TY - JOUR
T1 - An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics
AU - Shao, Sicong
AU - Tunc, Cihan
AU - Al-Shawi, Amany
AU - Hariri, Salim
N1 - Funding Information:
SICONG SHAO, NSF Center for Cloud and Autonomic Computing, University of Arizona CIHAN TUNC, Department of Computer Science and Engineering, University of North Texas AMANY Al-SHAWI, National Center for Cybersecurity Technology, King Abdulaziz City for Science and Technology SALIM HARIRI, NSF Center for Cloud and Autonomic Computing, University of Arizona With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.
Publisher Copyright:
© 2020 ACM.
PY - 2020/12
Y1 - 2020/12
N2 - With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.
AB - With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.
KW - Author attribution
KW - cybersecurity
KW - ensemble learning
KW - internet relay chat (IRC)
KW - social network analysis
UR - http://www.scopus.com/inward/record.url?scp=85097341835&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85097341835&partnerID=8YFLogxK
U2 - 10.1145/3409455
DO - 10.1145/3409455
M3 - Article
AN - SCOPUS:85097341835
VL - 11
JO - ACM Transactions on Management Information Systems
JF - ACM Transactions on Management Information Systems
SN - 2158-656X
IS - 4
M1 - 24
ER -