FRASHER – A framework for automated evaluation of similarity hashing
Détails
Télécharger: 1-s2.0-S2666281722000889-main.pdf (762.09 [Ko])
Etat: Public
Version: Final published version
Licence: CC BY-NC-ND 4.0
Etat: Public
Version: Final published version
Licence: CC BY-NC-ND 4.0
ID Serval
serval:BIB_46BA340CA680
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
FRASHER – A framework for automated evaluation of similarity hashing
Périodique
Forensic Science International: Digital Investigation
ISSN
2666-2817
Statut éditorial
Publié
Date de publication
07/2022
Peer-reviewed
Oui
Volume
42
Pages
301407
Langue
anglais
Résumé
A challenge for digital forensic investigations is dealing with large amounts of data that need to be processed. Approximate matching (AM), a.k.a. similarity hashing or fuzzy hashing, plays a pivotal role in solving this challenge. Many algorithms have been proposed over the years such as ssdeep, sdhash, MRSH-v2, or TLSH, which can be used for similarity assessment, clustering of different artifacts, or finding fragments and embedded objects. To assess the differences between these implementations (e.g., in terms of runtime efficiency, fragment detection, or resistance against obfuscation attacks), a testing framework is indispensable and the core of this article. The proposed framework is called FRASHER (referring to a predecessor FRASH from 2013) and provides an up-to-date view on the problem of evaluating AM algorithms with respect to both the conceptual and the practical aspects. Consequently, we present and discuss relevant test case scenarios as well as release and demonstrate our framework allowing a comprehensive evaluation of AM algorithms. Compared to its predecessor, we adapt it to a modern environment providing better modularity and usability as well as more thorough testing cases.
Mots-clé
Test framework, Test cases, Evaluation framework, Approximate matching, Similarity hashing, Fuzzy hashing, Similarity digest algorithm
Web of science
Open Access
Oui
Création de la notice
05/09/2022 8:51
Dernière modification de la notice
07/09/2022 6:09