Abstract
Nowadays, the speed up development and use of digital devices such as smartphones have put people at risk of internet crimes. The evidence of present crimes in a computer file can be easily unreachable by changing the prefix of a file or other algorithms. In more complex cases, either file divided into different parts or the parts of a file that has information about the file type are deleted, where the file fragment recognition issue is discussed. The known files are divided into different fragments, and different classification algorithms are used to solve the problems of file fragment recognition. A confusion matrix measures the accuracy of type recognition. The issue of identifying the type of file fragment due to its importance in cybercrime issues as well as antivirus has been highly emphasized and has been addressed in many articles. Increasing the accuracy in this field on the types of widely used files due to the sensitivity of the subject of recognizing the type of file under study is the main goal of researchers in this field. Failure to identify the correct type of file will lead to deviations of the results and evidence from the main issue or failure to conclude. In this paper, first, the file is divided into different fragments. Then, the file fragment features, which are obtained from Binary Frequency Distribution (BFD), are reduced by 2 feature reduction algorithms; Sequential Forward Selection algorithm (SFS) as well as Sequential Floating Forward Selection algorithm (SFFS) to delete sparse features that result in increased accuracy and speed. Finally, the reduced features are given to 3 Multiclass classifier algorithms, Multilayer Perceptron (MLP), Support Vector Machines (SVM), and K-Nearest Neighbor (KNN) for classification and comparison of the results. The proposed recognition algorithm can recognize 6 types of useful files (PDF, TXT, JPG, DOC, HTML, EXE) and may distinguish a type of file fragments with higher accuracy than the similar works done.
Similar content being viewed by others
Data availability
The data of this paper is the result of simulation and all the data are presented in the form of graphs inside the paper. There is no private data in this article.
References
Ahmed I, Lhee KS, Shin H, Hong M (2010) Content-based file-type identification using cosine similarity and a divide-and-conquer approach. IETE Tech Rev 27(6):465–477
Ahmed, I., Lhee, K. S., Shin, H. J., & Hong, M. P. (2011). Fast content-based file type identification. In IFIP international conference on digital forensics (pp. 65–75). Springer, Berlin, Heidelberg
Alamri NS, Allen WH (2015) A comparative study of file-type identification techniques. In SoutheastCon 2015 (pp. 1-5). IEEE.
Calhoun WC, Coles D (2008) Predicting the types of file fragments. Digital investigation, 5, S14-S20.
Cao D, Luo J, Yin M, Yang H (2010) Feature selection based file type identification algorithm. In 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems (Vol. 3, pp. 58-62). IEEE.
Chen KH, Chen LF, Su CT (2014) A new particle swarm feature selection method for classification. J Intell Inf Syst 42(3):507–530
Chen Q, Liao Q, Jiang ZL, Fang J, Yiu S, Xi G, ... Liu D (2018, May) File fragment classification using grayscale image conversion and deep learning in digital forensics. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 140–147). IEEE.
Chun S, Hwang I, Son W, Chang JH, Park W (2018) Recognition, classification, and prediction of the tactile sense. Nanoscale 10(22):10545–10553
Dunham JG, Sun MT, Tseng JC (2005) Classifying file type of stream ciphers in depth using neural networks. In The 3rd ACS/IEEE International Conference on Computer Systems and Applications, 2005. (p. 97). IEEE.
Fapohunda F (2018) U.S. Patent No. 9,928,284. Washington, DC: U.S. Patent and Trademark Office.
Gopal S, Yang Y, Salomatin K, Carbonell J (2011) Statistical learning for file-type identification. In 2011 10th international conference on machine learning and applications and workshops (Vol. 1, pp. 68-73). IEEE.
Karresand M, Shahmehri N (2006) File type identification of data fragments by their binary structure. In Proceedings of the IEEE Information Assurance Workshop (pp. 140-147).
Kulkarni S, Harman G (2011) An elementary introduction to statistical learning theory (Vol. 853). John Wiley & Sons.
Li WJ, Wang K, Stolfo SJ, Herzog B (2005) Fileprints: identifying file types by n-gram analysis. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop (pp. 64-71). IEEE.
Li H, He F, Liang Y, Quan Q (2019) A dividing-based many-objective evolutionary algorithm for large-scale feature selection. Soft Computing:1–20
Li H, He F, Chen Y (2020) Learning dynamic simultaneous clustering and classification via automatic differential evolution and firework algorithm. Appl Soft Comput 96:106593
McDaniel M, Heydari MH (2003) Content based file type detection algorithms. In 36th annual Hawaii International Conference on System Sciences, 2003. Proceedings of the (pp. 10-pp). IEEE.
Moody SJ, Erbacher RF (2008) Sádi-statistical analysis for data type identification. In 2008 Third international workshop on systematic approaches to digital forensic engineering (pp. 41-54). IEEE.
Pudil P, Novovičová J, Kittler J (1994) Floating search methods in feature selection. Pattern Recogn Lett 15(11):1119–1125
Quan Q, He F, Li H (2020) A multi-phase blending method with incremental intensity for training detection networks. Vis Comput:1–15
Quan Q, He F, Li H (2020) A multi-phase blending method with incremental intensity for training detection networks. Vis Comput:1–15
Sportiello L, Zanero S (2012) Context-based file block classification. In IFIP international conference on digital forensics (pp. 67–82). Springer, Berlin, Heidelberg
Veenman CJ (2007) Statistical disk cluster classification for file carving. In Third international symposium on information assurance and security (pp. 393-398). IEEE.
Wang J, Liu S, Song H (2018) Fractal research on the edge blur threshold recognition in big data classification. Mobile Networks and Applications 23(2):251–260
Whitney AW (1971) A direct method of nonparametric measurement selection. IEEE Trans Comput 100(9):1100–1103
Xiaohui D, Huapeng L, Yong L, Ji Y, Shuqing Z (2020) Comparison of swarm intelligence algorithms for optimized band selection of hyperspectral remote sensing image. Open Geosciences 12(1):425–442
Zhang L, White GB (2007) An approach to detect executable content for anomaly based network intrusion detection. In 2007 IEEE International Parallel and Distributed Processing Symposium (pp. 1-8). IEEE.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Informed consent statement
None.
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Masoumi, M., Keshavarz, A. & Fotohi, R. File fragment recognition based on content and statistical features. Multimed Tools Appl 80, 18859–18874 (2021). https://doi.org/10.1007/s11042-021-10681-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-021-10681-x