-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathByteFrequencyAnalysis.java
116 lines (94 loc) · 4.02 KB
/
ByteFrequencyAnalysis.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/**
* Created by prasa on 2/23/2016.
*/
import java.io.*;
import java.util.Scanner;
import org.json.simple.JSONObject;
public class ByteFrequencyAnalysis {
public static final String[] fileTypes = {"application\\octet-stream"};
public static void main(String[] args) throws Exception{
double[] byteFreq = new double[256];
double[] byteCorrelation = new double[256];
for(int i = 0; i < fileTypes.length; i++) {
//Selecting the file type and setting the path to the folder which has the data and fingerprint file corresponding to that file type
File fileType = new File("D:\\PolarDump\\"+fileTypes[i]+"\\data");
String fingerprintFile = fileTypes[i].replace("\\","-");
File fingerprint = new File("D:\\PolarDump\\"+fileTypes[i]+"\\"+fingerprintFile+".txt");
File[] files = fileType.listFiles();
if (!fingerprint.exists()) {
fingerprint.createNewFile();
FileWriter fw = new FileWriter(fingerprint);
fw.write("0");// no of files processed = 0
for (int i = 0; i < 256; i++) {
fw.write("\n");
String temp = Double.toString(0.0) + "\t";
fw.write(temp);
}
fw.close();
}
//Reading over each file of the selected type
for(File file : files) {
FileInputStream fIS = new FileInputStream(file);
Scanner sc = new Scanner(new FileReader(fingerprint));
int numFiles = sc.nextInt();
System.out.println(numFiles);
sc.nextLine();
String[] terms = sc.nextLine().split("\\t");
for (int j = 0; j < 256; j++) {
String[] values = terms[j].split(",");
byteFreq[j] = Double.parseDouble(values[0]);
byteCorrelation[j] = Double.parseDouble(values[1]);
}
byte[] byteFile = new byte[(int) file.length()];
fIS.read(byteFile);
fIS.close();
double[] byteCount = new double[256];
//calculating its byte frequency distribution
for (int j = 0; j < byteFile.length; j++) {
byteCount[0xFF & byteFile[j]]++;
}
//Finding the max occurring byte
double max = byteCount[0];
int count = 0;
for (int j = 1; j < byteCount.length; j++) {
if (byteCount[j] > max) {
max = byteCount[j];
}
count += byteCount[j];
}
//Normalizing the byte frequency
for (int j = 0; j < byteCount.length; j++) {
byteCount[j] = byteCount[j] / max;
}
//Compounding the byte frequency if needed
if (max > (0.7 * count)) {
for (int j = 0; j < 256; j++) {
byteCount[j] = Math.pow(byteCount[j], 0.5);
}
}
//Updating the fingerprint file
for (int j = 0; j < 256; j++) {
byteFreq[j] = ((byteFreq[j] * numFiles) + byteCount[j]) / (numFiles + 1);
}
sc.close();
FileWriter fw = new FileWriter(fingerprint);
fw.write(Integer.toString(numFiles + 1));
fw.write("\n");
for (int j = 0; j < 256; j++) {
String temp = byteFreq[j] + "," + byteCorrelation[j] + "\t";
fw.write(temp);
}
fw.write("\n");
fw.close();
}
JSONObject json = new JSONObject();
for(int j = 0; j < 256; j++){
json.put(j, byteFreq[j]);
}
FileWriter jsonFile = new FileWriter("D:\\PolarDump\\"+fileTypes[i]+"\\"+fingerprintFile+".json");
jsonFile.write(json.toJSONString());
jsonFile.close();
System.out.println(json);
}
}
}