A Fragment Classification Method Depending on Data Type

Data fragment classification is an important problem in many fields, such as intrusion detection, reverse engineering, data recovery, digital forensics and so on. Most of the existing methods try to classify the fragment depending on file type. But the results are poor, because compound file types can contain many other file types, and some file types use the similar data encoding scheme. In this paper, a classification method depending on data type is promoted. In the method the fragment needed to be classified is given a data type instead of file type. First a fragment set including many common data types is created, then the byte frequency distribution and entropy are extracted as features, after that a classifier is built by using those features in training set and SVM algorithm, last the classifier is used to classify the data fragments. The experiment results show that the accuracy of the proposed method is 88.58%, which achieved a 21.2% growth compared with the traditional way.