Classification of Low- and High-Entropy File Fragments Using Randomness Measures and Discrete Fourier Transform Coefficients

IF 0.6 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE Vietnam Journal of Computer Science Pub Date : 2023-07-28 DOI:10.1142/s2196888823500070

K. Skracic, J. Petrović, P. Pale

{"title":"Classification of Low- and High-Entropy File Fragments Using Randomness Measures and Discrete Fourier Transform Coefficients","authors":"K. Skracic, J. Petrović, P. Pale","doi":"10.1142/s2196888823500070","DOIUrl":null,"url":null,"abstract":"This paper presents an approach to improve the file fragment classification by proposing new features for classification and evaluating them on a dataset that includes both low- and high-entropy file fragments. High-entropy fragments, belonging to compressed and encrypted files, are particularly challenging to classify because they lack exploitable patterns. To address this challenge, the proposed feature vectors are constructed based on the byte frequency distribution (BFD) of file fragments, along with discrete Fourier transform coefficients and several randomness measures. These feature vectors are tested using three machine learning models: Support vector machines (SVMs), artificial neural networks (ANNs), and random forests (RFs). The proposed approach is evaluated on the govdocs1 dataset, which is freely available and widely used in this field, to enable reproducibility and fair comparison with other published research. The results show that the proposed approach outperforms existing methods and achieves better classification accuracy for both low- and high-entropy file fragments.","PeriodicalId":30898,"journal":{"name":"Vietnam Journal of Computer Science","volume":"2016 1","pages":""},"PeriodicalIF":0.6000,"publicationDate":"2023-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vietnam Journal of Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1142/s2196888823500070","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

This paper presents an approach to improve the file fragment classification by proposing new features for classification and evaluating them on a dataset that includes both low- and high-entropy file fragments. High-entropy fragments, belonging to compressed and encrypted files, are particularly challenging to classify because they lack exploitable patterns. To address this challenge, the proposed feature vectors are constructed based on the byte frequency distribution (BFD) of file fragments, along with discrete Fourier transform coefficients and several randomness measures. These feature vectors are tested using three machine learning models: Support vector machines (SVMs), artificial neural networks (ANNs), and random forests (RFs). The proposed approach is evaluated on the govdocs1 dataset, which is freely available and widely used in this field, to enable reproducibility and fair comparison with other published research. The results show that the proposed approach outperforms existing methods and achieves better classification accuracy for both low- and high-entropy file fragments.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于随机度量和离散傅立叶变换系数的低熵和高熵文件片段分类

本文提出了一种改进文件片段分类的方法，提出了新的分类特征，并在包含低熵和高熵文件片段的数据集上对它们进行了评估。属于压缩和加密文件的高熵片段尤其难以分类，因为它们缺乏可利用的模式。为了解决这一挑战，所提出的特征向量是基于文件片段的字节频率分布(BFD)，以及离散傅立叶变换系数和几个随机性度量来构建的。这些特征向量使用三种机器学习模型进行测试:支持向量机(svm)、人工神经网络(ann)和随机森林(rf)。所提出的方法在govdocs1数据集上进行了评估，该数据集可免费获得并在该领域广泛使用，以实现可重复性并与其他已发表的研究进行公平比较。结果表明，该方法对高熵和低熵文件片段的分类精度都优于现有的分类方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊