A novel approach of mining write-prints for authorship attribution in e-mail forensics

Iqbal, Farkhund; Hadjidj, Rachid; Fung, Benjamin C. M.; Debbabi, Mourad

doi:10.1016/j.diin.2008.05.001

Cited by 101 publications

(68 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It implements a key word search by using SQL-like queries. Additionally, it provides data mining models to classify messages in different categories and applies authorship analysis (Iqbal, Hadjidj, Fung, & Debbabi, 2008) on the basis of stylemetric (Abbasi & Chen, 2008) features in order to identify the most conceivable authors of anonymous messages. A drawback of the tool is that it allows almost no interaction with the resulting graph or charts, as they are are only printed in a static way.…”

Section: Related Workmentioning

confidence: 99%

A Forensic Email Analysis Tool Using Dynamic Visualization

Stadlinger¹,

Dewald²

2017

JDFSL

View full text Add to dashboard Cite

Communication between people counts to the most important information of today's business. As a result, in case of forensic investigations in big companies, analysis of communication data in general and especially email, as the still most widely used business communication platform with an immense and still growing volume, is a typical task in digital forensics. One of the challenges is to identify the relevant communication partners and structures in the suspects surrounding as quickly as possible in order to react appropriately and identify further targets of evaluation. Due to the amount of emails in typical inboxes, reading through all the mails renders impractical. Therefore, forensic investigators need tools that support them in quickly receiving an impression of a suspect's email communication, identifying the relevant communication partners, and realizing communication patterns in single or even multiple email accounts. We introduce an open source forensic email analysis tool that provides exactly by means of a responsive and interactive graph visualization of email data supported by statistical information.

show abstract

Section: Related Workmentioning

confidence: 99%

A Forensic Email Analysis Tool Using Dynamic Visualization

Stadlinger¹,

Dewald²

2017

JDFSL

View full text Add to dashboard Cite

show abstract

“…Forged Message Detection: A large corpus of research has been performed on determining the author of an email. These techniques typically leverage stylometry and machine learning and return the most probable author among a set of candidates [4,7,8,13,15]. From our point of view, these approaches suffer of two major problems: the first one is that they typically need a set of possible authors, which in our case we do not have.…”

Section: Related Workmentioning

confidence: 99%

That Ain’t You: Blocking Spearphishing Through Behavioral Modelling

Stringhini

Thonnard

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. One of the ways in which attackers steal sensitive information from corporations is by sending spearphishing emails. A typical spearphishing email appears to be sent by one of the victim's coworkers or business partners, but has instead been crafted by the attacker. A particularly insidious type of spearphishing emails are the ones that do not only claim to be written by a certain person, but are also sent by that person's email account, which has been compromised. Spearphishing emails are very dangerous for companies, because they can be the starting point to a more sophisticated attack or cause intellectual property theft, and lead to high financial losses. Currently, there are no effective systems to protect users against such threats. Existing systems leverage adaptations of anti-spam techniques. However, these techniques are often inadequate to detect spearphishing attacks. The reason is that spearphishing has very different characteristics from spam and even traditional phishing. To fight the spearphishing threat, we propose a change of focus in the techniques that we use for detecting malicious emails: instead of looking for features that are indicative of attack emails, we look for emails that claim to have been written by a certain person within a company, but were actually authored by an attacker. We do this by modelling the email-sending behavior of users over time, and comparing any subsequent email sent by their accounts against this model. Our approach can block advanced email attacks that traditional protection systems are unable to detect, and is an important step towards detecting advanced spearphishing attacks.

show abstract

“…A considerable number of studies have been conducted on authorship identification and characterization. For instance, previous studies on authorship identification investigated ways to identify patterns of terrorist communications [8], the author of a particular e-mail for computer forensic purposes [9][10][11], as well as how to collect digital evidence for investigations [12] or solve a disputed literary, historical [13], or musical authorship [14][15][16]. Work on authorship characterization has targeted primarily gender attribution [17][18][19] and the classification of the author education level [20].…”

Section: Related Workmentioning

confidence: 99%

Authorship verification of e-mail and tweet messages applied for continuous authentication

Brocardo

Traoré

Woungang

2015

Journal of Computer and System Sciences

View full text Add to dashboard Cite

Authorship verification using stylometry consists of identifying a user based on his writing style. In this paper, authorship verification is applied for continuous authentication using unstructured online text-based entry. An online document is decomposed into consecutive blocks of short texts over which (continuous) authentication decisions happen, discriminating between legitimate and impostor behaviors. We investigate blocks of texts with 140, 280 and 500 characters. The feature set includes traditional features such as lexical, syntactic, application specific features, and new features extracted from n-gram analysis. Furthermore, the proposed approach includes a strategy to circumvent issues related to unbalanced dataset, and uses Information Gain and Mutual Information as a feature selection strategy and Support Vector Machine (SVM) for classification. Experimental evaluation of the proposed approach based on the Enron email and Twitter corpuses yields very promising results consisting of an Equal Error Rate (EER) varying from 9.98% to 21.45%, for different block sizes.

show abstract

A novel approach of mining write-prints for authorship attribution in e-mail forensics

Cited by 101 publications

References 18 publications

A Forensic Email Analysis Tool Using Dynamic Visualization

A Forensic Email Analysis Tool Using Dynamic Visualization

That Ain’t You: Blocking Spearphishing Through Behavioral Modelling

Authorship verification of e-mail and tweet messages applied for continuous authentication

Contact Info

Product

Resources

About