Entropy-based file type identification and partitioning
Paul, Calvin B.
MetadataShow full item record
The need for file identification and partitioning in the digital forensic, reverse engineering, and security analyst fields cannot be overstated. In this research, we investigate the use of the Shannon entropy profile derived from the file expressed in byte format to characterize specific file types and identify file segments based on entropy-level changes. The process consists of two stages. In the first stage, a binary representation of the file is partitioned into chunks of fixed-length data bytes and processed to extract the entropy profile. In the second stage, the detrended fluctuation analysis (DFA) method is applied to determine the level of structure in the entropy profile. The Haar continuous wavelet transform (CWT) is then used to partition the files identified as highly structured into areas of distinct changes in entropy level. Experimental results show that the proposed approach is effective in identifying file types and partitioning in segments of different entropy levels.
RightsCopyright is reserved by the copyright owner.
Showing items related by title, author, creator and subject.
Morozov, Andrey K.; Colosi, John A. (Acoustical Society of America, 2015-09-08);The reduction of information capacity of the ocean sound channel due to scattering by internal waves is a potential problem for acoustic communication, navigation, and remote sensing over long ranges. In spite of recent ...
Justamante, David (Monterey, California: Naval Postgraduate School, 2017-03);Randomness is at the heart of today's computing. There are two categorical methods to generate random numbers: pseudorandom number generation (PRNG) methods and true random number generation (TRNG) methods. While PRNGs ...
Jin, Yan; Liu, Qianyu (2009);Along with the advance of technologies and evolving variety of military missions, Edge Organization has been proposed to transform C2 from its conventional hierarchical and inflexible structures into more network centric ...