Towards Improving Code Stylometry Analysis in Underground Forums

Authors: Michal Tereszkowski-Kaminski (King’s College London), Sergio Pastrana (Universidad Carlos III de Madrid), Jorge Blasco (Royal Holloway, University of London), Guillermo Suarez-Tangil (IMDEA Networks Institute and King’s College London)

Volume: 2022
Issue: 1
Pages: 126–147
DOI: https://doi.org/10.2478/popets-2022-0007

Download PDF

Abstract: Code Stylometry has emerged as a powerful mechanism to identify programmers. While there have been significant advances in the field, existing mechanisms underperform in challenging domains. One such domain is studying the provenance of code shared in underground forums, where code posts tend to have small or incomplete source code fragments. This paper proposes a method designed to deal with the idiosyncrasies of code snippets shared in these forums. Our system fuses a forum-specific learning pipeline with Conformal Prediction to generate predictions with precise confidence levels as a novelty. We see that identifying unreliable code snippets is paramount to generate highaccuracy predictions, and this is a task where traditional learning settings fail. Overall, our method performs as twice as well as the state-of-the-art in a constrained setting with a large number of authors (i.e., 100). When dealing with a smaller number of authors (i.e., 20), it performs at high accuracy (89%). We also evaluate our work on an open-world assumption and see that our method is more effective at retaining samples.

Keywords: Authorship Attribution, Underground Forums, Language Selection, Code Clone Detection

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.