Skip to main content
SpringerLink
Log in

File fragment recognition based on content and statistical features

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Nowadays, the speed up development and use of digital devices such as smartphones have put people at risk of internet crimes. The evidence of present crimes in a computer file can be easily unreachable by changing the prefix of a file or other algorithms. In more complex cases, either file divided into different parts or the parts of a file that has information about the file type are deleted, where the file fragment recognition issue is discussed. The known files are divided into different fragments, and different classification algorithms are used to solve the problems of file fragment recognition. A confusion matrix measures the accuracy of type recognition. The issue of identifying the type of file fragment due to its importance in cybercrime issues as well as antivirus has been highly emphasized and has been addressed in many articles. Increasing the accuracy in this field on the types of widely used files due to the sensitivity of the subject of recognizing the type of file under study is the main goal of researchers in this field. Failure to identify the correct type of file will lead to deviations of the results and evidence from the main issue or failure to conclude. In this paper, first, the file is divided into different fragments. Then, the file fragment features, which are obtained from Binary Frequency Distribution (BFD), are reduced by 2 feature reduction algorithms; Sequential Forward Selection algorithm (SFS) as well as Sequential Floating Forward Selection algorithm (SFFS) to delete sparse features that result in increased accuracy and speed. Finally, the reduced features are given to 3 Multiclass classifier algorithms, Multilayer Perceptron (MLP), Support Vector Machines (SVM), and K-Nearest Neighbor (KNN) for classification and comparison of the results. The proposed recognition algorithm can recognize 6 types of useful files (PDF, TXT, JPG, DOC, HTML, EXE) and may distinguish a type of file fragments with higher accuracy than the similar works done.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data availability

The data of this paper is the result of simulation and all the data are presented in the form of graphs inside the paper. There is no private data in this article.

References

  1. Ahmed I, Lhee KS, Shin H, Hong M (2010) Content-based file-type identification using cosine similarity and a divide-and-conquer approach. IETE Tech Rev 27(6):465–477

    Article  Google Scholar 

  2. Ahmed, I., Lhee, K. S., Shin, H. J., & Hong, M. P. (2011). Fast content-based file type identification. In IFIP international conference on digital forensics (pp. 65–75). Springer, Berlin, Heidelberg

  3. Alamri NS, Allen WH (2015) A comparative study of file-type identification techniques. In SoutheastCon 2015 (pp. 1-5). IEEE.

  4. Calhoun WC, Coles D (2008) Predicting the types of file fragments. Digital investigation, 5, S14-S20.

  5. Cao D, Luo J, Yin M, Yang H (2010) Feature selection based file type identification algorithm. In 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems (Vol. 3, pp. 58-62). IEEE.

  6. Chen KH, Chen LF, Su CT (2014) A new particle swarm feature selection method for classification. J Intell Inf Syst 42(3):507–530

    Article  Google Scholar 

  7. Chen Q, Liao Q, Jiang ZL, Fang J, Yiu S, Xi G, ... Liu D (2018, May) File fragment classification using grayscale image conversion and deep learning in digital forensics. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 140–147). IEEE.

  8. Chun S, Hwang I, Son W, Chang JH, Park W (2018) Recognition, classification, and prediction of the tactile sense. Nanoscale 10(22):10545–10553

    Article  Google Scholar 

  9. Dunham JG, Sun MT, Tseng JC (2005) Classifying file type of stream ciphers in depth using neural networks. In The 3rd ACS/IEEE International Conference on Computer Systems and Applications, 2005. (p. 97). IEEE.

  10. Fapohunda F (2018) U.S. Patent No. 9,928,284. Washington, DC: U.S. Patent and Trademark Office.

  11. Gopal S, Yang Y, Salomatin K, Carbonell J (2011) Statistical learning for file-type identification. In 2011 10th international conference on machine learning and applications and workshops (Vol. 1, pp. 68-73). IEEE.

  12. Karresand M, Shahmehri N (2006) File type identification of data fragments by their binary structure. In Proceedings of the IEEE Information Assurance Workshop (pp. 140-147).

  13. Kulkarni S, Harman G (2011) An elementary introduction to statistical learning theory (Vol. 853). John Wiley & Sons.

  14. Li WJ, Wang K, Stolfo SJ, Herzog B (2005) Fileprints: identifying file types by n-gram analysis. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop (pp. 64-71). IEEE.

  15. Li H, He F, Liang Y, Quan Q (2019) A dividing-based many-objective evolutionary algorithm for large-scale feature selection. Soft Computing:1–20

  16. Li H, He F, Chen Y (2020) Learning dynamic simultaneous clustering and classification via automatic differential evolution and firework algorithm. Appl Soft Comput 96:106593

    Article  Google Scholar 

  17. McDaniel M, Heydari MH (2003) Content based file type detection algorithms. In 36th annual Hawaii International Conference on System Sciences, 2003. Proceedings of the (pp. 10-pp). IEEE.

  18. Moody SJ, Erbacher RF (2008) Sádi-statistical analysis for data type identification. In 2008 Third international workshop on systematic approaches to digital forensic engineering (pp. 41-54). IEEE.

  19. Pudil P, Novovičová J, Kittler J (1994) Floating search methods in feature selection. Pattern Recogn Lett 15(11):1119–1125

    Article  Google Scholar 

  20. Quan Q, He F, Li H (2020) A multi-phase blending method with incremental intensity for training detection networks. Vis Comput:1–15

  21. Quan Q, He F, Li H (2020) A multi-phase blending method with incremental intensity for training detection networks. Vis Comput:1–15

  22. Sportiello L, Zanero S (2012) Context-based file block classification. In IFIP international conference on digital forensics (pp. 67–82). Springer, Berlin, Heidelberg

  23. Veenman CJ (2007) Statistical disk cluster classification for file carving. In Third international symposium on information assurance and security (pp. 393-398). IEEE.

  24. Wang J, Liu S, Song H (2018) Fractal research on the edge blur threshold recognition in big data classification. Mobile Networks and Applications 23(2):251–260

    Article  Google Scholar 

  25. Whitney AW (1971) A direct method of nonparametric measurement selection. IEEE Trans Comput 100(9):1100–1103

    Article  Google Scholar 

  26. Xiaohui D, Huapeng L, Yong L, Ji Y, Shuqing Z (2020) Comparison of swarm intelligence algorithms for optimized band selection of hyperspectral remote sensing image. Open Geosciences 12(1):425–442

    Article  Google Scholar 

  27. Zhang L, White GB (2007) An approach to detect executable content for anomaly based network intrusion detection. In 2007 IEEE International Parallel and Distributed Processing Symposium (pp. 1-8). IEEE.

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran

    Marzieh Masoumi

  2. Electrical Engineering Department, Faculty of Intelligent Systems Engineering and Data Science, Persian Gulf University, Bushehr, 7516913817, Iran

    Ahmad Keshavarz

  3. Faculty of Computer Science and Engineering, Shahid Beheshti University, G. C. Evin, Tehran, 1983969411, Iran

    Reza Fotohi

Authors
  1. Marzieh Masoumi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmad Keshavarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Reza Fotohi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Reza Fotohi.

Ethics declarations

Informed consent statement

None.

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Masoumi, M., Keshavarz, A. & Fotohi, R. File fragment recognition based on content and statistical features. Multimed Tools Appl 80, 18859–18874 (2021). https://doi.org/10.1007/s11042-021-10681-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-021-10681-x

Keywords

Search

Navigation