Protecting Critical Infrastructure and Key Assets

The Internet is a critical infrastructure and asset in the information age. However, cyber criminals have been using various web-based channels (e.g., email, web sites, Internet newsgroups, and Internet chat rooms) to distribute illegal materials. One common characteristic of these channels is anonymity. Compared with conventional crimes, cybercrime conducted through such anonymous channels imposes unique challenges for researchers and law enforcement and intelligence agencies in criminal identity tracing. Law enforcement and intelligence agencies have an urgent need for approaches that automate criminal and terrorist identity tracing in cyberspace. Three case studies in this chapter demonstrate the potential of using multilingual authorship analysis with carefully selected writing style feature sets and effective classification techniques for identity tracing in cyberspace. With the rapid proliferation of Internet technologies and applications, cybercrime has become a major concern for the law enforcement community. Cyber criminals have been distributing messages on the Internet to conduct illegal activities. The anonymous nature of online message distribution has made criminal identity tracing a critical problem in cybercrime investigation. We developed a framework for authorship identification of online messages to address the identity tracing problem. In this framework, three types of writing style features are extracted and inductive learning algorithms are used to build feature-based classification models to identify authorship of online messages. Data used in this study were from open sources. Three datasets, two in English and one in Chinese, were collected. One of the English datasets consisted of 153 USENET newsgroup illegal sales of pirate CDs and software messages. We manually identified the nine most active users (represented by a unique ID and email address) who frequently posted messages in these newsgroups. The Chinese dataset contained 70 Bulletin Board System (BBS) illegal CD and software for-sale messages downloaded from a popular Chinese BBS. The two key techniques used in this study were feature selection and classification. The objective was to classify text messages into different classes with each class representing one author. Based on the review of previous studies on text and email authorship analysis, along with the specific characteristics of the messages in our datasets, we selected a large number of features that were potentially useful for identifying message authors. Three types of features were used: style markers (content-free features such as frequency of function word, total number of punctuations, average sentence length, etc.), structural features (such as use of a greeting statement, use of farewell statement, …