A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery

ZHANG Li; HAO Shengang; ZHANG Quanxin

doi:10.1049/cje.2020.00.206

Volume 31 Issue 4

Jul. 2022

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2022 > 31(4): 732-740

ZHANG Li, HAO Shengang, ZHANG Quanxin, “A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery,” Chinese Journal of Electronics, vol. 31, no. 4, pp. 732-740, 2022, doi: 10.1049/cje.2020.00.206

Citation:

ZHANG Li, HAO Shengang, ZHANG Quanxin, “A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery,” Chinese Journal of Electronics, vol. 31, no. 4, pp. 732-740, 2022, doi: 10.1049/cje.2020.00.206

Citation:

PDF( 3247 KB)

A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery

doi: 10.1049/cje.2020.00.206

1.
Department of Media Engineering, Zhejiang University of Media and Communication, Hangzhou 310018, China
2.
School of Computer Science, Beijing Institute of Technology, Beijing 100081, China

Funds: This work was supported by the National Natural Science Foundation of China (61802210)

More Information

Author Bio:
was born in 1978. She received the Ph.D. degree in computer application technology from Beijing Institute of Technology, in 2013. She is currently an Associate Professor of the Zhejiang University of Media and Communication. Her current research interests include digital forensics, machine learning and information security. (Email: nythhsg@163.com)

was born in 1977. He received the M.S. degree in computer application technology from Wuhan University of Technology, in 2007. He is now a Ph.D. candidate of Beijing Institute of Technology. His research interests include machine learning and intelligent manufacturing. (Email: jsjxjw@sina.com)

(corresponding author) was born in 1974. He received the Ph.D. degree in computer application technology from Beijing Institute of Technology, in 2003. He is currently an Associate Professor of Beijing Institute of Technology. His current research interests include deep learning and information security. (Email: zhangqx@bit.edu.cn)
Received Date: 2020-07-08
Accepted Date: 2020-08-28

Available Online: 2021-08-18

Publish Date: 2022-07-05

Abstract

Abstract

Data recovery from flash memory in the mobile device can effectively reduce the loss caused by data corruption. Type recognition of data fragment is an essential prerequisite to the low-level data recovery. Previous works in this field classify data fragment based on its file type. Still, the classification efficiency is low, especially when the data fragment is a part of a composite file. We propose a fine-grained approach to classifying data fragment from the low-level flash memory to improve the classification accuracy and efficiency. The proposed method redefines flash-memory-page data recognition problem based on the encoding format of the data segment, and applies a hybrid machine learning algorithm to detect the data type of the flash page. The hybrid algorithm can significantly decompose the given data space and reduce the cost of training. The experimental results show that our method achieves better classification accuracy and higher time performance than the existing methods.
- Flash fragmentation recognition,
- Fine-grained,
- Machine learning algorithm,
- Support vector machine,
- Decision tree,
- Digital forensics

FullText(HTML)

References(33)

References

[1]	W. Wang, X. Wang, D. Feng, et al., “Exploring permission-induced risk in android applications for malicious application detection,” IEEE Transactions on Information Forensics and Security, vol.9, no.11, pp.1869–1882, 2014. doi: 10.1109/TIFS.2014.2353996
[2]	X. Yu, Y. Tan, Z. Sun, et al., “A fault-tolerant and energy-efficient continuous data protection system,” Journal of Ambient Intelligence and Humanized Computing, vol.10, no.8, pp.2945–2954, 2019. doi: 10.1007/s12652-018-0726-2
[3]	W. Meng, W. Li and L. F. Kwok, “EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism,” Computers & Security, vol.43, pp.189–204, 2014.
[4]	Q. Zhang, Y. Gan, L. Liu, et al., “An authenticated asymmetric group key agreement based on attribute encryption,” Journal of Network and Computer Applications, vol.123, pp.1–10, 2018. doi: 10.1016/j.jnca.2018.08.013
[5]	Z. Guan, X. Liu, L. Wu, et al., “Cross-lingual multi-keyword rank search with semantic extension over encrypted data,” Information Sciences, vol.514, pp.523–540, 2020. doi: 10.1016/j.ins.2019.11.013
[6]	V. Roussev and S. L. Garfinkel, “File fragment classification-the case for specialized approaches,” in Proceedings of Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering, IEEE, Berkeley, CA, USA, pp.3–14, 2009.
[7]	P. Penrose, R. MacFarlane, and W. J. Buchanan, “Approaches to the classification of high entropy file fragments,” Digital Investigation, vol.10, no.4, pp.372–384, 2013. doi: 10.1016/j.diin.2013.08.004
[8]	T. T. Xu, M. Xu, Y. Z. Ren, et al., “A file fragment classification method based on grayscale image,” Journal of Computers, vol.9, no.8, pp.1863–1870, 2014.
[9]	V. Roussev and C. Quates, “File fragment encoding classiﬁcationd—An empirical approach,” Digital Investigation, vol.10, no.Supplement, pp.S69–S77, 2013. doi: 10.1016/j.diin.2013.06.008
[10]	M. McDaniel and M. H. Heydari, “Content based file type detection algorithms,” in Proc. of 36th Annual Hawaii International Conference on System Sciences, IEEE, Big Island, HI, USA, DOI: 10.1109/HICSS.2003.1174905, 2003.
[11]	W. J. Li, K. Wang, S. J. Stolfo, et al., “Fileprints: Identifying file types by n-gram analysis,” in Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop, IEEE, West Point, NY, USA, pp.64–71, 2005.
[12]	S. L. Garfinkel, “Carving contiguous and fragmented files with fast object validation,” Digital Investigation, vol.4, pp.2–12, 2007. doi: 10.1016/j.diin.2007.06.017
[13]	C. J. Veenman, “Statistical disk cluster classification for file carving,” in Proc. of Third Int. Symp. on Information Assurance and Security, Manchester, UK, pp.393–398, 2007.
[14]	W. C. Calhoun and D. Coles, “Predicting the types of file fragments,” Digital Investigation, vol.5, no.Supplement, pp.S14–S20, 2008. doi: 10.1016/j.diin.2008.05.005
[15]	S. Axelsson, “The normalised compression distance as a file fragment classifier,” Digital Investigation, vol.7, no.Supplement, pp.S24–S31, 2010. doi: 10.1016/j.diin.2010.05.004
[16]	S. Axelsson, K. A. Bajwa, and M. V. Srikanth, “File fragment analysis using normalized compression distance,” in Advances in Digital Forensics IX, Berlin, Heidelberg: Springer Berlin Heidelberg, pp.171–182, 2013.
[17]	N. L. Beebe, L. A. Maddox, L. Liu, et al., “Sceadan: Using concatenated N-gram vectors for improved file and data type classification,” IEEE Transactions on Information Forensics and Security, vol.8, no.9, pp.1519–1530, 2013. doi: 10.1109/TIFS.2013.2274728
[18]	K. Chen, Z. Du, S. Ye, et al., “Research on coarse/fine read algorithm based on a NAND flash page buffer design,” Acta Electronica Sinica, vol.46, no.11, pp.2619–2625, 2018. (in Chinese)
[19]	Y. Xue, Y. Tan, C. Liang, et al., “RootAgency: A digital signature-based root privilege management agency for cloud terminal devices,” Information Sciences, vol.444, pp.36–50, 2018. doi: 10.1016/j.ins.2018.02.069
[20]	J. Shu, S. Liu, L. Liu, et al., “Research on link quality estimation mechanism for wireless sensor networks based on support vector machine,” Chinese Journal of Electronics, vol.26, no.2, pp.377–384, 2017. doi: 10.1049/cje.2017.01.013
[21]	Y. Wu, J. Li, C. Song, et al., “Words in pairs neural networks for text classification,” Chinese Journal of Electronics, vol.29, no.3, pp.491–500, 2020. doi: 10.1049/cje.2020.03.005
[22]	Y. Song, S. Yao, D. Yu, et al., “A new K-ary crisp decision tree induction with continuous valued attributes,” Chinese Journal of Electronics, vol.26, no.5, pp.999–1007, 2017. doi: 10.1049/cje.2017.07.015
[23]	X. Wang, J. Li, X. Kuang, et al., “The security of machine learning in an adversarial setting: A survey,” Journal of Parallel and Distributed Computing, vol.130, pp.12–23, 2019. doi: 10.1016/j.jpdc.2019.03.003
[24]	Z. Guan, Y. Zhang, L. Zhu, et al., “EFFECT: An efficient flexible privacy-preserving data aggregation scheme with authentication in smart grid,” Science China (Information Sciences), vol.62, no.3, pp.31–44, 2019.
[25]	W. Li, W. Meng, Z. Tan, et al., “Design of multi-view based email classification for IoT systems via semi-supervised learning,” Journal of Network and Computer Applications, vol.128, pp.56–63, 2019. doi: 10.1016/j.jnca.2018.12.002
[26]	L. Zhang, S. Hao, and Q. Zhang, “Recovering SQLite data from fragmented flash pages,” Annals of Telecommunications, vol.74, no.7-8, pp.451–460, 2019. doi: 10.1007/s12243-019-00707-9
[27]	Y. Li, S. Yao, K. Yang, et al., “A high-imperceptibility and histogram-shifting data hiding scheme for JPEG images,” IEEE Access, vol.7, pp.73573–73582, 2019. doi: 10.1109/ACCESS.2019.2920178
[28]	M. Shen, B. Ma, L. Zhu, et al., “Cloud-based approximate constrained shortest distance queries over encrypted graphs with privacy protection,” IEEE Transactions on Information Forensics and Security, vol.13, no.4, pp.940–953, 2018. doi: 10.1109/TIFS.2017.2774451
[29]	X. F. Gao, Y. A. Tan, H. W. Jiang, et al., “Boosting targeted black-box attacks via ensemble substitute training and linear augmentation,” Applied Sciences, vol.9, no.11, article no.2286, 2019. doi: 10.3390/app9112286
[30]	L. Sportiello and S. Zanero, “File block classification by support vector machine,” in Proceedings of Sixth International Conference on Availability, Reliability and Security, Vienna, Austria, pp.307–312, 2011.
[31]	Wikipedia, “Lempel-Ziv complexity specification,” available at: https://en.wikipedia.org/wiki/Lempel-Ziv_complexity, 2018-8-17.
[32]	F. Chang, C. Y. Guo, X. Lin, et al., “Tree decomposition for large-scale SVM problems,” in Proceedings of International Conference on Technologies and Applications of Artificial Intelligence, Hsinchu, China, pp.233–240, 2010.
[33]	S. Garfinkel, P. Farrell, V. Roussev, et al., “Bringing science to digital forensics with standardized forensic corpora,” Digital Investigation, vol.6, no.Supplement, pp.S2–S11, 2009. doi: 10.1016/j.diin.2009.06.016