In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » South African Information Security Multi-Conference (SAISMC 2010)
South African Information Security Multi-Conference (SAISMC 2010) |
Title: A Novel Support Vector Machine Approach to High Entropy Data Fragment Classification
Author(s): Qiming Li, Alvin Y Ong, Ponnuthurai N. Suganthan, Vrizlynn LL Thing
Reference: pp236-247
Keywords: Data classification, support vector machine, digital forensics
Abstract: A major challenge in digital forensics is the efficient and accurate file type classification of a fragment of evidence data, in the absence of header and file system information. A typical approach to this problem is to classify the fragment based on simple statistics, such as the entropy and the statistical distance of byte histograms. This approach is ineffective when dealing with high entropy data, such as multimedia and compressed files, all of which often appear to be random. We propose a method incorporating a support vector machine (SVM). In particular, we extract feature vectors from the byte frequencies of a given fragment, and use an SVM to predict the type of the fragment under supervised learning. Our method is efficient and achieves high accuracy for high entropy data fragments.
Download count: 1605
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.