Anonymity networks like Tor harbor many underground markets and discussion forums dedicated to the trade of illegal goods and services. As they are gaining in popularity, the analysis of their content and users is becoming increasingly urgent for many different parties, ranging from law enforcement and security agencies to financial institutions. A major issue in cyber forensics is that anonymization techniques like Tor’s onion routing have made it very difficult to trace the identities of suspects. In this paper we propose classification set-ups for two tasks related to user identification, namely alias classification and authorship attribution. We apply our techniques to data from a Tor discussion forum mainly dedicated to drug trafficking, and show that for both tasks we achieve high accuracy using a combination of character-level n-grams, stylometric features and timestamp features of the user posts.
[Spitters2015] Martijn Spitters, Femke Klaver, Gijs Koot, and Mark van Staalduinen. Authorship analysis on dark marketplace forums. In Proceedings of the European Intelligence and Security Informatics Conference (EISIC), Manchester, UK., Sep 2015. IEEE. Topic-Horizon-Scan.