Security Investigate

Statistical Learning for File-Type Identification

Download now Free registration required

Executive Summary

File-Type Identification (FTI) is an important problem in digital forensics, intrusion detection, and other related fields. Using state-of-the-art classification techniques to solve FTI problems has begun to receive research attention; however, general conclusions have not been reached due to the lack of thorough evaluations for method comparison. This paper presents a systematic investigation of the problem, algorithmic solutions and an evaluation methodology. The authors' focus is on performance comparison of statistical classifiers (e.g. SVM and kNN) and knowledge-based approaches, especially COTS (Commercial Off-The-Shelf) solutions which currently dominate FTI applications. They analyze the robustness of different methods in handling damaged files and file segments.

  • Format: PDF
  • Size: 203.05 KB