myEntropy reveals file type

We are, in the pandemic world, even more dependent on online services than we ever have been before, whether as remote workers, those learning from home, or in healthcare. As such, there is an increasing need to ensure those services are protected from malicious third parties and malware.

New work published in the International Journal of Electronic Security and Digital Forensics, discusses how the entropy level of critical files might be measured and provided a proxy for determining whether or not those files have been corrupted by a virus or usurped with malware. Tay Xin Hui, Kamaruddin Malik Mohamad, and Nurul Hidayah Ab Rahman of the Universiti Tun Hussein Onn in Malaysia, explain their investigations using “myEntropy” an entropy calculator tool that they have used to examine SQL files, SWF files, and Java files. These three filetypes Structured Query Language, Small Web Format, and Java files are commonly used in a wide-range of online services and can be highly vulnerable to attack.

The team used 250 sample files to calculate the entropy level for each filetype. They could then discern the average entropy level for each. Thus the myEntropy tool might be developed further to be used to quickly and with little computer resources ascertain whether a file of these critical type has been corrupted or replaced with one carrying embedded malware, which would change the entropy of the file considerably.

The team suggests that the tool can be developed for the analysis of many other vulnerable filetypes. They add that a user-friendly front-end for the tool might also be developed to facilitate its adoption by those managing digital devices, emerging computing infrastructure such as Internet of Things systems, cloud computing services and so address the growing problem of cybersecurity threats.

Hui, T.X., Mohamad, K.M. and Ab Rahman, N.H. (2022) ‘myEntropy: a file type identification tool using entropy scoring’, Int. J. Electronic Security and Digital Forensics, Vol. 14, No. 1, pp.76–95.