Skip to main content
Have a personal or library account? Click to login
Machine Learning–Driven Classification of Text-Based Cybercrime under the Indian IT ACT Cover

Machine Learning–Driven Classification of Text-Based Cybercrime under the Indian IT ACT

Open Access
|Jun 2026

Full Article

1.
Introduction
1.1.
Background

The rate of cybercrime has increased as a result of technology globalization, imparting serious risks to both personal safety and national security. In order to defend against these cyberattacks, modern technologies are essential. India stopped 500 million cyberattacks in the first quarter of the year 2023 [1].

As per the data accumulated from the National Crime Records Bureau (NCRB), there has been a persistent rise in reported cybercrime cases in recent years. The number of reported cybercrime cases and ongoing investigations is increasing yearly at an alarming rate, as depicted in the graph shown in Figure 1. This causes an increase in the backlog, which emphasizes how urgently the system must be automated to guarantee that the accused receive just punishment and that victims receive prompt remedies.

Figure 1.

Cybercrime complaints reported in India during 2012 and 2022 [2]

1.2.
Problem Statement

In the present scenario, the manual processing and analysis of reported cybercrime cases delay legal responses, which may cause trauma to victims, as the process is laborious, time-consuming, and subject to human error, as illustrated in Figure 2. Machine learning techniques enable the rapid treatment and categorization of these cybercrime complaints under the applicable Indian IT Act sections. Machine learning also enhances the accuracy of these classifications.

Figure 2.

Cybercrime complaints reported and pending during the years 2018-2022 [2]

The steady increase in reported cybercrime cases highlights the need for creative and artificial intelligence-based approaches to counter the expanding risks connected to the internet. The drawbacks of conventional case analysis and management techniques result in backlogs and delays in the execution of justice [3,4].

The sharp increase in reported cybercrime complaints indicates that quick and automated technology is needed to effectively manage these complaints and respond swiftly. An efficient solution to this problem is to combine the Information Technology (IT) Act with machine learning (ML)-based cybercrime complaint analysis systems to safeguard cyberspace and assist victims [5,6].

As machine learning algorithms have the potential to analyze large amounts of text-based data and identify trends, they are required for categorizing cybercrime complaints and identifying relevant legal provisions of the Indian IT Act. This technology-driven architecture will enhance the cybercrime response system in terms of time as well as accuracy, ensure efficient classification and legal review, and enable a more effective administration of justice. [79].

1.3.
Objectives
  • To apply RF and GB models for categorizing cybercrime complaints under sections of the Indian IT Act for 66E, 43A, and 72A.

  • To evaluate each model’s performance in terms of accuracy, precision, recall, and Fl-score.

Approach

In the process of data collection, relevant cybercrime data is gathered from multiple sources like incident reports, legal documents, and cybercrime articles. These sources include a few samples of cybercrime complaints reported at police departments, legal institutions, and online resources. Once the data is gathered, preprocessing is applied to handle missing values and also to convert the data into the required format. Categorical variables are encoded, and outliers in numerical fields are managed to maintain data integrity. Feature engineering includes metrics like complaint duration and resolution status, and text data is cleaned and tokenized. The dataset is split into training, testing and validation sets (70%, 30%) to support thorough model evaluation. Model training utilizes Random Forest and Gradient Boosting algorithms [10,11], with performance evaluated through precision, recall, Fl score, AUC, and accuracy metrics, ensuring a reliable classification model.

Outline

The rest of the paper is outlined as follows: Section 2 provides a literature review, including an overview of the relevant provisions for cybercrime, focusing on Sections 66E, 43A, and 72A. It also presents a comprehensive review of legal frameworks for cybercrime and machine learning applications in text classification. Section 3 details the methodology, including data preparation, feature extraction, and the use of Random Forest and Gradient Boosting models. Section 4 presents the results, comparing model performance metrics and classification accuracy. Section 5 discusses the legal implications and limitations of automated classification in cybercrime complaints. It also outlines potential improvements and future research directions. Finally, this section concludes the paper by summarizing the key findings and their significance for enhancing cybercrime management under the IT Act.

2.
Review of the Literature
2.1.
Legal Provisions for Cybercrime

The IT Act 2000 addresses various forms of cybercrimes to ensure data protection and privacy, as illustrated in Figure 3. It was amended in 2008 to add stronger provisions, notably Sections 66E, 43A, and 72A (Indian IT Act, 2008). Section 66E criminalizes the unauthorized capture or transmission of private images, focusing on safeguarding personal privacy. Section 43A mandates data controllers to adopt security practices, providing guidelines for reporting data breaches. Section 72A addresses the unauthorized disclosure of personal information by service providers, protecting user confidentiality. The effectiveness of these legal provisions has been widely acknowledged [5,7].

Figure 3.

Types of cybercrime registered during the year 2023 under the Indian IT Act [12]

Geetika Bhardwaj et al. [13] revealed a 46% rise in crimes against women in 2021 compared to 2020, emphasizing the need for proactive action to gather crime data and forecast future trends.

Olena V et al. [14] highlighted the global increase in cyberattacks, particularly in finance, retail, technology, and communication industries, highlighting the challenges in combating such threats due to geographical disparities.

Gangwar Suraj et al. [15] report a surge in cybercrime due to the Internet of Things, cloud services, and improved connections. Cybercriminals threaten human lives. Targeting industrial control systems, elections, and digital wildfires rank among the top threats worldwide.

The study by Shuai Chenet et al. [16] indicates a positive global correlation between cybercrime and social, economic, and technological variables, with most incidents occurring in urbanized areas with greater infrastructure.

P. Datta et al. [17], in their study, show an increase in fraud cases, primarily affecting 20-29-year-olds, particularly mothers and children, necessitating awareness campaigns to combat cybercrime in India.

The study by Chudasama Dhaval et al. [18] suggests that third-party apps are frequently used by attackers for money transfers, leading to fraud.

Table 1 below summarizes the analysis of already existing algorithms used for cybercrime text detection and related applications.

Table 1.

Comparison of existing algorithms

Author(s)Dataset UsedAlgorithmEfficiencyIT / IPC Detected
Alami & Elbeqqali (2015) [19]Microblog dataText mining + SVMNot detailedNo
Mbaziira & Jones (2016) [20]Deceptive cybercrime textLinguistics + MLMediumNo
Kumari etal. (2018) [21]Labeled text samplesNLTK, Scikit-learnModerateNo
Andleeb etal. (2019) [22]MySpace bullying textsText mining + MLNot detailedNo
Ch etal. (2020) [23]State-wise crime statsSVM, Decision TreeGoodNo
K. veena et al. (2022) [24]Cybercrime reportsSVMHighPotential
Pandey etal. (2022) [25]Custom labeled reportsEnsemble (RF, NB, etc.)High (noted)No

Our literature review observed that most prior works focus on classification accuracy without explicitly mapping outputs to IT ACT provisions. This highlights a research gap where existing models are effective in detection but are not efficient in providing legally actionable outcomes, hence motivating the need for more advanced frameworks that provide integration of legal context with efficient machine learning.

2.2.
Machine Learning in Legal Text Classification

An automated cybercrime text classification in the legal domain is gaining more attention. This automated cybercrime classification enhances the efficiency of handling a huge number of complaints. For the categorization of text-based reported cybercrime complaints, the most widely used ML models are RF and GB, as they have the potential to process huge datasets and provide strong performance [26]. ML algorithms are proven to be more successful in categorizing and analyzing text-based complaints, especially in cases when it comes to differentiating between several legal categories, as per recent studies [2729].

ML is updating the classification of legal texts, especially those regarding cybercrime. In order to reduce human error and provide more efficient classification, Ch et al. [23] proposed a sustainable computational framework for classifying cybercrime offenses using ML. Andleeb et al. [22] showed how effective ML is at extracting features, analyzing cybercrime complaints, and classifying offenses through text mining. Patel and Sharma [30] highlighted the wider function of ML in automating legal procedures, especially in cyber law, demonstrating its efficiency in organizing and classifying legal documents. Pandey et al. [25] created a model that outperforms conventional methods by using ensemble learning to increase classification accuracy. Together, these studies highlight how important machine learning is to automate, analyze, and improve the classification of legal texts in cybercrime.

According to our literature review, there are various ways to approach countermeasures and prevent cybercrime. These include analyzing cyber threats, analyzing them with ML, and enhancing law enforcement tactics. The existing background of cybercrime will be examined, along with trends and patterns found in the literature. Proactive cybercrime detection and classification by machine learning is the main emphasis of this work. The research aims to create robust models that identify small irregularities and patterns indicative of cyber threats using various methods and datasets. Because of the increasing complexity of cybercriminals and the expansion of internet connectivity, cybercrime is a growing threat. Anonymity, exponential expansion in digital data and insufficient cybersecurity safeguards are some of the factors that make people and businesses vulnerable.

2.3.
Law and enforcement to combat cybercrime

Recent research explores various strategies for combating cybercrime under the Indian IT Act. For instance, ensemble learning can be used to classify cybercrimes under Sections 66 and 67, and models like SVM and Random Forest can be used to improve accuracy, thus offering practical tools for cybercrime cells [26] to analyze cybercrime trends and prevention and providing global insights and statistical data on rising cybercrime patterns [31, 32]. Additionally, study of regional crime patterns using regression can find correlations in cyber offenses such as unauthorized photo sharing and computer theft [29]. Finally, the need to present a computational tool with high accuracy for identifying cybercrime rates at the state level in India underscores the role of machine learning in crime analytics [30].

3.
Proposed Methodology

According to recent studies, machine learning techniques are becoming more and more necessary to identify which IT Act section applies to committed cybercrimes. Prior studies have focused on classifying cybercrime, but they have not addressed the crucial part of providing victim justice by determining whether the IT Act is applicable. This facilitates speedier investigations and raises the possibility that perpetrators of cybercrimes may be held accountable. Additionally, machine learning enables proactive enforcement measures to effectively combat cybercrime by keeping law enforcement agencies updated about evolving legal requirements and cyber threats, as presented in Figure 4.

Figure 4.

Proposed methodology

3.1.
Dataset

Compiling a Cyber Crime and Law Classification dataset involves gathering relevant and varied information about cybercrime incidents and legal provisions from multiple sources, including FIRs, case studies, news headlines, etc., as presented in Figure 5. Present research includes victim statements, incident reports, court records, and open databases that document cybercrime incidents.

Figure 5.

Distribution of dataset

3.2.
Text Pre-Processing

Some preprocessing steps are applied to the Cyber Crime and Law Classification dataset to ensure the quality of the data. Missing values are addressed, numerical columns are cleaned and converted, and date columns are formatted as a datetime type. Outliers in the numerical data are handled, and categorical features are encoded by label encoder. In text data processing, normalization is done by converting all the text to lowercase. Noise is removed using regular expressions, and stop words are removed. The text is tokenized and lemmatized to ensure consistency.1xi=Clean(Tokenize(ti)){{\rm{x}}_{\rm{i}}} = {\rm{Clean}}\left( {{\rm{Tokenize}}\left( {{{\rm{t}}_{\rm{i}}}} \right)} \right)

Where:

  • ti = raw text

  • xi = processed token sequence

2yi=LabelEncoder(ci),yi{0,1,, K1}{{\rm{y}}_{\rm{i}}} = {\rm{LabelEncoder}}\left( {{{\rm{c}}_{\rm{i}}}} \right),{{\rm{y}}_{\rm{i}}} \in \left\{ {0,1, \ldots ,{\rm{K}} - 1} \right\}

Where:

  • ci = category/section name

  • yi = encoded label

3.3.
Feature Extraction

Feature extraction is used to change the unprocessed textual input so that the machine learning model can more efficiently use this input. The vectorization approach, TF-IDF (Term Frequency-Inverse Document Frequency), has been used for this investigation. TF-IDF weights words based on how frequently they occur within a certain piece of text compared with the frequency throughout the entire corpus. This will allow the model to discern words used often throughout the corpus versus those used specifically by individual publications. To accomplish this, we use the text data and translate this information into a sparse numerical features matrix with scikit-learn’s TfidfVectorizer. We allow algorithms from machine learning to draw inferences from these inputted matrices in search of patterns and relations in the material that is text.3TFIDF(t,d)=ft,dtft,dlog(|D|1+|{dD:td}|)TF - IDF(t,d) = {{{f_{t,d}}} \over {\mathop \sum \limits_{{t^{\,\prime }}} {f_{{t^{\,\prime }},d}}}}\log \left( {{{\left| D \right|} \over {1 + \left| {\left\{ {d \in D:t \in d} \right\}} \right|}}} \right)

Where:

  • ft,d = frequency of term t in document d

  • tft,d$\mathop \sum \nolimits_{t'} {f_{t'}},d$ = total terms in document d

  • |D| = total number of documents

  • {dD : td} = number of docs containing term t

Figure 6 provides a word cloud that helps in visual analysis of the words frequently occurring in Section 43A of the Indian IT ACT

Figure 6.

Word cloud for Section 43A

Figure 7 provides a word cloud that helps in visual analysis of the words frequently occurring in Section 66E of the Indian IT ACT

Figure 7.

Word cloud for Section 66E

Figure 8 provides a word cloud that helps in visual analysis of the words frequently occurring in Section 72A of the Indian IT ACT

Figure 8.

Word cloud for Section 72A

3.4.
Handling Imbalanced Data with SMOTE

To solve the class imbalance in crime datasets, the study employs SMOTETomek, a strategy that combines SMOTE and Tomek Links. While Tomek Links eliminates borderline occurrences, SMOTE creates synthetic examples for the minority class, guaranteeing a balanced class distribution and better predictive performance, particularly for uncommon crime categories.4xnew=xi+λ(xnnxi),λ[0,1]{x_{{\rm{new}}}} = {x_i} + {\rm{\lambda }}\left( {{x_{nn}} - {x_i}} \right),\quad \lambda \in [0,1]

Where:

  • xi = a minority class sample.

  • xnn = one of the nearest neighbors of xi

  • λ = a random number.

  • xnew = newly generated synthetic sample.

3.5.
Model Selection

The three text categorization algorithms employed in this study are RF, GB, and Ensemble classifier (stacked), which combines RF and GB for increased accuracy and a soft-voting scheme. The models are evaluated using the following metrics as depicted in Figure 9, which shows that the Ensemble classifier performed the best.

Figure 9.

Performance analysis for different models

This graphical representation shows that the IT Act’s automated classification of cybercrime complaints may accelerate case processing, increasing accuracy and response times. Targeted legal measures are made possible by precise classification under certain provisions, which helps the court and law enforcement better combat cybercrime [32].

For RF: 5y^=mode{ y(1)^(x),y(2)^(x),,y(B)^(x) }\hat y = mode\left\{ {\widehat {{y^{(1)}}}(x),\widehat {{y^{(2)}}}(x), \ldots ,\widehat {{y^{(B)}}}(x)} \right\}

Where:

  • y^\hat y = final predicted class.

  • y(i)^(x)\widehat {{y^{(i)}}}(x) = prediction of the ith base learner for input x.

  • B = total number of base learners.

  • mode {·} = class that appears most frequently among the predictions of all base learners.

For GB: 6Fm(x)=Fm1(x)+vhm(x){F_m}(x) = {F_{m - 1}}(x) + v{h_m}(x)

Where:

  • Fm (x) = boosted model after m iterations

  • Fm−1 (x) = model from previous iteration (m−1)

  • hm (x) = weak learner at step m

  • v = learning rate

  • x = input feature vector

For ECS: 7y^=σ(w0+w1yRF^+w2yGB^)\hat y = \sigma \left( {{w_0} + {w_1}\widehat {{y_{RF}}} + {w_2}\widehat {{y_{GB}}}} \right)

Where:

  • y^\hat y = final predicted output

  • σ = activation function

  • w0 = bias

  • wli = weights

  • yRF = prediction from Random Forest

  • yGB^\widehat {{y_{GB}}} = prediction from Gradient Boosting

4.
Results and Discussion
4.1.
Performance Comparison

The performance of each algorithm is summarized in Table 2, showing the accuracy, precision, recall, Flscore, and AUC based on the training model.

Table 2.

Performance comparison of models

AlgoAccuracyPrecisionRecallF1-ScoreAUC
RF0.840.840.840.840.94
GB0.840.830.840.850.93
ECS0.860.860.860.860.94

As per the results shown in Table 2, the Ensemble Classifier performs better than Random Forest and Gradient Boosting in terms of accuracy, precision, recall, Fl-score, and AUC.

4.2.
Section-Wise Accuracy

A detailed breakdown of accuracy per section (crime category) is provided, showing how each model performs across different crime types. Table 3 illustrates the accuracy of Random Forest, Gradient Boosting, and Ensemble Classifier for each crime section.

Table 3.

Section-based cybercrime classification result analysis

SectionAlgoPrecisionRecallF1-ScoreSupport
66ERF1.0001.0001.00047
GB1.0001.0001.000
ECS1.0001.0001.000
72ARF0.7000.9030.78931
GB0.6670.9030.767
ECS0.7000.9030.789
43ARF0.9270.7600.83550
GB0.9230.7200.809
ECS0.9270.7600.835

In conclusion, the research shows that every algorithm performed exceptionally well, obtaining flawless scores in Section 66E. In Section 72A, RF and Ensemble voting maintained strong recall while marginally outperforming GB in precision and F1- score. Random Forest and Ensemble Voting outperformed Gradient Boosting in Section 43A, achieving better F1 scores. RF is the most dependable and time-efficient algorithm overall since it continuously shows a balance between excellent performance and efficiency throughout all parts.

5.
Conclusion

This study demonstrated that ML techniques can be used effectively to classify cybercrime complaints based on textual descriptions. We create a strong feature extraction and preprocessing pipeline by resolving class imbalance with SMOTETomek and applying the TF-IDF vectorization approach. The ensemble classifier outperforms the other models in terms of overall performance across a number of evaluation metrics, demonstrating how well it handles challenging criminal classification tasks.

5.1.
Limitations and Model Improvements

The model has been successfully demonstrated for the three sections of the Indian IT Act, including sections 66E, 72A, and 43E. In future models, they can be trained to identify any relevant section of the Indian IT Act based on the reported cybercrime, which requires a huge dataset creation for each section of the Indian IT Act. This model has demonstrated high accuracy, but this can lead to a few small misclassifications in cases where complaints have overlapped phrases between relevant sections. Deeper semantic output may be obtained by improving the models’ efficiency by the use of advanced NLP approaches like named entity recognition (NER) and sentiment analysis [28,32].

5.2.
Future Work

In the future, this algorithm can be applied to predict any relevant section of the Indian IT Act. In order to better understand complex patterns of language found in cybercrime complaints, future research must examine advanced approaches such as ensemble algorithms and BERT. These methods could enhance the system’s capacity to manage massive volumes of data and adhere to data protection laws when paired with federated learning for privacy-preserving training [26].

DOI: https://doi.org/10.14313/jamris-2026-020 | Journal eISSN: 2080-2145 | Journal ISSN: 1897-8649
Language: English
Page range: 63 - 70
Submitted on: Sep 25, 2025
Accepted on: Oct 23, 2025
Published on: Jun 24, 2026
In partnership with: Paradigm Publishing Services
Publication frequency: 4 issues per year

© 2026 Sukrati Agrawal, Hare Ram Sah, Rajesh Kumar Nagar, published by Łukasiewicz Research Network – Industrial Research Institute for Automation and Measurements PIAP
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.