Abstract
Information entropy refers to the complexity of information included in set of data in a mathematical way. Entropy is now usually used for the classification of files or detection and analysis of malicious code. Information entropy graph shows the probability of occurrence of each information included in set of data using information entropy. Each Well Known File has different entropy and each file can be sorted using this. When it comes to binary file, however, different files can have the same entropy values so there is error possibility. Thus, the identification of files for the least errors can be possible when using entropy and graph patters. In the forensic analysis process, detections of hidden and tampered files are handled. With existing forensic method, the extensions of header and footer of tampered files are not automatically detected. When the other functions such as calculation and comparison of graphs are added, accuracy of experiment is increased in the forensic process. In this study, we proved that different files but have the same entropy values are assorted with the information entropy graphs. The information entropy graphs of Well Known Files showed the meaningful patterns for analysis and detection. When it comes to the damaged file header, footer, and even body, they sustained the same graph patterns even though they showed different entropy values.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27, 379–423, 623–656 (1948)
Lyda Sparta, R., Hamrock, J., McDonald, B.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 40–45 (2007)
Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., Lee, H.: Generic Unpacking using Entropy Analysis, pp. 98–105. IEEE (2010)
Garfinkel, S.L.: Carving contiguous and fragmented files with fast object validation. Digital Invest. 4S, S2–S12 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cho, C.H., Kim, S., Han, S., Chung, K.S. (2016). The Study on the Detection of the Damaged File Using the Graph of the Information Entropy for File Trust Management. In: Park, J., Chao, HC., Arabnia, H., Yen, N. (eds) Advanced Multimedia and Ubiquitous Engineering. Lecture Notes in Electrical Engineering, vol 354. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47895-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-47895-0_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-47894-3
Online ISBN: 978-3-662-47895-0
eBook Packages: EngineeringEngineering (R0)