A Girl Has A Name, And It's ... Adversarial Authorship Attribution for Deobfuscation

TL;DR

This paper explores the challenge of adversarial authorship attribution, demonstrating that trained attributors can significantly reduce obfuscation effectiveness, highlighting the need for more robust privacy-preserving methods.

Contribution

It introduces the problem of adversarial deobfuscation in authorship attribution and evaluates how adversarial training impacts obfuscation effectiveness.

Findings

Adversarially trained attributors reduce obfuscation effectiveness from 20-30% to 5-10%.

Degradation in attribution accuracy occurs even when attributors have incorrect assumptions.

Current obfuscation methods are vulnerable to adversarial deobfuscation, requiring stronger defenses.

Abstract

Recent advances in natural language processing have enabled powerful privacy-invasive authorship attribution. To counter authorship attribution, researchers have proposed a variety of rule-based and learning-based text obfuscation approaches. However, existing authorship obfuscation approaches do not consider the adversarial threat model. Specifically, they are not evaluated against adversarially trained authorship attributors that are aware of potential obfuscation. To fill this gap, we investigate the problem of adversarial authorship attribution for deobfuscation. We show that adversarially trained authorship attributors are able to degrade the effectiveness of existing obfuscators from 20-30% to 5-10%. We also evaluate the effectiveness of adversarial training when the attributor makes incorrect assumptions about whether and which obfuscator was used. While there is a a clear degradation in attribution accuracy, it is noteworthy that this degradation is still at or above the attribution accuracy of the attributor that is not adversarially trained at all. Our results underline the need for stronger obfuscation approaches that are resistant to deobfuscation