Machine Learning-based Author Identification for Social Media Forensics

Abstract

Social media have gained extreme popularity due to the explosive growth of cyberinfrastructures, mobile devices, Internet technologies, and services. However, they also provide potential anonymity, which in turn harbors hacker forums, carding shops, underground marketplace, dark websites, and so on. As a result, social media have become the playground of cyber threat actors who conduct various malicious operations such as selling stolen cards, disseminating misinformation, propagating hacking tools, spreading malware samples, planning cyberattacks, and organizing trolling campaigns. Therefore, it is urgent to study effective methods that can identify the authors behind the digital text in order to enable forensic analysis, enhance security, and reduce social media misuse. In recent years, machine learning-based author identification has become a promising solution to identify the author of text. However, it is still an underexplored research field in social media forensics. This thesis investigates machine learning-based author identification subfields, including author attribution, author verification, author clustering, and their applications to social media forensics. Internet Relay Chat (IRC) has traditionally been used for legitimate purposes. Yet, cyber threat actors extensively abuse it to generate a wide range of illegal content and perform malicious behaviors due to its potential anonymity and popularity among hackers. Unfortunately, author identification research in IRC remains a largely underexplored area. In this thesis, we first present our automatic social media monitoring and threat detection method that can effectively collect data for author identification tasks and then present a novel author attribution framework and its application to IRC. It consists of a holistic feature extraction model and an ensemble of ensembles for multi-class classification. We then bring a novel author verification framework under the principle of one-class learning to effectively verify the authorship of IRC texts. This research also examines author clustering for social media forensics. Most author identification studies focus on author attribution and author verification, while the author clustering research is largely ignored. Meanwhile, cyber threat actors widely make use of Twitter to create alias accounts for numerous malicious purposes, especially in trolling campaigns and misinformation propagations. Thus, developing an effective author clustering method for Twitter is urgent. In this research, we developed a novel unsupervised learning-based author clustering framework and its application to Twitter. We delivered the capability to identify the group among many Twitter aliases even without prior knowledge of the number of authors. We address the effectiveness and demonstrate the feasibility of our author identification frameworks through diverse experiments. Our author attribution approach can achieve more than 90% attribution accuracy given hundreds of candidates in the author attribution experiments. In the author verification experiments, over 70% of author cases, our author verification approach can achieve more than 99% AUC. In the author clustering experiments given more than one hundred unlabeled text samples, our author clustering approach attains an average accuracy of 81.93% when knowing the number of authors and an average accuracy of 74.78% without prior knowledge of the number of authors.