Abstract
In digital forensics, classification of file fragments is an important step to complete the file carving process. There exist several approaches to identify the type of file fragments without relying on meta-data. Examples of such approaches are using features like header/footer and N-gram to identify the fragment type. Recently, deep learning models have been successfully used to build classification models to achieve this task. In this paper, we propose a light-weight file fragment classification using depthwise separable convolutional neural network model. We show that our proposed model does not only yield faster inference time, but also provide higher accuracy as compared to the state-of-art convolutional neural network based models. In particular, our model achieves an accuracy of 78.45% on the FFT-75 dataset with 100K parameters and 167M FLOPs, which is 24\(\times \) faster and 4–5\(\times \) smaller than the state-of-the-art classifier in the literature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed, I., Lhee, K.-S., Shin, H.-J., Hong, M.-P.: Fast content-based file type identification. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2011. IAICT, vol. 361, pp. 65–75. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24212-0_5
Akiba, T., Sano, S., Yanase, T., Ohta, T., Koyama, M.: Optuna: a next-generation hyperparameter optimization framework. In: Proceedings of the 25rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2019)
Alghafli, K., Yeun, C.Y., Damiani, E.: Techniques for measuring the probability of adjacency between carved video fragments: the vidcarve approach. IEEE Trans. Sustain. Comput. 6, 131–143 (2019)
Amirani, M.C., Toorani, M., Mihandoost, S.: Feature-based type identification of file fragments. Secur. Commun. Netw. 6, 115–128 (2013)
Beebe, N.L., Maddox, L.A., Liu, L., Sun, M.: Sceadan: using concatenated n-gram vectors for improved file and data type classification. IEEE Trans. Inf. Forensics Secur. 8(9), 1519–1530 (2013)
Bennett, D.: The challenges facing computer forensics investigators in obtaining information from mobile devices for use in criminal investigations. Inf. Secur. J. Global Perspect. 21(3), 159–168 (2012)
Bergstra, J.S., Bardenet, R., Bengio, Y., Kégl, B.: Algorithms for hyper-parameter optimization. In: Shawe-Taylor, J., Zemel, R.S., Bartlett, P.L., Pereira, F., Weinberger, K.Q. (eds.) Advances in Neural Information Processing Systems, vol. 24, pp. 2546–2554. Curran Associates, Inc. (2011). http://papers.nips.cc/paper/4443-algorithms-for-hyper-parameter-optimization.pdf
Chen, Q., et al.: File fragment classification using grayscale image conversion and deep learning in digital forensics. In: 2018 IEEE Security and Privacy Workshops (SPW) (2018). https://doi.org/10.1109/spw.2018.00029
Chollet, F.: Xception: deep learning with depthwise separable convolutions, pp. 1800–1807 (2017). https://doi.org/10.1109/CVPR.2017.195
Darwin, I.F.: Libmagic (2008). ftp://ftp.astron.com/pub/file
Dunne, R.A., Campbell, N.A.: On the pairing of the softmax activation and cross-entropy penalty functions and the derivation of the softmax activation function. In: Proceedings of 8th Australian Conference on the Neural Networks, Melbourne, vol. 181, p. 185. Citeseer (1997)
Fitzgerald, S., Mathews, G., Morris, C., Zhulyn, O.: Using nlp techniques for file fragment classification. Digital Invest. 9 (2012). https://doi.org/10.1016/j.diin.2012.05.008
Fukushima, K.: A self-organizing neural network model for a mechanism of pattern recognition unaffected by shift in position. Biol. Cybern. 36, 193–202 (1980)
Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digital Invest. 6 (2009). https://doi.org/10.1016/j.diin.2009.06.016
Garfinkel, S.L.: Carving contiguous and fragmented files with fast object validation. Digital Invest. 4, 2–12 (2007)
Hiester, L.: File fragment classification using neural networks with lossless representations (2018)
Hinton, G., Vinyals, O., Dean, J.: Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)
Hochreiter, S.: The vanishing gradient problem during learning recurrent neural nets and problem solutions. Int. J. Uncertainty Fuzz. Knowl.-Based Syst. 6(02), 107–116 (1998)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Howard, A., et al.: Searching for mobilenetv3. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 1314–1324 (2019)
Howard, A., et al.: Mobilenets: efficient convolutional neural networks for mobile vision applications (2017)
Karresand, M., Shahmehri, N.: Oscar - file type identification of binary data in disk clusters and ram pages. In: SEC (2006)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Lei, Z.: Forensic analysis of unallocated space. Ph.D. thesis, UOIT (2011)
Li, Q., Ong, A., Suganthan, P., Thing, V.: A novel support vector machine approach to high entropy data fragment classification (2010)
Lin, X.: File carving. In: Introductory Computer Forensics, pp. 211–233. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00581-8_9
Marziale, L., Richard, G.G., III., Roussev, V.: Massive threading: using gpus to increase the performance of digital forensics tools. Digital Invest. 4, 73–81 (2007)
Memon, G.M.P.K.N.: File fragment type (fft) - 75 dataset (2019). https://doi.org/10.21227/kfxw-8084
Mittal, G., Korus, P., Memon, N.: Fifty: large-scale file fragment type identification using convolutional neural networks. IEEE Trans. Inf. Forensics Secur. 16, 28–41 (2020)
Pham, H., Guan, M.Y., Zoph, B., Le, Q.V., Dean, J.: Efficient neural architecture search via parameter sharing. arXiv preprint arXiv:1802.03268 (2018)
Pratt, L.Y.: Discriminability-based transfer between neural networks. In: Advances in Neural Information Processing Systems, pp. 204–211 (1993)
Rafique, M., Khan, M.: Exploring static and live digital forensics: methods, practices and tools. Int. J. Sci. Eng. Res. 4(10), 1048–1056 (2013)
Richard III, G.G., Roussev, V.: Scalpel: A frugal, high performance file carver. In: DFRWS. Citeseer (2005)
SIfre, L., Mallat, S.: Rigid-motion scattering for texture classification (2014)
Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. CoRR abs/1409.1556 (2014). http://arxiv.org/abs/1409.1556
Szegedy, C., et al.: Going deeper with convolutions. In: Computer Vision and Pattern Recognition (CVPR) (2015). http://arxiv.org/abs/1409.4842
Tan, M., Le, Q.V.: Efficientnet: rethinking model scaling for convolutional neural networks. arXiv preprint arXiv:1905.11946 (2019)
Tian, Y., Krishnan, D., Isola, P.: Contrastive representation distillation. arXiv preprint arXiv:1910.10699 (2019)
Vulinović, K., Ivković, L., Petrović, J., Skračić, K., Pale, P.: Neural networks for file fragment classification. In: 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1194–1198. IEEE (2019)
Wallace, G.K.: The jpeg still picture compression standard. Commun. ACM 34(4), 30–44 (1991). https://doi.org/10.1145/103085.103089
Wang, F., Quach, T.T., Wheeler, J., Aimone, J.B., James, C.D.: Sparse coding for n-gram feature extraction and training for file fragment classification. IEEE Trans. Inf. Forensics Secur. 13(10), 2553–2562 (2018)
Wang, Y., Su, Z., Song, D.: File fragment type identification with convolutional neural networks. Proceedings of the 2018 International Conference on Machine Learning Technologies - ICMLT 18 (2018). https://doi.org/10.1145/3231884.3231889
Zheng, N., Wang, J., Wu, T., Xu, M.: A fragment classification method depending on data type. 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 1948–1953 (2015)
Zoph, B., Vasudevan, V., Shlens, J., Le, Q.V.: Learning transferable architectures for scalable image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 8697–8710 (2018)
Acknowledgement
The authors would like to acknowledge the Interdisciplinary Research Center for Intelligent Secure Systems at KFUPM.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Saaim, K.M., Felemban, M., Alsaleh, S., Almulhem, A. (2022). Light-Weight File Fragments Classification Using Depthwise Separable Convolutions. In: Meng, W., Fischer-Hübner, S., Jensen, C.D. (eds) ICT Systems Security and Privacy Protection. SEC 2022. IFIP Advances in Information and Communication Technology, vol 648. Springer, Cham. https://doi.org/10.1007/978-3-031-06975-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-06975-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06974-1
Online ISBN: 978-3-031-06975-8
eBook Packages: Computer ScienceComputer Science (R0)