Volume 31 Issue 4
Jul.  2022
Turn off MathJax
Article Contents
ZHANG Li, HAO Shengang, ZHANG Quanxin, “A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery,” Chinese Journal of Electronics, vol. 31, no. 4, pp. 732-740, 2022, doi: 10.1049/cje.2020.00.206
Citation: ZHANG Li, HAO Shengang, ZHANG Quanxin, “A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery,” Chinese Journal of Electronics, vol. 31, no. 4, pp. 732-740, 2022, doi: 10.1049/cje.2020.00.206

A Fine-Grained Flash-Memory Fragment Recognition Approach for Low-Level Data Recovery

doi: 10.1049/cje.2020.00.206
Funds:  This work was supported by the National Natural Science Foundation of China (61802210)
More Information
  • Author Bio:

    was born in 1978. She received the Ph.D. degree in computer application technology from Beijing Institute of Technology, in 2013. She is currently an Associate Professor of the Zhejiang University of Media and Communication. Her current research interests include digital forensics, machine learning and information security. (Email: nythhsg@163.com)

    was born in 1977. He received the M.S. degree in computer application technology from Wuhan University of Technology, in 2007. He is now a Ph.D. candidate of Beijing Institute of Technology. His research interests include machine learning and intelligent manufacturing. (Email: jsjxjw@sina.com)

    (corresponding author) was born in 1974. He received the Ph.D. degree in computer application technology from Beijing Institute of Technology, in 2003. He is currently an Associate Professor of Beijing Institute of Technology. His current research interests include deep learning and information security. (Email: zhangqx@bit.edu.cn)

  • Received Date: 2020-07-08
  • Accepted Date: 2020-08-28
  • Available Online: 2021-08-18
  • Publish Date: 2022-07-05
  • Data recovery from flash memory in the mobile device can effectively reduce the loss caused by data corruption. Type recognition of data fragment is an essential prerequisite to the low-level data recovery. Previous works in this field classify data fragment based on its file type. Still, the classification efficiency is low, especially when the data fragment is a part of a composite file. We propose a fine-grained approach to classifying data fragment from the low-level flash memory to improve the classification accuracy and efficiency. The proposed method redefines flash-memory-page data recognition problem based on the encoding format of the data segment, and applies a hybrid machine learning algorithm to detect the data type of the flash page. The hybrid algorithm can significantly decompose the given data space and reduce the cost of training. The experimental results show that our method achieves better classification accuracy and higher time performance than the existing methods.
  • loading
  • [1]
    W. Wang, X. Wang, D. Feng, et al., “Exploring permission-induced risk in android applications for malicious application detection,” IEEE Transactions on Information Forensics and Security, vol.9, no.11, pp.1869–1882, 2014. doi: 10.1109/TIFS.2014.2353996
    X. Yu, Y. Tan, Z. Sun, et al., “A fault-tolerant and energy-efficient continuous data protection system,” Journal of Ambient Intelligence and Humanized Computing, vol.10, no.8, pp.2945–2954, 2019. doi: 10.1007/s12652-018-0726-2
    W. Meng, W. Li and L. F. Kwok, “EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism,” Computers & Security, vol.43, pp.189–204, 2014.
    Q. Zhang, Y. Gan, L. Liu, et al., “An authenticated asymmetric group key agreement based on attribute encryption,” Journal of Network and Computer Applications, vol.123, pp.1–10, 2018. doi: 10.1016/j.jnca.2018.08.013
    Z. Guan, X. Liu, L. Wu, et al., “Cross-lingual multi-keyword rank search with semantic extension over encrypted data,” Information Sciences, vol.514, pp.523–540, 2020. doi: 10.1016/j.ins.2019.11.013
    V. Roussev and S. L. Garfinkel, “File fragment classification-the case for specialized approaches,” in Proceedings of Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering, IEEE, Berkeley, CA, USA, pp.3–14, 2009.
    P. Penrose, R. MacFarlane, and W. J. Buchanan, “Approaches to the classification of high entropy file fragments,” Digital Investigation, vol.10, no.4, pp.372–384, 2013. doi: 10.1016/j.diin.2013.08.004
    T. T. Xu, M. Xu, Y. Z. Ren, et al., “A file fragment classification method based on grayscale image,” Journal of Computers, vol.9, no.8, pp.1863–1870, 2014.
    V. Roussev and C. Quates, “File fragment encoding classificationd—An empirical approach,” Digital Investigation, vol.10, no.Supplement, pp.S69–S77, 2013. doi: 10.1016/j.diin.2013.06.008
    M. McDaniel and M. H. Heydari, “Content based file type detection algorithms,” in Proc. of 36th Annual Hawaii International Conference on System Sciences, IEEE, Big Island, HI, USA, DOI: 10.1109/HICSS.2003.1174905, 2003.
    W. J. Li, K. Wang, S. J. Stolfo, et al., “Fileprints: Identifying file types by n-gram analysis,” in Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop, IEEE, West Point, NY, USA, pp.64–71, 2005.
    S. L. Garfinkel, “Carving contiguous and fragmented files with fast object validation,” Digital Investigation, vol.4, pp.2–12, 2007. doi: 10.1016/j.diin.2007.06.017
    C. J. Veenman, “Statistical disk cluster classification for file carving,” in Proc. of Third Int. Symp. on Information Assurance and Security, Manchester, UK, pp.393–398, 2007.
    W. C. Calhoun and D. Coles, “Predicting the types of file fragments,” Digital Investigation, vol.5, no.Supplement, pp.S14–S20, 2008. doi: 10.1016/j.diin.2008.05.005
    S. Axelsson, “The normalised compression distance as a file fragment classifier,” Digital Investigation, vol.7, no.Supplement, pp.S24–S31, 2010. doi: 10.1016/j.diin.2010.05.004
    S. Axelsson, K. A. Bajwa, and M. V. Srikanth, “File fragment analysis using normalized compression distance,” in Advances in Digital Forensics IX, Berlin, Heidelberg: Springer Berlin Heidelberg, pp.171–182, 2013.
    N. L. Beebe, L. A. Maddox, L. Liu, et al., “Sceadan: Using concatenated N-gram vectors for improved file and data type classification,” IEEE Transactions on Information Forensics and Security, vol.8, no.9, pp.1519–1530, 2013. doi: 10.1109/TIFS.2013.2274728
    K. Chen, Z. Du, S. Ye, et al., “Research on coarse/fine read algorithm based on a NAND flash page buffer design,” Acta Electronica Sinica, vol.46, no.11, pp.2619–2625, 2018. (in Chinese)
    Y. Xue, Y. Tan, C. Liang, et al., “RootAgency: A digital signature-based root privilege management agency for cloud terminal devices,” Information Sciences, vol.444, pp.36–50, 2018. doi: 10.1016/j.ins.2018.02.069
    J. Shu, S. Liu, L. Liu, et al., “Research on link quality estimation mechanism for wireless sensor networks based on support vector machine,” Chinese Journal of Electronics, vol.26, no.2, pp.377–384, 2017. doi: 10.1049/cje.2017.01.013
    Y. Wu, J. Li, C. Song, et al., “Words in pairs neural networks for text classification,” Chinese Journal of Electronics, vol.29, no.3, pp.491–500, 2020. doi: 10.1049/cje.2020.03.005
    Y. Song, S. Yao, D. Yu, et al., “A new K-ary crisp decision tree induction with continuous valued attributes,” Chinese Journal of Electronics, vol.26, no.5, pp.999–1007, 2017. doi: 10.1049/cje.2017.07.015
    X. Wang, J. Li, X. Kuang, et al., “The security of machine learning in an adversarial setting: A survey,” Journal of Parallel and Distributed Computing, vol.130, pp.12–23, 2019. doi: 10.1016/j.jpdc.2019.03.003
    Z. Guan, Y. Zhang, L. Zhu, et al., “EFFECT: An efficient flexible privacy-preserving data aggregation scheme with authentication in smart grid,” Science China (Information Sciences), vol.62, no.3, pp.31–44, 2019.
    W. Li, W. Meng, Z. Tan, et al., “Design of multi-view based email classification for IoT systems via semi-supervised learning,” Journal of Network and Computer Applications, vol.128, pp.56–63, 2019. doi: 10.1016/j.jnca.2018.12.002
    L. Zhang, S. Hao, and Q. Zhang, “Recovering SQLite data from fragmented flash pages,” Annals of Telecommunications, vol.74, no.7-8, pp.451–460, 2019. doi: 10.1007/s12243-019-00707-9
    Y. Li, S. Yao, K. Yang, et al., “A high-imperceptibility and histogram-shifting data hiding scheme for JPEG images,” IEEE Access, vol.7, pp.73573–73582, 2019. doi: 10.1109/ACCESS.2019.2920178
    M. Shen, B. Ma, L. Zhu, et al., “Cloud-based approximate constrained shortest distance queries over encrypted graphs with privacy protection,” IEEE Transactions on Information Forensics and Security, vol.13, no.4, pp.940–953, 2018. doi: 10.1109/TIFS.2017.2774451
    X. F. Gao, Y. A. Tan, H. W. Jiang, et al., “Boosting targeted black-box attacks via ensemble substitute training and linear augmentation,” Applied Sciences, vol.9, no.11, article no.2286, 2019. doi: 10.3390/app9112286
    L. Sportiello and S. Zanero, “File block classification by support vector machine,” in Proceedings of Sixth International Conference on Availability, Reliability and Security, Vienna, Austria, pp.307–312, 2011.
    Wikipedia, “Lempel-Ziv complexity specification,” available at: https://en.wikipedia.org/wiki/Lempel-Ziv_complexity, 2018-8-17.
    F. Chang, C. Y. Guo, X. Lin, et al., “Tree decomposition for large-scale SVM problems,” in Proceedings of International Conference on Technologies and Applications of Artificial Intelligence, Hsinchu, China, pp.233–240, 2010.
    S. Garfinkel, P. Farrell, V. Roussev, et al., “Bringing science to digital forensics with standardized forensic corpora,” Digital Investigation, vol.6, no.Supplement, pp.S2–S11, 2009. doi: 10.1016/j.diin.2009.06.016
  • 加载中


    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(5)  / Tables(2)

    Article Metrics

    Article views (582) PDF downloads(38) Cited by()
    Proportional views


    DownLoad:  Full-Size Img  PowerPoint