Notes：De-anonymizing Programmers via Code Stylometry

Essay Information

De-anonymizing Programmers via Code Stylometry

Aylin Caliskan-Islam, Richard Harang, Andrew Liu, Arvind Narayanan, Clare Voss,

Fabian Yamaguchi, and Rachel Greenstadt.

Usenix Security Symposium, 2015

Source code stylometry

Everyone learns coding on an individual basis, as a result code in a

unique style, which makes de-annoymization possible.

Software engineering insights

programmer style changes while implementing sophisticated

functionality

differences in coding style of programmers with different skill sets

Identify malicious programmers.

Scenario 1 : Who wrote this code?

Alice analyzes a library with Malicious source code.

Bob has a source code collection with known authors

Bob will search his collection to find Alice’s adversary

Scenario 2 : Who wrote this code?

Alice got an extension for her programming assignment.

Bob, the teacher has everyone else’s code.

Bob wants to see if Alice plagiarized.

Comparison to related work

Machine learning workflow

Abstract Syntax Trees (AST)

Stylemotry can be used in source code to identify the author of a program.

Extract layout and lexical features from source code.

Abstract syntax trees (AST) in code represent the structure of the program.

Preprocess source code to obtain AST.

Parse AST to extract coding style features.

Feature Extraction

### Code Stylometry Feature Set (CSFS)

Lexical features (Extract from source code)

Layout features (Extract from source code)

Syntactic features (Extract from ASTs)

Feature Selection

WEKA’s information gain criterion, which evaluates the difference between the entropy of the distribution of classes and the entropy of the conditional distribution of classes given a particular feature:



where A is the class corresponding to an author, H is Shannon entropy, and Mi is the ith feature of the dataset.

Intuitively, the information gain can be thought of as measuring the amount of information that the observation of the value of feature i gives about the class label associated with the example.

To reduce the total size and sparsity of the feature vector, we retained only those features that individually had non-zero information gain

Random Forest Classification

Method

Use random forest as the machine learning classifier

avoid over-fitting

multi-class classifier by nature

K-fold cross validation

Validate method on a different dataset

Future work

Multiple authorship detection

Multiple author identification

Anonymizing source code

obfuscation is not the answer

Stylometry in executable binaries

authorship attribution