An Ensemble of Ensembles Approach to Author Attribution for Internet Relay Chat Forensics

Abstract

With the advances in Internet technologies and services, social media has been gained extreme popularity, especially because these technologies provide potential anonymity, which in turn harbors hacker discussion forums, underground markets, dark web, and so on. Internet relay chat (IRC) is a real-time communication protocol actively used by cybercriminals for hacking, cracking, and carding. Hence, it is particularly urgent to identify the authors of threat messages and malicious activities in IRC. Unfortunately, author identification studies in IRC remain as an underexplored area. In this research, we perform novel IRC text feature extraction methods and propose the first author attribution version of the deep forest (DF) model that is an ensemble of ensembles that utilizes the fusion of ensemble learning techniques. Our approach is supported by autonomic IRC monitoring. Experiments show that our approach is highly effective for author attribution and attains high accuracy even when the number of candidates is large while training data is limited.