• Journal of KIISE:Databases
• /
• v.27 no.1
• /
• pp.79-89
• /
• 2000

For processing signature file in parallel, an effective signature file declustering method is needed. The Linear Code Decomposition Method(LCDM) used for the Hamming Filter may give a good performance in some cases, but due to its static property, it fails to evenly decluster signature file when signature are skewed. In addition, it has other problems such as limited scalability and non-determinism. In this paper we propose a new signature file declustering method, called Inner-product method, which overcomes those problems in the LCDM. The Inner-product method declusters signature file dynamically based on the signature difference which is computed by using signature inner product. we show through the simulation experiment that the Inner-product outperforms the LCDM under various data workloads.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.118-123
• /
• 2021

Recently, digital crime is becoming more intelligent, and efficient digital forensic techniques are required to collect evidence for this. In the case of important files related to crime, a specific person may intentionally delete the file. In such a situation, data recovery is a very important procedure that can prove criminal charges. Although there are various methods to recover deleted files, we focuses on the recovery technique using HxD editor. When recovering a deleted file using the HxD editor, check the file structure and access the file data area through calculation. However, there is a possibility that errors such as arithmetic errors may occur when a file approach through calculation is used. Therefore, in this paper, we propose an algorithm that automatically calculates the header and footer of a file after checking the file signature in the root directory for efficient file recovery. If the algorithm proposed in this paper is used, it is expected that the error rate of arithmetic errors in the file recovery process can be reduced.

• Journal of the Korean Institute of Telematics and Electronics C
• /
• v.35C no.3
• /
• pp.32-45
• /
• 1998

A partitioned signature file is an enhancement of the signature file that divides all the signatures into blocks in such a way that each block contains the signatures with the same key. Its directory storesall the keys as meta information for avoiding unnecessary block accesses by examming them first before the acture searching of the blocks.. Efficient directory management is very important in large databasse environments since ist size gets larger proportionally to that of the database. In this paper, we first point out the problems in the directory management methods of the previous partitioned signature files, and then present a new one solving them. OUr method offers good features in the followint three aspects: (1) suitability for large database environments, (2) adaptability to dynamic situations, and (3) storage overhead for the directory. Moreover, we can seamlessly integrate it as a subcomponent into previously-developed general-purpose storage engines. These features show that our method is applicableto signature-based access structures for the content-based retrieval in various multimedia applications such as hypermedia systems, digital library systems, multimedia document systems, multimedia mailing systems, and so on.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.2
• /
• pp.53-59
• /
• 2020

Malicious file upload attacks mean that the attacker to upload or transfer files of dangerous types that can be automatically processed within the web server's environment. Uploaded file content can include exploits, malware and malicious scripts. An attacker can user malicious content to manipulate the application behavior. As a method of detecting a malicious file upload attack, it is generally used to find a file type by detecting a file extension or a signature of the file. However, this type of file type detection has the disadvantage that it can not detect files that are not encoded with a specific program, such as PHP files. Therefore, in this paper, research was conducted on how to detect and block any program by using essential commands or variable names used in the corresponding program when writing a specific program. The performance evaluation results show that it detected specific files effectively using the suggested method.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.555-562
• /
• 2009

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.189-196
• /
• 2020

In general, fragmented files without signatures and file meta-information are difficult to recover. Multimedia files, in particular, are highly fragmented and have high entropy, making it almost impossible to recover with signature-based carving at present. To solve this problem, research on fragmented files is underway, but research on multimedia files is lacking. This paper is a study that classifies the types of fragmented multimedia files without signature and file meta-information. Extracts the characteristic values of each file type through the frequency differences of specific byte values according to the file type, and presents a method of designing the corresponding Gray-Scale table and classifying the file types of a total of four multimedia types, JPG, PNG, H.264 and WAV, using the CNN (Convolutional Natural Networks) model. It is expected that this paper will promote the study of classification of fragmented file types without signature and file meta-information, thereby increasing the possibility of recovery of various files.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.25-30
• /
• 2017

The influence of the data deletion method which is one of anti-forensic techniques is substantial in terms of forensic analysis compared to its simplicity of the act. In academic world, recovery techniques on deleted files have been continuously studied in response to the data deletion method and representatively, the file system-based file recovery technique and file format based recovery technique exist. If there's metadata of deleted file in file system, the file can be easily recovered by using it, but if there's no metadata, the file is recovered by using the signature-based carving technique or the file format based recovery technique has to be applied. At this time, in the file format based recovery technique, the file structure analysis and possible recovery technique should be provided. This paper proposes the page recovery technique on deleted PDF file based on the structural characteristics of PDF file. This technique uses the tag value of page object which constitutes one page of PDF file. Object is extracted by utilizing each tag value as a kind of signature and by analyzing extracted object, the metadata of PDF file is recombined and then it's reconfigured page by page. Recovering by page means that even if deleted PDF file is damaged, even some pages consisting of PDF file can be recovered. Generally, if the file system based file is not recoverable, deleted file is recovered by applying the signature based carving technique. The technique which we proposed in this paper can recover PDF files that are damaged. In the digital forensic perspective, it can be utilized to recover more data than previously.

• Annual Conference on Human and Language Technology
• /
• 1991.10a
• /
• pp.247-256
• /
• 1991

텍스트를 이용하는 새로운 데이타베이스 응용을 효율적으로 지원하기 위해 여러 가지 텍스트 검색 기법이 연구되었으며, 이러한 연구 가운데 효율적인 검색 기법으로 요약 화일 (signature file) 방법이 제안되었다. 그러나 이러한 연구는 모두 영문 텍스트를 위한 연구이며, 한글 텍스트를 위한 요약 화일 기법에 관한 연구는 거의 전무한 상태이다. 따라서 본 논문에서는 한글의 특성에 맞는 요약 화일 기법을 설계하고 아울러 제안한 기법의 실용성과 타당성을 검토한다.

• Journal of Electrical Engineering and information Science
• /
• v.2 no.4
• /
• pp.37-45
• /
• 1997

With rapid increase of information requirements from various application areas, there has been much research on dynamic information storage structures that effectively support insertions, deletions and updates. In this appear we evaluate the performance of he existing dynamic signature file methods such as the S-tree, Quick Filter and HS file and provide guidelines for the most effective usage to a given operational environment. We derive analytic performance evaluation models of the storage structures based on retrieval time, storage overhead and insertion time. We also perform extensive experiments with various data distributions such as uniform, normal and exponential distributions. The relationships among various performance parameters are throughly investigated. We show through performance comparison based on analytic models and experiments that regardless of data distribution, the HS file significantly improves performance in both the retreival time and the storage overhead over S-tree and Quick Filter.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.556-558
• /
• 2017

Recently internal confidential file leakage of industry is substantially increasing, which results in serious damage to enterprises. Most of these outbreaks are caused by internal employees. In this paper, we proposed and implemented a signature insertion scheme for defining confidential file in order to detect the outflow of internal confidential files with various file formats.