). International crimes and universal jurisdiction. Indian Journal of International Law, 42 (2), l39–l55.

Benson, M. L., Tamara D. M & John E. E. (2009). White-collar crime from an opportunity perspective. In S. S. Simpson & D. Weisburd (Eds.) The criminology of white-collar crime (pp 175–193). Heidelburg: Springer International Publishing.

Naylor, R. T. (2005). The rise and fall of the underground economy. Brown Journal of World Affairs, 11 (2), 131–143.

MathSciNet   Google Scholar  

Kshetri, N. (2013). Reliability, validity, comparability and practical utility of cybercrime-related data, metrics, and information. Information, 4 (1), 117–123.

Hindustan Times (2006). Securing the web .

Aggarwal, V. (2009). Cyber crime’s rampant. Express Computer . Retrieved 27 October, 2009,from http://www.expresscomputeronline.com/20090803/market01.shtml .

Narayan, V. (2010). Cyber criminals hit Esc key for 10 yrs .. Retrieved from http://timesofindia.indiatimes.com/city/mumbai/Cyber-criminals-hit-Esc-key-for-10-yrs/articleshow/6587847.cms .

Hagan, J., & Parker, P. (1985). White-collar crime and punishment: class structure and legal sanctioning of securities violations. American Sociological Review, 50 , 302–316.

Pontell, H. N., Calavita, K., & Tillman, R. (1994). Corporate crime and criminal justice system capacity. Justice Quarterly, 11 , 383–410.

Shapiro, S. (1990). Collaring the crime, not the criminal: reconsidering the concept of white-collar crime. American Sociological Review, 55 , 346–365.

Tillman, R., Calavita, K., & Pontell, H. (1996). Criminalizing white-collar misconduct: determinants of prosecution in savings and loan fraud cases. Crime Law and Social Change, 26 (1), 53–76.

Kshetri, N. (2010). The global cybercrime industry: Economic, institutional and strategic perspectives . New York, Berlin and Heidelberg: Springer.

Book   Google Scholar  

Kshetri, N. (2010). Diffusion and effects of cybercrime in developing economies. Third World Quarterly, 31 (7), 1057–1079.

UNDP (2006). Country evaluation: Assessment of development results Honduras, New York: United Nations Development Programme Evaluation Office. Retrieved from http://web.undp.org/evaluation/documents/ADR/ADR_Reports/ADR_Honduras.pdf .

Tanaka, V. (2010). The ‘informal sector’ and the political economy of development. Public Choice, 145 (1/20), 295–317. 23 .

Kshetri, N. (2015). India’s cybersecurity landscape: the roles of the private sector and public-private partnership. IEEE Security and Privacy, 13 (3), 16–23.

Bures, O. (2013). Public-private partnerships in the fight against terrorism? Crime Law and Social Change, 60 (4), 429–455.

Salifu, A. (2008). Can corruption and economic crime be controlled in developing economies - and if so, is the cost worth it? Journal of Money Laundering Control, 11 (3), 273–283.

Granovetter, M. (1985). Economic action and social structure: The problem of embeddedness. American Journal of Sociology, 91 (3), 481–510.

Parto, S. (2005). Economic activity and institutions: Taking Stock, Journal of Economic Issues, 39 (1), 21–52.

Baumol, W. J. (1990). Entrepreneurship: Productive, unproductive, and destructive. Journal of Political Economy 98 (5), 893–921.

North, D. C. (1990). Institutions, institutional change and economic performance . Cambridge: Harvard University Press.

Lewis, A. (1954). Economic development with unlimited supplies of labour. Manchester School of Economic and Social Studies , XXII (May 1954 ), 139–91.

Chenery, H. B. (1975). The structuralist approach to development policy. The American Economic Review , 65 (2), Papers and Proceedings of the Eighty-seventh Annual Meeting of the American Economic Association, 310–316.

Acemoglu, D. (2005). Political economy of development and underdevelopment , Gaston Eyskens Lectures , Leuven, Department of Economics, Massachusetts Institute of Technology, Retrieved from http://economics.mit.edu/files/1064 .

Acemoglu, D., Johnson,S., & Robinson.A.J. (2005). Institutions as a fundamental cause of long-run Growth, Handbook of Economic Growth, IA. Edited by Philippe Aghion and Steven N. Durlauf Elsevier B.V., Retrieved from http://baselinescenario.files.wordpress.com/2010/01/institutions-as-a-fundamental-cause.pdf .

de Laiglesia, J. R. (2006). Institutional bottlenecks for agricultural development a stock-taking exercise based on evidence from Sub-Saharan Africa . OECD Development Centre Working Paper No. 248 , Research programme on: Policy Analyses on the Institutional Requirements for Advancing Peace and Development in Sub-Saharan Africa, Retrieved from http://www.oecd.org/dev/36309029.pdf .

Greif, A. (1994). Cultural beliefs and the organization of society: a historical and theoretical reflection on collectivist and individualist societies. Journal of Political Economy, 102 , 912–950.

Jones, E. L. (1981). The European miracle: Environments, economies, and geopolitics in the history of Europe and Asia . New York: Cambridge University Press.

Andreas, P. (2011). Illicit globalization: myths, misconceptions, and historical lessons. Political Science Quarterly, 126 (3), 403–425.

Kshetri, N. (2005). Pattern of global cyber war and crime: a conceptual framework. Journal of International Management, 11 (4), 541–562.

Roland, G. (2004). Understanding institutional change: fast-moving and slow-moving institutions. Studies in Comparative International Development, 28 (4), 109–131.

Cohen, W., & Levinthal, D. (1990). Absorptive capacity: a new perspective on learning and innovation. Administrative Science Quarterly, 35 , 128–152.

Dahlman, L., & Nelson, R. (1995). Social absorption capability, national innovation systems and economic development. In B. H. Koo & D. H. Perkins (Eds.), Social capability and long-term growth (pp. 82–122). Basingstoke: Macmillan Press.

Chapter   Google Scholar  

Niosi, J. (2008). Technology, development and innovation systems: an introduction. Journal of Development Studies, 44 (5), 613–621.

Kim, S. H., Wang, Q., & Ullrich, J. B. (2012). A comparative study of cyberattacks. Communications of the ACM, 55 (3), 66–73.

Hawser, A. (2011). Hidden threat. Global Finance, 25 (2), 44.

Kirk, J. (2012). Microsoft finds new PCs in China preinstalled with malware . Retrieve from http://www.pcworld.com/article/262308/microsoft_finds_new_computers_in_china_preinstalled_with_malware.html .

Benson, M., Cullen, F., & Maakestad, W. (1990). Local prosecutors and corporate crime. Crime and Delinquency, 36 , 356–372.

Andreas, P., & Price, R. (2001). From war fighting to crime fighting: transforming the American National Security State. International Studies Review, 3 (3), 31–52.

Collins, A. (2003). Security and Southeast Asia: domestic, regional, and global issues. Lynne Rienner Pub

Wenping, H. (2007). The balancing act of China’s Africa policy. China Security , 3 (3), summer, 32–40.

Kshetri, N. (2013). Cybercrime and cybersecurity in the global south . Houndmills, Basingstoke: Palgrave Macmillan.

Kshetri, N. (2013). Cybercrimes in the former Soviet Union and Central and Eastern Europe: current status and key drivers. Crime Law and Social Change, 60 (1), 39–65.

Kshetri, N., & Dholakia, N. (2009). Professional and trade associations in a nascent and formative sector of a developing economy: a case study of the NASSCOM effect on the Indian offshoring industry. Journal of International Management, 15 (2), 225–239.

Oxley, J. E., & Yeung, B. (2001). E-commerce readiness: institutional environment and international competitiveness. Journal of International Business Studies, 32 (4), 705–723.

Sobel, A. C. (1999). State institutions, private incentives, global capital . Ann Arbor: University of Michigan Press.

Lancaster, J. (2003). In India’s creaky court system, some wait decades for justice; 82- year-old man still fighting charges dating to 1963. The Washington Post 27.

Edelman, L. B., & Suchman, M. C. (1997). The legal environments of organizations. Annual Review of Sociology, 23 , 479–515.

Greenwood, R., & Hinings, C. R. (1996). Understanding radical organizational change: bringing together the old and the new institutionalism. Academy of Management Review, 21 (4), 1022–1054.

catindia.gov.in (2014). History, Retrieve September 22, 2014, Retrieve from http://catindia.gov.in/History.aspx . Cyber Appellate Tribunal, Government of India.

Singh, S.R. (2014). India’s only cyber appellate tribunal defunct since 2011 . Retrieve from http://www.hindustantimes.com/india-news/india-s-only-cyber-appellate-tribunal-defunct-since-2011/article1-1235073.aspx .

Duggal, P. (2004). What’s wrong with our cyber laws? Retrieved from http://www.expresscomputeronline.com/20040705/newsanalysis01.shtml .

Anand, J. (2011). Cybercrime up by 700% in Capital. Retrieved from http://www.hindustantimes.com/India-news/NewDelhi/Cyber-crime-up-by-700-in-Capital/Article1-766172.aspx .

Nolen, S. (2012). India’s IT revolution doesn’t touch a government that runs on paper. The Globe and Mail (Canada) , A1.

indiatimes.com (2011b). Most Gurgaon IT, BPO companies victims of cybercrime: survey. Retrieved from http://timesofindia.indiatimes.com/city/gurgaon/Most-Gurgaon-IT-BPO-companies-victims-of-cybercrime-Survey/articleshow/10626059.cms .

Rahman, F. (2012). Views: Tinker, tailor, soldier, cyber crook . Retrieved from http://www.livemint.com/2012/04/06111007/Views--Tinker-tailor-soldie.html?h=A1 .

timesofindia.com (2009). Nigerians held for internet fraud, May 28 . Retrieved March 1, 2011 from http://articles.timesofindia.indiatimes.com/2009-05-28/kolkata/28212706_1_kolkata-police-prize-moneyracket/2 .

indiatimes.com (2011a). Two including Nigerian held for job fraud. Retrieved from http://articles.timesofindia.indiatimes.com/2011-02-16/gurgaon/28551786_1_nigerian-gang-job-racket-bank-account .

Saha, T., & Srivastava, A. (2014). Indian women at risk in the cyber space: a conceptual model of reasons of victimization. International Journal of Cyber Criminology, 8 (1), 57–67.

timesofindia.indiatimes.com (2013). Government releases national cyber security policy 2013 . Retrieve from http://timesofindia.indiatimes.com/tech/it-services/Government-releases-National-Cyber-Security-Policy-2013/articleshow/20874965.cms .

Doval, P. (2013). Govt orders security audit of IT infrastructure. Retrieve from http://timesofindia.indiatimes.com/tech/tech-news/Govt-orders-security-audit-of-IT-infrastructure/articleshow/38398644.cms .

De Mooij, M. K. (1998). Global marketing and advertising: Understanding cultural paradoxes . CA: Sage.

The Economist. (2005). Business: busy signals; Indian call centres. The Economist, 376 (8443), 66.

Mishra, B.R. (2010). Wipro unlikely to take fraud accused to court, business-standard.com. Retrieved March 1, 2011, from http://www.business-standard.com/india/news/wipro-unlikely-to-take-fraud-accused-to-court/386181/ .

Phukan, S. (2002). IT ethics in the Internet age: New dimensions. InSITE . Retrieved October 27,2005, from http://proceedings.informingscience.org/IS2002Proceedings/papers/phuka037iteth.pdf .

Sawant, N. (2009).Virtually speaking, crime in the city on an upward spiral, Times of India. Retrieved from http://timesofindia.indiatimes.com/news/city/mumbai/Virtually-speaking-crime-in-the-city-on-an-upward-spiral/articleshow/5087668.cms , accessed 27 October 2009.

PRLog (2011). India Plans to set-up state-of-the-art information technology institute to combat cybercrime: India requires 2.5 lakh cyber specialists to deal with the menace of cybercrime . Retrieved from http://www.prlog.org/11302019-india-plans-to-set-up-state-of-the-art-information-technology-institute-to-combat-cybercrime.html .

Saraswathy, M. (2012). Wanted: ethical hackers. Retrieved from http://www.wsiltv.com/news/three-states/Protect-Yourself-from-Cyber-Crime-139126239.html .

ciol.com (2012). Most Indians unaware of security solns: study . Retrieved from http://www.ciol.com/Infrastructure-Security/News-Reports/Most-Indians-unaware-of-security-solns-study/161905/0/ .

foxnews.com (2012). Indian lawmakers filmed ‘watching porn on phone during assembly’ resign . Retrieved from http://www.foxnews.com/world/2012/02/08/indian-lawmakers-filmed-watching-porn-on-phone-during-assembly-resign/ .

The World Bank Group (2014). Researchers in R&D (per million people). Retrieve from http://data.worldbank.org/indicator/SP.POP.SCIE.RD.P6?page=2 .

rediff.com (2008). Researchers? Only 156 per million in India. Retrieved from http://www.rediff.com/money/2008/mar/12rnd.htm .

Economictimes (2005). R&D in India: The curtain rises, the play has begun, August 24 . Retrived August 11, 2011 from: http://economictimes.indiatimes.com/rd-in-india-the-curtain-rises-the-play-hasbegun/articleshow/1207024.cms .

Shaftel, D., & Narayan, K. (2012). Call centre fraud opens new frontier in cybercrime. Retrieved September 1, 2016, from http://www.livemint.com/2012/02/26225530/Call-centre-fraud-opens-new-fr.html .

Gardner, T. (2012). Indian call centres selling your credit card details and medical records for just 2p . Retrieved from http://www.dailymail.co.uk/news/article-2116649/Indian-centres-selling-YOUR-credit-card-details-medical-records-just-2p.html .

Economist.com (2007). Imitate or die. http://www.economist.com/node/10053234/ .

Robinson, G. E. (1998). Elite cohesion, regime succession and political instability. Syria Middle East Policy, 5 (4), 159–179.

Kshetri, N. (2011). Cloud computing in the global south: drivers, effects and policy measures. Third World Quarterly, 32 (6), 995–1012.

Borland, J . (2010). A Four-Day Dive Into Stuxnet’s Heart, December 27 . Retrieved 1 September 2016 from https://www.wired.com/2010/12/a-four-day-dive-into-stuxnets-heart/ .

Halsey, M. (2011). How is IE6 contributing to China’s growing Cyber-Crimewave? Retrieved from http://www.windows7news.com/2011/12/30/ie6-contributing-chinas-growing-cybercrimewave/ .

Greenberg, A. (2007). The top countries for cybercrime. Forbes.com . Retrieved April 9, 2008, from http://www.forbes.com/2007/07/13/cybercrime-world-regions-tech-cx_ag_0716cybercrime.html .

Arnott, S. (2008). Cyber crime stays one step ahead . Retrieved October 27,2009, from http://www.independent.co.uk/news/business/analysis-and-features/cyber-crime-stays-one-step-ahead-799395.html .

Paget, F. (2010). McAfee helps FTC, FBI in case against ‘scareware’ outfit. Retrieved January 26, 2011, from http://blogs.mcafee.com/mcafee-labs/mcafee-helps-ftc-fbi-in-case-against-scareware-outfit .

Fest, G. (2005). Offshoring: feds take fresh look at India BPOs; major theft has raised more than a few eyebrows. Bank Technology News, 18 (9), 1.

Engardio, P., Puliyenthuruthel, J., & Kripalani, M. (2004). Fortress India? Business Week, 3896 , 42–43.

King, A. A., & Lenox, M. J. (2000). Industry self-regulation without sanctions: the chemical industry’s responsible care program. Academy of Management Journal, 43 (4), 698–716.

Vinogradova, E. (2006). Working around the state: contract enforcement in the Russian context. Socio-Economic Review, 4 (3), 447–482.

Article   MathSciNet   Google Scholar  

Walzer, M. (1993). Between nation and world: welcome to some new ideologies. The Economist, 328 (7828), 49–52. September 11 .

Greenwood, R., Suddaby, R., & Hinings, C. R. (2002). Theorizing change: the role of professional associations in the transformation of institutionalized fields. Academy of Management Journal, 45 (1), 58–80.

Marshall, R. S., Cordano, M., & Silverman, M. (2005). Exploring individual and institutional drivers of proactive environmentalism in the US wine industry. Business Strategy and the Environment, 14 (2), 92–109.

Ahlstrom, D., & Bruton, G. D. (2001). Learning from successful local private firms in China: establishing legitimacy. Academy of Management Executive, 15 (4), 72–83.

Scott, W.R. (1992). Organizations: Rational, natural and open systems . Prentice Hall.

Trombly, M. (2006). India tightens security. Insurance Networking & Data Management, 10 (1), 9.

Dickson, M., BeShers, R., & Gupta, V. (2004). The impact of societal culture and industry on organizational culture: Theoretical explanations. In R. J. House, P. J. Hanges, M. Javidan, P. W. Dorfman, & V. Gupta (Eds.), Culture, leadership, and organizations: the GLOBE study of 62 societies . Thousand Oaks: Sage Publications.

Lawrence, T. B., Winn, M. I., & Jennings, P. D. (2001). The temporal dynamics of institutionalization. Academy of Management Review, 26 (4), 624–644.

Audretsch, D., & Stephan, P. (1996). Company scientist locational links: the case of biotechnology. American Economic Review, 30 , 641–652.

Feldman, M. (1999). The new economics of innovation, spillovers and agglomeration: a review of empirical studies. Economics of Innovation and New Technology, 8 , 5–25.

Niosi, J., & Banic, M. (2005). The evolution and performance of biotechnology regional systems of innovation. Cambridge Journal of Economics, 29 , 343–357.

Rao, H.S. (2006). Outsourcing thriving in Britain despite India bashing. Retrieve from http://www.rediff.com/money/2006/oct/07bpo.htm .

AFX News (2006). India could process 30 pct of US bank transactions by 2010 - report . Retrieve from http://www.finanznachrichten.de/nachrichten-2006-09/7050839-india-could-process-30-pct-of-us-bank-transactions-by-2010-report-020.htm .

Hazelwood, S. E., Hazelwood, A. C., & Cook, E. D. (2005). Possibilities and pitfalls of outsourcing. Healthcare Financial Management, 59 (10), 44–48.

PubMed   Google Scholar  

Das, G. (2011). Panel to advise govt, IT cos on cloud security on the cards. Retrieved from http://www.financialexpress.com/news/Panel-to-advise-govt--IT-cos-on-cloud-security-on-the-cards/809960/ .

Schwartz, K. D. (2005). The background-check challenge. InformationWeek , 59–61.

Indo-Asian News Service (2006). Nasscom to set up self-regulatory organization. September 26.

Cone, E. (2005). Is offshore BPO running aground? CIO Insight, 53 , 22.

COMMWEB (2007). India will train police to catch cybercriminals.

DSCI (2014). Cyber Labs. Retrieve from http://www.dsci.in/cyber-labs .

Tribuneindia.com (2005). Outsourcing crime call centre expose can wreak havoc, June 25. Retrieved from http://www.tribuneindia.com/2005/20050625/edit.htm .

Jaishankar, K. (2008). Identity related crime in the cyberspace: examining phishing and its impact. International Journal of Cyber Criminology, 2 (1), 10–15.

Segal, A. (2012). Chinese computer games. Foreign Affairs, 91 (2), 14–20. 7 .

dhs.gov (2011). United States and India Sign Cybersecurity Agreement . Retrieved from http://www.dhs.gov/ynews/releases/20110719-us-india-cybersecurity-agreement.shtm .

Bhaumik, A. (2012). India, allies to combat cybercrime . Retrieved from http://www.deccanherald.com/content/249937/india-allies-combat-cybercrime.html .

Riley, M. (2011). Stolen Credit Cards Go for $3.50 at Amazon-Like Online Bazaar . Retrieved on 1 September 2016 from http://www.bloomberg.com/news/articles/2011-12-20/stolen-creditcards-go-for-3-50-each-at-online-bazaar-that-mimics-amazon .

Trend Micro Incorporated (2011). Trend micro third quarter threat report: Google and oracle surpass microsoft in most vulnerabilities. Retrieved from http://www.sacbee.com/2011/11/14/4053420/trend-micro-third-quarter-threat.html .

Vidyasagar, N. (2004). India’s secret army of online ad ‘clickers’ . Retrieved October 27,2008, from http://timesofindia.indiatimes.com/articleshow/msid-654822,curpg-1.cms .

Kehaulani, S. (2006). ‘Click Fraud’ threatens foundation of web ads; Google faces another lawsuit by businesses claiming overcharges. The Washington Post , A.1.

Frankel, R. (2006). Associations in China and India: An overview, European Society of Association Executives . Retrieved from http://www.esae.org/articles/2006_07_004.pdf .

Tandon, N. (2007). Secondary victimization of children by the media: an analysis of perceptions of victims and journalists. International Journal of Criminal Justice Sciences, 2 (2), 119–135.

Halder, D., & Jaishankar, K. (2011). Cyber gender harassment and secondary victimization: a comparative analysis of US, UK and India. Victims and Offenders, 6 (4), 386–398.

Halder, D., & Jaishankar, K. (2015). Irrational coping theory and positive criminology: A frame work to protect victims of cyber crime. In N. Ronel & D. Segev (Eds.), Positive criminology (pp. 276–291).

Wiesenfeld, B. M., Wurthmann, K. A., & Hambrick, D. C. (2008). The stigmatization and devaluation of elites associated with corporate failures: a process model. Academy of Management Review, 33 (1), 231–251.

Hettigei, N.T. (2005). The Auditor’s role in IT development projects. Retrieve from http://www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/The-Auditors-Role-in-IT-Development-Projects1.aspx .

Bradbury, D. (2013). India’s Cybersecurity challenge. Retrieve from http://www.infosecurity-magazine.com/view/34549/indias-cybersecurity-challenge/ .

Download references

Acknowledgments

The author thanks four anonymous CRIS reviewers for their insightful comments.

Author information

Authors and affiliations.

Bryan School of Business and Economics, The University of North Carolina at Greensboro, P. O. Box 26165, Greensboro, NC, 27402-6165, USA

Nir Kshetri

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Nir Kshetri .

Rights and permissions

Reprints and permissions

About this article

Kshetri, N. Cybercrime and cybersecurity in India: causes, consequences and implications for the future. Crime Law Soc Change 66 , 313–338 (2016). https://doi.org/10.1007/s10611-016-9629-3

Download citation

Published : 10 September 2016

Issue Date : October 2016

DOI : https://doi.org/10.1007/s10611-016-9629-3

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Secondary Victimization
• Trade Association
• Informal Institution
• International Political Economy
• Find a journal
• Publish with us
• Track your research

• My Shodhganga
• Receive email updates
• Edit Profile

Shodhganga : a reservoir of Indian theses @ INFLIBNET

• Shodhganga@INFLIBNET
• Chaudhary Charan Singh University
• Department of Law

Items in Shodhganga are licensed under Creative Commons Licence Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

Click through the PLOS taxonomy to find articles in your field.

For more information about PLOS Subject Areas, click here .

Loading metrics

Open Access

Peer-reviewed

Research Article

Mapping the global geography of cybercrime with the World Cybercrime Index

Roles Data curation, Formal analysis, Investigation, Methodology, Visualization, Writing – original draft

* E-mail: [email protected]

Affiliations Department of Sociology, University of Oxford, Oxford, United Kingdom, Canberra School of Professional Studies, University of New South Wales, Canberra, Australia

Roles Conceptualization, Investigation, Methodology, Writing – original draft

Affiliations Department of Sociology, University of Oxford, Oxford, United Kingdom, Oxford School of Global and Area Studies, University of Oxford, Oxford, United Kingdom

Roles Formal analysis, Methodology, Writing – review & editing

Affiliations Department of Sociology, University of Oxford, Oxford, United Kingdom, Leverhulme Centre for Demographic Science, University of Oxford, Oxford, United Kingdom

Roles Funding acquisition, Methodology, Writing – review & editing

Affiliation Department of Software Systems and Cybersecurity, Faculty of IT, Monash University, Victoria, Australia

Roles Conceptualization, Funding acquisition, Methodology, Writing – review & editing

Affiliation Centre d’études européennes et de politique comparée, Sciences Po, Paris, France

• Miranda Bruce, 
• Jonathan Lusthaus, 
• Ridhi Kashyap, 
• Nigel Phair, 
• Federico Varese

• Published: April 10, 2024
• https://doi.org/10.1371/journal.pone.0297312
• Peer Review
• Reader Comments

Cybercrime is a major challenge facing the world, with estimated costs ranging from the hundreds of millions to the trillions. Despite the threat it poses, cybercrime is somewhat an invisible phenomenon. In carrying out their virtual attacks, offenders often mask their physical locations by hiding behind online nicknames and technical protections. This means technical data are not well suited to establishing the true location of offenders and scholarly knowledge of cybercrime geography is limited. This paper proposes a solution: an expert survey. From March to October 2021 we invited leading experts in cybercrime intelligence/investigations from across the world to participate in an anonymized online survey on the geographical location of cybercrime offenders. The survey asked participants to consider five major categories of cybercrime, nominate the countries that they consider to be the most significant sources of each of these types of cybercrimes, and then rank each nominated country according to the impact, professionalism, and technical skill of its offenders. The outcome of the survey is the World Cybercrime Index, a global metric of cybercriminality organised around five types of cybercrime. The results indicate that a relatively small number of countries house the greatest cybercriminal threats. These findings partially remove the veil of anonymity around cybercriminal offenders, may aid law enforcement and policymakers in fighting this threat, and contribute to the study of cybercrime as a local phenomenon.

Citation: Bruce M, Lusthaus J, Kashyap R, Phair N, Varese F (2024) Mapping the global geography of cybercrime with the World Cybercrime Index. PLoS ONE 19(4): e0297312. https://doi.org/10.1371/journal.pone.0297312

Editor: Naeem Jan, Korea National University of Transportation, REPUBLIC OF KOREA

Received: October 11, 2023; Accepted: January 3, 2024; Published: April 10, 2024

Copyright: © 2024 Bruce et al. This is an open access article distributed under the terms of the Creative Commons Attribution License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: The dataset and relevant documents have been uploaded to the Open Science Framework. Data can be accessed via the following URL: https://osf.io/5s72x/?view_only=ea7ee238f3084054a6433fbab43dc9fb .

Funding: This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (Grant agreement No. 101020598 – CRIMGOV, Federico Varese PI). FV received the award and is the Primary Investigator. The ERC did not play any role in the study design, data collection and analysis, decision to publish, or preparation of the manuscript. Funder website: https://erc.europa.eu/faq-programme/h2020 .

Competing interests: The authors have declared that no competing interests exist.

Introduction

Although the geography of cybercrime attacks has been documented, the geography of cybercrime offenders–and the corresponding level of “cybercriminality” present within each country–is largely unknown. A number of scholars have noted that valid and reliable data on offender geography are sparse [ 1 – 4 ], and there are several significant obstacles to establishing a robust metric of cybercriminality by country. First, there are the general challenges associated with the study of any hidden population, for whom no sampling frame exists [ 5 , 6 ]. If cybercriminals themselves cannot be easily accessed or reliably surveyed, then cybercriminality must be measured through a proxy. This is the second major obstacle: deciding what kind of proxy data would produce the most valid measure of cybercriminality. While there is much technical data on cybercrime attacks, this data captures artefacts of the digital infrastructure or proxy (obfuscation) services used by cybercriminals, rather than their true physical location. Non-technical data, such as legal cases, can provide geographical attribution for a small number of cases, but the data are not representative of global cybercrime. In short, the question of how best to measure the geography of cybercriminal offenders is complex and unresolved.

There is tremendous value in developing a metric for cybercrime. Cybercrime is a major challenge facing the world, with the most sober cost estimates in the hundreds of millions [ 7 , 8 ], but with high-end estimates in the trillions [ 9 ]. By accurately identifying which countries are cybercrime hotspots, the public and private sectors could concentrate their resources on these hotspots and spend less time and funds on cybercrime countermeasures in countries where the problem is limited. Whichever strategies are deployed in the fight against cybercrime (see for example [ 10 – 12 ]), they should be targeted at countries that produce the largest cybercriminal threat [ 3 ]. A measure of cybercriminality would also enable other lines of scholarly inquiry. For instance, an index of cybercriminality by country would allow for a genuine dependent variable to be deployed in studies attempting to assess which national characteristics–such as educational attainment, Internet penetration, or GDP–are associated with cybercrime [ 4 , 13 ]. These associations could also be used to identify future cybercrime hubs so that early interventions could be made in at-risk countries before a serious cybercrime problem develops. Finally, this metric would speak directly to theoretical debates on the locality of cybercrime, and organized crime more generally [ 11 – 14 ]. The challenge we have accepted is to develop a metric that is both global and robust. The following sections respectively outline the background elements of this study, the methods, the results, and then discussion and limitations.

Profit-driven cybercrime, which is the focus of this paper/research, has been studied by both social scientists and computer scientists. It has been characterised by empirical contributions that have sought to illuminate the nature and organisation of cybercrime both online and offline [ 15 – 20 ]. But, as noted above, the geography of cybercrime has only been addressed by a handful of scholars, and they have identified a number of challenges connected to existing data. In a review of existing work in this area, Lusthaus et al. [ 2 ] identify two flaws in existing cybercrime metrics: 1) their ability to correctly attribute the location of cybercrime offenders; 2) beyond a handful of examples, their ability to compare the severity and scale of cybercrime between countries.

Building attribution into a cybercrime index is challenging. Often using technical data, cybersecurity firms, law enforcement agencies and international organisations regularly publish reports that identify the major sources of cyber attacks (see for example [ 21 – 24 ]). Some of these sources have been aggregated by scholars (see [ 20 , 25 – 29 ]). But the kind of technical data contained in these reports cannot accurately measure offender location. Kigerl [ 1 ] provides some illustrative remarks:

Where the cybercriminals live is not necessarily where the cyberattacks are coming from. An offender from Romania can control zombies in a botnet, mostly located in the United States, from which to send spam to countries all over the world, with links contained in them to phishing sites located in China. The cybercriminal’s reach is not limited by national borders (p. 473).

As cybercriminals often employ proxy services to hide their IP addresses, carry out attacks across national boundaries, collaborate with partners around the world, and can draw on infrastructure based in different countries, superficial measures do not capture the true geographical distribution of these offenders. Lusthaus et al. [ 2 ] conclude that attempts to produce an index of cybercrime by country using technical data suffer from a problem of validity. “If they are a measure of anything”, they argue, “they are a measure of cyber-attack geography”, not of the geography of offenders themselves (p. 452).

Non-technical data are far better suited to incorporating attribution. Court records, indictments and other investigatory materials speak more directly to the identification of offenders and provide more granular detail on their location. But while this type of data is well matched to micro-level analysis and case studies, there are fundamental questions about the representativeness of these small samples, even if collated. First, any sample would capture cases only where cybercriminals had been prosecuted, and would not include offenders that remain at large. Second, if the aim was to count the number of cybercrime prosecutions by country, this may reflect the seriousness with which various countries take cybercrime law enforcement or the resources they have to pursue it, rather than the actual level of cybercrime within each country (for a discussion see [ 30 , 31 ]). Given such concerns, legal data is also not an appropriate approach for such a research program.

Furthermore, to carry out serious study on this topic, a cybercrime metric should aim to include as many countries as possible, and the sample must allow for variation so that high and low cybercrime countries can be compared. If only a handful of widely known cybercrime hubs are studied, this will result in selection on the dependent variable. The obvious challenge in providing such a comparative scale is the lack of good quality data to devise it. As an illustration, in their literature review Hall et al. [ 10 ] identify the “dearth of robust data” on the geographical location of cybercriminals, which means they are only able to include six countries in their final analysis (p. 285. See also [ 4 , 32 , 33 ]).

Considering the weaknesses within both existing technical and legal data discussed above, Lusthaus et al. [ 2 ] argue for the use of an expert survey to establish a global metric of cybercriminality. Expert survey data “can be extrapolated and operationalised”, and “attribution can remain a key part of the survey, as long as the participants in the sample have an extensive knowledge of cybercriminals and their operations” (p. 453). Up to this point, no such study has been produced. Such a survey would need to be very carefully designed for the resulting data to be both reliable and valid. One criticism of past cybercrime research is that surveys were used whenever other data was not immediately available, and that they were not always designed with care (for a discussion see [ 34 ]).

In response to the preceding considerations, we designed an expert survey in 2020, refined it through focus groups, and deployed it throughout 2021. The survey asked participants to consider five major types of cybercrime– Technical products/services ; Attacks and extortion ; Data/identity theft ; Scams ; and Cashing out/money laundering –and nominate the countries that they consider to be the most significant sources of each of these cybercrime types. Participants then rated each nominated country according to the impact of the offenses produced there, and the professionalism and technical skill of the offenders based there. Using the expert responses, we generated scores for each type of cybercrime, which we then combined into an overall metric of cybercriminality by country: the World Cybercrime Index (WCI). The WCI achieves our initial goal to devise a valid measure of cybercrime hub location and significance, and is the first step in our broader aim to understand the local dimensions of cybercrime production across the world.

Participants

Identifying and recruiting cybercrime experts is challenging. Much like the hidden population of cybercriminals we were trying to study, cybercrime experts themselves are also something of a hidden population. Due to the nature of their work, professionals working in the field of cybercrime tend to be particularly wary of unsolicited communication. There is also the problem of determining who is a true cybercrime expert, and who is simply presenting themselves as one. We designed a multi-layered sampling method to address such challenges.

The heart of our strategy involved purposive sampling. For an index based entirely on expert opinion, ensuring the quality of these experts (and thereby the quality of our survey results) was of the utmost importance. We defined “expertise” as adult professionals who have been engaged in cybercrime intelligence, investigation, and/or attribution for a minimum of five years and had a reputation for excellence amongst their peers. Only currently- or recently-practicing intelligence officers and investigators were included in the participant pool. While participants could be from either the public or private sectors, we explicitly excluded professionals working in the field of cybercrime research who are not actively involved in tracking offenders, which includes writers and academics. In short, only experts with first-hand knowledge of cybercriminals are included in our sample. To ensure we had the leading experts from a wide range of backgrounds and geographical areas, we adopted two approaches for recruitment. We searched extensively through a range of online sources including social media (e.g. LinkedIn), corporate sites, news articles and cybercrime conference programs to identify individuals who met our inclusion criteria. We then faced a second challenge of having to find or discern contact information for these individuals.

Complementing this strategy, the authors also used their existing relationships with recognised cybercrime experts to recruit participants using the “snowball” method [ 35 ]. This both enhanced access and provided a mechanism for those we knew were bona fide experts to recommend other bona fide experts. The majority of our participants were recruited in this manner, either directly through our initial contacts or through a series of referrals that followed. But it is important to note that this snowball sampling fell under our broader purposive sampling strategy. That is, all the original “seeds” had to meet our inclusion criteria of being a top expert in the first instance. Any connections we were offered also had to meet our criteria or we would not invite them to participate. Another important aspect of this sampling strategy is that we did not rely on only one gatekeeper, but numerous, often unrelated, individuals who helped us with introductions. This approach reduced bias in the sample. It was particularly important to deploy a number of different “snowballs” to ensure that we included experts from each region of the world (Africa, Asia Pacific, Europe, North America and South America) and from a range of relevant professional backgrounds. We limited our sampling strategy to English speakers. The survey itself was likewise written in English. The use of English was partly driven by the resources available for this study, but the population of cybercrime experts is itself very global, with many attending international conferences and cooperating with colleagues from across the world. English is widely spoken within this community. While we expect the gains to be limited, future surveys will be translated into some additional languages (e.g. Spanish and Chinese) to accommodate any non-English speaking experts that we may not otherwise be able to reach.

Our survey design, detailed below, received ethics approval from the Human Research Advisory Panel (HREAP A) at the University of New South Wales in Australia, approval number HC200488, and the Research Ethics Committee of the Department of Sociology (DREC) at the University of Oxford in the United Kingdom, approval number SOC_R2_001_C1A_20_23. Participants were recruited in waves between 1 August 2020 and 30 September 2021. All participants provided consent to participate in the focus groups, pilot survey, and final survey.

Survey design

The survey comprised three stages. First, we conducted three focus groups with seven experts in cybercrime intelligence/investigations to evaluate our initial assumptions, concepts, and framework. These experts were recruited because they had reputations as some of the very top experts in the field; they represented a range of backgrounds in terms of their own geographical locations and expertise across different types of cybercrime; and they spanned both the public and private sectors. In short, they offered a cross-section of the survey sample we aimed to recruit. These focus groups informed several refinements to the survey design and specific terms to make them better comprehensible to participants. Some of the key terms, such as “professionalism” and “impact”, were a direct result of this process. Second, some participants from the focus groups then completed a pilot version of the survey, alongside others who had not taken part in these focus groups, who could offer a fresh perspective. This allowed us to test technical components, survey questions, and user experience. The pilot participants provided useful feedback and prompted a further refinement of our approach. The final survey was released online in March 2021 and closed in October 2021. We implemented several elements to ensure data quality, including a series of preceding statements about time expectations, attention checks, and visual cues throughout the survey. These elements significantly increased the likelihood that our participants were both suitable and would provide full and thoughtful responses.

The introduction to the survey outlined the survey’s two main purposes: to identify which countries are the most significant sources of profit-driven cybercrime, and to determine how impactful the cybercrime is in these locations. Participants were reminded that state-based actors and offenders driven primarily by personal interests (for instance, cyberbullying or harassment) should be excluded from their consideration. We defined the “source” of cybercrime as the country where offenders are primarily based, rather than their nationality. To maintain a level of consistency, we made the decision to only include countries formally recognised by the United Nations. We initially developed seven categories of cybercrime to be included in the survey, based on existing research. But during the focus groups and pilot survey, our experts converged on five categories as the most significant cybercrime threats on a global scale:

• Technical products/services (e.g. malware coding, botnet access, access to compromised systems, tool production).
• Attacks and extortion (e.g. DDoS attacks, ransomware).
• Data/identity theft (e.g. hacking, phishing, account compromises, credit card comprises).
• Scams (e.g. advance fee fraud, business email compromise, online auction fraud).
• Cashing out/money laundering (e.g. credit card fraud, money mules, illicit virtual currency platforms).

After being prompted with these descriptions and a series of images of world maps to ensure participants considered a wide range of regions/countries, participants were asked to nominate up to five countries that they believed were the most significant sources of each of these types of cybercrime. Countries could be listed in any order; participants were not instructed to rank them. Nominating countries was optional and participants were free to skip entire categories if they wished. Participants were then asked to rate each of the countries they nominated against three measures: how impactful the cybercrime is, how professional the cybercrime offenders are, and how technically skilled the cybercrime offenders are. Across each of these three measures, participants were asked to assign scores on a Likert-type scale between 1 (e.g. least professional) to 10 (e.g. most professional). Nominating and then rating countries was repeated for all five cybercrime categories.

This process, of nominating and then rating countries across each category, introduces a potential limitation in the survey design: the possibility of survey response fatigue. If a participant nominated the maximum number of countries across each cybercrime category– 25 countries–by the end of the survey they would have completed 75 Likert-type scales. The repetition of this task, paired with the consideration that it requires, has the potential to introduce respondent fatigue as the survey progresses, in the form of response attrition, an increase in careless responses, and/or increased likelihood of significantly higher/lower scores given. This is a common phenomenon in long-form surveys [ 36 ], and especially online surveys [ 37 , 38 ]. Jeong et al [ 39 ], for instance, found that questions asked near the end of a 2.5 hour survey were 10–64% more likely to be skipped than those at the beginning. We designed the survey carefully, refined with the aid of focus groups and a pilot, to ensure that only the most essential questions were asked. As such, the survey was not overly long (estimated to take 30 minutes). To accommodate any cognitive load, participants were allowed to complete the survey anytime within a two-week window. Their progress was saved after each session, which enabled participants to take breaks between completing each section (a suggestion made by Jeong et al [ 39 ]). Crucially, throughout survey recruitment, participants were informed that the survey is time-intensive and required significant attention. At the beginning of the survey, participants were instructed not to undertake the survey unless they could allocate 30 minutes to it. This approach pre-empted survey fatigue by discouraging those likely to lose interest from participating. This compounds the fact that only experts with a specific/strong interest in the subject matter of the survey were invited to participate. Survey fatigue is addressed further in the Discussion section, where we provide an analysis suggesting little evidence of participant fatigue.

In sum, we designed the survey to protect against various sources of bias and error, and there are encouraging signs that the effects of these issues in the data are limited (see Discussion ). Yet expert surveys are inherently prone to some types of bias and response issues; in the WCI, the issue of selection and self-selection within our pool of experts, as well as geo-political biases that may lead to systematic over- or under-scoring of certain countries, is something we considered closely. We discuss these issues in detail in the subsection on Limitations below.

This “type” score is then multiplied by the proportion of experts who nominated that country. Within each cybercrime type, a country could be nominated a possible total of 92 times–once per participant. We then multiply this weighted score by ten to produce a continuous scale out of 100 (see Eq (2) ). This process prevents countries that received high scores, but a low number of nominations, from receiving artificially high rankings.

The analyses for this paper were performed in R. All data and code have been made publicly available so that our analysis can be reproduced and extended.

We contacted 245 individuals to participate in the survey, of which 147 agreed and were sent invitation links to participate. Out of these 147, a total of 92 people completed the survey, giving us an overall response rate of 37.5%. Given the expert nature of the sample, this is a high response rate (for a detailed discussion see [ 40 ]), and one just below what Wu, Zhao, and Fils-Aime estimate of response rates for general online surveys in social science: 44% [ 41 ]. The survey collected information on the participants’ primary nationality and their current country of residence. Four participants chose not to identify their nationality. Overall, participants represented all five major geopolitical regions (Africa, the Asia-Pacific, Europe, North America and South America), both in nationality and residence, though the distribution was uneven and concentrated in particular regions/countries. There were 8 participants from Africa, 11 participants from the Asia Pacific, 27 from North America, and 39 from Europe. South America was the least represented region with only 3 participants. A full breakdown of participants’ nationality, residence, and areas of expertise is included in the Supporting Information document (see S1 Appendix ).

Table 1 shows the scores for the top fifteen countries of the WCI overall index. Each entry shows the country, along with the mean score (out of 10) averaged across the participants who nominated this country, for three categories: impact, professionalism, and technical skill. This is followed by each country’s WCI overall and WCI type scores. Countries are ordered by their WCI overall score. Each country’s highest WCI type scores are highlighted. Full indices that include all 197 UN-recognised countries can be found in S1 Indices .

• PPT PowerPoint slide
• PNG larger image
• TIFF original image

https://doi.org/10.1371/journal.pone.0297312.t001

Some initial patterns can be observed from this table, as well as the full indices in the supplementary document (see S1 Indices ). First, a small number of countries hold consistently high ranks for cybercrime. Six countries–China, Russia, Ukraine, the US, Romania, and Nigeria–appear in the top 10 of every WCI type index, including the WCI overall index. Aside from Romania, all appear in the top three at least once. While appearing in a different order, the first ten countries in the Technical products/services and Attacks and extortion indices are the same. Second, despite this small list of countries regularly appearing as cybercrime hubs, the survey results capture a broad geographical diversity. All five geopolitical regions are represented across each type. Overall, 97 distinct countries were nominated by at least one expert. This can be broken down into the cybercrime categories. Technical products/services includes 41 different countries; Attacks and extortion 43; Data/identity theft 51; Scams 49; and Cashing out/money laundering 63.

Some key findings emerge from these results, which are further illustrated by the following Figs 1 and 2 . First, cybercrime is not universally distributed. Certain countries are cybercrime hubs, while many others are not associated with cybercriminality in a serious way. Second, countries that are cybercrime hubs specialise in particular types of cybercrime. That is, despite a small number of countries being leading producers of cybercrime, there is meaningful variation between them both across categories, and in relation to scores for impact, professionalism and technical skill. Third, the results show a longer list of cybercrime-producing countries than are usually included in publications on the geography of cybercrime. As the survey captures leading producers of cybercrime, rather than just any country where cybercrime is present, this suggests that, even if a small number of countries are of serious concern, and close to 100 are of little concern at all, the remaining half are of at least moderate concern.

Base map and data from OpenStreetMap and OpenStreetMap Foundation.

https://doi.org/10.1371/journal.pone.0297312.g001

https://doi.org/10.1371/journal.pone.0297312.g002

To examine further the second finding concerning hub specialisation, we calculated an overall “Technicality score”–or “T-score”–for the top 15 countries of the WCI overall index. We assigned a value from 2 to -2 to each type of cybercrime to designate the level of technical complexity involved. Technical products/services is the most technically complex type (2), followed by Attacks and extortion (1), Data/identity theft (0), Scams (-1), and finally Cashing out and money laundering (-2), which has very low technical complexity. We then multiplied each country’s WCI score for each cybercrime type by its assigned value–for instance, a Scams WCI score of 5 would be multiplied by -1, with a final modified score of -5. As a final step, for each country, we added all of their modified WCI scores across all five categories together to generate the T-score. Fig 3 plots the top 15 WCI overall countries’ T-scores, ordering them by score. Countries with negative T-scores are highlighted in red, and countries with positive scores are in black.

Negative values correspond to lower technicality, positive values to higher technicality.

https://doi.org/10.1371/journal.pone.0297312.g003

The T-score is best suited to characterising a given hub’s specialisation. For instance, as the line graph makes clear, Russia and Ukraine are highly technical cybercrime hubs, whereas Nigerian cybercriminals are engaged in less technical forms of cybercrime. But for countries that lie close to the centre (0), the story is more complex. Some may specialise in cybercrime types with middling technical complexity (e.g. Data/identity theft ). Others may specialise in both high- and low-tech crimes. In this sample of countries, India (-6.02) somewhat specialises in Scams but is otherwise a balanced hub, whereas Romania (10.41) and the USA (-2.62) specialise in both technical and non-technical crimes, balancing their scores towards zero. In short, each country has a distinct profile, indicating a unique local dimension.

This paper introduces a global and robust metric of cybercriminality–the World Cybercrime Index. The WCI moves past previous technical measures of cyber attack geography to establish a more focused measure of the geography of cybercrime offenders. Elicited through an expert survey, the WCI shows that cybercrime is not universally distributed. The key theoretical contribution of this index is to illustrate that cybercrime, often seen as a fluid and global type of organized crime, actually has a strong local dimension (in keeping with broader arguments by some scholars, such as [ 14 , 42 ]).

While we took a number of steps to ensure our sample of experts was geographically representative, the sample is skewed towards some regions (such as Europe) and some countries (such as the US). This may simply reflect the high concentration of leading cybercrime experts in these locations. But it is also possible this distribution reflects other factors, including the authors’ own social networks; the concentration of cybercrime taskforces and organisations in particular countries; the visibility of different nations on networking platforms like LinkedIn; and also perhaps norms of enthusiasm or suspicion towards foreign research projects, both inside particular organisations and between nations.

To better understand what biases might have influenced the survey data, we analysed participant rating behaviours with a series of linear regressions. Numerical ratings were the response and different participant characteristics–country of nationality; country of residence; crime type expertise; and regional expertise–were the predictors. Our analysis found evidence (p < 0.05) that participants assigned higher ratings to the countr(ies) they either reside in or are citizens of, though this was not a strong or consistent result. For instance, regional experts did not consistently rate their region of expertise more highly than other regions. European and North American experts, for example, rated countries from these regions lower than countries from other regions. Our analysis of cybercrime type expertise showed even less systematic rating behaviour, with no regression yielding a statistically significant (p < 0.05) result. Small sample sizes across other known participant characteristics meant that further analyses of rating behaviour could not be performed. This applied to, for instance, whether residents and citizens of the top ten countries in the WCI nominated their own countries more or less often than other experts. On this point: 46% of participants nominated their own country at some point in the survey, but the majority (83%) of nominations were for a country different to the participant’s own country of residence or nationality. This suggested limited bias towards nominating one’s own country. Overall, these analyses point to an encouraging observation: while there is a slight home-country bias, this does not systematically result in higher rating behaviour. Longitudinal data from future surveys, as well as a larger participant pool, will better clarify what other biases may affect rating behaviour.

There is little evidence to suggest that survey fatigue affected our data. As the survey progressed, the heterogeneity of nominated countries across all experts increased, from 41 different countries nominated in the first category to 63 different countries nominated in the final category. If fatigue played a significant role in the results then we would expect this number to decrease, as participants were not required to nominate countries within a category and would have been motivated to nominate fewer countries to avoid extending their survey time. We further investigated the data for evidence of survey fatigue in two additional ways: by performing a Mann-Kendall/Sen’s slope trend test (MK/S) to determine whether scores skewed significantly upwards or downwards towards the end of the survey; and by compiling an intra-individual response variability (IRV) index to search for long strings of repeated scores at the end of the survey [ 43 ]. The MK/S test was marginally statistically significant (p<0.048), but the results indicated that scores trended downwards only minimally (-0.002 slope coefficient). Likewise, while the IRV index uncovered a small group of participants (n = 5) who repeatedly inserted the same score, this behaviour was not more likely to happen at the end of the survey (see S7 and S8 Tables in S1 Appendix ).

It is encouraging that there is at least some external validation for the WCI’s highest ranked countries. Steenbergen and Marks [ 44 ] recommend that data produced from expert judgements should “demonstrate convergent validity with other measures of [the topic]–that is, the experts should provide evaluations of the same […] phenomenon that other measurement instruments pick up.” (p. 359) Most studies of the global cybercrime geography are, as noted in the introduction, based on technical measures that cannot accurately establish the true physical location of offenders (for example [ 1 , 4 , 28 , 33 , 45 ]). Comparing our results to these studies would therefore be of little value, as the phenomena being measured differs: they are measuring attack infrastructure, whereas the WCI measures offender location. Instead, looking at in-depth qualitative cybercrime case studies would provide a better comparison, at least for the small number of higher ranked countries. Though few such studies into profit-driven cybercrime exist, and the number of countries included are limited, we can see that the top ranked countries in the WCI match the key cybercrime producing countries discussed in the qualitative literature (see for example [ 3 , 10 , 32 , 46 – 50 ]). Beyond this qualitative support, our sampling strategy–discussed in the Methods section above–is our most robust control for ensuring the validity of our data.

Along with contributing to theoretical debates on the (local) nature of organized crime [ 1 , 14 ], this index can also contribute to policy discussions. For instance, there is an ongoing debate as to the best approaches to take in cybercrime reduction, whether this involves improving cyber-law enforcement capacity [ 3 , 51 ], increasing legitimate job opportunities and access to youth programs for potential offenders [ 52 , 53 ], strengthening international agreements and law harmonization [ 54 – 56 ], developing more sophisticated and culturally-specific social engineering countermeasures [ 57 ], or reducing corruption [ 3 , 58 ]. As demonstrated by the geographical, economic, and political diversity of the top 15 countries (see Table 1 ), the likelihood that a single strategy will work in all cases is low. If cybercrime is driven by local factors, then mitigating it may require a localised approach that considers the different features of cybercrime in these contexts. But no matter what strategies are applied in the fight against cybercrime, they should be targeted at the countries that produce the most cybercrime, or at least produce the most impactful forms of it [ 3 ]. An index is a valuable resource for determining these countries and directing resources appropriately. Future research that explains what is driving cybercrime in these locations might also suggest more appropriate means for tackling the problem. Such an analysis could examine relevant correlates, such as corruption, law enforcement capacity, internet penetration, education levels and so on to inform/test a theoretically-driven model of what drives cybercrime production in some locations, but not others. It also might be possible to make a kind of prediction: to identify those nations that have not yet emerged as cybercrime hubs but may in the future. This would allow an early warning system of sorts for policymakers seeking to prevent cybercrime around the world.

Limitations

In addition to the points discussed above, the findings of the WCI should be considered in light of some remaining limitations. Firstly, as noted in the methods, our pool of experts was not as large or as globally representative as we had hoped. Achieving a significant response rate is a common issue across all surveys, and is especially difficult in those that employ the snowball technique [ 59 ] and also attempt to recruit experts [ 60 ]. However, ensuring that our survey data captures the most accurate picture of cybercrime activity is an essential aspect of the project, and the under-representation of experts from Africa and South America is noteworthy. More generally, our sample size (n = 92) is relatively small. Future iterations of the WCI survey should focus on recruiting a larger pool of experts, especially those from under-represented regions. However, this is a small and hard-to-reach population, which likely means the sample size will not grow significantly. While this limits statistical power, it is also a strength of the survey: by ensuring that we only recruit the top cybercrime experts in the world, the weight and validity of our data increases.

Secondly, though we developed our cybercrime types and measures with expert focus groups, the definitions used in the WCI will always be contestable. For instance, a small number of comments left at the end of the survey indicated that the Cashing out/money laundering category was unclear to some participants, who were unsure whether they should nominate the country in which these schemes are organised or the countries in which the actual cash out occurs. A small number of participants also commented that they were not sure whether the ‘impact’ of a country’s cybercrime output should be measured in terms of cost, social change, or some other metric. We limited any such uncertainties by running a series of focus groups to check that our categories were accurate to the cybercrime reality and comprehensible to practitioners in this area. We also ran a pilot version of the survey. The beginning of the survey described the WCI’s purpose and terms of reference, and participants were able to download a document that described the project’s methodology in further detail. Each time a participant was prompted to nominate countries as a significant source of a type of cybercrime, the type was re-defined and examples of offences under that type were provided. However, the examples were not exhaustive and the definitions were brief. This was done partly to avoid significantly lengthening the survey with detailed definitions and clarifications. We also wanted to avoid over-defining the cybercrime types so that any new techniques or attack types that emerged while the survey ran would be included in the data. Nonetheless, there will always remain some elasticity around participant interpretations of the survey.

Finally, although we restricted the WCI to profit-driven activity, the distinction between cybercrime that is financially-motivated, and cybercrime that is motivated by other interests, is sometimes blurred. Offenders who typically commit profit-driven offences may also engage in state-sponsored activities. Some of the countries with high rankings within the WCI may shelter profit-driven cybercriminals who are protected by corrupt state actors of various kinds, or who have other kinds of relationships with the state. Actors in these countries may operate under the (implicit or explicit) sanctioning of local police or government officials to engage in cybercrime. Thus while the WCI excludes state-based attacks, it may include profit-driven cybercriminals who are protected by states. Investigating the intersection between profit-driven cybercrime and the state is a strong focus in our ongoing and future research. If we continue to see evidence that these activities can overlap (see for example [ 32 , 61 – 63 ]), then any models explaining the drivers of cybercrime will need to address this increasingly important aspect of local cybercrime hubs.

This study makes use of an expert survey to better measure the geography of profit-driven cybercrime and presents the output of this effort: the World Cybercrime Index. This index, organised around five major categories of cybercrime, sheds light on the geographical concentrations of financially-motivated cybercrime offenders. The findings reveal that a select few countries pose the most significant cybercriminal threat. By illustrating that hubs often specialise in particular forms of cybercrime, the WCI also offers valuable insights into the local dimension of cybercrime. This study provides a foundation for devising a theoretically-driven model to explain why some countries produce more cybercrime than others. By contributing to a deeper understanding of cybercrime as a localised phenomenon, the WCI may help lift the veil of anonymity that protects cybercriminals and thereby enhance global efforts to combat this evolving threat.

Supporting information

S1 indices. wci indices..

Full indices for the WCI Overall and each WCI Type.

https://doi.org/10.1371/journal.pone.0297312.s001

S1 Appendix. Supporting information.

Details of respondent characteristics and analysis of rating behaviour.

https://doi.org/10.1371/journal.pone.0297312.s002

Acknowledgments

The data collection for this project was carried out as part of a partnership between the Department of Sociology, University of Oxford and UNSW Canberra Cyber. The analysis and writing phases received support from CRIMGOV. Fig 1 was generated using information from OpenStreetMap and OpenStreetMap Foundation, which is made available under the Open Database License.

• View Article
• Google Scholar
• 2. Lusthaus J, Bruce M, Phair N. Mapping the geography of cybercrime: A review of indices of digital offending by country. 2020.
• 4. McCombie S, Pieprzyk J, Watters P. Cybercrime Attribution: An Eastern European Case Study. Proceedings of the 7th Australian Digital Forensics Conference. Perth, Australia: secAU—Security Research Centre, Edith Cowan University; 2009. pp. 41–51. https://researchers.mq.edu.au/en/publications/cybercrime-attribution-an-eastern-european-case-study
• 7. Anderson R, Barton C, Bohme R, Clayton R, van Eeten M, Levi M, et al. Measuring the cost of cybercrime. The Economics of Information Security and Privacy. Springer; 2013. pp. 265–300. https://link.springer.com/chapter/10.1007/978-3-642-39498-0_12
• 8. Anderson R, Barton C, Bohme R, Clayton R, Ganan C, Grasso T, et al. Measuring the Changing Cost of Cybercrime. California, USA; 2017.
• 9. Morgan S. 2022 Official Cybercrime Report. Cybersecurity Ventures; 2022. https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assets/resourcefiles/2022-Official-Cybercrime-Report.pdf
• 12. Wall D. Cybercrime: The Transformation of Crime in the Information Age. Polity Press; 2007.
• 14. Varese F. Mafias on the move: how organized crime conquers new territories. Princeton University Press; 2011.
• 15. Dupont B. Skills and Trust: A Tour Inside the Hard Drives of Computer Hackers. Crime and networks. Routledge; 2013.
• 16. Franklin J, Paxson V, Savage S. An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. Proceedings of the 2007 ACM Conference on Computer and Communications Security. Alexandria, Virginia, USA; 2007.
• 17. Hutchings A, Clayton R. Configuring Zeus: A case study of online crime target selection and knowledge transmission. Scottsdale, AZ, USA: IEEE; 2017.
• 20. Levesque F, Fernandez J, Somayaji A, Batchelder. National-level risk assessment: A multi-country study of malware infections. 2016. https://homeostasis.scs.carleton.ca/~soma/pubs/levesque-weis2016.pdf
• 21. Crowdstrike. 2022 Global Threat Report. Crowdstrike; 2022. https://go.crowdstrike.com/crowdstrike/gtr
• 22. EC3. Internet Organised Crime Threat Assessment (IOCTA) 2021. EC3; 2021. https://www.europol.europa.eu/publications-events/main-reports/internet-organised-crime-threat-assessment-iocta-2021
• 23. ENISA. ENISA threat Landscape 2021. ENISA; 2021. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021
• 24. Sophos. Sophos 2022 Threat Report. Sophos; 2022. https://www.sophos.com/ en-us/labs/security-threat-report
• 25. van Eeten M, Bauer J, Asghari H, Tabatabaie S, Rand D. The Role of Internet Service Providers in Botnet Mitigation. An Empirical Analysis Based on Spam Data WEIS. 2010. van Eeten, Michel and Bauer, Johannes M. and Asghari, Hadi and Tabatabaie, Shirin and Rand, David, The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data (August 15, 2010). TPRC 2010, SSRN: https://ssrn.com/abstract=1989198
• 26. He S, Lee GM, Quarterman JS, Whinston A. Cybersecurity Policies Design and Evaluation: Evidence from a Large-Scale Randomized Field Experiment. 2015. https://econinfosec.org/archive/weis2015/papers/WEIS_2015_he.pdf
• 27. Snyder P, Kanich C. No Please, After You: Detecting Fraud in Affiliate Marketing Networks. 2015. https://econinfosec.org/archive/weis2015/papers/WEIS_2015_snyder.pdf
• 29. Wang Q-H, Kim S-H. Cyber Attacks: Cross-Country Interdependence and Enforcement. 2009. http://weis09.infosecon.net/files/153/paper153.pdf
• 32. Lusthaus J. Industry of Anonymity: Inside the Business of Cybercrime. Harvard University Press; 2018.
• 33. Kshetri N. The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives. Berlin: Springer; 2010.
• 36. Backor K, Golde S, Nie N. Estimating Survey Fatigue in Time Use Study. Washington, DC.; 2007. https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=401f97f2d7c684b295486636d8a84c627eb33446
• 42. Reuter P. Disorganized Crime: Illegal Markets and the Mafia. MIT Press; 1985.
• PubMed/NCBI
• 47. Sotande E. Transnational Organised Crime and Illicit Financial Flows: Nigeria, West Africa and the Global North. University of Leeds, School of Law. 2016. https://etheses.whiterose.ac.uk/15473/1/Emmanuel%20Sotande%20Thessis%20at%20the%20University%20of%20Leeds.%20viva%20corrected%20version%20%281%29.pdf
• 48. Lusthaus J. Modelling cybercrime development: the case of Vietnam. The Human Factor of Cybercrime. Routledge; 2020. pp. 240–257.
• 51. Lusthaus J. Electronic Ghosts. In: Democracy: A Journal of Ideas [Internet]. 2014. https://democracyjournal.org/author/jlusthaus/
• 52. Brewer R, de Vel-Palumbo M, Hutchings A, Maimon D. Positive Diversions. Cybercrime Prevention. 2019. https://www.researchgate.net/publication/337297392_Positive_Diversions
• 53. National Cyber Crime Unit / Prevent Team. Pathways Into Cyber Crime. National Crime Agency; 2017. https://www.nationalcrimeagency.gov.uk/who-we-are/publications/6-pathways-into-cyber-crime-1/file
• 60. Christopoulos D. Peer Esteem Snowballing: A methodology for expert surveys. 2009. https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=63ac9f6db0a2fa2e0ca08cd28961385f98ec21ec

ISSN 2581-5369

HeinOnline, MANUPATRA, Google Scholar Indexed

A Study on Cyber Crime and its Legal Framework in India

• Apoorva Bhangla and Jahanvi Tuli
• Show Author Details

Apoorva Bhangla

Student at NMIMS School of Law, India

Jahanvi Tuli

• img Download Full Paper
• img Export Citation

Export citation

Cyber-crime mainly involves activities that use internet and computers as a tool to extract private information of an individual either directly or indirectly and disclosing it on online platforms without the person’s consent or illegally with the aim of degrading the reputation or causing mental or physical harm. With the advancement in technology a steep increase in the rate of cyber-crimes has been observed. With the increase of dependency on cyberspace internet crimes committed against women have also increased. This is mainly because around more than half of the online users are not fully aware of the functioning of online platforms, they are ignorant towards technological advancements and have minimal adequate training and education. Thus, cybercrime has emerged as a major challenge for the law enforcement agencies of different countries in order to protect women and children who are harassed and abused for voyeuristic pleasures. Women are commonly targeted for cyber stalking, cyber pornography, impersonation etc. India is one of the few countries which has enacted the IT Act 2000 to deal with issues pertaining to cyber-crimes in order to protect the women from exploitation by vicious predators however this act doesn’t address some of the gravest dangers to the security of the women and issues involving women are still growing immensely.

• Cyber-crime
• online platforms.

Research Paper

Information

International Journal of Law Management and Humanities, Volume 4, Issue 2, Page 493 - 504

Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution -NonCommercial 4.0 International (CC BY-NC 4.0) (https://creativecommons.org/licenses/by-nc/4.0/), which permits remixing, adapting, and building upon the work for non-commercial use, provided the original work is properly cited.

Copyright © IJLMH 2021

I. Introduction

The advent of technology has provided women an opportunity to explore their strengths and widen their capabilities. With the rapid modernisation taking place all over the world, internet has become a part of our daily lives. It has proved to be an efficient tool of communication. However, with the increase of dependency on cyberspace internet crimes committed against women have also increased. Women all over the world have been victims to a number of harassments for decades now. With the advent of technology and digitalisation people have the ability to communicate virtually with anybody, anytime and anywhere across the globe. Cyber-crime has emerged as one of the results of this modernisation. Online platforms are often used to harass and abuse women for voyeuristic pleasures. One of the major reasons as to why it takes place is because of the fact that around more than half of the online users are not fully aware of the functioning of online platforms such as WhatsApp, skype, Facebook, etc. There is minimal adequate training and education that is provided to the users. Moreover, ignorance towards technological advancements has carved its way for such heinous crimes. Women are commonly targeted for cyber stalking, cyber pornography, impersonation etc. The victims often trust the offender and share their private data or information as a consequence of which innumerable cyber-crimes take place daily. Due to fear of defamation in the society and lack of evidence it becomes really difficult to identify the origin of the crime. Cyber-crime has become a concept wherein majority of cases the victims have been women who have fallen prey to technological fancies. A steep increase in the rate of cyber-crimes has been observed in different countries where the primary concern has always been the protection of women. India is one of the few countries which has enacted the IT Act 2000 to deal with issues pertaining to cyber-crimes in order to protect the women from exploitation by vicious predators and provide them support so that they can fight back against all wrongdoings. Many institutions have taken up the issues pertaining to cybercrime in order to raise awareness for the safety of women but still a steep increase has been observed in this area, which poses a negative impact on the development of the nation. 

II. What is Cyber Crime?

Cybercrimes can be defined as: “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones”. [1]

Cyber-crime involves the use of internet and computer. It threatens an individual’s privacy by disclosing or publishing their personal or confidential information online with the aim of degrading their reputation and causing them physical or mental harm either directly or indirectly. Women are generally the targets of these offenders because they are inexperienced and lack knowledge of the cyber world, thereby falling prey to the technological fancies.

Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined “cybercrime against women” as “Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones”.

Types of Cyber Crime

• Cyberstalking

In today’s modern world, it is one of the most commonly committed crimes. It involves following a person’s movements and pursuing him/her stealthily. It involves gathering data that maybe used to harass a person or making false accusations or threats. A cyber stalker uses internet to stalk someone and thus, doesn’t pose a direct physical threat to an individual but due to the anonymity of the interactions that take place online the chances of identification of the cyber stalker becomes quite difficult which makes this crime more common than physical stalking. 

One of the major targets of cyber stalking is women and children who are stalked by men and adult predators namely, for revenge, for sexual harassment and for ego. Most of the times, the victim is unaware of the use and rules of the internet and the anonymity of the users has contributed to the rise of cyber stalking as a form of crime. The offender  for committing this offence maybe charged for breach of confidentiality and privacy under section 72 of the IT Act, 2000 as cyber stalking is yet not covered under existing cyber laws in India. Also, section 441 and 509 of IPC are also applicable for the same.

• Cyber Pornography

It is a major threat to women and children security as it involves publishing and transmitting pornographic pictures, photos or writings using the internet which can be reproduced on various other electronic devices instantly. It refers to portrayal of sexual material on the internet.

According to A.P. Mali, “It is the graphic, sexually explicit subordination of women through pictures or words that also includes pornography is verbal or pictorial material which represents or describes sexual behaviour that is degrading or abusive to one or more of participants in such a way as to endorse the degradation. The person has chosen or consented to be harmed, abused, subjected to coercion does not alter the degrading character of such behaviour.” [2] Around 50% of the total websites on the internet show pornographic material wherein photos and pictures of women are posted online that are dangerous to women’s integrity. 

According to IT Amendment Act 2008 “crime of pornography under section 67-A, whoever publishes and transmits or causes to be a published and transmitted in the electronic form any material which contains sexually explicit act or conduct can be called as pornography. Section 292/293/294, 500/506 and 509 of Indian Panel Code, 1860 are also applicable and victim can file a complaint near the Police Station where the crime has been committed or where he comes to know about crime. After proving crime, the accused can be called as first conviction with an imprisonment for a term which may extend to five years including fine which may extend to ten lakh rupees. In the second conviction the term of imprisonment may extend to seven years and fine may extend to ten lakh rupees”.

• Cyber Morphing

It is a form of crime in which the original picture is edited by an unauthorised user or a person possessing a fake identity. Photographs are taken of female users from their profiles and are then reposted for pornographic purposes by fake accounts on different sites after editing them. Due to the lack of awareness among the users the criminals are encouraged to commit such heinous crimes. Cyber morphing or Cyber obscenity is punishable under section 43 and 66 of Information Act 2000.

• Cyber Bullying

Cyberbullying involves the use of internet for causing embarrassment or humiliation to someone place by sharing their personal or private data by sending, posting or sharing harmful or false content over digital devices like computers, tablets, laptops and cell phones. It can take place through SMS, online gaming communities, online forums or social media platforms wherein information can be exchanged online and is available to a number of people. Cyberbullying is persistent and permanent and therefore, can harm the online reputation of not just the victim but both the parties involved. 

• Email Spoofing and Impersonation

It is one of the most common cybercrime. It involves sending e-mail which represents its origin. In today’s times, this from of crime has become immensely common that it becomes really difficult to assess as to whether the mail that is received is truly from the original sender. Email spoofing is mostly used to extract personal information and private images from women fraudulently and are later used to blackmail them. According to a report, there has been a 280% of increase of phishing attacks since 2016. Avanan research depicts that around 4% of the total emails that are received by an individual user are fraudulent emails. In Gujarat Ambuja’s Executive case, the 51 year old cyber 1 criminal created a fake email ID and pretending to be a woman indulged in a “cyber relationship” extorting Rs 96 lakh from an Abu Dhabi based businessman. [3]

Email spoofing is an offence under section 66-D of the Information Technology Amendment Act, 2008 and section 417, 419 and 465 of Indian Panel Code 1860. It is a cognizable, bailable and compoundable offence with permission of the court before which the prosecution of such offence is pending and triable by any magistrate.

• Online Trolling

It is a form of online violence on social media platforms where people are given the liberty to speak their mind. Online harassers often tend to target people who express their opinions and think differently from the prevailing societal norms. On such section constitutes of females who are targeted by social media bullies. According to Digital Hifazat report, “women that are vocal online, especially on topics that have been traditionally relegated to ‘male expertise’ like religion or politics, or about women’s experiences, including those of sexuality, menstruation, or speaking out about patriarchy, are subjected to a vicious form of trolling, usually from self-identified right-wing accounts on Twitter.” [4]

Social media bullying takes a toll on the mental as well as the physical health of the victims. Abuse, hate speech and mean comments are the most common elements of trolling. The most common consequences of trolling are self-censorship and mental health concerns. 

III. Extent of cybercrime against women in india

With approximately 688 million active users, India is the second largest internet market in the world. [5] Sites like Facebook, YouTube, Twitter, Instagram, WhatsApp and Snapchat are the most liked in India. While internet population has been increasing there still is a gender divide. According to a report published by IAMAI (Internet and Mobile Association of India) on internet usage in India, about 67% of the users are male compared to which only 33% are female. [6] This disparity between the male and female users is the major reason for the growth of cybercrime incidents against women.

Cyber-crimes are illegal activities which is forbidden by the law and committed by the use of internet and cyber technology. Cyber-crimes can be committed against any person, property or government but this paper solely focuses on cyber- crimes against women. According to National Crime Research Bureau there was sharp increase in the number of reported cyber-crime in 2017 in comparison to past years. Further increase in the reported cybercrimes can be seen in the year 2018. “While a total of 21,796 crimes were recorded under both IPC and IT Act in 2017, the number has increased to 27,248 in 2018.” [7] In 2017 NCRB for the first time had included categories relating to women and child on the nature of crimes committed against them.

Since the 1990s the information technology has taken giant strides forward and every family who has a modest income has the internet service. Individuals from varying age are able to use it everywhere starting from their home to their workplace. It can be deduced that internet has become a world on its own with its own place where one can share, have cultural values or opportunities.  But it has its own disadvantages, the cyber world has become a place for wrongdoers to defraud women and some even going as low as to encroach children. The ceaseless advancement of internet is making it harder to detect and regulate leading to rise of cyber criminals. Due to technological innovations cyber criminals are able to commit crime with a fake identity from any place in the world. This means that they do not have any physical contact with the real world and are mostly getting away with it without any punishment. With the protection of anonymity people are able to access any kind of material on the web which leads to huge number of anti-social, violent and aggressive content.

One of the major reason for the rise of cyber-crime against women apart from the advancement of internet is the fact that Indian women are not open on reporting a cyber-crime. They fear that it will bring disgrace to their families. Most of the times they believe that it is their own fault that the crime happened. Cyber space is a world on its own and people come and go as they please. This makes the cyber criminals to commit a crime and escape punishment easily. Through various instances it can be seen that women befriend men on the internet who forms a bond by discussing their lives and pretending to be the woman’s true friend. Gradually they form a strong friendship and then starts to send obscene messages. In this tinstance it is the duty of the woman to report the person but it can be seen that in the most of the cases they shy away and this gives more courage to the cyber-criminal. A 2016 survey on Violence Online in India conducted by the Feminism in India portal on 500 individuals (97% women and 3% trans-genders) found that 58 percent of respondents “had faced some kind of online aggression in the form of trolling, bullying, abuse or harassment”. But 38% of those who faced such violence did not take any action. [8] The victim women needs to understand that by reporting the man the problem can be solved and further saving the lives of other woman who can be the criminal’s future targets.

IV. The legal framework

There are two unique features of the Internet. Firstly, it is not confined to a particular boundary and the cyber-criminal can commit a crime from ay part of the world. The second unique feature is that it provide anonymity to its users which has its own boon and bane. For people who use this anonymity for putting out their opinion to the world it’s a boon but the perpetrators who use this anonymity for commission of crime it is a bane. Therefore this features not only pose a challenge in crime prevention but also in the implementation of law. At present there is no specific law that deals with cyber-crime against women. Other laws which can be used in the specific case, most women are not aware of. Women does not know about their rights or that such rights exist.

There are many laws in statues and regulations which penalises cyber-crime. But the majority of the laws belong to the Indian penal Code (IPC), 1860 and the Information technology Act (IT Act), 2000. The IPC is the general criminal code of India which defines offences and prescribes punishment for the same. IPC covers laws and punishment pertaining to physical world and has been legislatively amended and judiciously interpreted to be applicable to cyber criminals. Whereas the IT Act is a specific code pertaining to use of information technology and crime committed through it. In 2008 IT Amendment Act was enacted inclusive of certain crimes related to cyber world. Both IT Act and IPC are complementary to each other on cyber-crime against women. The below mentioned table is taken from a discussion paper published by IT for Change it showcases the laws that a cyber-criminal can be charged with when he/she commits a crime against women. Following which the loopholes in the said laws is analysed.

Table 1. Key legal provisions that can be invoked to address online Violence against women [9]

Lacuna in the Existing Provision of Law

• The verbal abuse made online which does not contain any sexual content is not properly tackled. General sexist comments have not been taken under Section 499 and Section 507 of the IPC which deals with criminal defamation and criminal intimidation pertaining to those trolls that are of personal nature. Further, doxing without any circulation of sexual material and without any intimidation is not included. Section 66 of the IT Act criminalises hacking but it does not explicitly state the act of doxing through hacking. Online trolling, verbal abuse, hacking for doxing has been treated as personal and isolated crime in Section 499 and Section 507 of IPC and Section 66 of the IT Act. It is important to note that this act of abuse is committed against women because she is a women. From the past it can be seen that the abuse is based on the women’s sexuality and caste.
• Section 66E of IT Act and Section 354C, Section 354D of the Criminal Laws Amendment Act 2013 are the exception to violence as physical harm and not as intrusion to bodily integrity and personal autonomy as defined by the other sections of IT Act and IPC. These sections also just focuses on physical privacy and not on the “informational privacy”. [10] It is to be considered that Section 509 of IPC mention “Privacy” but it only talks about privacy with respect to women’s modesty. “Sexual violence is largely viewed from the standpoint of maintaining public decency through curbing obscenity and protecting the modesty of women.” [11] Further, it can be seen that withdrawn at any point. Sexual violence is combined with the need to regulate the ratification and representation of sexuality which results in reinforcing genders norms of protecting women’s sexuality rather than protecting her bodily integrity or their informational privacy. Section 72 [12] and Section 43 read with Section 66 [13] of the IT Act is an economic offence and not a gender or social offence.
• Psychological violence based on gender against women is not recognised by the law outside their familial setting. Acknowledgement of psychological violence that is the circulation of private information through infringement of privacy which is not of sexual nature is not been done.
• Additionally laws like Protection of Women from Domestic Violence Act, 2005 which deals with cases related to psychological violence at home and live in relationships does not talk about cybercrime with respect to women.

V. Suggestions

• While using online platform not divulging any personal data is almost impossible and thus, one should beware while sharing any personal information online.
• It is imperative that an eye should be kept on phony email messages and such emails should not be responded to that ask for personal information. Also, email address should be guarded.
• While engaging in online activities it is imperative that attention should be paid to privacy policies on websites and steer clear of fraudulent websites used to steal personal information.
• It is necessary that response to offences on the internet against women should be seen as part of the broader movement against harassment and abuse. Broader efforts should be initiated as it is ultimately a people- centred challenge.
• Keeping up with the pace of change is the need of the hour. Keeping up with the technological advancements is a challenge that is essential to overcome as most of the online crimes takes place due to the lack of knowledge and awareness among the users.
• A collaborative effort among media, clubs, associations and women’s media networks is critical to promote women’s leadership and decision making in the society.
• Online diligence, monitoring and reporting against violence and cyber-crime should be done effectively and efficiently.
• There should be an E-portal where women can report their problems online themselves without suffering from the stigma of involving police in such matters. Also, the database of criminals should be maintained which could help in law enforcement.
• Women should be made aware about using online media platforms and adequate procedures should be followed by them. They need to be aware of their right in the cyberspace.
• Education systems must initiate contemporary issues regarding online crimes and awareness should be spread regarding safe internet uses.
• The government should make more rigid rules to apply on the Internet Service Providers (ISPs) as they have the entire record of the data that is accuses by the users surfing on the web. Also, in case of any suspicious activities a report should be made by them in order to prevent crimes at an early stage.

VI. Conclusion

“The law is not the be-all and end-all solution.” Victims are still not getting justice despite of a strong legal base in spite of them remaining silent. Cyber-crime against women is just a reality check of what really is going on in the real world. The lines between the online and offline world is getting blurred. Cyber-crime happens because the criminals think that is a much easier way with less punishment. With millions of users in the online platforms complaint mechanisms has also become fruitless.

For instance in the recent boy’s locker room case where group of teenage boys from Delhi shared pictures of underage women and objectified them by passing derogatory comments on group chat in Instagram and Snapchat. When a girl shared the screenshots of the chats the group was busted. Women all over country raised voices but it could be seen that they were not shocked. The reason is that objectification of women has become quite normal in the society. Women have has accepted this mentality of objectification by male as every day new cases come into light. Years have passed and still women lives in the fear of going out alone outside in the real world. In fact the online world which she could go to in the safety of her home has also become an unsafe place.

It comes upon the women to take preventive measures such as usage of data security, not leaving digital footprint, keeping everything password protected. But this are all superficial ways. The major problem that has always been existing is the patriarchy and misogyny in the society. To solve this problem a long term measure need to be undertaken that will help in dealing with cyber-crime against women.

There is the need of the hour to evolve the societal and cultural norms with the development of information technology. Mandatory steps need to be taken. Steps like digital literacy, development of data security, providing access of technology to women and girls and most of all enactment of laws specifically on cyber-crime especially with reference to women.

[1] DEBRATI HALDER &   K. JAISHANKAR,   CYBER CRIMES AGAINST WOMEN IN INDIA

[2] Adv. Prashant Mali, IT Act 2000: Types of Cyber Crimes & Cyber Law in India-Part 1 .

[3] Case of Cyber Extortion , INDIA FORENSIC, (Jan 20, 2021), http://www.indiaforensic.com/cyberextortion.htm

[4] Trolls Target Women: Dealing with Online Violence, THE CITIZEN, (Jan 21, 2021), https://www.thecitizen.in/ index.php/en/NewsDetail/index/7/17330/Trolls-Target-Women-Dealing-with-Online-Violence

[5] Digital population in India as of January 2020 , STATISTA, (Jan 21, 2021),   www.statista.com/statistics/309866/ india-digital-population/.

[6] India Internet 2019 , IAMAI, (Jan 28, 2021), https://cms.iamai.in/Content/ResearchPapers/d3654bcc-002f-4fc7-ab39-e1fbeb00005d.pdf

[7] Crime in India- 2018 , NCRB, (Jan 28, 2021), https://ncrb.gov.in/crime-india-2018

[8] Pasricha & Japleen, “Violence” online in India: Cybercrimes against women and minorities on social media , http://feminisminindia.com/wp-content/uploads/2016/05/FII_cyberbullying_report_website.pdf

[9] Technology-mediated violence against women in India, IT FOR CHANGE, (Jan 29, 2021), https://itforchange.net/e-vaw/wp-content/uploads/2017/12/DISCUSSIONPAPER.pdf

[10] “Information privacy, or data privacy (or data protection), concerns personally identifiable information or other sensitive information and how it is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. In relation to technology, it pertains to the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.”

[11] supra note 9

[12] Breach of privacy and confidentiality

[13] Data Theft

Total number of HTML views: 8847

Total number of pdf downloaded: 1077, open access.

http://doi.one/10.1732/IJLMH.26089

Recent content

1 evolution and impact of hindu succession act 1956 in shaping the hindu law of inheritance in india.

By Yuvraj Kashyap and Ujjwal Kumar Singh

Volume: 7 Issue : 3 Page: 3043 - 3051

2 Juvenile Delinquency in India: Analysing the Effectiveness of the Juvenile Justice Act 2015

By Vivek Choudhury

Volume: 7 Issue : 3 Page: 3025 - 3042

3 Protection of Rights of War Prisoners under International Law: An Analytical Study

By Jaspreet Singh and Priyadarshini Tiwari

Volume: 7 Issue : 3 Page: 3016 - 3024

4 Lok Adalats in India: A Comprehensive Analysis of their Role in Facilitating Speedy Justice

By Priya Jaiswal

Volume: 7 Issue : 3 Page: 3002 - 3015

5 Analysis of the India-US Extradition Treaty

By Eshna Shukla and Priyadarshini Tiwari

Volume: 7 Issue : 3 Page: 2994 - 3001

International Journal of Law Management & Humanities

Typically replies within 24 hours.

Any questions related to the journal or your submission?

WhatsApp Us

🟢 We will respond within 24 hours, maybe less.

WhatsApp us.

CYBER CRIME IN INDIA

• January 2022
• This person is not on ResearchGate, or hasn't claimed this research yet.

• Annamalai University

• Chandigarh University

Discover the world's research

• 25+ million members
• 160+ million publication pages
• 2.3+ billion citations
• Nitisha Aggarwal
• Mitu Sehgal

• Berk Tech Law J
• . -Cyber Crime
• T-Cy Guidance
• T-Cy Assessment Report
• Edmund C Sir
• Recruit researchers
• Join for free
• Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Emerging Trends in Cyber Crimes in India: An Over View

16 Pages Posted: 4 Aug 2016

Shobhit University - School of Law and Constitutional Studies

Date Written: August 4, 2016

In the 21st century it’s not going to matter how Many arms you carry, but instead how many Buttons you press. Computers and internet are becoming an essential part of our daily life. They are being used by individuals and societies to make their life easier. They use them for storing information, processing data, sending and receiving messages, communications, controlling machines, typing, editing, designing, drawing, and almost all aspects of life. Cyber Crime may be generally understood as “unlawful acts wherein the computer is a tool, a target or both” . There are many forms of crimes on the internet. Some are not dangerous enough to be deemed as a crime, rather only a simple spread of information. They are simple show of skills and are harmless. Initially, when man had invented the computer and the technology for communicating between computers had been evolved, he would have never thought that the cyber space he was creating could be flooded with crime called cyber-crime. But now almost all of us might have heard of the terms computer crime, cyber-crime, e-crime, hi-tech crime or electronic crime which is nothing but an activity done with a criminal intention in cyber space. In simple words, it is an activity which is generally criminal in nature, where a computer or network is the source, tool, target, or place of a crime. To say in one line as understood by the researchers, ‘cyber-crime refers to all the activities done with criminal intention in cyberspace’. Such crime involves an information technology infrastructure, including unauthorized access, illegal interception by technical means of non-public transmissions of computer data to, from or within a computer system, data interference by unauthorized damaging, deletion, deterioration, alteration or suppression of computer data, systems interference by interfering with the functioning of a computer system with inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data, misuse of devices, forgery (ID theft), and electronic fraud. In the present e-Age, ‘Crime’ has extended itself beyond physical assault or mental torture; now it also affects our e-life. E-Life means our existence & living in the cyber world. Every one of us is a part of this cyber world, directly or indirectly since computers & internet are now an integral part of our personal & professional life. Just like any other invention, Computers & Internet are a boon to human kind if used in a right way and to the advantage of the society, otherwise a curse However, as we all know, everything has its pros and cons and so computers & internet are not exceptions. If we consider ‘Cyber Crime’ as virus then it would not be untrue to say that this virus is corrupting man’s significant development (computers and internet) which is responsible for developing civilized society for men. Cyber Crime is a menace all over the world and is the one of most difficult and challenging one to detect and investigate. You will find it interesting to note that even the official website of the Cyber Crime Investigation Cell of Crime Branch Mumbai quotes “The invisible criminal is dangerous than the visible one”.

Keywords: Cyber Crime, Cyber Terrorism, Cyber Threats, Cyber Warfare

Suggested Citation: Suggested Citation

Mohd Imran (Contact Author)

Shobhit university - school of law and constitutional studies ( email ).

NH-58, Roorkee Road Modipuram Meerut, Uttar Pradesh 250110 India

Do you have a job opening that you would like to promote on SSRN?

Paper statistics, related ejournals, information systems legislation & regulations ejournal.

Subscribe to this fee journal for more curated articles on this topic

National Security & Foreign Relations Law eJournal

India law ejournal, innovation law & policy ejournal, cybersecurity & data privacy law & policy ejournal, types of offending ejournal, political economy - development: public service delivery ejournal.

Cybersecurity News, Awards, Webinars, eSummits, Research

2024 Merger and Acquisition Trends: Deal volumes cool, values heat up

Steve Zurier June 14, 2024

Security analysts say Big Tech companies experiencing slow growth will acquire innovative cybersecurity startups to fuel growth in 2024 and beyond.

Incident Response team burnout and resource constraints give attackers the advantage

Call for 2024 SC Awards nominations

Get daily email updates.

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy .

Perspectives

Three ways to jump-start a vulnerability management team .

Shaun Kummer

June 14, 2024

Three takeaways from the Gartner Security and Risk Management Summit

Stephen Kowski

June 13, 2024

What cybersecurity can learn from the automotive industry

Morgan Wright

June 12, 2024

Here’s how to create a security culture that adheres to the new SEC regs

Pukar Hamal

June 11, 2024

Three steps toward a passwordless future

Aaron Walton

June 10, 2024

Cyber threat detection capabilities of SIEM tools lagging

Gao: white house yet to fulfill numerous cyber recommendations, ascension downplays ransomware attack impact, ransomware attacks disrupt michigan, new york city governments, kulicke and soffa admit data breach from lockbit attack, more resources, rise of partnerships, industry collaboration designed to break through vulnerability wall.

George V. Hulme

June 7, 2024

Enterprise vulnerability management has hit a wall: What you need to know

Ransomware against healthcare and manufacturing on the rise: what to know, how to respond.

May 30, 2024

How to improve ransomware attack outcomes

May 28, 2024

EBook: The state of identity 2024

May 23, 2024

Patient data stolen in Ascension ransomware attack, but EHR restored

May ransomware attack caused by an employee who mistakenly downloaded a malicious file.

Microsoft’s AI Recall feature postponed to address security concerns

Laura French June 14, 2024

The “photographic memory” feature was rolled back five days before its planned release.

Apple’s AI debut: privacy nightmare or FUD?

Laura French June 13, 2024

Apple Intelligence and ChatGPT integrations met with reactions ranging from praise to outrage.

Microsoft’s Brad Smith defends company over 2023 account hacks

Shaun Nichols June 13, 2024

Microsoft President Brad Smith stood up for his company over its handling of an attack by a Chinese threat actor in 2023.

Life360 says hacker stole customer data from its Tile support platform

Steve Zurier June 13, 2024

No sensitive customer data was stolen, according to maker of Bluetooth tracker.

GenAI an enhancement for cyberattackers and defenders

Dan Raywood June 13, 2024

Perception Point official says the “highest bar is full automation of the attack process.”

Kaspersky researchers punch holes in biometrics hardware security

Shaun Nichols June 12, 2024

Kaspersky Lab researchers disclosed a number of vulnerabilities in a popular brand of biometrics scanners.

With an eye to AI, cybersecurity sector investment rebounds

Karen Epper Hoffman June 12, 2024

Artificial technology drives cybersecurity investments after sharp decline in sector in 2023.

Security Metrics That Matter: The CISO Perspective

The changing face of ransomware, and how to respond, key grc priorities for the second half of 2024, governance, risk, and compliance: the ciso perspective, ciso insights: navigating the grc landscape.

Information

• Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

• Active Journals
• Find a Journal
• Proceedings Series
• For Authors
• For Reviewers
• For Editors
• For Librarians
• For Publishers
• For Societies
• For Conference Organizers
• Open Access Policy
• Institutional Open Access Program
• Special Issues Guidelines
• Editorial Process
• Research and Publication Ethics
• Article Processing Charges
• Testimonials
• Preprints.org
• SciProfiles
• Encyclopedia

Article Menu

• Subscribe SciFeed
• Recommended Articles
• Google Scholar
• on Google Scholar
• Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

The use of ai in software engineering: a synthetic knowledge synthesis of the recent research literature.

1. Introduction

• What is the volume of the research on using AI in software engineering?
• What is the maturity status of the research?
• What are the volume and dynamics of the production of the research literature on AI use in software?
• How is the research geographically distributed?
• Which information sources informing the scientific community are the most prolific?
• Which funding bodies sponsoring research on AI in software engineering are the most prolific?
• What are the most prolific research themes?

2. Materials and Methods

• Research publications were harvested from the Scopus bibliographic database using the below search string.
• Descriptive bibliometric analysis was performed using Scopus’s built-in functionality.
• Author keywords were used as meaningful units of information in the content analysis. First, bibliometric mapping was performed using VOSViewer [ 6 ]. Next, using inductive content analysis of the most popular authors’ keywords, the node size, links, and proximity between the author keywords in individual clusters and their borders presented in the bibliometric map were analyzed to form categories and identify and name themes.
• Finally, the themes and subcategory terms were applied to form search strings to locate relevant publications associated with the theme. The most interesting and influential were selected and analyzed to describe the categories’ and themes’ scope.

TITLE-ABS-KEY((“artificial intelligence” OR “machine learning” OR “deep learning” OR “intelligent system” OR “support vector machine” OR (“decision tree” AND (induction OR heuristic)) OR “random forest” OR “Markov decision process” OR “hidden Markov model” OR “fuzzy logic” OR “k-nearest neighbor” OR “naive Bayes” OR “Bayesian learning” OR “artificial neural network” OR “convolutional neural network” OR “recurrent neural network” OR “generative adversarial network” OR “deep belief network” OR “perceptron” OR {natural language processing} OR {natural language understanding} OR {general language model}) and ({software engineering} OR {software design} or {software development})) AND PUBYEAR > 2018 AND PUBYEAR < 2025.

3. Results and Discussion

3.1. descriptive and production bibliometrics, 3.1.1. volume of research, 3.1.2. maturity of research and most prolific information sources, 3.1.3. geographical distribution of research, 3.1.4. most prolific funding bodies, 3.2. most prolific research themes, literature review of research categories and themes.

• Use of artificial intelligence in management of software development life cycle
• Ethical use of AI-based software engineering
• Use of fuzzy logic in software development and testing
• Automation of software testing in an agile environment
• Project management of software life cycle using fuzzy logic
• Data science and big data in software development
• Natural language processing (NLP) in software engineering
• Natural language processing in software development
• Natural language processing in software requirements engineering
• User stories understanding with natural language processing
• Machine learning in fault/defect prediction and effort estimation
• Software development effort estimation
• Data mining in software fault/defect prediction
• Machine learning and software metrics
• Deep learning in empirical software engineering focusing on code management
• Deep learning in program comprehension and vulnerability detection
• Technical depth and code smell detection
• COVID-19 influence on software engineering
• Mining software repositories to improve software quality
• Mining software repositories to enhance the quality of software and software maintenance
• GitHub and open source software as sources for mining software development data

3.3. Timeline of the Recent Research and Hot Topics

3.4. research gaps and challenges, 3.5. possible future research trends.

• Development of transparent, fair, ethical, responsible, and sustainable intelligent software development processes [ 95 ] to eliminate management and for-profit bias, reduce human oversight, improve privacy, reduce cybercrime, make software more robust and accountable, and finally, reduce the digital divide.
• Self-adapting software that adapts to evolving user requirements [ 96 ], frequently changing due to fast ICT development, new user needs and requirements, and similar. In that manner, the software could become more robust, easier, and cheaper to maintain, and software development could be more sustainable.
• Self-healing and self-reflecting software that returns to a more functional condition after faults or performance and cybersecurity issues [ 97 ]. In that manner, the use of the software might become safer, more cost-effective, and more user-friendly.
• Collaborative software development eco-systems where AI partners with human developers take team dynamics and self-organization into account [ 98 ], enabling significant improvements in productivity, code quality, and developer empowerment.
• Adaptive continuous-learning platforms for software developers and engineers [ 85 ] to enable them to stay ahead of new technologies.
• New software engineering curricula [ 86 ] to teach future software engineers about the trends mentioned above.

3.6. Study Strengths and Limitations

4. conclusions, institutional review board statement, informed consent statement, data availability statement, conflicts of interest.

• Ooi, K.-B.; Tan, G.W.-H.; Al-Emran, M.; Al-Sharafi, M.A.; Capatina, A.; Chakraborty, A.; Dwivedi, Y.K.; Huang, T.-L.; Kar, A.K.; Lee, V.-H.; et al. The Potential of Generative Artificial Intelligence Across Disciplines: Perspectives and Future Directions. J. Comput. Inf. Syst. 2023 , 1–32. [ Google Scholar ] [ CrossRef ]
• Završnik, J.; Kokol, P.; Žlahtič, B.; Blažun Vošner, H. Artificial Intelligence and Pediatrics: Synthetic Knowledge Synthesis. Electronics 2024 , 13 , 512. [ Google Scholar ] [ CrossRef ]
• Lo, D. Trustworthy and Synergistic Artificial Intelligence for Software Engineering: Vision and Roadmaps. arXiv 2023 , arXiv:2309.04142. [ Google Scholar ]
• Belzner, L.; Gabor, T.; Wirsing, M. Large Language Model Assisted Software Engineering: Prospects, Challenges, and a Case Study. In Proceedings of the Bridging the Gap Between AI and Reality ; Steffen, B., Ed.; Springer Nature: Cham, Switzerland, 2024; pp. 355–374. [ Google Scholar ]
• Batarseh, F.A.; Mohod, R.; Kumar, A.; Bui, J. The Application of Artificial Intelligence in Software Engineering: A Review Challenging Conventional Wisdom. In Data Democracy ; Batarseh, F.A., Yang, R., Eds.; Academic Press: Cambridge, MA, USA, 2020; pp. 179–232. ISBN 978-0-12-818366-3. [ Google Scholar ]
• Sofian, H.; Yunus, N.A.M.; Ahmad, R. Systematic Mapping: Artificial Intelligence Techniques in Software Engineering. IEEE Access 2022 , 10 , 51021–51040. [ Google Scholar ] [ CrossRef ]
• Amalfitano, D.; Faralli, S.; Hauck, J.C.R.; Matalonga, S.; Distante, D. Artificial Intelligence Applied to Software Testing: A Tertiary Study. ACM Comput. Surv. 2023 , 56 , 3616372. [ Google Scholar ] [ CrossRef ]
• Majumdar, S.; Paul, S.; Paul, D.; Bandyopadhyay, A.; Chattopadhyay, S.; Das, P.P.; Clough, P.D.; Majumder, P. Generative AI for Software Metadata: Overview of the Information Retrieval in Software Engineering Track at FIRE 2023. Available online: https://api.semanticscholar.org/CorpusID:265043660 (accessed on 5 May 2024).
• Kulkarni, V.; Kolhe, A.; Kulkarni, J. Intelligent Software Engineering: The Significance of Artificial Intelligence Techniques in Enhancing Software Development Lifecycle Processes. In Proceedings of the Intelligent Systems Design and Applications ; Abraham, A., Gandhi, N., Hanne, T., Hong, T.-P., Nogueira Rios, T., Ding, W., Eds.; Springer International Publishing: Cham, Switzerland, 2022; pp. 67–82. [ Google Scholar ]
• Satpute, R.S.; Agrawal, A. A Critical Study of Pragmatic Ambiguity Detection in Natural Language Requirements. Int. J. Intell. Syst. Appl. Eng. 2023 , 11 , 249–259. [ Google Scholar ]
• Daun, M.; Brings, J. How ChatGPT Will Change Software Engineering Education. In Proceedings of the 2023 Conference on Innovation and Technology in Computer Science Education ; Association for Computing Machinery: New York, NY, USA, 2023; Volume 1, pp. 110–116. [ Google Scholar ]
• Cao, S.; Sun, X.; Widyasari, R.; Lo, D.; Wu, X.; Bo, L.; Zhang, J.; Li, B.; Liu, W.; Wu, D.; et al. A Systematic Literature Review on Explainability for Machine/Deep Learning-Based Software Engineering Research. arXiv 2024 , arXiv:2401.14617. [ Google Scholar ]
• Mohammadkhani, A.H.; Bommi, N.S.; Daboussi, M.; Sabnis, O.; Tantithamthavorn, C.; Hemmati, H. A Systematic Literature Review of Explainable AI for Software Engineering. arXiv 2023 , arXiv:2302.06065. [ Google Scholar ]
• Ozkaya, I. The Next Frontier in Software Development: AI-Augmented Software Development Processes. IEEE Softw. 2023 , 40 , 4–9. [ Google Scholar ] [ CrossRef ]
• Bano, M.; Hoda, R.; Zowghi, D.; Treude, C. Large Language Models for Qualitative Research in Software Engineering: Exploring Opportunities and Challenges. Autom. Softw. Eng. 2023 , 31 , 8. [ Google Scholar ] [ CrossRef ]
• Kokol, P. Synthetic Knowledge Synthesis in Hospital Libraries. J. Hosp. Librariansh. 2023 , 24 , 1–8. [ Google Scholar ] [ CrossRef ]
• Železnik, U.; Kokol, P.; Starc, J.; Železnik, D.; Završnik, J.; Vošner, H.B. Research Trends in Motivation and Weight Loss: A Bibliometric-Based Review. Healthcare 2023 , 11 , 3086. [ Google Scholar ] [ CrossRef ]
• Markoulli, M.P.; Lee, C.I.S.G.; Byington, E.; Felps, W.A. Mapping Human Resource Management: Reviewing the Field and Charting Future Directions. Hum. Resour. Manag. Rev. 2017 , 27 , 367–396. [ Google Scholar ] [ CrossRef ]
• Moon, M.D. Triangulation: A Method to Increase Validity, Reliability, and Legitimation in Clinical Research. J. Emerg. Nurs. 2019 , 45 , 103–105. [ Google Scholar ] [ CrossRef ]
• Farooq, U.; Nasir, A.; Khan, K.I. An Assessment of the Quality of the Search Strategy: A Case of Bibliometric Studies Published in Business and Economics. Scientometrics 2023 , 128 , 4855–4874. [ Google Scholar ] [ CrossRef ]
• G20. Wikipedia 2024. Available online: https://en.wikipedia.org/wiki/G20 (accessed on 5 May 2024).
• Kokol, P. Discrepancies among Scopus and Web of Science, Coverage of Funding Information in Medical Journal Articles: A Follow-up Study. J. Med. Libr. Assoc. 2023 , 111 , 703–709. [ Google Scholar ] [ CrossRef ]
• Vakkuri, V.; Kemell, K.-K.; Kultanen, J.; Abrahamsson, P. The Current State of Industrial Practice in Artificial Intelligence Ethics. IEEE Softw. 2020 , 37 , 50–57. [ Google Scholar ] [ CrossRef ]
• Pasricha, S.; Wolf, M. Ethical Design of Computers: From Semiconductors to IoT and Artificial Intelligence. IEEE Des. Test 2024 , 41 , 7–16. [ Google Scholar ] [ CrossRef ]
• Barletta, V.S.; Caivano, D.; Gigante, D.; Ragone, A. A Rapid Review of Responsible AI Frameworks: How to Guide the Development of Ethical AI. In Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering, Oulu, Finland, 14–16 June 2023; pp. 358–367. [ Google Scholar ]
• Nazim, M.; Wali Mohammad, C.; Sadiq, M. A Comparison between Fuzzy AHP and Fuzzy TOPSIS Methods to Software Requirements Selection. Alex. Eng. J. 2022 , 61 , 10851–10870. [ Google Scholar ] [ CrossRef ]
• Ali, S.; Ullah, N.; Abrar, M.F.; Yang, Z.; Huang, J.; Ali, R. Fuzzy Multicriteria Decision-Making Approach for Measuring the Possibility of Cloud Adoption for Software Testing. Sci. Program. 2020 , 2020 , 6597316. [ Google Scholar ] [ CrossRef ]
• Le, T.-A.; Huynh, Q.-T.; Nguyen, T.-T.-N.; Thi, M.-H.T. A New Method for Enhancing Software Effort Estimation by Using ANFIS-Based Approach. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering ; Springer: Cham, Switzerland, 2021; Volume 379, pp. 195–210. [ Google Scholar ] [ CrossRef ]
• Rathi, N.; Srivathsav, R.; Chitlangia, R.; Pachghare, V.K. Automatic Selenium Code Generation for Testing. Adv. Intell. Syst. Comput. 2020 , 1039 , 194–200. [ Google Scholar ] [ CrossRef ]
• Hooda, S.; Sood, V.M.; Singh, Y.; Dalal, S.; Sood, M. Agile Software Development: Trends, Challenges and Applications ; John Wiley & Sons, Inc.: Hoboken, NJ, USA, 2023; p. 365. ISBN 978-1-119-89683-8. [ Google Scholar ]
• Fehlmann, T.; Kranich, E. ART for Agile: Autonomous Real-Time Testing in the Product Development Cycle. Commun. Comput. Inf. Sci. 2021 , 1442 , 377–390. [ Google Scholar ] [ CrossRef ]
• Shankar, S.P.; Chaudhari, S.S. Framework for the Automation of SDLC Phases Using Artificial Intelligence and Machine Learning Techniques. Int. J. Recent Innov. Trends Comput. Commun. 2023 , 11 , 379–390. [ Google Scholar ] [ CrossRef ]
• Kataev, M.; Bulysheva, L.; Xu, L.; Ekhlakov, Y.; Permyakova, N.; Jovanovic, V. Fuzzy Model Estimation of the Risk Factors Impact on the Target of Promotion of the Software Product. Enterp. Inf. Syst. 2020 , 14 , 797–811. [ Google Scholar ] [ CrossRef ]
• Klus, H.; Knieke, C.; Rausch, A.; Wittek, S. Software Engineering Meets Artificial Intelligence. Electron. Commun. EASST 2023 , 82 , 1–16. [ Google Scholar ] [ CrossRef ]
• Ahmed, H.A.; Bawany, N.Z.; Shamsi, J.A. Capbug-a Framework for Automatic Bug Categorization and Prioritization Using Nlp and Machine Learning Algorithms. IEEE Access 2021 , 9 , 50496–50512. [ Google Scholar ] [ CrossRef ]
• Sawant, A.A.; Devanbu, P. Naturally!: How Breakthroughs in Natural Language Processing Can Dramatically Help Developers. IEEE Softw. 2021 , 38 , 118–123. [ Google Scholar ] [ CrossRef ]
• Charitsis, C.; Piech, C.; Mitchell, J.C. Using NLP to Quantify Program Decomposition in CS1. In Proceedings of the Proceedings of the Ninth ACM Conference on Learning, New York, NY, USA, 1–3 June 2022; pp. 113–120. [ Google Scholar ]
• dos Santos, G.E.; Figueiredo, E. Commit Classification Using Natural Language Processing: Experiments over Labeled Datasets. 2020. Available online: https://cibse2020.ppgia.pucpr.br/images/artigos/4/S04_P1.pdf (accessed on 5 May 2024).
• Wong, M.-F.; Guo, S.; Hang, C.-N.; Ho, S.-W.; Tan, C.-W. Natural Language Generation and Understanding of Big Code for AI-Assisted Programming: A Review. Entropy 2023 , 25 , 888. [ Google Scholar ] [ CrossRef ]
• Koreeda, Y.; Morishita, T.; Imaichi, O.; Sogawa, Y. LARCH: Large Language Model-Based Automatic Readme Creation with Heuristics. In Proceedings of the 32nd ACM International Conference on Information and Knowledge Management, Birmingham, UK, 21–25 October 2023; pp. 5066–5070. [ Google Scholar ]
• Di Sipio, C.; Di Rocco, J.; Di Ruscio, D.; Nguyen, P.T. MORGAN: A Modeling Recommender System Based on Graph Kernel. Softw. Syst. Model. 2023 , 22 , 1427–1449. [ Google Scholar ] [ CrossRef ]
• Jánki, Z.R.; Bilicki, V. The Impact of the Web Data Access Object (WebDAO) Design Pattern on Productivity. Computers 2023 , 12 , 149. [ Google Scholar ] [ CrossRef ]
• Pauzi, Z.; Capiluppi, A. Applications of Natural Language Processing in Software Traceability: A Systematic Mapping Study. J. Syst. Softw. 2023 , 198 , 111616. [ Google Scholar ] [ CrossRef ]
• Zhao, L.; Alhoshan, W.; Ferrari, A.; Letsholo, K.J.; Ajagbe, M.A.; Chioasca, E.-V.; Batista-Navarro, R.T. Natural Language Processing for Requirements Engineering. ACM Comput. Surv. 2021 , 54 , 1–41. [ Google Scholar ] [ CrossRef ]
• Umar, M.A.; Lano, K. Advances in Automated Support for Requirements Engineering: A Systematic Literature Review. Requir. Eng. 2024 , 29 , 177–207. [ Google Scholar ] [ CrossRef ]
• Arulmohan, S.; Meurs, M.-J.; Mosser, S. Extracting Domain Models from Textual Requirements in the Era of Large Language Models. In Proceedings of the 2023 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), Västerås, Sweden, 1–6 October 2023; pp. 580–587. [ Google Scholar ]
• Vahabi, S.; Hozhabri, A. Automatic Use Case Classification Based on Topic Grouping for Requirements Engineering. Innov. Syst. Softw. Eng. 2024 , 20 , 85–96. [ Google Scholar ] [ CrossRef ]
• Kochbati, T.; Li, S.; Gérard, S.; Mraidha, C. From User Stories to Models: A Machine Learning Empowered Automation. In Proceedings of the MODELSWARD 2022-9th International Conference on Model-Driven Engineering and Software Development, Virtual Event, 8–10 February 2021; pp. 28–40. [ Google Scholar ]
• Gunes, T.; Aydemir, F.B. Automated Goal Model Extraction from User Stories Using NLP. In Proceedings of the 2020 IEEE 28th International Requirements Engineering Conference, Zurich, Switzerland, 31 August–4 September 2020; pp. 382–387. [ Google Scholar ]
• Wang, Y.; Hu, K.; Jiang, B.; Xia, X.; Tang, X.-S. A Systematic Literature Review of Software Traceability Links Automation Techniques. Jisuanji Xuebao/Chin. J. Comput. 2023 , 46 , 1919–1946. [ Google Scholar ]
• Hey, T.; Keim, J.; Koziolek, A.; Tichy, W.F. NoRBERT: Transfer Learning for Requirements Classification. In Proceedings of the 2020 IEEE 28th International Requirements Engineering Conference, Zurich, Switzerland, 31 August–4 September 2020; pp. 169–179. [ Google Scholar ]
• Alhoshan, W.; Ferrari, A.; Zhao, L. Zero-Shot Learning for Requirements Classification: An Exploratory Study. Inf. Softw. Technol. 2023 , 159 , 107202. [ Google Scholar ] [ CrossRef ]
• Ezzini, S.; Abualhaija, S.; Arora, C.; Sabetzadeh, M.; Briand, L.C. Using Domain-Specific Corpora for Improved Handling of Ambiguity in Requirements. In Proceedings of the 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), Madrid, Spain, 22–30 May 2021; pp. 1485–1497. [ Google Scholar ]
• Sarmiento-Calisaya, E.; do Prado Leite, J.C.S. Early Analysis of Requirements Using NLP and Petri-Nets. J. Syst. Softw. 2024 , 208 , 111901. [ Google Scholar ] [ CrossRef ]
• Shen, Y.; Breaux, T. Stakeholder Preference Extraction from Scenarios. IEEE Trans. Softw. Eng. 2024 , 50 , 69–84. [ Google Scholar ] [ CrossRef ]
• García, S.E.M.; Fernández-y-Fernández, C.A.; Pérez, E.G.R. Classification of Non-Functional Requirements Using Convolutional Neural Networks. Program. Comput. Softw. 2023 , 49 , 705–711. [ Google Scholar ] [ CrossRef ]
• Tikayat Ray, A.; Cole, B.F.; Pinon Fischer, O.J.; Bhat, A.P.; White, R.T.; Mavris, D.N. Agile Methodology for the Standardization of Engineering Requirements Using Large Language Models. Systems 2023 , 11 , 352. [ Google Scholar ] [ CrossRef ]
• Calle Gallego, J.M.; Zapata Jaramillo, C.M. QUARE: Towards a Question-Answering Model for Requirements Elicitation. Autom. Softw. Eng. 2023 , 30 , 25. [ Google Scholar ] [ CrossRef ]
• De Carvalho, H.D.P.; Fagundes, R.; Santos, W. Extreme Learning Machine Applied to Software Development Effort Estimation. IEEE Access 2021 , 9 , 92676–92687. [ Google Scholar ] [ CrossRef ]
• Rodríguez Sánchez, E.; Vázquez Santacruz, E.F.; Cervantes Maceda, H. Effort and Cost Estimation Using Decision Tree Techniques and Story Points in Agile Software Development. Mathematics 2023 , 11 , 1477. [ Google Scholar ] [ CrossRef ]
• Heng, S.; Snoeck, M.; Tsilionis, K. Building a Software Architecture out of User Stories and BDD Scenarios: Research Agenda. In Proceedings of the CEUR Workshop Proceedings, Ljubljana, Slovenia, 29 November 2022; Volume 3134, pp. 40–46. [ Google Scholar ]
• Mcmurray, S.; Sodhro, A.H. A Study on ML-Based Software Defect Detection for Security Traceability in Smart Healthcare Applications. Sensors 2023 , 23 , 3470. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Jadhav, A.; Kaur, M.; Akter, F. Evolution of Software Development Effort and Cost Estimation Techniques: Five Decades Study Using Automated Text Mining Approach. Math. Probl. Eng. 2022 , 2022 , 5782587. [ Google Scholar ] [ CrossRef ]
• Priya Varshini, A.G.; Anitha Kumari, K.; Varadarajan, V. Estimating Software Development Efforts Using a Random Forest-Based Stacked Ensemble Approach. Electronics 2021 , 10 , 1195. [ Google Scholar ] [ CrossRef ]
• Singal, P.; Kumari, A.C.; Sharma, P. Estimation of Software Development Effort: A Differential Evolution Approach. Procedia Comput. Sci. 2020 , 167 , 2643–2652. [ Google Scholar ]
• Khan, F.; Lingala, G. Machine Learning Techniques For Software Component Reusability. In Proceedings of the 2022 3rd International Conference for Emerging Technology (INCET), Belgaum, India, 27–29 May 2022. [ Google Scholar ]
• Gupta, N.; Sinha, R.R.; Goyal, A.; Sunda, N.; Sharma, D. Analyze the Performance of Software by Machine Learning Methods for Fault Prediction Techniques. Int. J. Recent Innov. Trends Comput. Commun. 2023 , 11 , 178–187. [ Google Scholar ] [ CrossRef ]
• Nasser, A.B.; Ghanem, W.; Abdul-Qawy, A.S.H.; Ali, M.A.H.; Saad, A.-M.; Ghaleb, S.A.A.; Alduais, N. A Robust Tuned K-Nearest Neighbours Classifier for Software Defect Prediction. Lect. Notes Netw. Syst. 2023 , 573 , 181–193. [ Google Scholar ] [ CrossRef ]
• Khan, M.A.; Elmitwally, N.S.; Abbas, S.; Aftab, S.; Ahmad, M.; Fayaz, M.; Khan, F. Software Defect Prediction Using Artificial Neural Networks: A Systematic Literature Review. Sci. Program. 2022 , 2022 , 2117339. [ Google Scholar ] [ CrossRef ]
• Hilmi, M.A.A.; Puspaningrum, A.; Darsih; Siahaan, D.O.; Samosir, H.S.; Rahma, A.S. Research Trends, Detection Methods, Practices, and Challenges in Code Smell: SLR. IEEE Access 2023 , 11 , 129536–129551. [ Google Scholar ] [ CrossRef ]
• Soomlek, C.; van Rijn, J.N.; Bonsangue, M.M. Automatic Human-Like Detection of Code Smells ; Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer International Publishing: Cham, Switzerland, 2021; Volume 12986. [ Google Scholar ] [ CrossRef ]
• Mock, M. Utilization of Machine Learning for the Detection of Self-Admitted Vulnerabilities. Lecture Notes in Computer Science ; Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics; Springer International Publishing: Cham, Switzerland, 2024; Volume 14484. [ Google Scholar ] [ CrossRef ]
• Pontillo, V.; Palomba, F.; Ferrucci, F. Toward Static Test Flakiness Prediction: A Feasibility Study. In Proceedings of the 5th International Workshop on Machine Learning Techniques for Software Quality Evolution, Athens, Greece, 23 August 2021; pp. 19–24. [ Google Scholar ]
• Albuquerque, D.; Guimaraes, E.; Tonin, G.; Rodriguez, P.; Perkusich, M.; Almeida, H.; Perkusich, A.; Chagas, F. Managing Technical Debt Using Intelligent Techniques—A Systematic Mapping Study. IEEE Trans. Softw. Eng. 2023 , 49 , 2202–2220. [ Google Scholar ] [ CrossRef ]
• Hu, X.; Li, G.; Xia, X.; Lo, D.; Jin, Z. Deep Code Comment Generation with Hybrid Lexical and Syntactical Information. Empir. Softw. Eng. 2020 , 25 , 2179–2217. [ Google Scholar ] [ CrossRef ]
• Li, B.; Yan, M.; Xia, X.; Hu, X.; Li, G.; Lo, D. Deep Commenter: A Deep Code Comment Generation Tool with Hybrid Lexical and Syntactical Information. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual, 8–13 November 2020; pp. 1571–1575. [ Google Scholar ]
• Georgiou, K.; Charmanas, K.; Papageorgiadis, K.; Mittas, N.; Christidis, G.; Angelis, L. A Data-Driven Framework for Knowledge Exchange Analysis of Development Issues in Medical Applications: A Case Study of COVID-19. In Proceedings of the 2023 49th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), Durres, Albania, 6–8 September 2023; pp. 386–393. [ Google Scholar ]
• Sabor, K.K.; Hamdaqa, M.; Hamou-Lhadj, A. Automatic Prediction of the Severity of Bugs Using Stack Traces and Categorical Features. Inf. Softw. Technol. 2020 , 123 , 106205. [ Google Scholar ] [ CrossRef ]
• Li, M.; Yu, H.; Fan, G.; Zhou, Z.; Huang, J. ClassSum: A Deep Learning Model for Class-Level Code Summarization. Neural Comput. Appl. 2023 , 35 , 3373–3393. [ Google Scholar ] [ CrossRef ]
• Jain, R.; Gervasoni, N.; Ndhlovu, M.; Rawat, S. A Code Centric Evaluation of C/C++ Vulnerability Datasets for Deep Learning Based Vulnerability Detection Techniques. In Proceedings of the 16th Innovations in Software Engineering Conference, Allahabad, India, 23–25 February 2023. [ Google Scholar ]
• Iannone, E.; Guadagni, R.; Ferrucci, F.; De Lucia, A.; Palomba, F. The Secret Life of Software Vulnerabilities: A Large-Scale Empirical Study. IEEE Trans. Softw. Eng. 2023 , 49 , 44–63. [ Google Scholar ] [ CrossRef ]
• Zhu, K.; Yin, M.; Li, Y. Detecting and Classifying Self-Admitted of Technical Debt with CNN-BiLSTM. J. Phys. Conf. Ser. 2021 , 1955 , 012102. [ Google Scholar ] [ CrossRef ]
• Wang, X.; Liu, J.; Li, L.; Chen, X.; Liu, X.; Wu, H. Detecting and Explaining Self-Admitted Technical Debts with Attention-Based Neural Networks. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, Virtual, 21–25 December 2020; pp. 871–882. [ Google Scholar ]
• Tsoukalas, D.; Kehagias, D.; Siavvas, M.; Chatzigeorgiou, A. Technical Debt Forecasting: An Empirical Study on Open-Source Repositories. J. Syst. Softw. 2020 , 170 , 110777. [ Google Scholar ] [ CrossRef ]
• Scott, E.; Campo, M. An Adaptive 3D Virtual Learning Environment for Training Software Developers in Scrum. Interact. Learn. Environ. 2023 , 31 , 5200–5218. [ Google Scholar ] [ CrossRef ]
• Kirova, V.D.; Ku, C.S.; Laracy, J.R.; Marlowe, T.J. Software Engineering Education Must Adapt and Evolve for an LLM Environment. In Proceedings of the 55th ACM Technical Symposium on Computer Science Education ; Association for Computing Machinery: New York, NY, USA, 2024; Volume 1, pp. 666–672. [ Google Scholar ]
• Nguyen-Duc, A.; Cabrero-Daniel, B.; Przybylek, A.; Arora, C.; Khanna, D.; Herda, T.; Rafiq, U.; Melegati, J.; Guerra, E.; Kemell, K.-K.; et al. Generative Artificial Intelligence for Software Engineering—A Research Agenda. arXiv 2023 , arXiv:2310.18648. [ Google Scholar ]
• Alshahwan, N.; Harman, M.; Harper, I.; Marginean, A.; Sengupta, S.; Wang, E. Assured LLM-Based Software Engineering. arXiv 2024 , arXiv:2402.04380. [ Google Scholar ]
• Shcherban, S.; Liang, P.; Tahir, A.; Li, X. Automatic Identification of Code Smell Discussions on Stack Overflow: A Preliminary Investigation. In Proceedings of the 14th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Bari, Italy, 5–9 October 2020. [ Google Scholar ]
• Awan, W.N.; Paasivaara, M.; Gloor, P.; Salman, I. Creating Happier and More Productive Software Engineering Teams through AI and Machine Learning. 2024, Volume 3621. Available online: https://ceur-ws.org/Vol-3621/phd-paper1.pdf (accessed on 5 May 2024).
• Li, W.; Wu, F.; Fu, C.; Zhou, F. A Large-Scale Empirical Study on Semantic Versioning in Golang Ecosystem. In Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), Luxembourg, 11–15 September 2023; pp. 1604–1614. [ Google Scholar ]
• Izadi, M.; Akbari, K.; Heydarnoori, A. Predicting the Objective and Priority of Issue Reports in Software Repositories. Empir. Softw. Eng. 2022 , 27 , 50. [ Google Scholar ] [ CrossRef ]
• He, H.; He, R.; Gu, H.; Zhou, M. A Large-Scale Empirical Study on Java Library Migrations: Prevalence, Trends, and Rationales. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Athens, Greece, 23–28 August 2021; pp. 478–490. [ Google Scholar ]
• Kokol, P.; Završnik, J.; Vošner, H.B. Bibliographic-Based Identification of Hot Future Research Topics: An Opportunity for Hospital Librarianship. J. Hosp. Librariansh. 2018 , 18 , 315–322. [ Google Scholar ] [ CrossRef ]
• Akbar, M.A.; Khan, A.A.; Liang, P. Ethical Aspects of ChatGPT in Software Engineering Research. IEEE Trans. Artif. Intell. 2023 , 1–14. [ Google Scholar ] [ CrossRef ]
• Menezes, T. A Review to Find Elicitation Methods for Business Process Automation Software. Software 2023 , 2 , 177–196. [ Google Scholar ] [ CrossRef ]
• Self-Healing Code Is the Future of Software Development—Stack Overflow. Available online: https://stackoverflow.blog/2023/12/28/self-healing-code-is-the-future-of-software-development/ (accessed on 3 May 2024).
• Ahmad, A.; Waseem, M.; Liang, P.; Fahmideh, M.; Aktar, M.S.; Mikkonen, T. Towards Human-Bot Collaborative Software Architecting with ChatGPT. In Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering ; Association for Computing Machinery: New York, NY, USA, 2023; pp. 279–285. [ Google Scholar ]
• Khojah, R.; Mohamad, M.; Leitner, P.; Neto, F.G.dO. Beyond Code Generation: An Observational Study of ChatGPT Usage in Software Engineering Practice. arXiv 2024 , arXiv:2404.14901. [ Google Scholar ]

Share and Cite

Kokol, P. The Use of AI in Software Engineering: A Synthetic Knowledge Synthesis of the Recent Research Literature. Information 2024 , 15 , 354. https://doi.org/10.3390/info15060354

Kokol P. The Use of AI in Software Engineering: A Synthetic Knowledge Synthesis of the Recent Research Literature. Information . 2024; 15(6):354. https://doi.org/10.3390/info15060354

Kokol, Peter. 2024. "The Use of AI in Software Engineering: A Synthetic Knowledge Synthesis of the Recent Research Literature" Information 15, no. 6: 354. https://doi.org/10.3390/info15060354

Article Metrics

Further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals