Wednesday, February 16, 2011

ByteEntropy.class - Calculates the amount of byte entropy

Code: ByteEntropy.java

Calculates the amount of byte entropy across a window size, N. The maximum entropy across any window size is N unless N > 255 in which case the maximum number of of byte patterns which may exist is 255.

This program is based on Charlie Daly's Entropy.java program which does more or less the same thing, but this program has lower memory requirements allowing much larger files to be analysed. It also offers a number of additional options which may, or may not, be useful.

See Analysing the byte entropy of a FAT formatted disk for an example of usage.

$ java ByteEntropy -h
Usage: ByteFrequency

Where possible options are:
-b | --blockmode
Entropy values are reset to zero every number of bytes.
This allows to measure the entropy in sections of much
larger files; e.g. measuring entropy in each cluster of FAT.

-c | --creategraph
Create a graph using the entropy file. You must specify an
output file to use this option as graphs will be saved at
.png. You cannot create graphs in efficient mode.

-d | --delete-entropy
Only useful when used with graph mode. Nice to use this to
express large entropy data in a much smaller file.

-e | --efficient
Entropy values are output as bytes or ints instead of strings.
This saves time and space. Note that seperator options are
ignored.

-f if| --file if
File to analyse.

-g | --gnuplotpath
Path to gnuplot on your system. Default is "gnuplot" so
needs to be in your current path.

-h | --help
The help you're looking at now ;-D.

-o of| --output of
File to send output to.

-r | --resolution
If the -f or --file option is used then you can set the
resultion of the results. E.g. file to be analysed is
1000 bytes long; if we use -a 100 then every 10 entropy
values are averaged (nearest smaller int) and output. If used in
conjunction with -b or --blockmode then this resolution applies
across the block size -- it follows that the resolution should
be smaller than the block size in this case.
Setting reasonable values can help speed things up a lot and
make your entropy files a reasonable size; that's win-win!

-s | --seperator
String to appear between entropy values.

-S | --summary
Output summary to STDERR.

-w ws | --window ws
Window to consider entropy over. Should be followed by a
positive integer . WARNING: can't be lower than number
of input bytes.
à l'adresse
Libellés :

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)