What is Steganalysis? And How to Detect Steganography?

What is Steganalysis? – Steganalysis is the process of discovering the existence of hidden information in a medium. What is Steganalysis? And How to Detect Steganography?

Steganalysis is the reverse process of steganography. It is one of the attacks on information security in which attacker called a steganlyst tries to detect the hidden messages embedded in images, text, audio and video carrier mediums using steganography.

Steganalysis determines the encoded hidden message, if possible, it recovers that message. It can detect the message by looking at variances between bit patterns and unusually large file sizes.

Steganalysis contains two aspects: the detection and distortion of messages. In the detection phase, the analyst observe the relationships between the steganography tools, stego-media, cover and message. In the distortion phase, the analyst manipulates the stego-media to extract the embedded message and decides whether it is useless and should be removed altogethar.

What is Steganalysis? And How to Detect Steganography?

The first step in steganalysis is to discover a suspicious image that may be harboring a message. This is an attack on the hidden information. There are two other types of attack against steganography: message and chosen-message attacks. in the former, the srteganalyst has a known hidden message in the corresponding stego-image.

The steganalyst creates a messages using a known stego tool and analyses the differences in patterns. in a chosen-message attack, the attacker creates steganography media using the known message and steganography tool (or algorithm).

Cover images disclose more visual clues than do stego-images. It is necessary to analyze the stego-images to identify the concealed information. The gap between the cover image and the stego-image file size is the simplest signature. Many signatures are eviden using some of the color schemes of the cover image.

What is Steganalysis? And How to Detect Steganography?

Once detected, an attacker can destroy a stego-image or modify the hidden messages. It is very important to understand the overall structure of the technology and methods to detect the hidden information for uncovering the activities.

Some of the challenges of stegoanalysis are giver below:

  • Suspect information stream may or may not have encoded hidden data.
  • Efficient and accurate detection of hidden content within digital images is difficult.
  • The message might have been encrypted before being inserted into a file or signal.
  • Some of the suspect signals or files may have irrelevant data or noise encoded into them.

Steganalysis Methods / Attacks on Steganography

Steganography attacks work according to what type of information is available for the steganalyst to perform steganalysis. This information may include hidden message, carrier medium, stego object, steganography tools or algorithms used for hiding information. Thus the classification of steganalysis includes six types of attacks: stego-only, known-stego, known-message, known-cover, chosen-message, and chosen-stego.

  • Stego-Only Attack
    • In stego-only attack, the steganalyst or the attacker does not have access to any information except the stego-medium or stego-object. In this attack, the steganalyst needs to try every possible steganography algorithm and related attack to recover the hidden information.
  • Known-Stego Attack
    • This attack allows attacker to know the steganography algorithm as well as original and stego-object. The attacker can extract the hidden information with the information at hand.
  • Known-Message attack
    • The known-message attack persumes that the message and the stego-medium are available. Using this attack, one can detect the technique used to hide the message.
  • Known-Cover attack
    • Attackers use the known-cover attack when they have knowledge of both the stego-object and the original cover-medium. This will enable a comparison between both the mediums in order to detect the changes in the format of the medium and find the hidden message.
  • Chosen-Message attack
    • The steganalyst uses known message to generate a stego-object by using some steganography tool in order to find the steganography algorithm used for hiding the information. The goal in this attack is to determine patterns in the stego-object that may point to the use of specific steganography tools or algorithms.
  • Chosen-Stego attack
    • The chosen-stego attack takes place when the steganlyst known both a stego object and steganography tool or algorithm used to hide the message.

What is Steganalysis? And How to Detect Steganography?

Detection Steganography (Text, Image, Audio and Video Files)

Steganography is the art of hiding their either confidential or sensitive information within the cover medium. In this, the unused bits of data in computer files such as graphics, digital images, text, HTML, etc. help in hiding sensitive information from unauthorized users. Detection of hidden data includes different ways depending on the file used.

The following file types require specific methods to detect hidden messages:

Text Files

For the text files, the alterations are made to the character positions for hiding the data. One can detect these alterations by looking for text patterns or disturbances, the language used, line height, and unusual number of blank spaces. A simple word processor can reveal the text steganography sometimes as it displays the spaces, tabs, and other characters that distort the text’s presentation during text steganography.

By taking a closer look at the following things,

  • Unusual patterns used in stego object
  • Appended extra spaces and invisible characters.

Image Files

The information that is hidden in the image can be detected by determined changes in size, file format, last modified, time stamp, and color paletter of the file.

The following points can help you to detect image steganography:

  • Too many display distortions in images
  • Sometimes images may become grossly degraded
  • Detection of anomalies through evaluating too many original images and stego images with respect to color composition, luminance, pixel relationships, etc.
  • Exaggerated “noise”

Statistical analysis methods help to scan an images for steganography. Wheneve you inser a secret message into an image, LSBs are no longer random. With encrypted data that has high entropy, the LSB of the cover will not contain the information about the original and is more or less random. By using statistical analysis on the LSB, you can identify the difference between random values and real values.

Audio Files

Audio steganography is a process of embedding confidential information such as private documents and files in digital sound. Statistical analysis methods can be used for detecting audio steganography as it involves LSB modifications. The inaudible frequencies can be scanned for hidden information. The odd distortions and patterns show the existence of the secret data.

Video Files

Detection of the secret data in video files inculdes a combination of methods used in image and audio files. Special code signs and gestures help in detecting secret data.

Both audio and video steganography is quite difficult to detect, as compared to other types such as image, and document. Moreover, it is very hard to detect good steganography of any type. However, careful analysis of audio and video signals for hidden information may create chances of detecting it correctly.

What is Steganalysis? And How to Detect Steganography?

Steganography Detection Tools

Steganography detection tools allow you to detect and recover hidden information in any digital media such as images, audio, and video.

Gargoyle Investigator Forensic Pro

Source : Tool Click Here

Gargoyle Investigator Forensic Pro is a tool that conducts quick searches on a given computer or machine for known contraband and malicious programs. The tool can find remnants in a removed program as it conducts a search for individual files asscociated with a particular program. Its signature set contains over 20 categories, including botnets, Trojans, steganography, encryption, and keyloggers, and helps in detection stego files created by using BlindSIde, Weavwav, S-tools and others. it has the ability to perform a scan on a stand-alone computer or network resources for known malicious programs, the ability of scan within archive files, and so on.

  • The program is capable to scan for known contraband and hostile programs on a stand-alone system or network resource
  • It is interoperable with popular forensic tools such as EnCase
  • The program provides detailed forensic evidence reports with secure source time stamping, XML based, and is customizable.

Some of the steganography detection tools are listed below:

  • StegAlyzerSS
  • Steganography Studio
  • StegAlyzerAs
  • StegAlyzerRTS
  • Virtual Steganographic Laboratory (VSL)
  • Stegdetect

If You Like This Blog Please Comment Down For More Hacking Content Click Here

Related posts

Leave a Comment