Detecting the File Encryption Algorithms Using Artificial Intelligence

In this paper, the authors analyze the applicability of artificial intelligence algorithms for classifying file encryption methods based on statistical features extracted from the binary content of files. The prepared datasets included both unencrypted files and files encrypted using selected crypto...

Full description

Saved in:
Bibliographic Details
Published inApplied sciences Vol. 15; no. 19; p. 10831
Main Authors Kowalewski, Jakub, Grześ, Tomasz
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 09.10.2025
Subjects
Accuracy
Algorithms
Artificial intelligence
Computational linguistics
Computer forensics
Cryptography
Data encryption
Datasets
Decision making
Decision trees
Deep learning
detection
Entropy
file encryption
Forensic sciences
Language
Language processing
Libraries
Library management
Machine learning
Malware
Natural language interfaces
Natural language processing
Neural networks
Python
Ransomware
Regression analysis
Online AccessGet full text
ISSN2076-3417
2076-3417
DOI10.3390/app151910831

Cover

More Information
Summary:In this paper, the authors analyze the applicability of artificial intelligence algorithms for classifying file encryption methods based on statistical features extracted from the binary content of files. The prepared datasets included both unencrypted files and files encrypted using selected cryptographic algorithms in Electronic Codebook (ECB) and Cipher Block Chaining (CBC) modes. These datasets were further diversified by varying the number of encryption keys and the sample sizes. Feature extraction focused solely on basic statistical parameters, excluding an analysis of file headers, keys, or internal structures. The study evaluated the performance of several models, including Random Forest, Bagging, Support Vector Machine, Naive Bayes, K-Nearest Neighbors, and AdaBoost. Among these, Random Forest and Bagging achieved the highest accuracy and demonstrated the most stable results. The classification performance was notably better in ECB mode, where no random initialization vector was used. In contrast, the increased randomness of data in CBC mode resulted in lower classification effectiveness, particularly as the number of encryption keys increased. This paper provides a comprehensive analysis of the classifiers’ performance across various encryption configurations and suggests potential directions for further experiments.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2076-3417
2076-3417
DOI:10.3390/app151910831