e-mail authorship verification for forensic investigation

Authors:
Farkhund Iqbal;Liaquat A. Khan;Benjamin C. M. Fung;Mourad Debbabi
Affiliations:
Concordia University, Montreal, Quebec, Canada;Concordia University, Montreal, Quebec, Canada;Concordia University, Montreal, Quebec, Canada;Concordia University, Montreal, Quebec, Canada
Venue:
Proceedings of the 2010 ACM Symposium on Applied Computing
Year:
2010

Citing 14
Cited 1

Bayesian Network Classifiers

Machine Learning - Special issue on learning with probabilistic representations
Fast training of support vector machines using sequential minimal optimization

Advances in kernel methods
A Tutorial on Support Vector Machines for Pattern Recognition

Data Mining and Knowledge Discovery
Mining e-mail content for author identification forensics

ACM SIGMOD Record
Gender-Preferential Text Mining of E-mail Discourse

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
One-class svms for document classification

The Journal of Machine Learning Research
A framework for authorship identification of online messages: Writing-style features and classification techniques

Journal of the American Society for Information Science and Technology
Author verification by linguistic profiling: An exploration of the parameter space

ACM Transactions on Speech and Language Processing (TSLP)
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Writeprints: A stylometric approach to identity-level identification and similarity detection in cyberspace

ACM Transactions on Information Systems (TOIS)
Discriminative parameter learning for Bayesian networks

Proceedings of the 25th international conference on Machine learning
Computational methods in authorship attribution

Journal of the American Society for Information Science and Technology
Authorship analysis in cybercrime investigation

ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
A novel approach of mining write-prints for authorship attribution in e-mail forensics

Digital Investigation: The International Journal of Digital Forensics & Incident Response

A unified data mining solution for authorship analysis in anonymous textual communications

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Internet provides a convenient platform for cyber criminals to anonymously conduct their illegitimate activities, such as phishing and spamming. As a result, in recent years, authorship analysis of anonymous e-mails has received some attention in the cyber forensic and data mining communities. In this paper, we study the problem of authorship verification: given a set of e-mails written by a suspect along with an e-mail dataset collected from the sample population, we want to determine whether or not an anonymous e-mail is written by the suspect. To address the problem of authorship verification of textual documents and employ detection measures that are more suited in the context of forensic investigation, we borrow the NIST's speaker recognition evaluation (SRE) framework. Our experimental results on real world e-mail dataset suggest that the employed framework addresses the e-mail authorship verification problem with a matching success as in case of speaker verification. The proposed framework produces an average equal error rate of 15--20% and minDCF equal to 0.0671 (with 10-fold cross validation technique) in correctly verifying the author of a malicious e-mail.