1. Introduction

2. Materials and Methods

2.2. Description

Figure 2 outlines the research methodology process, encompassing data collection, analysis techniques, data sources, and ethical considerations.

2.2.1. Research Methods

This study employs a mixed-methods approach, combining quantitative and qualitative research methods.

• Quantitative Methods (Technical Dimensions): Utilized statistical analysis, data modeling, and machine learning techniques to explore technical dimensions within Table 3, including digital forensics, cybersecurity, and computer science's roles in proactive threat prediction.
• Qualitative Methods (Behavioral Dimensions): Encompassing a thorough examination of cyber incident data and utilizing psychological techniques to explore the behavioral aspects outlined in Table 3.

This mixed-methods approach aligns with the interdisciplinary nature of cybersecurity research [37,41,45]. It integrates insights from prior research in the field, such as Aiken and McMahon [1] and Kirwan and Power [16], to understand criminal behaviors in cyberspace and techniques used in digital forensic analysis.

2.2.2. Data Collection Data Sources Include:

• Cyber Incident Logs and Reports: Offering historical data on cyber threats and incidents, these provide insights into past attacks and patterns, essential for understanding the technical aspects of cyber threats.
• ASNs: Pertinent to Internet traffic routing and cyber threat propagation, these are critical for identifying the origins and pathways of cyber threats in alignment with the study's focus on ASNs.
• Behavioral Profiling Techniques: Utilized for comprehending the psychological and behavioral dimensions of cybercriminals, aiding in understanding motivations and methods behind cyber threats.

These diverse data sources facilitate an interdisciplinary approach to investigating both technical and behavioral dimensions in cyber threat prediction, aligning with the methodologies discussed by Pollini et al. [28].

2.2.3. Data Analysis

Quantitative Analysis (Technical Dimensions):

• Statistical Analysis: Applied to historical cyber incident data to identify significant patterns, trends, and anomalies.
• Machine Learning Algorithms: Utilized for advanced predictive modeling, enhancing the precision of threat forecasts.
• Prophet Model: Employed to refine predictive capabilities, especially at capturing seasonal trends and recurring patterns in cyber threat data.
• Qualitative Analysis (Behavioral Dimensions):
• Cyber Incident Log Analysis: Focused on extracting behavioral insights from cyber incidents, delving into the methods and motivations underlying cyber-attacks.
• Cyber Behavioral Analysis Metric (CBAM): Applied to analyze and score ASNs based on their cyber behavior, identifying behavioral and motivational factors driving cyber threats.
• Interdisciplinary Predictive Model (IPM): Utilizes machine learning algorithms for predictive modeling, integrating Cyber Behavioral Score (CBS) to enrich the Advanced Tailored Predictive Tool (ATPT).

This combined quantitative and qualitative approach enables a comprehensive exploration of both technical and behavioral dimensions, aligning with the interdisciplinary nature of the study and integrating insights from Aiken and McMahon [1].

2.2.4. Interdisciplinary Approach (Steps)

The integration of Cyber Forensic Behavioral Analysis (CFBA) into predictive modeling involves several key steps:

• Data Preprocessing: This involves data cleaning and preparation, crucial for maintaining high data quality and reliability.
• CBAM/CBS Enrichment: Enhances predictive accuracy by incorporating behavioral analysis metrics.
• IPM Model Development: Central to predictive modeling, IPM incorporates historical incident data, ASN information, and CBS insights.
• Prophet ATPT Model Integration: Seamlessly integrates daily observations and behavioral analysis, bolstering prediction precision.

These steps emphasize the interdisciplinary nature of the research, combining technical and behavioral elements to advance the accuracy and effectiveness of cyber threat prediction, as suggested by Kirwan and Power [16].

Figure 3 is a graphical flow diagram of the approach that combines CBFA with DF (Digital Forensics) to create an ATPT for a 45-day prediction model.

• Throughout the process, a feedback loop is present between the CBAM and the CBS, indicating a dynamic and iterative approach to refining the behavioral metrics used within the model.
• The model represents a cutting-edge approach in the field of cybersecurity, where understanding the human element behind cyber threats is as crucial as the technical traces left by such activities.
• The ATPT can be a powerful asset for proactive cyber defense strategies, enabling organizations to anticipate and potentially thwart cyber threats well in advance.

2.2.5. Ethical Considerations (Interdisciplinary Approach)

Ethical principles guiding the research include:

• Handling Sensitive Data: Emphasizes the secure and ethical handling of sensitive cyber incident data, ensuring privacy and confidentiality.
• Informed Consent: Ensuring informed consent is obtained in organizational information cases, emphasizing participants' understanding of research objectives and methods while maintaining anonymity.
• Data Anonymization: Rigorous practices are employed, including the removal or encryption of identifiers, to prevent re-identification.
• Data Security: Robust security measures such as encryption, access controls, and secure storage are implemented to protect sensitive information.

Figure 3. Cyber Forensic Behavioral Analysis (CFBA) Predictive Modeling.

Figure 3. Cyber Forensic Behavioral Analysis (CFBA) Predictive Modeling.

These ethical considerations uphold the integrity and responsibility of the research, safeguarding individual and organizational privacy, as endorsed by Attrill-Smith and Wesson [20].

3. Results

3.2. Data Collection and Processing Results

3.2.1. Demographics (Preprocessing)

Data was collected from three ISP customers (Target) over 638 days, data collection yielded no zero-count days for any of the selected Targets. Target3 had the highest average daily entries at 8,598, with a peak daily count reaching 17,245 events, notably different from Target1 and Target2. There were significant daily count variations among the targets, especially with Target3 showing the most fluctuations in attack numbers. Temporal daily patterns for each ISP-Target are displayed in Figure 4, with detailed demographic data in Table 4.

Table 4. Summarized Demographic Data for each ISP-Target.

Table 4. Summarized Demographic Data for each ISP-Target.

Parameter	ISP-Target1	ISP-Target2	ISP-Target3
Total number of days	638	638	638
Total number of log entries processed	4,248,365	3,632,477	5,485,828
Total number of days with zero count	0	0	0
Date with the highest number of attacks	2021-11-05 (Count: 11,033)	2023-01-09 (Count: 14,240)	2023-05-22 (Count: 17,245)
Date with the lowest number of attacks	2022-06-18 (Count: 3,180)	2021-12-20 (Count: 3,571)	2022-06-18 (Count: 1,994)
Mean	6,659	5,694	8,598
Standard deviation (std)	1,190	1,237	1,928
Minimum (min) Number of Attacks per Day	3,180	3,571	1,994
25th Percentile (25%)	5,888	4,865.25	7,279
Median (50%)	6,480	5,460	8,427
75th Percentile (75%)	7,204	6,289	9,588
Maximum (max) Number of Attacks per Day	11,033	14,240	17,245
Number of Unique Source IPs	228,954	194,289	233,892
Number of Unique Source Continents	9	8	6
Number of Unique Countries	198	199	195
Number of Unique Source-AS-Number	8,596	8,577	7,618
Number of Unique Source-AS-Org-Names	8,063	8,055	7,141
Number of Unique Destination IP Ports	65,532	65,536	65,531
Number of Unique Destination IP Services	263	265	261

Figure 4. Temporal Daily Patterns.

Figure 4. Temporal Daily Patterns.

3.2.2. Observations

Key insights drawn from the dataset are:

• Internet Traffic Volume: The highest internet traffic volume was observed in Target3, while Target2 had the lowest.
• Unique Source IPs: Target3 had the highest number of unique source IPs, whereas Target2 had the fewest.
• IP and AS Organizational Name: Recurring ASN '202425,' associated with the AS Organizational Name 'IP Volume Inc,' was identified across all ISPs, indicating significant Internet activity or events originating from this source. Further exploration of this organization's role and activities is warranted.
• Geographical Origin: Most traffic originated from Europe, closely followed by North America. The United States was the top source country across all targets.
• Data Variations: Disparities were observed in the number of unique countries and continents, most-contacted ports, and services. Variations were also noted in the source ASN and Organizations.

Target3 encountered a notably greater volume of attacks and variability than the other two targets. This observation underscores the need for further investigation to identify specific vulnerabilities or threats responsible for this heightened malicious activity, which will be the primary focus for the remainder of this study.

3.4. H2 - CBAM (Cyber Behavioral Analysis Metric) (Behavioral Approach)

This study represents a significant advancement in Forensic Science by combining techniques from Rich's research, [25,27] as outlined in Section “1.2.1. Definitions.” The CBAM process assigns a final CBS (Cyber Behavioral Score) to each ASN. CBS quantifies ASN behaviors, which facilitates a detailed and precise assignment of a final CBS, significantly improving the accuracy of threat prediction. This method effectively validates H2, which suggests a correlation between predefined behavioral patterns and threat levels. By combining these methodologies, the study reinforces the IPM (Interdisciplinary Predictive Model) and ATPT (Advanced Tailored Predictive Tool) process's effectiveness and marks a notable progression in predicting and understanding cyber threats from ASNs.

3.4.1. CBS Accuracy

Table 7 provides a detailed summary of the performance metrics for the three Targets using the IPM methodology. The table demonstrates the alignment of actual CBS with the expected outcomes, categorizing the results into matching and non-matching CBS. Figure 5 visually compares the matches and non-matches by day for Target3.

Table 7. Percent of Matching Behavior Scores.

Table 7. Percent of Matching Behavior Scores.

n = 450	Matching CBS	Non-Matching CBS	% Matching CBS
Target1-Predicted-ASN-Prophet-BehaviorScore	268	182	59.56%
Target2-Predicted-ASN-Prophet-BehaviorScore	276	174	61.33%
Target3-Predicted-ASN-Prophet-BehaviorScore	317	133	70.44%

3.4.2. CBS Evaluation

A comparative evaluation of the 45-day predictive period of Target3's CBS was conducted to understand the IPM performance. A sample of this assessment is illustrated in Table 8, which offers insights from two distinct days. Using observed sample data for specific dates, notably 6/1/2023 and 6/15/2023, encompassed predicted and actual ASN CBS. Variations in these scores were observed, indicating potential discrepancies between expected and observed cyber activities.

Consider the data from June 15, 2023, presented in Table 8. The top 10 predicted malicious ASNs had a 60% positive match rate (identified by orange), leaving a 40% discrepancy (identified by blue). Actual CBS thresholds were applied to the missed ASNs (red and yellow), categorizing them based on their associated threat risks. A predetermined threshold of 250 was used for this analysis; it was observed that there were two high-risk (identified by red) and two medium-risk (identified by yellow) threats among the discrepancies. This percentage demonstrates the model's accuracy in predicting potential threats.

4. Discussion

5. Conclusions

5.3. Practical Implications

This research offers several practical implications listed below and in Table 9 for enhancing cybersecurity:

• Prophet Model Application: The study validates the Prophet model as a valuable tool in cybersecurity, demonstrating its utility in threat prediction [11,14,37,41].
• Integration of Behavioral Insights: CBS is instrumental in understanding attackers' motivations. This understanding aids in developing proactive defense strategies and targeted training programs [10,17,48].
• Interdisciplinary Approach: The effectiveness of cybersecurity is heightened by merging PDFA, offering a more comprehensive strategy for addressing cyber threats [17,19].

Overall, the research advocates for a comprehensive approach that combines technical tools with behavioral insights, significantly improving cyber defense mechanisms in the face of increasingly complex threats.

Table 9. Practical Implications and Contributions.

Table 9. Practical Implications and Contributions.

Dimensions	Description	Key Components and Insights	Supporting References
Potential Contributions to Threat Prediction
Enhance Behavioral Profiling	Refines behavioral profiling techniques for more accurate cybercriminal profiles.	Improves precision in identifying cybercriminal activities.	[2,3,49]
Analyze Psychological Triggers	Examines psychological triggers and motivations behind cybercriminal behavior.	Provides insights into the "why" behind cyber threats.	[7,15,22]
Utilize Digital Footprints	Analyzes digital footprints left by cyber adversaries, understanding their tactics and techniques.	Enables deeper understanding of cyber adversaries' activities.	[11,47,51]
Detect Patterns	Uses temporal analysis to detect patterns in cyber activities, facilitating proactive threat prediction.	Enhances the ability to identify emerging threats.	[25,35,43,50,52]
Prioritize Threats	Develops risk assessments based on historical data and vulnerabilities, aiding in threat prioritization.	Assists in focusing resources on the most critical threats.	[18,33]
Overall Approach
Interdisciplinary Lens	Synergizes technical and behavioral dimensions to enhance cyber threat prediction.	Fortifies cybersecurity strategies in an interconnected world.	[9,28,30,34,51]

References

1. Aiken, M.P.; McMahon, C. The Cyberpsychology of Internet Facilitated Organized Crime. Europol Organized Crime Threat Assessment Report (iOCTA). 2014. Available online: https://www.europol.europa.eu/publications-events/main-reports/internet-organised-crime-threat-assessment-iocta-2014 (accessed on [9/23/2023]).
2. Martineau, M.; Spiridon, E.; Aiken, M. A Comprehensive Framework for Cyber Behavioral Analysis Based on a Systematic Review of Cyber Profiling Literature. Forensic Sci. 2023, 3, 452–477. Available online: https://www.mdpi.com/2673-6756/3/3/32 (accessed on [9/23/2023]). [CrossRef]
3. Aiken, M.P.; Davidson, J.C.; Kirichenko, A.; Markatos, E.P. Human Drivers of Cybercrime: A Forensic Cyberpsychology Approach to Behavioral Profiling. [Manuscript in preparation]. 2023.
4. Capitol Technology University. Doctor of Philosophy (PhD) in Cyberpsychology. Capitol Technology University. Available online: https://www.captechu.edu/degrees-and-programs/doctoral-degrees/cyberpsychology-phd (accessed on [10/23/2023]).
5. Capitol Technology University. Doctor of Philosophy (PhD) in Forensic Cyberpsychology. Capitol Technology University. Available online: https://www.captechu.edu/degrees-and-programs/doctoral-degrees/forensic-cyberpsychology-phd (accessed on [10/23/2023]).
6. FBI. Internet Crime Complaint Center Releases 2022 Statistics. Available online: https://www.fbi.gov/contact-us/field-offices/springfield/news/internet-crime-complaint-center-releases-2022-statistics (accessed on [11/27/2023]).
7. Kirwan, G. The Psychology of Cyber Crime: Concepts and Principles. IGI Global, 2011.
8. Ahmad, A., Hadgkiss, J., & Ruighaver, A. (2012). Incident response teams – challenges in supporting the organisational security function. Computers Security, 31(5), 643–652. [CrossRef]
9. Spitaletta, J.A. Operational Cyberpsychology: Adapting a Special Operations Model for Cyber Operations. Johns Hopkins University Applied Physics Laboratory, 2021. Available online: https://nsiteam.com/social/wp-content/uploads/2021/07/Invited-Perspective-Operational-Cyber-Psych_FINAL.pdf (accessed on [9/23/2023]).
10. Donalds, C.; Osei-Bryson, K.M. Toward a Cybercrime Classification Ontology: A Knowledge-Based Approach. Comput. Hum. Behav. 2019, 92, 403–418. [CrossRef]
11. Alrowaily, M. Investigation of Machine Learning Algorithms for Improving Network Intrusion Detection System in Cybersecurity. Ph.D. Dissertation, University of South Florida, Tampa, FL, USA, 2020.
12. Connolly, I.; Palmer, M.; Barton, H.; Kirwan, G. An Introduction to Cyberpsychology; Routledge: Abingdon, UK, 2016.
13. ReSCIND. "Reimagining Security with Cyberpsychology-Informed Network Defenses." Office of the Director of National Intelligence; Intelligence Advanced Research Projects Activity (IARPA). [Online]. Available: https://www.iarpa.gov/research-programs/rescind. Accessed on 10/12/2023.
14. Back, S.; LaPrade, J. The future of cybercrime prevention strategies: Human factors and a holistic approach to cyber intelligence. Int. J. Cybersec. Intell. Cybercrime 2019, 2(2), 1–4. [CrossRef]
15. Aiken, M.P.; Farr, R.; Witschi, D. Cyberchondria, Coronavirus and Cybercrime: A Perfect Storm. In Handbook of Cyberchondria, Health Literacy, and the Role of Media in Society’s Perception of Medical Information; Aker, H., Aiken, M.P., Eds.; IGI Global: Hershey, PA, USA, 2022a; pp. ch002. [CrossRef]
16. Kirwan, G.; Power, A. Cybercrime: The Psychology of Online Offenders. Cambridge University Press: Cambridge, UK, 2013.
17. Yan, Z. 2012. "Encyclopedia of Cyber Behavior (Volume 1)." IGI Global. ISBN-10: 1668425475.
18. INTERPOL. 2022. "Cybercrime." [Online]. Available: https://www.interpol.int/en/Crimes/Cybercrime.
19. Gillam, A. R. Technology Threat Avoidance Factors as Predictors of Risky Cybersecurity Behavior Within the Enterprise. Indiana State University, ProQuest Dissertations Publishing. 2019.
20. Greitzer, F. L.; Hohimer, R. E. Modeling human behavior to anticipate insider attacks. J. Strateg. Secur. 2011, 4(2), 25–48. Available online: https://digitalcommons.usf.edu/jss/vol4/iss2/3/. (accessed on [9/23/2023]) http://doi.org/10.5038/1944-0472.4.2.2.
21. McAlaney, J., Thackray, H., & Taylor, J. (2016). The social psychology of cybersecurity. https://www.bps.org.uk / psychologist / social - psychology - cybersecurity (accessed: 06.12.2023).
22. Attrill-Smith, A.; Wesson, C. The Psychology of Cybercrime. In The Palgrave Handbook of International Cybercrime and Cyberdeviance; Holt, T., Bossler, A., Eds.; Palgrave Macmillan: Cham, Switzerland, 2020; pp. 653–678. [CrossRef]
23. Bada, M.; Nurse, J. R. C. The social and psychological impact of cyber-attacks. arXiv.org, 2019. [Online]. Available: https://doi.org/10.1016/B978-0-12-816203-3.00004-6. (accessed on [10/17/2023]). [CrossRef]
24. Stallings, W. Network Security Essentials: Applications and Standards. Pearson, 2017. ISBN-13: 978-0134527338.
25. Rich, M.S. Enhancing Microsoft 365 Security: Integrating Digital Forensics Analysis to Detect and Mitigate Adversarial Behavior Patterns. Forensic. Sci. 2023, 3, x. [CrossRef]
26. Ahsan, M.; Nygard, K. E.; Gomes, R.; Chowdhury, M. M.; Rifat, N.; Connolly, J. F. Cybersecurity Threats and Their Mitigation Approaches Using Machine Learning—A Review. J. Cybersecur. Privacy 2022, 2, N/A, doi:10.3390/jcp2030027.
27. Rich, M.S. Cyberpsychology: A Longitudinal Analysis of Cyber Adversarial Tactics and Techniques. Analytics 2023, 2, 618–655. [CrossRef]
28. Pollini, A.; Callari, T. C.; Tedeschi, A.; Ruscio, D.; Save, L.; et al. Leveraging human factors in cybersecurity: An integrated methodological approach. Cogn. Technol. Work 2022, 24(2), 371–390. Available online: https://link.springer.com/article/10.1007/s10111-021-00683-y. (accessed on [9/23/2023]) . [CrossRef]
29. Tennakoon, H. The Need for a Comprehensive Methodology for Profiling Cyber-Criminals. 2011. Available online: https://scholar.google.com/citations?user=tFdcybAAAAAJ&hl=en. (accessed on [9/23/2023]).
30. Benson, V.; McAlaney, J. Cyber Influence and Cognitive Threats. Academic Press, 2019.
31. Braun V. and Clarke, V. (2006) ‘Using thematic analysis in psychology.’ Qualitative Research in Psychology, 3(2), pp. 77-101.
32. Parsons, K.; McCormac, A.; Butavicius, M.; Ferguson, L. Human factors and information security: Individual, culture and security environment. Defense Science and Technology Organization, Commonwealth of Australia. 2010.
33. Plachkinova, M.; Vo, A. A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI). Communications of the Association for Information Systems 2022, 52, e-ISSN:1529-3181. Doi:10.17705/1CAIS.05202.
34. Rohan, R.; Funilkul, S.; Pal, D.; Chutimaskul, W. Understanding of Human Factors in Cybersecurity: A Systematic Literature Review. In International Conference on Computational Performance Evaluation (ComPE) 2021, 133–140. IEEE. pp. 133-140, Available online: https://ieeexplore-ieee-org.captechu.idm.oclc.org/document/9752358. (accessed on [9/23/2023]).
35. Tufail, S.; Riggs, H.; Tariq, M.; Sarwat, A. I. Advancements and Challenges in Machine Learning: A Comprehensive Review of Models, Libraries, Applications, and Algorithms. Electronics 2023, 12, N/A, doi:10.3390/electronics12081789.
36. CC-Driver. Human and Technical Drivers of Cybercrime. 2022. Available online: https://www.ccdriver-h2020.com/project (accessed on 26 September 2022).
37. Weems, C. F.; Ahmed, I.; Golden III, G. R.; Russell, J. D.; Neill, E. L. Susceptibility and resilience to cyber threat: Findings from a scenario decision program to measure secure and insecure computing behavior. PLoS One 2018, 13(12), e0207408. Available online: Link. (accessed on [9/23/2023]) . [CrossRef]
38. Sarker, I. H.; Kayes, A. S. M.; Shahriar, B.; Hamed, A.; Watters, P.; Ng, A. Cybersecurity Data Science: An Overview from Machine Learning Perspective. J. Big Data 2020, 7, N/A, doi:10.1186/s40537-020-00318-5.
39. Abdullah, M. M., Ahmed, H., Hasan, A. A., Ali, D. B., Al-Maeeni, M. K. A., et al. (2022). Designing Predictive Models for Cybercrime Investigation in Iraq. International Journal of Cyber Criminology, 16(2), 47-60. [CrossRef]
40. Ferguson-Walter, K. J.; Gutzwiller, R. S.; Scott, D. D.; Johnson, C. J. Oppositional human factors in cybersecurity: A preliminary analysis of affective states. In Proceedings of the IEEE Conference 2021, 153–158.
41. Pouani Tientcheu, P. Security Awareness Strategies Used in the Prevention of Cybercrimes by Cybercriminals. D.I.T. Dissertation, Walden University, Minneapolis, MN, USA, 2021.
42. Bhardwaj, A.; Kaushik, K.; Alomari, A.; Alsirhani, A.; Alshahrani, M. M.; et al. BTH: Behavior-Based Structured Threat Hunting Framework to Analyze and Detect Advanced Adversaries. Electronics 2022, 11(19), 2992. Available online: https://www.mdpi.com/2079-9292/11/19/2992. (accessed on [9/23/2023]) . [CrossRef]
43. Khader, M.; et al. Introduction to Cyber Forensic Psychology: Understanding the Mind of the Cyber Deviant Perpetrators. World Scientific, 2021.
44. Sites, A. L., Sr. Thinking Like a Cyber Adversary: Exploring the Impact of Language Fluency for Cyber Security. Northcentral University, ProQuest Dissertations Publishing. 2019. (27663379).
45. Attrill, A.; Fullwood, C. Applied Cyberpsychology: Practical Applications of Cyberpsychological Theory and Research. Palgrave Macmillan: New York, NY, USA, 2016.
46. Rohan, R.; Funilkul, S.; Pal, D.; Chutimaskul, W. Understanding of Human Factors in Cybersecurity: A Systematic Literature Review. In International Conference on Computational Performance Evaluation (ComPE) 2021, 133–140. IEEE. pp. 133-140, Available online: https://ieeexplore-ieee-org.captechu.idm.oclc.org/document/9752358. (accessed on [9/23/2023]).
47. Fernandez, G.C. Deep Learning Approaches for Network Intrusion Detection. M.S. Dissertation, The University of Texas at San Antonio, San Antonio, TX, USA, 2019.
48. Kaye, L.K. Issues and Debates in Cyberpsychology. Open University Press, 2022.
49. Sutter, O. W. The cyber profile: Determining human behavior through cyber-actions. Capitol Technology University, ProQuest Dissertations Publishing. 2020. (29257172).
50. Burgio, D.A. Reduction of False Positives in Intrusion Detection Based on Extreme Learning Machine with Situation Awareness. Ph.D. Dissertation, Nova Southeastern University, Fort Lauderdale, FL, USA, 2020.
51. Withers, K. L. A Psychosocial Behavioral Attribution Model: Examining the relationship between the "Dark Triad" and cyber-criminal behaviors impacting social networking sites. Nova Southeastern University, ProQuest Dissertations Publishing. 2019. (13856408).
52. Roy, K. C. Towards modeling host-based data for cyber-psychological assessment in cyber threat detection. Ph.D. Thesis, The University of Texas at San Antonio, San Antonio, TX, USA, 2022; ProQuest Dissertations Publishing, p. 29261425.