Papers
Topics
Authors
Recent
Search
2000 character limit reached

Defending Against Authorship Identification Attacks

Published 2 Oct 2023 in cs.CL and cs.CY | (2310.01568v1)

Abstract: Authorship identification has proven unsettlingly effective in inferring the identity of the author of an unsigned document, even when sensitive personal information has been carefully omitted. In the digital era, individuals leave a lasting digital footprint through their written content, whether it is posted on social media, stored on their employer's computers, or located elsewhere. When individuals need to communicate publicly yet wish to remain anonymous, there is little available to protect them from unwanted authorship identification. This unprecedented threat to privacy is evident in scenarios such as whistle-blowing. Proposed defenses against authorship identification attacks primarily aim to obfuscate one's writing style, thereby making it unlinkable to their pre-existing writing, while concurrently preserving the original meaning and grammatical integrity. The presented work offers a comprehensive review of the advancements in this research area spanning over the past two decades and beyond. It emphasizes the methodological frameworks of modification and generation-based strategies devised to evade authorship identification attacks, highlighting joint efforts from the differential privacy community. Limitations of current research are discussed, with a spotlight on open challenges and potential research avenues.

Authors (1)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (126)
  1. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 308–318, New York, NY, USA. Association for Computing Machinery.
  2. Ahmed Abbasi and Hsinchun Chen. 2008. Writeprints: A stylometric approach to identity-level identification and similarity detection in cyberspace. ACM Transactions on Information Systems (TOIS), 26(2):1–29.
  3. Detecting hoaxes, frauds, and deception in writing style online. In 2012 IEEE Symposium on Security and Privacy, pages 461–475, USA. IEEE, IEEE Computer Society.
  4. Doppelgänger finder: Taking stylometry to the underground. In 2014 IEEE Symposium on Security and Privacy, pages 212–226, USA. IEEE Computer Society.
  5. Towards a human-AI hybrid for adversarial authorship. In 2020 SoutheastCon, pages 1–8, USA. IEEE, IEEE.
  6. Fighting authorship linkability with crowdsourcing. In Proceedings of the Second ACM Conference on Online Social Networks, COSN ’14, pages 69–82, New York, NY, USA. Association for Computing Machinery.
  7. A multifaceted framework to evaluate evasion, content preservation, and misattribution in authorship obfuscation techniques. In Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing, pages 2391–2406, Abu Dhabi, United Arab Emirates. Association for Computational Linguistics.
  8. An experiment in authorship attribution. In JADT 2002: Journées Internationales d’Analyse Statistique des Données Textuelles, volume 1, pages 69–75.
  9. Outside the cave of shadows: Using syntactic annotation to enhance authorship attribution. Literary and Linguistic Computing, 11(3):121–132.
  10. From zoos to safaris–from closed-world enforcement to open-world assessment of privacy. In Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808, pages 87–138, Berlin, Heidelberg. Springer-Verlag.
  11. Oleg Bakhteev and Andrey Khazov. 2017. Author masking using sequence-to-sequence models. In Working Notes of the Conference and Labs of the Evaluation Forum, Dublin, Ireland. CEUR-WS.
  12. Georgios Barlas and Efstathios Stamatatos. 2020. Cross-domain authorship attribution using pre-trained language models. In Artificial Intelligence Applications and Innovations, pages 255–266, Cham. Springer International Publishing.
  13. Heuristic authorship obfuscation. In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, pages 1098–1108, Florence, Italy. Association for Computational Linguistics.
  14. On divergence-based author obfuscation: An attack on the state of the art in statistical authorship verification. IT-Information Technology, 62(2):99–115.
  15. Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, pages 2154–2156, New York, NY, USA. Association for Computing Machinery.
  16. ER-AE: Differentially private text generation for authorship anonymization. In Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pages 3997–4007, Online. Association for Computational Linguistics.
  17. TranslateLocally: Blazing-fast translation running on the local CPU. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pages 168–174, Online and Punta Cana, Dominican Republic. Association for Computational Linguistics.
  18. A large annotated corpus for learning natural language inference. In Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing, pages 632–642, Lisbon, Portugal. Association for Computational Linguistics.
  19. Adversarial stylometry: Circumventing authorship recognition to preserve privacy and anonymity. ACM Transactions on Information and System Security (TISSEC), 15(3):1–22.
  20. Michael Brennan and Rachel Greenstadt. 2009. Practical attacks against authorship recognition techniques. In 21st Innovative Applications of Artificial Intelligence Conference, IAAI-09, pages 60–65, Pasadena, California, USA. IAAI.
  21. Aylin Caliskan and Rachel Greenstadt. 2012. Translate once, translate twice, translate thrice and attribute: Identifying authors and machine translation tools in translated text. In 2012 IEEE Sixth International Conference on Semantic Computing, pages 121–125, Palermo, Italy. IEEE, IEEE.
  22. Evaluating prose style transfer with the Bible. Royal Society Open Science, 5(10):171920.
  23. Author masking by sentence transformation. In Working Notes of the Conference and Labs of the Evaluation Forum, Dublin, Ireland. CEUR-WS.
  24. Universal sentence encoder for English. In Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pages 169–174, Brussels, Belgium. Association for Computational Linguistics.
  25. David Chen and William Dolan. 2011. Collecting highly parallel data for paraphrase evaluation. In Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, pages 190–200, Portland, Oregon, USA. Association for Computational Linguistics.
  26. What does BERT look at? An analysis of BERT’s attention. In Proceedings of the 2019 ACL Workshop BlackboxNLP: Analyzing and Interpreting Neural Networks for NLP, pages 276–286, Florence, Italy. Association for Computational Linguistics.
  27. Adversarial authorship, authorwebs, and entropy-based evolutionary clustering. In 2016 25th International Conference on Computer Communication and Networks (ICCCN), pages 1–6, Red Hook, NY, USA. IEEE, IEEE.
  28. Towards the development of a cyber analysis & advisement tool (CAAT) for mitigating de-anonymization attacks. In The Modern Artificial Intelligence and Cognitive Science Conference.
  29. Domo. 2020. Data never sleeps 9.0.
  30. Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4):211–407.
  31. Maciej Eder. 2015. Does size matter? Authorship attribution, small samples, big problem. Digital Scholarship in the Humanities, 30(2):167–182.
  32. Alvar Ellegård. 1962. A Statistical Method for Determining Authorship: The Junius Letters, 1769-1772. Acta Universitatis Gothoburgensis. Almqvist & Wiksell, Stockholm, Sweden.
  33. Style obfuscation by invariance. In Proceedings of the 27th International Conference on Computational Linguistics, pages 984–996, Santa Fe, New Mexico, USA. Association for Computational Linguistics.
  34. BertAA : BERT fine-tuning for authorship attribution. In Proceedings of the 17th International Conference on Natural Language Processing (ICON), pages 127–137, Indian Institute of Technology Patna, Patna, India. NLP Association of India (NLPAI).
  35. Beyond English-centric multilingual machine translation. Journal of Machine Learning Research, 22(1).
  36. Liyue Fan. 2019. Practical image obfuscation with provable privacy. In 2019 IEEE International Conference on Multimedia and Expo (ICME), pages 784–789, Shanghai, China. IEEE.
  37. Speaker anonymization using x-vector and neural waveform models. In Proceedings of the 10th ISCA Workshop on Speech Synthesis (SSW 10), pages 155–160, Vienna, Austria.
  38. Adversarial authorship, interactive evolutionary hill-climbing, and author CAAT-III. In 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pages 1–8, Honolulu, HI, USA. IEEE, IEEE.
  39. Natasha Fernandes. 2017. A novel framework for author obfuscation using generalised differential privacy. Ph.D. thesis, Macquarie University.
  40. Author obfuscation using generalised differential privacy. arXiv, abs/1805.08866.
  41. Counterfactual evaluation for explainable AI. arXiv preprint arXiv:2109.01962.
  42. Person identification from text and speech genre samples. In Proceedings of the 12th Conference of the European Chapter of the ACL (EACL 2009), pages 336–344, Athens, Greece. Association for Computational Linguistics.
  43. Philippe Golle. 2006. Revisiting the uniqueness of simple demographics in the US population. In Proceedings of the 5th ACM Workshop on Privacy in Electronic Society, WPES ’06, pages 77–80, New York, NY, USA. Association for Computing Machinery.
  44. Jan Gorodkin. 2004. Comparing two k-category assignments by a k-category correlation coefficient. Computational Biology and Chemistry, 28(5):367–374.
  45. Jack Grieve. 2023. Register variation explains stylometric authorship analysis. Corpus Linguistics and Linguistic Theory, 19(1):47–77.
  46. Text analysis in adversarial settings: Does deception leave a stylistic trace? ACM Computing Surveys CSUR), 52(3):1–36.
  47. Effective writing style transfer via combinatorial paraphrasing. Proceedings on Privacy Enhancing Technologies, 2020(4):175–195.
  48. Overview of the author obfuscation task at PAN 2017: Safety evaluation revisited. In Working Notes of the Conference and Labs of the Evaluation Forum, Dublin, Ireland. CEUR-WS.
  49. Avengers ensemble! Improving transferability of authorship obfuscation. arXiv preprint arXiv:2109.07028.
  50. David I. Holmes. 1998. The evolution of stylometry in humanities scholarship. Literary and Linguistic Computing, 13(3):111–117.
  51. David L. Hoover. 1999. Language and style in The Inheritors. University Press of America.
  52. DeepStyle: User style embedding for authorship attribution of short texts. In Asia-Pacific Web (APWeb) and Web-Age Information Management (WAIM) Joint International Conference on Web and Big Data, pages 221–229. Springer.
  53. IARPA. 2022. Hiatus: Identification and privacy fight it out.
  54. Timour Igamberdiev and Ivan Habernal. 2022. Privacy-preserving graph convolutional networks for text classification. In Proceedings of the Thirteenth Language Resources and Evaluation Conference, pages 338–350, Marseille, France. European Language Resources Association.
  55. Timour Igamberdiev and Ivan Habernal. 2023. DP-BART for privatized text rewriting under local differential privacy. In Findings of the Association for Computational Linguistics: ACL 2023, pages 13914–13934, Toronto, Canada. Association for Computational Linguistics.
  56. Deep learning for text style transfer: A survey. Computational Linguistics, 48(1):155–205.
  57. Barbara Johnstone. 1996. The linguistic individual: Self-expression in language and linguistics. Oxford University Press.
  58. Are you Robert or RoBERTa? Deceiving online authorship attribution models using neural text generators. In Proceedings of the International AAAI Conference on Web and Social Media, volume 16, pages 429–440, Limassol, Cyprus. AAAI.
  59. Patrick Juola. 2008. Authorship attribution. Foundations and Trends® in Information Retrieval, 1(3):233–334.
  60. Patrick Juola. 2012. Detecting stylistic deception. In Proceedings of the Workshop on Computational Approaches to Deception Detection, pages 91–96, Avignon, France. Association for Computational Linguistics.
  61. Patrick Juola and Darren Vescovi. 2010. Empirical evaluation of authorship obfuscation using JGAAP. In Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec ’10, pages 14–18, New York, NY, USA. Association for Computing Machinery.
  62. Gary Kacmarcik and Michael Gamon. 2006. Obfuscating document stylometry to preserve author anonymity. In Proceedings of the COLING/ACL 2006 Main Conference Poster Sessions, pages 444–451, Sydney, Australia. Association for Computational Linguistics.
  63. The case for being average: A mediocrity approach to style masking and author obfuscation. In Experimental IR Meets Multilinguality, Multimodality, and Interaction, pages 173–185, Cham. Springer International Publishing.
  64. Collaborative authorship in the twelfth century: A stylometric study of Hildegard of Bingen and Guibert of Gembloux. Digital Scholarship in the Humanities, 30(2):199–224.
  65. Author masking through translation. Working Notes of the Conference and Labs of the Evaluation Forum, 1609:890–894.
  66. Foaad Khosmood and Robert Levinson. 2010. Automatic synonym and phrase replacement show promise for style transformation. In Proceedings of the 2010 Ninth International Conference on Machine Learning and Applications, ICMLA ’10, pages 958–961, USA. IEEE Computer Society.
  67. Mirco Kocher and Jacques Savoy. 2018. UniNE at CLEF 2018: Author masking. In Working Notes of the Conference and Labs of the Evaluation Forum, Avignon, France. CEUR-WS.
  68. Unsupervised decomposition of a document into authorial components. In Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, pages 1356–1364, Portland, Oregon, USA. Association for Computational Linguistics.
  69. Computational methods in authorship attribution. Journal of the American Society for Information Science and Technology, 60(1):9–26.
  70. Authorship attribution in the wild. Language Resources and Evaluation, 45(1):83–94.
  71. The “fundamental problem” of authorship attribution. English Studies, 93(3):284–291.
  72. Jeff Kosseff. 2022. The united states of anonymous: How the First Amendment shaped online speech. Cornell University Press, Ithaca, New York, USA.
  73. From word embeddings to document distances. In Proceedings of the 32nd International Conference on Machine Learning, volume 37 of Proceedings of Machine Learning Research, pages 957–966, Lille, France. PMLR.
  74. Secure obfuscation of authoring style. In IFIP International Conference on Information Security Theory and Practice, pages 88–103, Heraklion, Crete, Greece. Springer, Springer Cham.
  75. Text revision by on-the-fly representation optimization. In Proceedings of the First Workshop on Intelligent and Interactive Writing Assistants (In2Writing 2022), pages 58–59, Dublin, Ireland. Association for Computational Linguistics.
  76. Hugo Liu and Push Singh. 2004. ConceptNet—A practical commonsense reasoning tool-kit. BT Technology Journal, 22(4):211–226.
  77. Harold Love. 2002. Attributing authorship: An introduction. Cambridge University Press, New York, USA.
  78. Scott M. Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. In Proceedings of the 31st International Conference on Neural Information Processing Systems, NIPS’17, page 4768–4777, Red Hook, NY, USA. Curran Associates Inc.
  79. A girl has no name: Automated authorship obfuscation using Mutant-X. Proceedings on Privacy Enhancing Technologies, 2019(4):54–71.
  80. Author obfuscation using WordNet and language models—notebook for PAN at CLEF 2016. In Working Notes of the Conference and Labs of the Evaluation Forum, pages 5–8, Évora, Portugal. CEUR-WS.
  81. The limits of word level differential privacy. In Findings of the Association for Computational Linguistics: NAACL 2022, pages 867–881, Seattle, United States. Association for Computational Linguistics.
  82. Brian W. Matthews. 1975. Comparison of the predicted and observed secondary structure of T4 phage lysozyme. Biochimica et Biophysica Acta (BBA) - Protein Structure, 405(2):442–451.
  83. CIAGAN: Conditional identity anonymization generative adversarial networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 5446–5455, Seattle, WA, USA. IEEE.
  84. Guide to protecting the confidentiality of personally identifiable information (PII).
  85. Use fewer instances of the letter “i”: Toward writing style anonymization. In Privacy Enhancing Technologies, pages 299–318, Berlin, Heidelberg. Springer Berlin Heidelberg.
  86. Anonymouth revamped: Getting closer to stylometric anonymity. In PETools: Workshop on Privacy Enhancing Tools, volume 20, Bloomington, Indiana, USA.
  87. Frank McSherry and Kunal Talwar. 2007. Mechanism design via differential privacy. In 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS’07), pages 94–103. IEEE.
  88. Thomas C. Mendenhall. 1901. A mechanical solution of a literary problem. Popular Science Monthly, 60:97–105.
  89. SU@ PAN’2016: Author obfuscation—notebook for PAN at CLEF 2016. In Working Notes of the Conference and Labs of the Evaluation Forum, pages 5–8.
  90. Frederick Mosteller and David L. Wallace. 1964. Inference and disputed authorship: The Federalist. Addison-Wesley Publishing Company, Inc.
  91. Counter-fitting word vectors to linguistic constraints. In Proceedings of the 2016 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pages 142–148, San Diego, California. Association for Computational Linguistics.
  92. On the feasibility of internet-scale author identification. In 2012 IEEE Symposium on Security and Privacy, pages 300–314. IEEE.
  93. Surveying stylometry techniques and applications. ACM Computing Surveys (CSUR), 50(6):1–36.
  94. John Noecker Jr. and Michael Ryan. 2012. Distractorless authorship verification. In Proceedings of the Eighth International Conference on Language Resources and Evaluation (LREC’12), pages 785–789, Istanbul, Turkey. European Language Resources Association (ELRA).
  95. Richard Ohmann. 1964. Generative grammars and the concept of literary style. Word, 20(3):423–439.
  96. Rebekah Overdorf and Rachel Greenstadt. 2016. Blogs, Twitter feeds, and Reddit comments: Cross-domain authorship attribution. Proceedings on Privacy Enhancing Technologies, 3:155–171.
  97. Towards the improvement of UI/UX of a human-AI adversarial authorship system. In HCI for Cybersecurity, Privacy and Trust: 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Virtual Event, June 26–July 1, 2022, Proceedings, pages 194–205. Springer.
  98. Author obfuscation: Attacking the state of the art in authorship verification. In Working Notes of the Conference and Labs of the Evaluation Forum, pages 716–749.
  99. Overview of the author obfuscation task at PAN 2018: A new approach to measuring safety. In Working Notes of the Conference and Labs of the Evaluation Forum.
  100. Author masking directed by author’s style. In Working Notes of the Conference and Labs of the Evaluation Forum.
  101. Anonymity, privacy, and security online. Technical report, Pew Research Center.
  102. Josyula R. Rao and Pankaj Rohatgi. 2000. Can pseudonymity really guarantee privacy? In Proceedings of the 9th Conference on USENIX Security Symposium - Volume 9, SSYM’00, page 7, USA. USENIX Association.
  103. “Why Should I Trust You?”: Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’16, page 1135–1144, New York, NY, USA. Association for Computing Machinery.
  104. Anchors: High-precision model-agnostic explanations. In Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence and Thirtieth Innovative Applications of Artificial Intelligence Conference and Eighth AAAI Symposium on Educational Advances in Artificial Intelligence, AAAI’18/IAAI’18/EAAI’18. AAAI Press.
  105. Joseph Rudman. 2000. Non-traditional authorship attribution studies: Ignis Fatuus or Rosetta Stone? Bulletin (Bibliographical Society of Australia and New Zealand), 24(3):163–176.
  106. A4NT: Author attribute anonymity by adversarial training of neural machine translation. In 27th {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 18), pages 1633–1650.
  107. Harold Somers and Fiona Tweedie. 2003. Authorship attribution and pastiche. Computers and the Humanities, 37(4):407–429.
  108. Efstathios Stamatatos. 2009. A survey of modern authorship attribution methods. Journal of the American Society for Information Science and Technology, 60(3):538–556.
  109. Efstathios Stamatatos. 2013. On the robustness of authorship attribution based on character n-gram features. Journal of Law and Policy, 21(2):421–439.
  110. Salil Vadhan. 2017. The complexity of differential privacy. In Tutorials on the foundations of cryptography: Dedicated to Oded Goldreich, pages 347–450, Cham. Springer International Publishing.
  111. Reproduction and replication of an adversarial stylometry experiment. arXiv preprint arXiv:2208.07395.
  112. Mode effects’ challenge to authorship attribution. In Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Main Volume, pages 1146–1155, Online. Association for Computational Linguistics.
  113. Cross-register authorship attribution using vernacular and classical Chinese texts. In DH Benelux 2021. Zenodo.
  114. UPTON: Unattributable authorship text via data poisoning. arXiv preprint arXiv:2211.09717.
  115. Neural network acceptability judgments. Transactions of the Association for Computational Linguistics, 7:625–641.
  116. DP-VAE: Human-readable text anonymization for online reviews with differentially private variational autoencoders. In Proceedings of the ACM Web Conference 2022, WWW ’22, pages 721–731, New York, NY, USA. Association for Computing Machinery.
  117. C. B. Williams. 1975. Mendenhall’s studies of word-length distribution in the works of Shakespeare and Bacon. Biometrika, 62(1):207–212.
  118. Zhibiao Wu and Martha Palmer. 1994. Verb semantics and lexical selection. In 32nd Annual Meeting of the Association for Computational Linguistics, pages 133–138, Las Cruces, New Mexico, USA. Association for Computational Linguistics.
  119. The many voices of Du Ying: Revisiting the disputed writings of Lu Xun and Zhou Zuoren. In The Book of Abstracts of DH2022, pages 400–404.
  120. Paraphrasing for style. In Proceedings of COLING 2012, pages 2899–2914, Mumbai, India. The COLING 2012 Organizing Committee.
  121. White-box transformers via sparse rate reduction. arXiv preprint arXiv:2306.01129.
  122. Adversarial authorship attribution for deobfuscation. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pages 7372–7384, Dublin, Ireland. Association for Computational Linguistics.
  123. Bertscore: Evaluating text generation with BERT. In International Conference on Learning Representations.
  124. Adversarial attacks on deep-learning models in natural language processing: A survey. ACM Transactions on Intelligent Systems and Technology (TIST), 11(3):1–41.
  125. Ying Zhao and Jinjun Chen. 2022. A survey on differential privacy for unstructured data content. ACM Computing Surveys, 54(10s).
  126. Jian Zhu and David Jurgens. 2021. Idiosyncratic but not arbitrary: Learning idiolects in online registers reveals distinctive yet consistent individual styles. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pages 279–297, Online and Punta Cana, Dominican Republic. Association for Computational Linguistics.
Citations (1)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up