An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics

Sicong Shao; Cihan Tunc; Amany Al-Shawi; Salim Hariri

doi:10.1145/3409455

An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics

Sicong Shao, Cihan Tunc, Amany Al-Shawi, Salim Hariri

Electrical and Computer Engineering

Research output: Contribution to journal › Article › peer-review

2 Scopus citations

Abstract

With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.

Original language	English (US)
Article number	24
Journal	ACM Transactions on Management Information Systems
Volume	11
Issue number	4
DOIs	https://doi.org/10.1145/3409455
State	Published - Dec 2020

Keywords

Author attribution
cybersecurity
ensemble learning
internet relay chat (IRC)
social network analysis

ASJC Scopus subject areas

Management Information Systems
Computer Science(all)

Access to Document

10.1145/3409455

Cite this

@article{38c55419506c4f21a090bad5ec4259ec,

title = "An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics",

abstract = "With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited. ",

keywords = "Author attribution, cybersecurity, ensemble learning, internet relay chat (IRC), social network analysis",

author = "Sicong Shao and Cihan Tunc and Amany Al-Shawi and Salim Hariri",

note = "Funding Information: SICONG SHAO, NSF Center for Cloud and Autonomic Computing, University of Arizona CIHAN TUNC, Department of Computer Science and Engineering, University of North Texas AMANY Al-SHAWI, National Center for Cybersecurity Technology, King Abdulaziz City for Science and Technology SALIM HARIRI, NSF Center for Cloud and Autonomic Computing, University of Arizona With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited. Publisher Copyright: {\textcopyright} 2020 ACM.",

year = "2020",

month = dec,

doi = "10.1145/3409455",

language = "English (US)",

volume = "11",

journal = "ACM Transactions on Management Information Systems",

issn = "2158-656X",

publisher = "Association for Computing Machinery (ACM)",

number = "4",

}

TY - JOUR

T1 - An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics

AU - Shao, Sicong

AU - Tunc, Cihan

AU - Al-Shawi, Amany

AU - Hariri, Salim

N1 - Funding Information: SICONG SHAO, NSF Center for Cloud and Autonomic Computing, University of Arizona CIHAN TUNC, Department of Computer Science and Engineering, University of North Texas AMANY Al-SHAWI, National Center for Cybersecurity Technology, King Abdulaziz City for Science and Technology SALIM HARIRI, NSF Center for Cloud and Autonomic Computing, University of Arizona With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited. Publisher Copyright: © 2020 ACM.

PY - 2020/12

Y1 - 2020/12

N2 - With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.

AB - With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.

KW - Author attribution

KW - cybersecurity

KW - ensemble learning

KW - internet relay chat (IRC)

KW - social network analysis

UR - http://www.scopus.com/inward/record.url?scp=85097341835&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85097341835&partnerID=8YFLogxK

U2 - 10.1145/3409455

DO - 10.1145/3409455

M3 - Article

AN - SCOPUS:85097341835

VL - 11

JO - ACM Transactions on Management Information Systems

JF - ACM Transactions on Management Information Systems

SN - 2158-656X

IS - 4

M1 - 24

ER -

An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this