Automated Evaluation of Approximate Matching Algorithms on Real Data

Authors

Frank Breitinger, University of New HavenFollow
Vassil Roussev, University of New Orleans

Author URLs

Professor Breitinger's Faculty Profile

Professor Breitinger's web page

Professor Breitinger's Full Bibliography

Document Type

Article

Publication Date

2014

Subject: LCSH

Cyber forensics, Computer forensics, Hashing (Computer science)

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to screen and analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similarrepresentations.

Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages and evaluation methodology is still evolving. Broadly, prior approaches have used either a human in the loop to manually evaluate the goodness of similarity matches on real world data, or controlled (pseudo-random) data to perform automated evaluation.

This work's contribution is to introduce automated approximate matching evaluation on real data by relating approximate matching results to the longest common substring (LCS). Specifically, we introduce a computationally efficient LCS approximation and use it to obtain ground truth on the t5 set. Using the results, we evaluate three existing approximate matching schemes relative to LCS and analyze their performance.

Comments

ª 2014 The Authors. Published by Elsevier Ltd on behalf of DFRWS. This is an open access article under the CC BY-NC-ND license (http:// creativecommons.org/licenses/by-nc-nd/3.0/).

DOI

10.1016/j.diin.2014.03.002

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Repository Citation

Breitinger, Frank and Roussev, Vassil, "Automated Evaluation of Approximate Matching Algorithms on Real Data" (2014). Electrical & Computer Engineering and Computer Science Faculty Publications. 61.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/61

Publisher Citation

Breitinger, Frank; Roussev, Vassil (2014): Automated evaluation of approximate matching algorithms on real data. In: Digital Investigation, 11, Supplement 1 (0), pp. S10 - S17, 2014, ISSN: 1742-2876, (Proceedings of the First Annual DFRWS Europe).