| 摘要 |
A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type.
|
