TU Darmstadt / ULB / TUbiblio

Evaluating Detection Error Trade-offs for Bytewise Approximate Matching Algorithms

Breitinger, Frank ; Stivaktakis, Georgios ; Roussev, Vassil (2013)
Evaluating Detection Error Trade-offs for Bytewise Approximate Matching Algorithms.
In: 5th International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
Artikel, Bibliographie

Kurzbeschreibung (Abstract)

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similar representations. Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages, and have been evaluated in a somewhat ad-hoc manner. Recently, the FRASH testing framework has been proposed as a vehi- cle for developing a set of standardized tests for approximate matching algorithms; the aim is to provide a useful guide for understanding and comparing the absolute and relative performance of different algorithms. The contribution of this work is twofold: a) expand FRASH with auto- mated tests for quantifying approximate matching algorithm behavior with respect to precision and recall; and b) present a case study of two algorithms already in use–sdhash and ssdeep.

Typ des Eintrags: Artikel
Erschienen: 2013
Autor(en): Breitinger, Frank ; Stivaktakis, Georgios ; Roussev, Vassil
Art des Eintrags: Bibliographie
Titel: Evaluating Detection Error Trade-offs for Bytewise Approximate Matching Algorithms
Sprache: Englisch
Publikationsjahr: September 2013
Titel der Zeitschrift, Zeitung oder Schriftenreihe: 5th International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
Veranstaltungsort: Moscow
Kurzbeschreibung (Abstract):

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similar representations. Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages, and have been evaluated in a somewhat ad-hoc manner. Recently, the FRASH testing framework has been proposed as a vehi- cle for developing a set of standardized tests for approximate matching algorithms; the aim is to provide a useful guide for understanding and comparing the absolute and relative performance of different algorithms. The contribution of this work is twofold: a) expand FRASH with auto- mated tests for quantifying approximate matching algorithm behavior with respect to precision and recall; and b) present a case study of two algorithms already in use–sdhash and ssdeep.

Freie Schlagworte: Secure Data
ID-Nummer: TUD-CS-2013-0297
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen