Computational System to Classify Cyber Crime O ﬀ enses using Machine Learning

: Particularly in the last decade, Internet usage has been growing rapidly. However, as the Internet becomes a part of the day to day activities, cybercrime is also on the rise. Cybercrime will cost nearly $6 trillion per annum by 2021 as per the cybersecurity ventures report in 2020. For illegal activities, cybercriminals utilize any network computing devices as a primary means of communication with a victims’ devices, so attackers get proﬁt in terms of ﬁnance, publicity and others by exploiting the vulnerabilities over the system. Cybercrimes are steadily increasing daily. Evaluating cybercrime attacks and providing protective measures by manual methods using existing technical approaches and also investigations has often failed to control cybercrime attacks. Existing literature in the area of cybercrime o ﬀ enses su ﬀ ers from a lack of a computation methods to predict cybercrime, especially on unstructured data. Therefore, this study proposes a ﬂexible computational tool using machine learning techniques to analyze cybercrimes rate at a state wise in a country that helps to classify cybercrimes. Security analytics with the association of data analytic approaches help us for analyzing and classifying o ﬀ enses from India-based integrated data that may be either structured or unstructured. The main strength of this work is testing analysis reports, which classify the o ﬀ enses accurately with 99 percent accuracy.


Introduction
Currently, cybercrime is being used with diverse terminologies such as computer crime, e-crime, Internet crime, etc. [1]. However, the association of chief police officers of England (ACPO) and the U.S Department of Justice (DOJ) define cybercrime as any crime committed by any electronic computing devices [2][3][4]. Likewise, CERT-In and CERT-US are providing services to the users by prior notifications on the list of vulnerabilities that causes them to become victims of the cyber-attacks. Further, in 2010 [5,6] recommended a cybercrime model for classification that is dependent on the role of the computers' intelligence in cybercrime. Similarly, various taxonomies are proposed by the researchers, scholars and users to categorize the cybercrimes.
The growing rate of cybercrime threats is increasing day by day. Currently, there is no foolproof systematic and reliable tool on reviews of cybercrimes due to a lack of record maintenance at concerned offices because of various reasons such as victims' assumptions on police response, lack of awareness of the users about IT (information technology) act on cybercrimes and the inability of the victims to be recognized that they have been victimized. Promoting and educating the people on cybercrimes, identification and maintenance of area wise cybercrime rates could also assist in reducing and classifying the cybercrimes.
The main focus of this research work is to find the attacks that take advantage of security vulnerabilities [7][8][9][10][11][12][13][14][15] and classify these attacks by making use of machine learning techniques [16][17][18][19]. The framework developed in this research work is essential for the creation of a model that can support analytics regarding the identification, detection and classification of integrated cybercrime offenses. The proposed tool will provide the essential broad knowledge of cybercrime offenses in the society, enable them to consider the threat landscape of such attacks, and avoid the personification of the cybercrime offenses. This will make it easier to understand the patterns of various cybercrime offenses in a particular area and then concerned authorities can take the necessary measures in order to reduce the incarnation of the frequently occurred cybercrime offenses.
Prediction analysis of the integrated cybercrime offenses are made, to make year-wise analysis and find the occurrences of the various offenses in a particular location and then find the crime rate in a particular year. In this proposed work, we present a framework that will analyze and classify the cybercrime offenses and the datasets (for cybercrime in India) were obtained from Kaggle and CERT-In repositories. The main objectives of this research work are: 1) Analyze and classify the various types of cybercrimes; 2) Group them as different clusters that help to analyze and predict the rate of the incidents easily; 3) Test and analyze the performance of the proposed system.
After discussing the prerequisite of the paper in Section 1 the remaining study is organized as follows: Literature survey related to the cybercrime offenses is presented in Section 2. Section 3 consists of a detailed description of the proposed model methodology and algorithms. Analysis of the results obtained is presented in Section 4. Section 5 presents conclusions deduced from the research work along with future research directions.

Related Works
To date, several methods were proposed to analyze and evaluate the cybercrime offenses. Several researchers presented methods to analyze the cybercrime offenses, but there are some pros and cons with their works. They are presented in this section.
Ganesan & Mayilvahanan [19] propose a methodology that offered the discovery of unpredicted patterns. They analyzed the cybercrime data from the database, which is a collection of data fields from Internet web pages. The data fields include cyber-bullying, stalking, scams, robbery, identity theft, defamation and harassment. They introduced this model in order to categorize cybercrime offenses such as whether they are violent or non-violent, and further, they can be categorized as various types of cybercrimes such as cyber terrorism, cyberstalking, pornography, cyberbullying, cyber fraud and cyber theft.
Khan, et al. [20] discussed a system that identified the occurrence of the Denial of Service (DoS) attacks in the network by using the data mining approaches such as pattern recognition, Breadth-First Search (BFS). Here the model only concentrated on the log files, not on the records that were communicated through the network.
Nouh et. al [21] designed a multipurpose cybercrime intelligent system framework. The core aim of this framework was to minimize cognitive biases usage during the investigation process. This model provides six major steps, i.e., defining the problem, generating the hypothesis, collecting the information, evaluating the hypothesis, selection of related hypothesis and the information monitoring about incidents continuously. The main drawback of this framework is that it does not provide specificity though it is designed to achieve specific functionalities only. Moreover, it is for specific kinds of analytics only.
Prasanthi et al. [22] proposed a cybercrime prevention and detection model by feature extraction. The features such as incident, type of crime (online or offline) were extracted by using the TFIDF (term Sustainability 2020, 12, 4087 3 of 16 frequency-inverse document frequency) weighted vectors present in the cybercrime data. The main purpose was to get knowledge from the study through the framework that processes the cybercrime offenses classification by feature extraction based on occurrence and severity. The model was evaluated by similar clustering kind of the cybercrime offenses by features extracted so that it can easily identify the repeated cybercrime offenses and can possibly to take precautions on such crimes.
Soomro et al. [23], discussed various cybercrimes related to social media. Here they recommended some techniques to prevent cybercrimes over social media. In current days, social media is using as a tool by the users to convey bulk messages, organize online meetings and work at home and others. In this work, authors have mentioned different types of cybercrimes with corresponding prevention tips and techniques. This study is only helpful for study purposes. It does not detect and predict cybercrimes cases.
Çagrı et al. [24], designed and developed a system that detected the cybersecurity-related accounts on online social networks (OSN) such as Twitter. The authors used machine learning approaches such as SVM, decision tree and Random Forest approaches to detect suspicious accounts automatically on Twitter (OSN) platform. Some behavioral, profile and content features extracted from the tweets later applied a certain approach to identify the anonymous account. However, only twitter-based suspicious account detection concentrated by the authors while implementing this model. This framework is not useful to detect and predict all the cybercrimes on all OSN platforms.
Chen et al. [25], addressed a general framework related to cybercrime mining by showing some examples in the study. This framework showed the relationship between data mining techniques for entity extraction, association, prediction and visualization and crime types. This study addressed an analysis of criminal networks and also criminal groups. The Coplink data were used here to test their methodology.
Prabakaran et al. [26], mentioned different data mining techniques and machine learning techniques in their review work. This work presented various types of crimes like violent crime, traffic violence, sexual assault and cybercrimes. Here they discussed general techniques that help to detect various crimes. In this work, genetic algorithm, hidden Markov model, neural network, kernel destiny algorithm, logistic regression, random forest, and k-means were used.
Chauhan et al. [27], presented a review report on crime analysis using data mining techniques. It discussed how the data mining approaches like k-means algorithm, random forest, etc. can help to identify the criminals.
Based on the literature review it can be said that machine learning is an efficient tool to detect and classify cybercrimes. However, still, there is a scope of improvements in this regard. Therefore, in this research work a machine learning based tool is proposed to find the attacks that take advantage of security weaknesses and classify these cyber-attacks.

Proposed Methodology
At present, there is no generalized framework is available to categorize cybercrime offenses by feature extraction of the cases. In the present work, data analysis and machine learning are incorporated to build a cybercrime detection and analytics system. The proposed system's design and implementation utilize classification, clustering and supervised algorithms. Figure 1 depicts the proposed methodology. Here, naïve Bayes is used for classification [28][29][30][31][32][33][34] and k-means are used for clustering [35]. For feature extraction in the proposed work, the TFIDF or tf-idf vector process is used [36]. This developed methodology is based on 4 phases that are applied to the data, which are reconnaissance, preprocessing, data clustering and classification and prediction analysis.

Information Gathering (Reconnaissance)
In the reconnaissance phase, the integrated data (structured and unstructured) are collected from Kaggle and CERT-In. The integrated data are stored as raw data in the database. Table 1 depicts sample data of the dataset considered in the proposed model. The next phase of the approach is preprocessing that is used to remove the noisy information from the raw data.  Figure 1. Proposed approach to analyze cybercrime incidents.

Information Gathering (Reconnaissance)
In the reconnaissance phase, the integrated data (structured and unstructured) are collected from Kaggle and CERT-In. The integrated data are stored as raw data in the database. Table 1 depicts sample data of the dataset considered in the proposed model. The next phase of the approach is preprocessing that is used to remove the noisy information from the raw data.

Preprocessing
In this phase only the feature extraction process takes place. It converts the high dimensional data to low dimensional data. This preprocessed data are helpful for data visualization because a composite data can organize well when that complex data are converted as a less number of dimensions. For feature extraction in the proposed work, the TFIDF or tf-idf vector process is used [36]. It will evaluate the unigrams and bigrams of each and every corresponding cybercrime. One of the best approaches for the feature extraction is the use of a bag of a model, which means a model for each feature in our case finds out the presence of a number of different words that are taken into consideration, but not the order of the words they occur in each of the features. Table 2 shows the list of content-based features which are considered to make classification of cybercrimes what has listed in Table 1 such as identity theft, copyright attack, hacking and others. It can be done by finding the word frequencies using the tf-idf Vector [37][38][39][40]. Text data must be preprocessed before prediction analysis and remove the irrelevant words or noise called tokenizers. In this work, tf-idf was used to identify relevant terms in a document. It consists of two parts: one is Term Frequency and the other one is Inverse Document Frequency.

Incident Offender
Harm Access Violation Year Victim Term Frequency: This recapitulates how often a word has occurred in the given report and finds out the importance of each word in a document with respect to the whole corpus and is calculated using Equation (1) [41][42][43].
Inverse Document Frequency: This downscales the given words present in the report that appeared many times in the report [41][42][43].
The main steps involved in tf-idf are, (1) tokenize the sentence (2) evaluate term frequency (tf) (3) evaluate inverse document frequency (idf) (4) calculate the tf-idf score by multiplying the tf and idf results (5) score the record sentences (6) find the threshold.
Tokenize the sentence: It is an initial step. Here words of the records are tokenized, and weights are assigned to them. Evaluate Term Frequency: The term frequency (tf) for each term in a record is evaluated based on statistics of its presence in a record. Later, the tf values of each term are stored in a matrix format. That is called as tf matrix [41].
where N term = No. of times the term appeared in a record T term = Total no. of terms in a record. Evaluate Inverse Document Frequency: The inverse document frequency (idf) for each term in a record evaluated here. Later stored those in a matrix referred it as idf matrix.
where N = Total No. of Records; N term = Total No. of terms in Records. Calculation of tf-idf score: tf-idf score evaluated by considering the individual matrices of both the frequencies, i.e., tf and idf.
Scoring the record sentences: A sentence of scoring is various in different approaches or algorithms. Here, we have considered tf-idf to allot a score to the terms of a sentence that belongs to a record. The average value of tf-idf of all the terms of a sentence becomes the score of that sentence.
Find the Threshold: Number of approaches existed to evaluate the threshold values. Here we have considered the average score of all the sentences in the record as the threshold. Generally, this value helps to detect the correlated terms in the data.
The chi-squared (χ 2 ) measure is used to find out the correlation between the two categorical attributes of the incident [25]. It checks whether a relationship between the two variables reflect on the cybercrime dataset or not.
where O = Observed count of incidents and cybercrimes; E = Expected Count of Incidents and cybercrimes.
For an incident feature, we compute term frequency measure and inverse document frequency measure, which are used to calculate the tf-idf vector for each of the cybercrime incidents.

Clustering and Classification
Here, naïve Bayes is used for classification [28][29][30][31][32][33][34] and k-means are used for clustering [35]. The cybercrime offenses are clustered based on the TFIDF weighted vectors obtained from the features. The data has considered by using a 70:30 thumb rule. Where 70% of data were utilized for training and 30% of the data were used for validation and testing purposes. It consists of various features such as incidents, year, location, age, etc. By using these features the cybercrime incidents are categorized [44].

Prediction Analysis
In the prediction analysis step, the cybercrime data were analyzed and used to predict which crime is occurring more in a particular year at a particular location. Through this analysis, one can predict the cybercrime data and can reduce the incarnation of cybercrime incidents. Therefore, in this step, the prediction of the cybercrime data is classifie

Results and Analysis
As mentioned in the previous sections, the proposed system is designed and developed by considering the data from sources such as Kaggle and CERT-In. It consists of more than 2000 records with the eight attributes such as incident, offender, victim, harm, year, location, age of the offender and cybercrime. Incidents that occurred in India during 2012-2017 were considered. More than 2000 records are used to construct and test the proposed computational system. Table 3 displays the data after removing missing values in the incident column of the dataset and here, a column is added in which the cybercrime is encoded as an integer. Identity Theft Online shopping fraud 0 7 Hacking Hacking of Smart phone 2 8 Copyright attack Illegal downloading of movie 1 9 Identity Theft Illegal access of bank account 0 Figure 2 shows the data after applying data preprocessing using the TFIDF weighted vector process. Here the dataset consists of 2097 incidents that are represented by 171 features, TFIDF scores for the different unigrams and bigrams obtained, and also results after the chi-squared test is shown in Figure 2. Sustainability2020, 12, x 8 of 15 Figure 2 shows the data after applying data preprocessing using the TFIDF weighted vector process. Here the dataset consists of 2097 incidents that are represented by 171 features, TFIDF scores for the different unigrams and bigrams obtained, and also results after the chi-squared test is shown in Figure 2.  Figure 3 shows the total number of cybercrime incidents clustered under each cluster using the k-means clustering algorithm by considering the word count vectors present in the features provided by the cybercrime dataset. This is done by using the TFIDF vector technique and finding the correlated words corresponding to each incident. The TFIDF parameters are defined upon the case content adequately which facilitates the classification of what all the contents are valuable and unnecessary, respectively and then summarized accordingly. The summarized results of the k-means algorithm are shown in Figure 3.    Figure 3 shows the total number of cybercrime incidents clustered under each cluster using the k-means clustering algorithm by considering the word count vectors present in the features provided by the cybercrime dataset. This is done by using the TFIDF vector technique and finding the correlated words corresponding to each incident. The TFIDF parameters are defined upon the case content adequately which facilitates the classification of what all the contents are valuable and unnecessary, respectively and then summarized accordingly. The summarized results of the k-means algorithm are shown in Figure 3.  Figure 2 shows the data after applying data preprocessing using the TFIDF weighted vector process. Here the dataset consists of 2097 incidents that are represented by 171 features, TFIDF scores for the different unigrams and bigrams obtained, and also results after the chi-squared test is shown in Figure 2.  Figure 3 shows the total number of cybercrime incidents clustered under each cluster using the k-means clustering algorithm by considering the word count vectors present in the features provided by the cybercrime dataset. This is done by using the TFIDF vector technique and finding the correlated words corresponding to each incident. The TFIDF parameters are defined upon the case content adequately which facilitates the classification of what all the contents are valuable and unnecessary, respectively and then summarized accordingly. The summarized results of the k-means algorithm are shown in Figure 3.    Figure 4 shows the clustering plot for the cybercrime incidents as per the dataset. This unsupervised learning algorithm makes use of the encoded data of each attribute present in the dataset. The encoded data were obtained by calculating the count vectors and the weighted vectors for the words corresponding to each feature. Using the proposed system, it was revealed that the crime rate is more in the Madhya Pradesh state, followed by Haryana. This analysis helps to take countermeasures to mitigate the crime rate state-wise, where the criminal cases registered are more. Table 4 shows the over-all occurrence of the cybercrime incidents in India during certain specified periods. It demonstrates that the occurrence of the Identity (ID) theft is more when compared to the other two attacks. We can take some countermeasures in order to reduce the existence of the ID theft attack in India. The existence of the copyright attack and hacking is also more.

Crime Type
Total Crimes 0 Copyright attack 466 1 Hacking 282 2 ID theft 868 3 Others 1923 Figure 5 demonstrates the accuracy rate of the proposed model and the other models such as logistic regression, random forest, linear svc, multinomial nb. From this figure, we can analyze that our model classifies data with 99% accuracy, which shows that the classification of the cybercrime offenses is done accurately by using our model. The random forest classifier does not work well for the proposed model.  Figure 6 demonstrates the precision, recall and f-1 score for our model. These can be obtained by using the confusion matrix obtained in our model and we can get the average accuracy rate for the cybercrimes that are predicted. Using the proposed system, it was revealed that the crime rate is more in the Madhya Pradesh state, followed by Haryana. This analysis helps to take countermeasures to mitigate the crime rate state-wise, where the criminal cases registered are more. Table 4 shows the over-all occurrence of the cybercrime incidents in India during certain specified periods. It demonstrates that the occurrence of the Identity (ID) theft is more when compared to the other two attacks. We can take some countermeasures in order to reduce the existence of the ID theft attack in India. The existence of the copyright attack and hacking is also more.  Figure 5 demonstrates the accuracy rate of the proposed model and the other models such as logistic regression, random forest, linear svc, multinomial nb. From this figure, we can analyze that our model classifies data with 99% accuracy, which shows that the classification of the cybercrime offenses is done accurately by using our model. The random forest classifier does not work well for the proposed model.  Using the proposed system, it was revealed that the crime rate is more in the Madhya Pradesh state, followed by Haryana. This analysis helps to take countermeasures to mitigate the crime rate state-wise, where the criminal cases registered are more. Table 4 shows the over-all occurrence of the cybercrime incidents in India during certain specified periods. It demonstrates that the occurrence of the Identity (ID) theft is more when compared to the other two attacks. We can take some countermeasures in order to reduce the existence of the ID theft attack in India. The existence of the copyright attack and hacking is also more.

Crime Type
Total Crimes 0 Copyright attack 466 1 Hacking 282 2 ID theft 868 3 Others 1923 Figure 5 demonstrates the accuracy rate of the proposed model and the other models such as logistic regression, random forest, linear svc, multinomial nb. From this figure, we can analyze that our model classifies data with 99% accuracy, which shows that the classification of the cybercrime offenses is done accurately by using our model. The random forest classifier does not work well for the proposed model.  Figure 6 demonstrates the precision, recall and f-1 score for our model. These can be obtained by using the confusion matrix obtained in our model and we can get the average accuracy rate for the cybercrimes that are predicted.  Figure 6 demonstrates the precision, recall and f-1 score for our model. These can be obtained by using the confusion matrix obtained in our model and we can get the average accuracy rate for the cybercrimes that are predicted. Precision: It is the measure of truly predicted positive samples to the total number of positively predicted samples. If the precision score is more then it represents that our model is pretty good to classify the samples.

Precision=
TP TP+FP (5) Recall: It is the measure of truly predicted positive samples of all the samples present in the actual class as yes. It is also termed as the sensitivity of the model.

Recall =
TP TP+FN (6) F1 score: It is calculated as the weighted average of both precision and recall. Its main components (considerations) are true negatives, true positives, false negatives and false positives. F1 score is preferred more than accuracy in order to know our classifier model performance measure, as shown in equation 7. F1 Score=2 × (precision × recall) Accuracy is the performance measure used to check our model. It is preferred when the number of false positives values and the false negative values are the same. When the false-positive rates and the false negative rates are different then it is not much a good approach to check the performance of our classifier. In this situation, it is better to use f1 score rather than an accuracy measure. It can be calculated using Accuracy = (TP + TN) (TP + TN + FP + FN) (8) Figure 7 depicts the confusion matrix for our model when the training size was 0.8 and the test size was 0.2. By this, we know how many cases are classified correctly and how many are classified incorrectly. It means we can find out the true negatives and true positives and false negatives and false positives classified by using the model. Precision: It is the measure of truly predicted positive samples to the total number of positively predicted samples. If the precision score is more then it represents that our model is pretty good to classify the samples.
Recall: It is the measure of truly predicted positive samples of all the samples present in the actual class as yes. It is also termed as the sensitivity of the model.
F1 score: It is calculated as the weighted average of both precision and recall. Its main components (considerations) are true negatives, true positives, false negatives and false positives. F1 score is preferred more than accuracy in order to know our classifier model performance measure, as shown in equation 7.
F1 Score = 2 × (precision × recall) Accuracy is the performance measure used to check our model. It is preferred when the number of false positives values and the false negative values are the same. When the false-positive rates and the false negative rates are different then it is not much a good approach to check the performance of our classifier. In this situation, it is better to use f1 score rather than an accuracy measure. It can be calculated using Accuracy = (TP + TN) (TP + TN + FP + FN) (8) Figure 7 depicts the confusion matrix for our model when the training size was 0.8 and the test size was 0.2. By this, we know how many cases are classified correctly and how many are classified incorrectly. It means we can find out the true negatives and true positives and false negatives and false positives classified by using the model. Sustainability2020, 12, x 11 of 15  Figure 8 shows the number of misclassified cybercrime offenses when the test size was 0.33. It demonstrates that the five identity theft cases were predicted as a copyright attack.  Figure 9 shows the number of misclassified incidents when the test size was increased to 0.5. It shows that the eight identity theft cases were misclassified as copyright attacks and one copyright attack was misclassified as identity theft and one identity theft case was misclassified as a hacking attack.  Figure 8 shows the number of misclassified cybercrime offenses when the test size was 0.33. It demonstrates that the five identity theft cases were predicted as a copyright attack.   Figure 8 shows the number of misclassified cybercrime offenses when the test size was 0.33. It demonstrates that the five identity theft cases were predicted as a copyright attack.  Figure 9 shows the number of misclassified incidents when the test size was increased to 0.5. It shows that the eight identity theft cases were misclassified as copyright attacks and one copyright attack was misclassified as identity theft and one identity theft case was misclassified as a hacking attack.  Figure 9 shows the number of misclassified incidents when the test size was increased to 0.5. It shows that the eight identity theft cases were misclassified as copyright attacks and one copyright attack was misclassified as identity theft and one identity theft case was misclassified as a hacking attack. Figure 9. Incorrect predicted cases when the test size was 0.5. Figure 10 demonstrates the total number of misclassified incidents when the test size was increased to 0.6. It shows that the twelve identity theft cases were misclassified as copyright attacks and two copyright attacks were misclassified as identity theft and one hacking attack was misclassified as identity theft attack.  Figure 11 shows the number of misclassified incidents when the test size was 0.4. It shows that the four copyright attacks were misclassified as identity theft attacks and one identity theft attack was misclassified as copyright attack.   Figure 10 demonstrates the total number of misclassified incidents when the test size was increased to 0.6. It shows that the twelve identity theft cases were misclassified as copyright attacks and two copyright attacks were misclassified as identity theft and one hacking attack was misclassified as identity theft attack.  Figure 10 demonstrates the total number of misclassified incidents when the test size was increased to 0.6. It shows that the twelve identity theft cases were misclassified as copyright attacks and two copyright attacks were misclassified as identity theft and one hacking attack was misclassified as identity theft attack.  Figure 11 shows the number of misclassified incidents when the test size was 0.4. It shows that the four copyright attacks were misclassified as identity theft attacks and one identity theft attack was misclassified as copyright attack.   Figure 11 shows the number of misclassified incidents when the test size was 0.4. It shows that the four copyright attacks were misclassified as identity theft attacks and one identity theft attack was misclassified as copyright attack. Figure 10. Cases predicted incorrectly when the test size was 0.6. Figure 11 shows the number of misclassified incidents when the test size was 0.4. It shows that the four copyright attacks were misclassified as identity theft attacks and one identity theft attack was misclassified as copyright attack. Figure 11. Cases predicted incorrectly when the test size is 0.4. Figure 11. Cases predicted incorrectly when the test size is 0.4.

Conclusions and Future Scope
In the present world, cybercrime offenses are happening at an alarming rate. As the use of the Internet is increasing many offenders, make use of this as a means of communication in order to commit a crime. The framework developed in our work is essential to the creation of a model that can support analytics regarding the identification, detection and classification of the integrated cybercrime offenses (structured and unstructured). The main focus of our work is to find the attacks that take advantage of the security vulnerabilities and analyze these attacks by making use of machine learning techniques. The aim is that the developed framework will provide the essential broad knowledge of cybercrime offenses in the society, enable them to consider the threat landscape of such attacks and avoid the incarnation of the cybercrime offenses. From the results, it is evident that the developed framework reduces the time consumption and manual reporting process. It helps to identify the number of filing cases by incident wise and area-wise. This report is useful to predict the cases and to take precautionary steps against filing cybercrime cases on certain hot-spot places identified.

Future Scope
The current model works only with the classification and clustering of the cybercrime patterns. A feature extension needs to be considered into account in order to provide some countermeasures and custom actions to the crime agencies in order to reduce the growth of frequently occurred cybercrimes in the specific location. It is used to provide some standard protocols and procedures which can be used to automate a crime management organization. Furthermore, the information processed by our model would be logged as an aggregator to generate some statistics regarding the occurrence of cybercrime offenses, which leads to the optimization of the supervision of cybercrime offenses by the relevant information security agencies. In the future, the features of the frames-work can be enhanced by using deep learning approaches in the prediction of crime cases area-wide.