An ensemble-based stegware detection system for information hiding malware attacks

Abstract

Information hiding techniques like steganography are used by hackers to obfuscate malicious attack codes to carry malware scripts and deliver to crypto-miners in on-demand platforms like Cloud. Stegware is a type of information-hiding malware that employs steganography to avoid detection by modern malware detection systems. This work proposes a Stegware detection system that recognizes obfuscated payloads from input images and verifies whether the obfuscated payload is the target of any stegware attack. The proposed system detects the stegware in four phases: Obfuscated Payload Detection phase that detects the presence of any obfuscated item concealed inside the digital medium; Obfuscated Payload Extraction phase that decodes stego-repository images to extract the data that are steganographically obfuscated inside the input; Obfuscated Payload Classification phase that detects whether the extracted data is legitimate or malicious stegware file, using binary classifier; Calculation of malicious percentage phase that uses fuzzy C-means clustering algorithm to calculate the quantum and frequency of malicious activities. The proposed system is experimentally tested on real dataset and analyzed with existing models. The simulation results illustrate that the proposed Stegware detection system detects the steganographically-hidden attacks and identifies malicious activities in percentage terms as compared to other models.