CN104021227A - Digital forensics-oriented anomaly steganalysis method and system - Google Patents
Digital forensics-oriented anomaly steganalysis method and system Download PDFInfo
- Publication number
- CN104021227A CN104021227A CN201410291747.7A CN201410291747A CN104021227A CN 104021227 A CN104021227 A CN 104021227A CN 201410291747 A CN201410291747 A CN 201410291747A CN 104021227 A CN104021227 A CN 104021227A
- Authority
- CN
- China
- Prior art keywords
- analysis
- detection
- abnormal
- stego
- data object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004458 analytical method Methods 0.000 claims abstract description 169
- 238000001514 detection method Methods 0.000 claims abstract description 111
- 230000002159 abnormal effect Effects 0.000 claims abstract description 67
- 230000005856 abnormality Effects 0.000 claims description 43
- 238000013459 approach Methods 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 14
- 238000012549 training Methods 0.000 claims description 12
- 238000007619 statistical method Methods 0.000 abstract description 2
- 230000002708 enhancing effect Effects 0.000 abstract 1
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 230000002195 synergetic effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Image Analysis (AREA)
Abstract
The invention discloses a digital forensics-oriented anomaly steganalysis method and a system. The method comprises the following steps: 1, obtaining to-be-obtained analyze data in a detection material; 2, carrying out analysis of anomaly on the to-be-obtained analyze data; 3, judging whether the to-be-obtained analyze data is abnormal or not; 4, marking anomaly data as suspicion, moving the suspicion to an observation region to be isolated, and generating an anomaly detection report; 5, carrying out anomaly steganalysis on the to-be-obtained analyze data or the suspicion; 6, judging the probability of the data object analyzed in 5 with abnormal steganalysis; and 7, generating an anomaly steganalysis evaluating report and revealing an anomaly analytic result and an anomaly steganalysis evaluating report. The method disclosed by the invention jointly applies a characteristic analysis method and a method for statistical analysis method to carry out anomaly steganalysis on the to-be-obtained analyze data, so that a digital forensics-oriented anomaly steganalysis scheme can be effectively satisfied, thereby improving the steganalysis speed in the digital forensics process and enhancing the precision of steganalysis.
Description
Technical field
The invention belongs to digital evidence obtaining technical field, relate in particular to a kind of abnormal Stego-detection analytical approach and system of Facing Digital evidence obtaining.
Background technology
The analytic process of digital evidence obtaining is the committed step of evidence obtaining, the abnormal Stego-detection analytic process for the treatment of forensics analysis data is individual's judgement and the experience accumulation by evidence obtaining personnel as a rule, some appraiser is selected to collect evidence with two or more steganalysis instruments, yet evidence obtaining personnel's subjective judgement and the lack of standard of analysis tool are difficult to ensure the objective reality of digital evidence obtaining process.So, the availability of evidence obtaining qualification result and the dispute that accuracy easily causes various aspects.
As the countermeasure techniques of Steganography, the task of steganalysis is existence, the identification hidden algorithm of detection of concealed information, even extracts and recovers hiding information.Hidden to write the final goal of minute praying be to using as produce (shenglvehao)in court evidence in order to extract secret information, and along with the development of infotech, the technology of Steganography is also progressively obtaining significant progress in development and progress.Existing Stego-detection analytical approach has much comparative maturity, and as flag sign analytic approach and statistics characteristic analysis method etc., some evidence obtaining personnel have been applied to digital evidence obtaining field.Some steganography software leaves identification characteristics in concealed image, can by analyzing in object to be detected whether occur that this identification characteristics realizes detection.Steganography has changed a part for carrier data stream when hiding Info, although do not change sensory effect, but often changed the statistical property of initial carrier data, whether the statistical property that therefore, the judgement of Information hiding situation is based upon to the fixed given carrier of official under county magistrate who administers lawsuit, etc. belongs under the prerequisite of abnormal condition.
When carrying out digital evidence obtaining, evidence obtaining personnel need to use multiple abnormal Stego-detection analytical approach, and it is also uncertain in most cases detecting analytic target, and therefore how efficiently realizing accurately digital evidence obtaining analysis becomes a problem demanding prompt solution.Abnormal Stego-detection analytical technology is very general in the application of information security research field.But, along with increasing severely with day of personal computer and portable mobile termianl, utilize caseload that associated electronic device directly carries out electronics crime or involve above electronic equipment as computing machine or mobile phone also straight line rise.
In sum, how to propose effectively, meet the abnormal Stego-detection analytical plan of digital evidence obtaining requirement, there is important Research Significance aspect the precision of the detection analysis result in improving digital evidence obtaining.
Summary of the invention
The object of the present invention is to provide a kind of effectively, meet abnormal Stego-detection analytical approach and the system of digital evidence obtaining requirement.
The technical scheme that method of the present invention adopts is: a kind of abnormal Stego-detection analytical approach of Facing Digital evidence obtaining, it is characterized in that, and comprise the following steps:
Step 1: obtain and treat forensics analysis data object from image file;
Step 2: the forensics analysis data object for the treatment of to described image file carries out anomaly analysis, obtains anomaly analysis result;
Step 3: judge and treat that whether forensics analysis data object is abnormal according to described anomaly analysis result;
If exist extremely, generate abnormality detection report, and order is carried out following step 4;
If do not exist extremely, following step 5 is carried out in redirect;
Step 4: by existing the abnormal forensics analysis data object for the treatment of to be labeled as object of suspicion, object of suspicion is moved to observation area simultaneously and isolate;
Step 5: the object of suspicion that forensics analysis data object or step 4 obtain for the treatment of to the described image file obtaining in step 1 carries out Stego-detection analysis, obtains steganalysis result;
Step 6: judge according to described steganalysis result whether the abnormal hidden possibility of writing is 0;
If hidden, writing possibility is 0, and described step 1 is carried out in revolution;
If hidden, writing possibility is not 0, and order is carried out following step 7;
Step 7: generate the report of abnormal Stego-detection, represent the abnormal Stego-detection report generating in the anomaly analysis result that obtains in step 2 and step 7.
As preferably, the forensics analysis data object for the treatment of to described image file described in step 2 carries out anomaly analysis, its specific implementation process is, first according to digital evidence obtaining rule, to described, treat that forensics analysis data object carries out local flag sign anomaly analysis, to described, treat that the principal character of forensics analysis data object identifies and sort according to the significance level playing a role in abnormality detection analysis; Then to described, treat that each local feature of forensics analysis data object detects successively, certain feature existence detected and extremely stop detecting; Otherwise, continue to detect, to the last a feature detection is complete.
As preferably, the object of suspicion that forensics analysis data object or step 4 obtain for the treatment of to the described image file obtaining in step 1 described in step 5 carries out Stego-detection analysis, and its specific implementation process is with reference to abnormal hidden in training set and feature database, to write that model is treated forensics analysis data object or object under a cloud carries out Stego-detection analysis by statistics characteristic analysis method.
The technical scheme that system of the present invention adopts is: the abnormal Stego-detection analytic system of a kind of Facing Digital evidence obtaining, is characterized in that: comprise evidence obtaining data acquisition module, abnormality detection analysis module, abnormality juding module, abnormality processing module, Stego-detection analysis module, hiddenly write determination module and the abnormal hidden forensics analysis of writing represents module;
Described evidence obtaining data acquisition module, treats forensics analysis data object for obtaining from image file;
Described abnormality detection analysis module, carries out anomaly analysis for the forensics analysis data object for the treatment of to described image file by local flag method for feature analysis, obtains anomaly analysis result;
Described abnormality juding module, for judging and treat that whether forensics analysis data object is abnormal according to described anomaly analysis result, if exist extremely, generates abnormality detection report, execute exception processing module; If do not exist extremely, carry out Stego-detection analysis module;
Described abnormality processing module, for by existing the abnormal forensics analysis data object for the treatment of to be labeled as object of suspicion, moves to observation area by object of suspicion simultaneously and isolates;
Described Stego-detection analysis module, the object of suspicion that forensics analysis data object or abnormality processing module obtain for the treatment of for to the described image file of abnormality detection analysis module acquisition, carries out Stego-detection analysis by statistics characteristic analysis method with reference to the data in training set and feature database;
The described hidden determination module of writing, for judging according to described Stego-detection analysis result whether the abnormal hidden possibility of writing is 0, and writing possibility if hidden is 0, controls and carries out the data acquisition module of collecting evidence; If hidden, writing possibility is not 0, controls the hidden forensics analysis of writing of execute exception and represents module;
The described abnormal hidden forensics analysis of writing represents module, for generating abnormal Stego-detection report, and represents anomaly analysis result and abnormal Stego-detection report.
As preferably, described abnormality detection analysis module, for treating that to described forensics analysis data object carries out local flag sign anomaly analysis according to digital evidence obtaining rule, to described, treat that the principal character of forensics analysis data object identifies and sort according to the significance level playing a role in abnormality detection analysis; Then to described, treat that each local feature of forensics analysis data object detects successively, certain feature existence detected and extremely stop detecting; Otherwise, continue to detect, to the last a feature detection is complete.
As preferably, described Stego-detection analysis module, abnormal hidden the treat object of suspicion that forensics analysis data object or abnormality processing module obtain of model to the described image file of abnormality detection analysis module acquisition of writing for reference to training set and feature database, carries out Stego-detection analysis by statistics characteristic analysis method with reference to the data in training set and feature database.
Beneficial effect of the present invention is:
Abnormal Stego-detection analytical approach and the system of Facing Digital evidence obtaining of the present invention, it is combined and has used method for feature analysis and statistical analysis method to carry out abnormal Stego-detection analysis to evidence obtaining data, can effectively meet the abnormal Stego-detection analytical plan of digital evidence obtaining, improve the steganalysis speed in digital evidence obtaining process, and promoted the precision of steganalysis.
Accompanying drawing explanation
Fig. 1: be method flow diagram of the present invention;
Fig. 2: be the systematic schematic diagram of the embodiment of the present invention.
?
Embodiment
For the ease of those of ordinary skills, understand and enforcement the present invention, below in conjunction with drawings and Examples, the present invention is described in further detail, should be appreciated that exemplifying embodiment described herein, only for description and interpretation the present invention, is not intended to limit the present invention.
Some steganography software leaves identification characteristics in concealed image, can, by analyzing in object to be detected whether occur that this sign is special, levy to realize detection.The local feature detection method of Facing Digital evidence obtaining can be understood as: the principal character to evidence obtaining data object is identified and sorts according to the significance level playing a role in abnormality detection analysis.Successively each local feature of this data object is detected, certain feature existence detected and extremely stop detecting; Otherwise, continue to detect, to the last a feature detection is complete.
Statistics detection method is mainly effectively analyzed according to the variation of some statistical property of carrier information, by judging that whether the statistical property of given carrier belongs to abnormal condition, just can judge whether to contain to hide Info.The statistics detection method of Facing Digital evidence obtaining can be understood as: statistical study need to obtain the theoretical expectation frequency distribution of initial carrier data, and the model and the testing data object that refer again in training set and feature database contrast.
Local feature detection method is combined to the abnormal Stego-detection analysis that applies to digital evidence obtaining with statistics detection method, utilize two kinds of detection methods separately different advantage carry out complementation, guaranteed to a certain extent Stego-detection precision of analysis in digital evidence obtaining process.As the countermeasure techniques of Steganography, the task of steganalysis is existence, the identification hidden algorithm of detection of concealed information, even extracts and recovers hiding information.To write the final goal of minute praying be to using as produce (shenglvehao)in court evidence in order to extract secret information due to hidden, therefore, in digital evidence obtaining process, when treating forensics analysis data object and analyzing, if the degree of analyzing not thoroughly or the selection mistake of analytical approach tend to the accuracy of evidence obtaining result to have a negative impact.In order to address this problem, local feature detection method is combined to the abnormal Stego-detection analytic process that applies to digital evidence obtaining with statistics detection method, the mode of two kinds of method Conjoint Analysis evidence obtaining data has been avoided the generation of above-mentioned mistake to a certain extent, thereby promotes the recoverability of evidence obtaining evidence.
Ask for an interview Fig. 1, the scheme that method of the present invention adopts is: a kind of abnormal Stego-detection analytical approach of Facing Digital evidence obtaining, comprises the following steps:
Step 1: obtain and treat forensics analysis data object from image file.
Step 2: the forensics analysis data object for the treatment of to image file carries out anomaly analysis, obtains anomaly analysis result; The forensics analysis data object for the treatment of to image file carries out anomaly analysis, its specific implementation process is, first according to digital evidence obtaining rule, treat forensics analysis data object and carry out local flag sign anomaly analysis, treat the principal character of forensics analysis data object and identify and sort according to the significance level playing a role in abnormality detection analysis; Then each local feature for the treatment of successively forensics analysis data object detects, and certain feature existence detected and extremely stops detecting; Otherwise, continue to detect, to the last a feature detection is complete.
Step 3: judge and treat that whether forensics analysis data object is abnormal according to anomaly analysis result;
If exist extremely, generate abnormality detection report, and order is carried out following step 4;
If do not exist extremely, following step 5 is carried out in redirect;
Step 4: by existing the abnormal forensics analysis data object for the treatment of to be labeled as object of suspicion, object of suspicion is moved to observation area simultaneously and isolate.
Step 5: the object of suspicion that forensics analysis data object or step 4 obtain for the treatment of to the image file obtaining in step 1 carries out Stego-detection analysis, obtains steganalysis result; The object of suspicion that forensics analysis data object or step 4 obtain for the treatment of to the image file obtaining in step 1 carries out Stego-detection analysis, and its specific implementation process is with reference to abnormal hidden in training set and feature database, to write that model is treated forensics analysis data object or object under a cloud carries out Stego-detection analysis by statistics characteristic analysis method.
Step 6: judge according to steganalysis result whether the abnormal hidden possibility of writing is 0;
If hidden, writing possibility is 0, revolution execution step 1;
If hidden, writing possibility is not 0, and order is carried out following step 7;
Step 7: generate the report of abnormal Stego-detection, represent the abnormal Stego-detection report generating in the anomaly analysis result that obtains in step 2 and step 7.
Ask for an interview Fig. 2, the system that is the present embodiment is the Android digital evidence obtaining analytic system based on interlock synergistic principle, comprises evidence obtaining data acquisition module, abnormality detection analysis module, abnormality juding module, abnormality processing module, Stego-detection analysis module, hiddenly writes determination module and the abnormal hidden forensics analysis of writing represents module;
Evidence obtaining data acquisition module, treats forensics analysis data object for obtaining from image file;
Abnormality detection analysis module, for treating forensics analysis data object according to digital evidence obtaining rule, carry out local flag sign anomaly analysis, treat the principal character of forensics analysis data object and identify and sort according to the significance level playing a role in abnormality detection analysis; Then each local feature for the treatment of successively forensics analysis data object detects, and certain feature existence detected and extremely stops detecting; Otherwise, continue to detect, to the last a feature detection is complete.
Abnormality juding module, for judging and treat that whether forensics analysis data object is abnormal according to anomaly analysis result, if exist extremely, generates abnormality detection report, execute exception processing module; If do not exist extremely, carry out Stego-detection analysis module;
Abnormality processing module, for by existing the abnormal forensics analysis data object for the treatment of to be labeled as object of suspicion, moves to observation area by object of suspicion simultaneously and isolates;
Stego-detection analysis module, abnormal hidden the treat object of suspicion that forensics analysis data object or abnormality processing module obtain of model to the image file of abnormality detection analysis module acquisition of writing for reference to training set and feature database, carries out Stego-detection analysis by statistics characteristic analysis method with reference to the data in training set and feature database;
The hidden determination module of writing, for judging according to Stego-detection analysis result whether the abnormal hidden possibility of writing is 0, and writing possibility if hidden is 0, controls and carries out the data acquisition module of collecting evidence; If hidden, writing possibility is not 0, controls the hidden forensics analysis of writing of execute exception and represents module;
The abnormal hidden forensics analysis of writing represents module, for generating abnormal Stego-detection report, and represents anomaly analysis result and abnormal Stego-detection report.
Should be understood that, the part not elaborating herein all belongs to prior art.
Should be understood that; the above-mentioned description for preferred embodiment is comparatively detailed; can not therefore think the restriction to scope of patent protection of the present invention; those of ordinary skill in the art is under enlightenment of the present invention; do not departing from the scope situation that the claims in the present invention protect; can also make and replacing or distortion, within all falling into protection scope of the present invention, the scope of asking for protection of the present invention should be as the criterion with claims.
Claims (6)
1. an abnormal Stego-detection analytical approach for Facing Digital evidence obtaining, is characterized in that, comprises the following steps:
Step 1: obtain and treat forensics analysis data object from image file;
Step 2: the forensics analysis data object for the treatment of to described image file carries out anomaly analysis, obtains anomaly analysis result;
Step 3: judge and treat that whether forensics analysis data object is abnormal according to described anomaly analysis result;
If exist extremely, generate abnormality detection report, and order is carried out following step 4;
If do not exist extremely, following step 5 is carried out in redirect;
Step 4: by existing the abnormal forensics analysis data object for the treatment of to be labeled as object of suspicion, object of suspicion is moved to observation area simultaneously and isolate;
Step 5: the object of suspicion that forensics analysis data object or step 4 obtain for the treatment of to the described image file obtaining in step 1 carries out Stego-detection analysis, obtains steganalysis result;
Step 6: judge according to described steganalysis result whether the abnormal hidden possibility of writing is 0;
If hidden, writing possibility is 0, and described step 1 is carried out in revolution;
If hidden, writing possibility is not 0, and order is carried out following step 7;
Step 7: generate the report of abnormal Stego-detection, represent the abnormal Stego-detection report generating in the anomaly analysis result that obtains in step 2 and step 7.
2. the abnormal Stego-detection analytical approach that Facing Digital according to claim 1 is collected evidence, it is characterized in that: the forensics analysis data object for the treatment of to described image file described in step 2 carries out anomaly analysis, its specific implementation process is, first according to digital evidence obtaining rule, to described, treat that forensics analysis data object carries out local flag sign anomaly analysis, to described, treat that the principal character of forensics analysis data object identifies and sort according to the significance level playing a role in abnormality detection analysis; Then to described, treat that each local feature of forensics analysis data object detects successively, certain feature existence detected and extremely stop detecting; Otherwise, continue to detect, to the last a feature detection is complete.
3. the abnormal Stego-detection analytical approach that Facing Digital according to claim 1 is collected evidence, it is characterized in that: the object of suspicion that forensics analysis data object or step 4 obtain for the treatment of to the described image file obtaining in step 1 described in step 5 carries out Stego-detection analysis, its specific implementation process is with reference to abnormal hidden in training set and feature database, to write that model is treated forensics analysis data object or object under a cloud carries out Stego-detection analysis by statistics characteristic analysis method.
4. an abnormal Stego-detection analytic system for Facing Digital evidence obtaining, is characterized in that: comprise evidence obtaining data acquisition module, abnormality detection analysis module, abnormality juding module, abnormality processing module, Stego-detection analysis module, hiddenly write determination module and the abnormal hidden forensics analysis of writing represents module;
Described evidence obtaining data acquisition module, treats forensics analysis data object for obtaining from image file;
Described abnormality detection analysis module, carries out anomaly analysis for the forensics analysis data object for the treatment of to described image file by local flag method for feature analysis, obtains anomaly analysis result;
Described abnormality juding module, for judging and treat that whether forensics analysis data object is abnormal according to described anomaly analysis result, if exist extremely, generates abnormality detection report, execute exception processing module; If do not exist extremely, carry out Stego-detection analysis module;
Described abnormality processing module, for by existing the abnormal forensics analysis data object for the treatment of to be labeled as object of suspicion, moves to observation area by object of suspicion simultaneously and isolates;
Described Stego-detection analysis module, the object of suspicion that forensics analysis data object or abnormality processing module obtain for the treatment of for to the described image file of abnormality detection analysis module acquisition, carries out Stego-detection analysis by statistics characteristic analysis method with reference to the data in training set and feature database;
The described hidden determination module of writing, for judging according to described Stego-detection analysis result whether the abnormal hidden possibility of writing is 0, and writing possibility if hidden is 0, controls and carries out the data acquisition module of collecting evidence; If hidden, writing possibility is not 0, controls the hidden forensics analysis of writing of execute exception and represents module;
The described abnormal hidden forensics analysis of writing represents module, for generating abnormal Stego-detection report, and represents anomaly analysis result and abnormal Stego-detection report.
5. the abnormal Stego-detection analytical approach that Facing Digital according to claim 4 is collected evidence, it is characterized in that: described abnormality detection analysis module, for treating that to described forensics analysis data object carries out local flag sign anomaly analysis according to digital evidence obtaining rule, to described, treat that the principal character of forensics analysis data object identifies and sort according to the significance level playing a role in abnormality detection analysis; Then to described, treat that each local feature of forensics analysis data object detects successively, certain feature existence detected and extremely stop detecting; Otherwise, continue to detect, to the last a feature detection is complete.
6. the abnormal Stego-detection analytical approach that Facing Digital according to claim 4 is collected evidence, it is characterized in that: described Stego-detection analysis module, abnormal hidden the treat object of suspicion that forensics analysis data object or abnormality processing module obtain of model to the described image file of abnormality detection analysis module acquisition of writing for reference to training set and feature database, carries out Stego-detection analysis by statistics characteristic analysis method with reference to the data in training set and feature database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410291747.7A CN104021227B (en) | 2014-06-26 | 2014-06-26 | Digital forensics-oriented anomaly steganalysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410291747.7A CN104021227B (en) | 2014-06-26 | 2014-06-26 | Digital forensics-oriented anomaly steganalysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104021227A true CN104021227A (en) | 2014-09-03 |
| CN104021227B CN104021227B (en) | 2015-06-17 |
Family
ID=51437981
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410291747.7A Expired - Fee Related CN104021227B (en) | 2014-06-26 | 2014-06-26 | Digital forensics-oriented anomaly steganalysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104021227B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104681031A (en) * | 2014-12-08 | 2015-06-03 | 华侨大学 | Bit combination-based stego-detection method for least significant bits (LSB) of low-bit-rate speeches |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708313A (en) * | 2012-03-08 | 2012-10-03 | 珠海市君天电子科技有限公司 | Virus detection system and method for large files |
| US20140082001A1 (en) * | 2012-09-14 | 2014-03-20 | Duzon Information Security Service | Digital forensic audit system for analyzing user's behaviors |
| CN103853933A (en) * | 2014-03-27 | 2014-06-11 | 北京工业大学 | Android digital forensics-oriented user behavior analysis method and system |
-
2014
- 2014-06-26 CN CN201410291747.7A patent/CN104021227B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708313A (en) * | 2012-03-08 | 2012-10-03 | 珠海市君天电子科技有限公司 | Virus detection system and method for large files |
| US20140082001A1 (en) * | 2012-09-14 | 2014-03-20 | Duzon Information Security Service | Digital forensic audit system for analyzing user's behaviors |
| CN103853933A (en) * | 2014-03-27 | 2014-06-11 | 北京工业大学 | Android digital forensics-oriented user behavior analysis method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104681031A (en) * | 2014-12-08 | 2015-06-03 | 华侨大学 | Bit combination-based stego-detection method for least significant bits (LSB) of low-bit-rate speeches |
| CN104681031B (en) * | 2014-12-08 | 2018-03-09 | 华侨大学 | A kind of low-bit-rate speech coding least significant bit Stego-detection method based on bit combination |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104021227B (en) | 2015-06-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106447366B (en) | Multimedia advertisement auditing method, and advertisement auditing model training method and device | |
| IN2015CH00232A (en) | ||
| CN107958230B (en) | Facial expression recognition method and device | |
| WO2010093424A3 (en) | Methods, apparatus, and systems for facilitating and/or verifying locate and/or marking operations | |
| CN102708360A (en) | Method for generating and automatically updating fingerprint template | |
| CN108399431A (en) | Disaggregated model training method and sorting technique | |
| TW200943092A (en) | Hierarchically organizing data using a partial least squares analysis (PLS-trees) | |
| Cao et al. | Applying data mining in money laundering detection for the Vietnamese banking industry | |
| CN107491536B (en) | Test question checking method, test question checking device and electronic equipment | |
| Kurdthongmee | A comparative study of the effectiveness of using popular DNN object detection algorithms for pith detection in cross-sectional images of parawood | |
| CN108171340A (en) | For carrying out mirror method for distinguishing, equipment and storage medium to bicycle repairing information | |
| CN105205618A (en) | Patent evaluation system | |
| Siena et al. | Development of algorithm tuberculosis bacteria identification using color segmentation and neural networks | |
| CN109739989A (en) | File classification method and computer equipment | |
| CN107958215A (en) | A kind of antifraud recognition methods, device, server and storage medium | |
| CN106991323A (en) | The model and method of a kind of detection Android application program ad plug-ins | |
| CN107896335A (en) | Video detection and ranking method based on big data technology | |
| CN114638777A (en) | Image defect detection method, device, electronic equipment and medium | |
| CN110705619A (en) | Fog concentration grade judging method and device | |
| CN106706109B (en) | Vibration source identification method and system based on time domain two-dimensional characteristics | |
| CN104021227B (en) | Digital forensics-oriented anomaly steganalysis method and system | |
| CN105654964A (en) | Recording audio device source determination method and device | |
| CN109472457B (en) | Loan application online reviewing method and terminal equipment | |
| Ahmad et al. | Analysis of the effects and relationship of perceived handwritten signature's size, graphical complexity, and legibility with dynamic parameters for forged and genuine samples | |
| CN110750681A (en) | Account similarity calculation method, storage medium, electronic device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Mai Yong Hao Inventor after: Yao Qiufeng Inventor after: Wu Yanbo Inventor after: Zhang Jun Inventor after: Wei Rong Inventor after: Zhang Peng Inventor before: Mai Yong Hao Inventor before: Wan Xuejiao Inventor before: Zhang Jun Inventor before: Wei Rong Inventor before: Xue Qin Inventor before: Yang Jing |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: MAI YONGHAO WAN XUEJIAO ZHANG JUN WEI RONG XUE QIN YANG JING TO: MAI YONGHAO YAO QIUFENG WU YANBO ZHANG JUN WEI RONG ZHANG PENG |
|
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150617 |