REAL TIME AND ACCURATE ENCRYPTED FILE TYPE IDENTIFICATION

Abstract

With attacks becoming more and more sophisticated off late, malware authors have started using encryption techniques to conceal their malicious code. Many content based file type identification techniques have succeeded in classification of unencrypted files. Since most of these techniques are based on pattern matching, they are not applicable in case of encrypted files due to the property of encryption algorithms to transform the data into randomized stream. Other techniques that work with encrypted files, fail to identify their types without constraints. They are limited to the detection of encrypted data in files. In this dissertation entitled "Real Time and Accurate Encrypted File Type Identification ", an encrypted file type identification technique is proposed that works in two phases. In the first phase, we use statistical entropy analysis for initial identification and dataset reduction. This phase identifies encrypted files of some non executable types, hence reducing the amount of data to be analyzed in the next phase. Next phase uses an artificial neural network for further analysis of files that could not be identified in the first phase. It identifies encrypted executable files with very high accuracy.