Steganalysis of stegostorage library

Michala Gulášová, Matúš Jókay


ABSTRACT. The main goal of this research is the detection of the secret messages
hidden in JPEG files, which were embedded by StegoStorage library. This
tool allows the user to embed any type of information into a folder of images.
Sequential, pseudo-random or Hamming code-based embedding into the least
significant bit (LSB) of DCT coefficients is possible. It is possible to choose which
fraction of capacity the cover files are filled.
The aim of this contribution is to test the statistical LSB embedding model
(modified weighted-stego analysis) for all modes of embedding which StegoStorage
library offers, and for all cover files capacities, respectively. Another goal is to
implement a more appropriate type of steganalytic attack for Hamming codes and
test it. For this purpose, the RS (Regular/Singular) steganalysis was selected.
The detectability of the LSB embedding model of sequential embedding is
possible from the first percent of filling the cover files. In the case of pseudorandom
embedding, the secret message can be detected from approximately 10
percent of the cover files capacity filling. Hamming codes were undetectable using
this type of attack.
In the case of attack by RS steganalysis arose another situation. When sequential
or pseudo-random embedding were used, the results indicated the detectability
since approximately 5 percent of capacity filling the cover files. The capacity
filling of 5 percent corresponds to 2.5 percent of DCT coefficient changes from
the original media in the case of sequential embedding. This value, 2.5 %, is the
threshold for the utilization of Hamming codes, too. Therefore, Hamming codes
(7, 4), (15, 11) and (32, 26) indicated the detectability, because they exceeded
that limit.

Full Text: