PSAL students present stylometric study at Chaos Communications Congress
Aylin Caliskan Islam (L) and Sadia Afroz (R) presenting at the 29th Chaos Communications Congress.
January 14, 2013 —
Sadia Afroz and Aylin Caliskan Islam, both CS Ph.D. candidates working in Drexel’s Privacy, Security, and Automation Laboratory (PSAL), presented “Stylometry and Online Underground Markets” at the 29th Chaos Communications Congress in Hamburg, Germany, Dec. 28, 2012. This work was a joint effort with Ariel Stolerman, CS Ph.D. student, Dr. Rachel Greenstadt, assistant professor of computer science and principle investigator of PSAL, and Dr. Damon McCoy, assistant professor of computer science at George Mason University.
Online forums are frequently used by cyber-criminals around the world to establish trade relationship and exchange fraudulent goods and services such as the sale of stolen credit card numbers and compromised hosts, spamming, phishing, and online credential theft. These forums are popular among the cyber-criminals as they are easily accessible and provide some high degree of anonymity. In this work, the group analyzed five multilingual underground forums: thebadhackerz.com, blackhatpalace.com, www.carders.cc, L33tcrew.org, antichat.ru and showed that in spite of differences in languages and text lengths, regular stylometric methods perform well in identifying users in this context.
At least 5000 words are necessary to identify a user with high confidence. Using this method, up to 75 percent of users with sufficient text were correctly identified. In more than 90 percent of cases, the correct author was among the top 10 predicted authors, which means that authorship attribution can be used to identify possible suspects. They also showed how writing style analysis can also be used to link different accounts and aliases of a user.
The analysis was performed with JStylo, an open-source authorship recognition tool developed at PSAL. The group also presented an updated version of Anonymouth, a tool that provides writers with suggested changes to anonymize their text. Both are available at PSAL’s website.
The work presented during the Chaos Communications Congress has been featured in SC Magazine (Australian edition), Security Affairs, The Sydney Morning Herald, Slashdot, and Hacker News.
Watch Afroz and Caliskan’s presentation here.