Detection of Location of Audio-Stegware in LSB Audio Steganography

Abstract

Steganography in malware, often known as stegomalware or stegware, is growing in popularity as attackers continue to show their versatility by inventing new tactics and re-inventing old ones in the quest to disguise their dangerous software. Malware authors are modernizing the old steganography method by hiding dangerous code in seemingly harmless files such as images, audios, and videos. Many of these files are regarded to provide a low-security risk and are frequently ignored for further investigation. This has offered a perfect entry point for cyber-criminals to hide their malicious programs. Therefore, this paper proposes an Audio-Stegware Location Detection model, which aims to find the exact location of stegware in audio cover medium. The proposed system functions in three main phases: LSB clustering phase, ASCII conversion phase, and location finder. In the LSB clustering phase, the given audio files are converted to binary. The LSB pixels which are subject of stegware are clustered together. In the ASCII conversion phase, the binary format of the subject of stegware is converted to ASCII codes. Finally, in the location finding phase, the cluster of ASCII codes is processed by a language processor to differentiate the audio pixels and steganography pixels. The effectiveness of the proposed system is evaluated by analyzing numerous audio files collected from various sources with obfuscated malicious codes. Business application programming interfaces (APIs) are used to collect a selection of the most recent virus codes. The stimulation results show that the proposed system obtains a higher accuracy rate in detecting stegware location ranging from 80 to 97% for lower to higher embedding rate.