Similarity Hashing Based on Levenshtein Distances

  • Frank Breitinger
  • Georg Ziroff
  • Steffen Lange
  • Harald Baier
Conference paper

DOI: 10.1007/978-3-662-44952-3_10

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 433)
Cite this paper as:
Breitinger F., Ziroff G., Lange S., Baier H. (2014) Similarity Hashing Based on Levenshtein Distances. In: Peterson G., Shenoi S. (eds) Advances in Digital Forensics X. DigitalForensics 2014. IFIP Advances in Information and Communication Technology, vol 433. Springer, Berlin, Heidelberg

Abstract

It is increasingly common in forensic investigations to use automated pre-processing techniques to reduce the massive volumes of data that are encountered. This is typically accomplished by comparing fingerprints (typically cryptographic hashes) of files against existing databases. In addition to finding exact matches of cryptographic hashes, it is necessary to find approximate matches corresponding to similar files, such as different versions of a given file.

This paper presents a new stand-alone similarity hashing approach called saHash, which has a modular design and operates in linear time. saHash is almost as fast as SHA-1 and more efficient than other approaches for approximate matching. The similarity hashing algorithm uses four sub-hash functions, each producing its own hash value. The four sub-hashes are concatenated to produce the final hash value. This modularity enables sub-hash functions to be added or removed, e.g., if an exploit for a sub-hash function is discovered. Given the hash values of two byte sequences, saHash returns a lower bound on the number of Levenshtein operations between the two byte sequences as their similarity score. The robustness of saHash is verified by comparing it with other approximate matching approaches such as +sdhash+.

Keywords

Fuzzy hashing similarity digest Levenshtein distance 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Frank Breitinger
    • 1
    • 2
  • Georg Ziroff
    • 1
  • Steffen Lange
    • 1
  • Harald Baier
    • 1
    • 2
  1. 1.Darmstadt University of Applied SciencesDarmstadtGermany
  2. 2.Center for Advanced Security Research DarmstadtDarmstadtGermany

Personalised recommendations