An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics

Sicong Shao, Cihan Tunc, Amany Al-Shawi, Salim Hariri

Research output: Contribution to journalArticlepeer-review

Abstract

With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.

Original languageEnglish (US)
Article number24
JournalACM Transactions on Management Information Systems
Volume11
Issue number4
DOIs
StatePublished - Dec 2020

Keywords

  • Author attribution
  • cybersecurity
  • ensemble learning
  • internet relay chat (IRC)
  • social network analysis

ASJC Scopus subject areas

  • Management Information Systems
  • Computer Science(all)

Fingerprint Dive into the research topics of 'An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics'. Together they form a unique fingerprint.

Cite this