James H. Jones

Hybrid Text-based Deception Models for Native and Non-Native English Cybercriminal Networks

Cybercriminals are increasingly using Internet messaging to exploit their victims. We develop and apply a text-based deception detection approach to build hybrid models for detecting cybercrime in the text Internet communications from native and non-native English speaking cybercriminal networks, where our models use both computational linguistics (CL) and psycholinguistic (PL) features. We study four types of deception-based cybercrime: fraud, scam, favorable fake reviews, and unfavorable fake reviews. We build two types of generalized hybrid models for both native and non-native English speaking cybercriminal networks: 2-dataset and 3-dataset hybrid models using Naïve Bayes, Support Vector Machines, and kth Nearest Neighbor algorithms. All 2-dataset models are trained on any two forms of cybercrime in different web genres, which are then used to detect and analyze other types of cybercrime in web genres that were not part of the training set to establish model generalizability. Similarly, the 3-dataset models are trained on any three forms of cybercrime in different web genres, that are also used to detect and analyze cybercrime in a web genre that was not part of the training set. Model performance on the test datasets ranges from 60% to 80% accuracy, with the best performance on detection of unfavorable reviews and fraud, and notable differences emerged between detection in messages from native and non-native English speaking groups. Our work may be applied as provider- or user-based filtering tools to identify cybercriminal actors and block or label undesirable messages before they reach their intended targets.

A method and implementation for the empirical study of deleted file persistence in digital devices and media

Digital devices are ubiquitous in modern society. Every action on a digital device, whether initiated by a user, an application, the operating system, or hardware, leaves behind evidence of the activity in the form of digital artifacts such as files, memory content, and network traffic. Such artifacts are used by digital forensics investigators to reconstruct past activity, and by criminals seeking to harvest private or sensitive information. The persistence of an artifact over time directly affects its ability to be recovered at a later date, yet a rigorous, comprehensive theory of digital artifact persistence does not exist. This research proposes and demonstrates a method to facilitate the studies necessary to develop such a theory. We implemented a differential analysis approach in which sequential digital media images are analyzed for deleted file persistence. The contents of files deleted between the first two images are tracked in the remaining images. This data forms a decay curve for each file over time and activity. Since we also have access to system and storage media properties, deleted file properties, and the details of actions taken between images, we can begin to form testable hypotheses about the factors affecting deleted file persistence. We have implemented prototype software to conduct this analysis, and we demonstrate the method on images generated in a controlled environment as well as on a series of realistic system images.

A Statistical Learning Approach to Detect Abusive Twitter Accounts

The increased use of social media has motivated spammers to post their malicious activities on social network sites. Some of these spammers use adult content to further the distribution of their malicious activities. Moreover, the extensive number of users posting adult content in social media degrades the experience for other users for whom the adult content is not desired or appropriate. In this paper, we aim to detect abusive accounts that post adult content using Arabic language to target Arab speakers. There is limited natural language processing (NLP) resources for the Arabic language, and to the best of our knowledge no research has been done to detect adult accounts with Arabic language in social media. We used a statistical learning approach to analyze Twitter content to detect abusive accounts that use obscenity, profanity, slang, and swearing words in Arabic text format. Our approach achieved a predictive accuracy of 96% and overcomes imitations of the bag-of-word (BOW) approach.