04 آذر 1403
احمد كشاورز

احمد کشاورز

مرتبه علمی: دانشیار
نشانی: دانشکده مهندسی سیستم های هوشمند و علوم داده - گروه مهندسی برق
تحصیلات: دکترای تخصصی / مهندسی برق- مخابرات سیستم
تلفن: 09173731896
دانشکده: دانشکده مهندسی سیستم های هوشمند و علوم داده

مشخصات پژوهش

عنوان File fragment recognition based on content and statistical features
نوع پژوهش مقالات در نشریات
کلیدواژه‌ها
Multiclass, classifier algorithms, Feature reduction, File fragments, File fragment, recognition, SFS, SFFS
مجله MULTIMEDIA TOOLS AND APPLICATIONS
شناسه DOI https://doi.org/10.1007/s11042-021-10681-x
پژوهشگران مرضیه معصومی (نفر اول) ، احمد کشاورز (نفر دوم) ، رضا فتوحی (نفر سوم)

چکیده

Nowadays, the speed up development and use of digital devices such as smartphones have put people at risk of internet crimes. The evidence of present crimes in a computer file can be easily unreachable by changing the prefix of a file or other algorithms. In more complex cases, either file divided into different parts or the parts of a file that has information about the file type are deleted, where the file fragment recognition issue is discussed. The known files are divided into different fragments, and different classification algorithms are used to solve the problems of file fragment recognition. A confusion matrix measures the accuracy of type recognition. The issue of identifying the type of file fragment due to its importance in cybercrime issues as well as antivirus has been highly emphasized and has been addressed in many articles. Increasing the accuracy in this field on the types of widely used files due to the sensitivity of the subject of recognizing the type of file under study is the main goal of researchers in this field. Failure to identify the correct type of file will lead to deviations of the results and evidence from the main issue or failure to conclude. In this paper, first, the file is divided into different fragments. Then, the file fragment features, which are obtained from Binary Frequency Distribution (BFD), are reduced by 2 feature reduction algorithms; Sequential Forward Selection algorithm (SFS) as well as Sequential Floating Forward Selection algorithm (SFFS) to delete sparse features that result in increased accuracy and speed. Finally, the reduced features are given to 3 Multiclass classifier algorithms, Multilayer Perceptron (MLP), Support Vector Machines (SVM), and K-Nearest Neighbor (KNN) for classification and comparison of the results. The proposed recognition algorithm can recognize 6 types of useful files (PDF, TXT, JPG, DOC, HTML, EXE) and may distinguish a type of file fragments with higher accuracy than the similar works d