Open access repository

Home Open access repository

In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).

» Openaccess proceedings » South African Information Security Multi-Conference (SAISMC 2010)

South African Information Security Multi-Conference (SAISMC 2010)

South African Information Security Multi-Conference (SAISMC 2010)
Port Elizabeth, South Africa, May 17-18, 2010
ISBN: 978-1-84102-256-7

Title: A Novel Support Vector Machine Approach to High Entropy Data Fragment Classification
Author(s): Qiming Li, Alvin Y Ong, Ponnuthurai N. Suganthan, Vrizlynn LL Thing
Reference: pp236-247
Keywords: Data classification, support vector machine, digital forensics
Abstract: A major challenge in digital forensics is the efficient and accurate file type classification of a fragment of evidence data, in the absence of header and file system information. A typical approach to this problem is to classify the fragment based on simple statistics, such as the entropy and the statistical distance of byte histograms. This approach is ineffective when dealing with high entropy data, such as multimedia and compressed files, all of which often appear to be random. We propose a method incorporating a support vector machine (SVM). In particular, we extract feature vectors from the byte frequencies of a given fragment, and use an SVM to predict the type of the fragment under supervised learning. Our method is efficient and achieves high accuracy for high entropy data fragments.
Download count: 1505

How to get this paper:

Download a free PDF copy of this paperBuy this book at Lulu.com

PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.