Skip to main content
SpringerLink
Log in

The Study on the Detection of the Damaged File Using the Graph of the Information Entropy for File Trust Management

  • Conference paper
  • First Online:
Advanced Multimedia and Ubiquitous Engineering

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 354))

  • 1375 Accesses

Abstract

Information entropy refers to the complexity of information included in set of data in a mathematical way. Entropy is now usually used for the classification of files or detection and analysis of malicious code. Information entropy graph shows the probability of occurrence of each information included in set of data using information entropy. Each Well Known File has different entropy and each file can be sorted using this. When it comes to binary file, however, different files can have the same entropy values so there is error possibility. Thus, the identification of files for the least errors can be possible when using entropy and graph patters. In the forensic analysis process, detections of hidden and tampered files are handled. With existing forensic method, the extensions of header and footer of tampered files are not automatically detected. When the other functions such as calculation and comparison of graphs are added, accuracy of experiment is increased in the forensic process. In this study, we proved that different files but have the same entropy values are assorted with the information entropy graphs. The information entropy graphs of Well Known Files showed the meaningful patterns for analysis and detection. When it comes to the damaged file header, footer, and even body, they sustained the same graph patterns even though they showed different entropy values.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27, 379–423, 623–656 (1948)

    Google Scholar 

  2. Lyda Sparta, R., Hamrock, J., McDonald, B.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 40–45 (2007)

    Google Scholar 

  3. Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., Lee, H.: Generic Unpacking using Entropy Analysis, pp. 98–105. IEEE (2010)

    Google Scholar 

  4. Garfinkel, S.L.: Carving contiguous and fragmented files with fast object validation. Digital Invest. 4S, S2–S12 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Korea Cyber Forensics Professional Association, Seoul, Republic of Korea

    Chae Ho Cho

  2. Department of Computer Science, Seokyeong University, Seoul, Republic of Korea

    Sungsuk Kim

  3. Department of Nano Convergence Engineering, Seokyeong University, Seoul, Republic of Korea

    Seonmi Han

  4. Department of Computer Science, Korea National Open University, Seoul, Republic of Korea

    Kwang Sik Chung

Authors
  1. Chae Ho Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sungsuk Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seonmi Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kwang Sik Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kwang Sik Chung .

Editor information

Editors and Affiliations

  1. Seoul National University of Science and Technology, Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. National Ilan University, Yilan City, Taiwan

    Han-Chieh Chao

  3. The University of Georgia, Athens, Georgia, USA

    Hamid Arabnia

  4. The University of Aizu, Aizuwakamatsu, Japan

    Neil Y. Yen

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cho, C.H., Kim, S., Han, S., Chung, K.S. (2016). The Study on the Detection of the Damaged File Using the Graph of the Information Entropy for File Trust Management. In: Park, J., Chao, HC., Arabnia, H., Yen, N. (eds) Advanced Multimedia and Ubiquitous Engineering. Lecture Notes in Electrical Engineering, vol 354. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47895-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-47895-0_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-47894-3

  • Online ISBN: 978-3-662-47895-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation