In digital forensics, questions often arise about the authors of documents: their identity, demographic background, and whether they can be linked to other documents. The field of stylometry uses linguistic features and machine learning techniques to answer these questions. While stylometry techniques can identify authors with high accuracy in non-adversarial scenarios, their accuracy is reduced to random guessing when faced with authors who intentionally obfuscate their writing style or attempt to imitate that of another author. Most authorship attribution methods were not evaluated in challenging real-world datasets with foreign language and unconventional spelling (e.g. l33tsp3ak). In this thesis we explore the performance of authorship attribution methods in adversarial settings where authors take measures to hide their identity by changing their writing style and by creating multiple identities. We show that using a large feature set, it is possible to distinguish regular documents from deceptive documents with high accuracy and present an analysis of linguistic features that can be modified to hide writing style. We show how to adapt regular authorship attribution to difficult datasets such as leaked underground forum and present a method for detecting multiple identities of authors. We demonstrate the utility of our approach with a case study that includes applying our technique to an underground forum and manual analysis to validate the results, enabling the discovery of previously undetected multiple accounts.

Code authorship attribution is the process used to identify the probable author of given code, based on unique characteristics that reflect an author’s programming style. Inspired by social studies in the attribution of literary works, in the past two decades researchers have examined the effectiveness of code attribution in the computer software domain, including computer security. Authorship attribution techniques have found a broad application in code plagiarism detection, biometric research, forensics, and malware analysis. Studies show that analysis of software might effectively unveil the digital identity of a programmer, reflected through variables and structures, programming language, employed development tools, their settings and, more importantly, how and what these tools are being used to do. Authorship attribution has been a prosperous area of research when an assumption can be made that the author of an unknown program has been honest in their writing style and does not try to modify it. In this thesis, we investigate the feasibility of deception of source code attribution techniques. We begin by exploring how data characteristics and feature selection influence both the accuracy and performance of attribution methods. Within this context, it is necessary to understand whether the results obtained by previous studies depend on the data source, quality, and context or the type of features used. It gives us the opportunity to dive deeper into the process of code authorship attribution to be able to understand its potential weaknesses. To evaluate current code attribution systems, we present an adversarial model defined by the adversary’s goals, knowledge, and capabilities; for each group, we categorize them by the possible variations. Modeling the role of attackers figures prominently in enhancing the cybersecurity defense. We believe that having a solid understanding of the possible attacks can help in the research and deployment of reliable code authorship attribution systems. We present an author imitation attack that deceives current authorship attribution systems by imitating a coding style of a targeted developer. We investigate the attack’s feasibility on open-source software repositories. To subvert an author imitation attack and to help in protecting the developer’s privacy, we introduce an author obfuscation method and novel coding style transformations. The idea of author obfuscation is to allow authors to preserve the readability of their source code while removing identifying stylistic features that can be leveraged for code attribution. Code obfuscation, common in software development, typically aims to disguise the appearance of the code making it difficult to understand and reverse engineer. In contrast, the proposed author obfuscation hides the original author’s style by leaving the source code visible, readable and understandable. In summary, this thesis presents original research work that not only advances the knowledge in code authorship attribution field but also contributes to the overall safety of our digital world by providing author obfuscation methods to protect the privacy of the developers.

Authorship Attribution surveys the history and present state of the discipline, presenting some comparative results where available. It also provides a theoretical and empirically-tested basis for further work. Many modern techniques are described and evaluated, along with some insights for application for novices and experts alike.

Implementing a novel method for identifying idiolectal co-selections, and taking the UNABOM investigation as a case study, this Pivot evaluates the effectiveness and reliability of using the web for forensic purposes.

Deception offers a broadly accessible overview of state-of-the-art research on lies, trickery, cheating, and shams by leading experts in the natural and social sciences, as well as computing, the humanities, and the military.

Corpus Linguistic Approaches to Deception Detection provides an innovative introduction to the use of the corpus linguistics methodology in the field of deception detection. Bringing together research from both forensic psychology and linguistics, this book uses traditional corpus-assisted methods to reconcile the different approaches used by these two fields and shows how “cues to deception” operate in their linguistic context. Arguing that current methods of analysis do not seem to be fit for purpose, this book shows the need for further development of context-sensitive methods to explore deceptive datasets. This book will be of interest to scholars and postgraduate students in the fields of corpus linguistics, psychology, discourse analysis, and forensic linguistics.

"This book provides a media for advancing research and the development of theory and practice of digital crime prevention and forensics, embracing a broad range of digital crime and forensics disciplines"--Provided by publisher.