By Topic

An Instant Messaging Intrusion Detection System Framework: Using character frequency analysis for authorship identification and validation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Orebaugh, A. ; Chief Scientist, Securityknox. Email:

The medium of instant messaging (IM) is a well-established means of fast and effective communication. However, a framework for analysis of instant messaging has gone largely unexplored until now. This paper explores instant messaging authorship identification and validation in terms of an author profiling framework and an anomaly-based intrusion detection system (IDS). The framework includes author behavior categories, which are the set of characteristics that remain relatively constant for a large number of messages written by the author. Specific topics include user pattern analysis, user profiling, categorization, computational linguistics, data mining, and anomaly detection. The experiments focus on applying character frequency analysis to IM messages for authorship identification and validation. This addresses the questions; can we identify an author of an IM conversation based strictly on user behavior, do different conversations with a single user look similar, do conversations with different users look different, and what is the demarcation between similar and different? Another experiment focuses on applying an instance-based learning algorithm to the character frequency of IM user messages for authorship identification and validation. The experiment applies the nearest-neighbor classification method to classify messages. It also calculates a degree of confidence to validate the identity of the IM user

Published in:

Carnahan Conferences Security Technology, Proceedings 2006 40th Annual IEEE International

Date of Conference:

Oct. 2006