TY - GEN
T1 - Practical attacks against authorship recognition techniques
AU - Brennan, Michael
AU - Greenstadt, Rachel
PY - 2009
Y1 - 2009
N2 - The use of statistical AI techniques in authorship recognition (or stylometry) has contributed to literary and historical breakthroughs. These successes have led to the use of these techniques in criminal investigations and prosecutions. However, few have studied adversarial attacks and their devastating effect on the robustness of existing classification methods. This paper presents a framework for adversarial attacks including obfuscation attacks, where a subject attempts to hide their identity and imitation attacks, where a subject attempts to frame another subject by imitating their writing style. The major contribution of this research is that it demonstrates that both attacks work very well. The obfuscation attack reduces the effectiveness of the techniques to the level of random guessing and the imitation attack succeeds with 68-91% probability depending on the stylometric technique used. These results are made more significant by the fact that the experimental subjects were unfamiliar with stylometric techniques, without specialized knowledge in linguistics, and spent little time on the attacks. This paper also provides another significant contribution to the field in using human subjects to empirically validate the claim of high accuracy for current techniques (without attacks) by reproducing results for three representative stylometric methods.
AB - The use of statistical AI techniques in authorship recognition (or stylometry) has contributed to literary and historical breakthroughs. These successes have led to the use of these techniques in criminal investigations and prosecutions. However, few have studied adversarial attacks and their devastating effect on the robustness of existing classification methods. This paper presents a framework for adversarial attacks including obfuscation attacks, where a subject attempts to hide their identity and imitation attacks, where a subject attempts to frame another subject by imitating their writing style. The major contribution of this research is that it demonstrates that both attacks work very well. The obfuscation attack reduces the effectiveness of the techniques to the level of random guessing and the imitation attack succeeds with 68-91% probability depending on the stylometric technique used. These results are made more significant by the fact that the experimental subjects were unfamiliar with stylometric techniques, without specialized knowledge in linguistics, and spent little time on the attacks. This paper also provides another significant contribution to the field in using human subjects to empirically validate the claim of high accuracy for current techniques (without attacks) by reproducing results for three representative stylometric methods.
UR - http://www.scopus.com/inward/record.url?scp=74949095118&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74949095118&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:74949095118
SN - 9781577354239
T3 - Proceedings of the 21st Innovative Applications of Artificial Intelligence Conference, IAAI-09
SP - 60
EP - 65
BT - Proceedings of the 21st Innovative Applications of Artificial Intelligence Conference, IAAI-09
T2 - 21st Innovative Applications of Artificial Intelligence Conference, IAAI-09
Y2 - 14 July 2009 through 16 July 2009
ER -