Podrobná bibliografie
| Název: |
Entropy-based file type identification and partitioning |
| Autoři: |
Paul, Calvin B. |
| Přispěvatelé: |
Cristi, Roberto, Fargues, Monique, Electrical and Computer Engineering (ECE) |
| Informace o vydavateli: |
Naval Postgraduate School |
| Rok vydání: |
2017 |
| Sbírka: |
Naval Postgraduate School: Calhoun |
| Témata: |
file type identification, file partitioning, entropy, feature vector, detrended fluctuation analysis, Haar continuous wavelet, statistical measure |
| Popis: |
The need for file identification and partitioning in the digital forensic, reverse engineering, and security analyst fields cannot be overstated. In this research, we investigate the use of the Shannon entropy profile derived from the file expressed in byte format to characterize specific file types and identify file segments based on entropy-level changes. The process consists of two stages. In the first stage, a binary representation of the file is partitioned into chunks of fixed-length data bytes and processed to extract the entropy profile. In the second stage, the detrended fluctuation analysis (DFA) method is applied to determine the level of structure in the entropy profile. The Haar continuous wavelet transform (CWT) is then used to partition the files identified as highly structured into areas of distinct changes in entropy level. Experimental results show that the proposed approach is effective in identifying file types and partitioning in segments of different entropy levels. ; Approved for public release; distribution is unlimited. ; Civilian, Armaments Corporation of South Africa (Armscor) ; http://archive.org/details/entropybasedfile1094555513 |
| Druh dokumentu: |
thesis |
| Popis souboru: |
application/pdf |
| Jazyk: |
unknown |
| Relation: |
https://hdl.handle.net/10945/55513 |
| Dostupnost: |
https://hdl.handle.net/10945/55513 |
| Rights: |
Copyright is reserved by the copyright owner. |
| Přístupové číslo: |
edsbas.907D9B0E |
| Databáze: |
BASE |
Nájsť tento článok vo Web of Science