-
Notifications
You must be signed in to change notification settings - Fork 95
Entropy and Chi Squared
Karsten Hahn edited this page Feb 11, 2023
·
3 revisions
PortEx has a module that calculates Shannon's Entropy of bytes, files or sections. The entropy is byte-based and in the interval [0,1]. If you want the entropy to be between [0,8], just multiply the result by 8.
The following example code calculates and prints the entropies of every section for a sample file:
PEData data = PELoader.loadPE(new File("myfile.exe"));
int nrOfSections = data.getCOFFFileHeader().getNumberOfSections();
ShannonEntropy entropy = new ShannonEntropy(data);
for(int i = 1; i < nrOfSections; i++) {
double sectionEntropy = entropy.forSection(i);
System.out.println("Entropy for Section " + i + ": " + sectionEntropy);
}
The entropy of the whole file can be calculated and printed as follows:
ShannonEntropy entropy = ShannonEntropy.newInstance(new File("myfile.exe"));
System.out.println(entropy.forFile());
Chi Squared works similarly
PEData data = PELoader.loadPE(new File("myfile.exe"));
ChiSquared chi2 = new ChiSquared(data);
double fileChi = chi2.forFile();
System.out.println("Chi2 for file " + fileChi);
int nrOfSections = data.getCOFFFileHeader().getNumberOfSections();
for(int i = 1; i < nrOfSections; i++) {
double sectionChi2 = chi2.forSection(i);
System.out.println("Section " + i + " has chi2: " + sectionChi2);
}