Steganalysis of the methods of concealing information in graphic containers

Abstract

Aim. Today, there is a pressing matter of protection against steganography-based attacks against information systems. These attacks present a danger as they use the most common data files – especially graphics files – as containers that deliver malicious code to a system or cause a leak of sensitive information. Developing methods of detecting such hidden information is the responsibility of a special subsection of steganography, the steganalysis. Such methods should be extensively used in computer forensics as part of security incident investigation, as well as in automated security systems with integrated modules for analyzing data files for malicious or dangerous information. An important feature of such activities is the need to examine a wide variety of elements and containing files. In particular, it is required to verify not only the colour values of the pixels in images, but their frequency characteristics as well. This raises a number of important questions associated with the best practices of applying steganalysis algorithms and making correct conclusions based on the outputs. The paper aims to briefly analyse the most important and relevant methods of steganalysis, both spatial and frequency, as well as to make conclusions regarding their performance and ways to analyse the outputs based on the test results of the software that implements such methods. Methods. The steganalysis of concealment within the least significant bits of an image’s pixels uses Pearson’s Chi-square statistical analysis, as well as the Regular-Singular method that involves signature analysis of pixel groups and analytical geometry tools for estimating the relative volume of the hidden message. The Koch-Zhao method of steganalysis is used for the purpose of detecting information embedded in the frequency-domain image representation. It also allows identifying the parameters required for extracting the hidden message. Results. A software suite was created that includes the software implementations of the analysed methods. The suite was submitted to a number of tests in order to evaluate the outputs of the examined methods. For the purpose of testing, a sample of images of various formats was compiled, in which information was embedded using a number of methods. Based on the results of the sample file analysis, conclusions were made regarding the efficiency of the analysed methods and interpretation of the outputs. Conclusion. Based on the test results, conclusions were made on the accuracy of the steganalysis methods in cases of varied size of the embedded message and methods of its concealment. The patterns identified with the help of the analysis outputs allowed defining a number of rules for translating the outputs into conclusions on the identification of the fact of detection of hidden information and estimation of its size.