Top Banner
STEGANALYSIS OF BINARY IMAGES This thesis is presented for the degree of DOCTOR OF PHILOSOPHY by KANG LENG CHIEW Department of Computing Faculty of Science MACQUARIE UNIVERSITY Australia June 2011
160

Steganalysis of Binary Images

Oct 23, 2014

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

STEGANALYSIS OF BINARY IMAGES

This thesis is presented for the degree of

DOCTOR OF PHILOSOPHY

by

KANG LENG CHIEW

Department of Computing Faculty of Science MACQUARIE UNIVERSITY Australia

June 2011

2011 KANG LENG CHIEW

TABLE OF CONTENTSPage LIST OF FIGURES LIST OF TABLES ABSTRACT LIST OF PUBLICATIONS ACKNOWLEDGMENTS 1 Introduction 1.1 Motivations . . . . . . . . . . . . 1.2 Research Problems . . . . . . . . 1.3 Objectives . . . . . . . . . . . . . 1.4 Research Overview . . . . . . . . 1.4.1 Contributions . . . . . . . 1.4.2 Organisation of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv vi vii x xi 1 2 3 4 5 5 6 9 9 11 13 14 15 16 19 20 21 22 22 22 25 26 27 28 28 29 30

2 Background and Concepts 2.1 Overview of Steganography . . . . . . . . . . 2.2 SteganalysisModel of Adversary . . . . . . . 2.3 Level of Analysis . . . . . . . . . . . . . . . . 2.4 Blind Steganalysis as Pattern Recognition . . 2.4.1 Feature Extraction . . . . . . . . . . . 2.4.2 Classication . . . . . . . . . . . . . . 2.5 Digital Images . . . . . . . . . . . . . . . . . . 2.5.1 Image File Formats . . . . . . . . . . . 2.5.2 Spatial and Frequency Domain Images

3 Literature Review 3.1 Steganography . . . . . . . . . . . . . . . . . . . . . 3.1.1 Liang et al. Binary Image Steganography . . 3.1.2 Pan et al. Binary Image Steganography . . . 3.1.3 Tseng and Pan Binary Image Steganography 3.1.4 Chang et al. Binary Image Steganography . 3.1.5 Wu and Liu Binary Image Steganography . 3.1.6 F5 Steganography . . . . . . . . . . . . . . . 3.1.7 OutGuess Steganography . . . . . . . . . . . 3.1.8 Model-Based Steganography . . . . . . . . . i

3.2

Steganalysis . . . . . . . . . . . . . . . . . . . . . 3.2.1 Dierentiation of Cover and Stego Images 3.2.2 Classication of Steganographic Methods . 3.2.3 Estimation of Message Length . . . . . . . 3.2.4 Identication of Stego-Bearing Pixels . . . 3.2.5 Retrieval of Stegokey . . . . . . . . . . . . 3.2.6 Extracting the Hidden Message . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

31 31 41 47 52 56 58 59 60 61 62 62 63 64 65 67 67 67 69 70 71 72 73 75 75 76 77 79 81 81 82 83 86 87 88 88 91 93 94 94 95 97

4 Blind Steganalysis 4.1 Comparison of the Steganography Methods under Analysis 4.2 Proposed Steganalysis Method . . . . . . . . . . . . . . . . 4.2.1 Grey Level Run Length Matrix . . . . . . . . . . . 4.2.2 Pixel Dierences . . . . . . . . . . . . . . . . . . . 4.2.3 GLRL Matrix from the Pixel Dierence . . . . . . . 4.2.4 GLGL Matrix . . . . . . . . . . . . . . . . . . . . . 4.2.5 Final Feature Sets . . . . . . . . . . . . . . . . . . 4.3 Experimental Results . . . . . . . . . . . . . . . . . . . . . 4.3.1 Experimental Setup . . . . . . . . . . . . . . . . . . 4.3.2 Results Comparison . . . . . . . . . . . . . . . . . . 4.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Multi-Class Steganalysis 5.1 Summary of the Steganographic Methods under Analysis 5.2 Proposed Steganalysis . . . . . . . . . . . . . . . . . . . 5.2.1 Increasing the Grey Level via the Pixel Dierence 5.2.2 Grey Level Run Length Matrix . . . . . . . . . . 5.2.3 Grey Level Co-Occurrence Matrix . . . . . . . . . 5.2.4 Cover Image Estimation . . . . . . . . . . . . . . 5.2.5 Final Feature Sets . . . . . . . . . . . . . . . . . 5.3 Multi-Class Classication . . . . . . . . . . . . . . . . . . 5.4 Experimental Results . . . . . . . . . . . . . . . . . . . . 5.4.1 Experimental Setup . . . . . . . . . . . . . . . . . 5.4.2 Results Comparison . . . . . . . . . . . . . . . . . 5.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Hidden Message Length Estimation 6.1 Boundary Pixel Steganography . . . . . . . . . . . 6.2 Proposed Method . . . . . . . . . . . . . . . . . . . 6.2.1 512-Pattern Histogram as the Distinguishing 6.2.2 Matrix Right Division . . . . . . . . . . . . 6.2.3 Message Length Estimation . . . . . . . . . 6.3 Experimental Results . . . . . . . . . . . . . . . . . 6.3.1 Experimental Setup . . . . . . . . . . . . . . 6.3.2 Results of the Estimation . . . . . . . . . . 6.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . Statistic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ii

7 Steganographic Payload Location Identication 7.1 Background . . . . . . . . . . . . . . . . . . . . . . . 7.2 Motivation and Challenges . . . . . . . . . . . . . . . 7.3 Proposed Stego-Bearing Pixel Location Identication 7.4 Experimental Results . . . . . . . . . . . . . . . . . . 7.4.1 Experimental Setup . . . . . . . . . . . . . . . 7.4.2 Results Comparison . . . . . . . . . . . . . . . 7.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . 8 Feature-Pooling Blind JPEG Image Steganalysis 8.1 Feature Extraction Techniques . . . . . . . . . . . 8.1.1 Image Quality Metrics . . . . . . . . . . . 8.1.2 Moment of Wavelet Decomposition . . . . 8.1.3 Feature-Based . . . . . . . . . . . . . . . . 8.1.4 Moment of CF of PDF . . . . . . . . . . . 8.2 Features-Pooling Steganalysis . . . . . . . . . . . 8.2.1 Feature Selection in Feature-Based Method 8.2.2 Feature-Pooling . . . . . . . . . . . . . . . 8.3 Experimental Results . . . . . . . . . . . . . . . . 8.3.1 Classier Selection . . . . . . . . . . . . . 8.3.2 Results Comparison . . . . . . . . . . . . . 8.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . 9 Improving JPEG Image Steganalysis 9.1 Steganography as Additive Noise . . . . . . 9.2 Image-to-Image Variation Minimisation . . . 9.3 Steganalysis Improvement . . . . . . . . . . 9.3.1 Moments of Wavelet Decomposition . 9.3.2 Moment of CF of PDF . . . . . . . . 9.3.3 Moment of CF of Wavelet Subbands 9.4 Experimental Results . . . . . . . . . . . . . 9.4.1 Experimental Setup . . . . . . . . . . 9.4.2 Results Comparison . . . . . . . . . . 9.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . .

98 99 99 101 103 103 104 108

109 . 109 . 110 . 110 . 111 . 112 . 113 . 113 . 114 . 116 . 116 . 118 . 120 121 . 121 . 122 . 125 . 125 . 126 . 126 . 127 . 127 . 128 . 130

10 Conclusions and Future Research Directions 131 10.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 10.2 Future Research Directions . . . . . . . . . . . . . . . . . . . . . . . 132 Bibliography 134

iii

LIST OF FIGURESPage 1.1 2.1 2.2 2.3 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 4.1 5.1 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 7.1 7.2 7.3 7.4 8.1 Overview of the thesis . . . . . . . . . . . . . . . . . . . . . . . . . 5

General model of steganography . . . . . . . . . . . . . . . . . . . . 10 General framework of blind steganalysis . . . . . . . . . . . . . . . 15 Two-class SVM classication . . . . . . . . . . . . . . . . . . . . . . 18 Example of eligible pixels . . . . . . . . . . . . . . . . . . . . . Example of ineligible pixels . . . . . . . . . . . . . . . . . . . Eect of ipping a pixel . . . . . . . . . . . . . . . . . . . . . Measurement of smoothness and connectivity . . . . . . . . . Algorithm of model-based steganography . . . . . . . . . . . . Co-occurrence matrices extracted from cover and stego images Illustration of wavelet decomposition . . . . . . . . . . . . . . Intra- and inter-block correlations in a JPEG image . . . . . . The 64 modes of an 88 DCT block . . . . . . . . . . . . . . Modied image calibration for double compressed JPEG image One-against-one approach for a multi-class classication . . . . A portion of image histogram before and after LSB embedding The boundaries of 8 8 blocks . . . . . . . . . . . . . . . . . The extraction of residual image . . . . . . . . . . . . . . . . . Detection results displayed in ROC curves and AUR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 24 26 29 31 33 37 39 43 44 46 48 49 55

. . . . . . . . 68

Pixel dierence in vertical direction . . . . . . . . . . . . . . . . . . 73 Illustration of a boundary pixel . . . . . . . . . . . . . . . . . . . Examples of 512 patterns . . . . . . . . . . . . . . . . . . . . . . . Comparison of patterns histogram between cover and stego images Histogram dierence between two binary images . . . . . . . . . . Histogram quotient with increasing message length . . . . . . . . Estimated length of hidden messages for all binary images . . . . Example of a highly distorted stego image . . . . . . . . . . . . . Estimation error of hidden message length for all binary images . Identication results for dierent window sizes Comparison of results for image Database A . Comparison of results for image Database B . Comparison of results for image Database C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 89 90 92 94 95 96 97 104 107 107 107

Features comparison in detecting F5 . . . . . . . . . . . . . . . . . 114 iv

8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 9.1 9.2

Features comparison in detecting OutGuess . . . . . . . . . . . Features comparison in detecting MB1 . . . . . . . . . . . . . . Classier comparison in detecting F5 . . . . . . . . . . . . . . . Classier comparison in detecting OutGuess . . . . . . . . . . . Classier comparison in detecting MB1 . . . . . . . . . . . . . . Comparison of steganalysis performance in detecting F5 . . . . . Comparison of steganalysis performance in detecting OutGuess . Comparison of steganalysis performance in detecting MB1 . . .

. . . . . . . .

. . . . . . . .

115 115 117 117 118 119 120 120

Two images with their respective underlying statistics . . . . . . . . 123 Transformed image by scaling and cropping . . . . . . . . . . . . . 124

v

LIST OF TABLESPage 4.1 4.2 4.3 5.1 5.2 5.3 5.4 5.5 5.6 5.7 6.1 7.1 7.2 7.3 7.4 8.1 9.1 9.2 9.3 Comparison of the steganographic techniques . . . . . . . . . . . . . 61 Summary of the 68-dimensional feature space . . . . . . . . . . . . 66 Experimental parameters . . . . . . . . . . . . . . . . . . . . . . . . 67 Properties of features . . . . . . . . . . . . . . . . . . . . Example of majority-voting strategy for multi-class SVM Summary of image databases . . . . . . . . . . . . . . . Summary of stego image databases . . . . . . . . . . . . Confusion matrix for the textual database . . . . . . . . Confusion matrix for the mixture database . . . . . . . . Confusion matrix for the scene database . . . . . . . . . Mean and standard deviation of the estimation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 80 81 82 84 85 85

. . . . . . . . . . . 96 . . . . . . . . . . . . 103 105 105 106

Summary of image databases . . . . . . . . . . . . . . . . . . The accuracy of the identication for image Database A . . . . The accuracy of the identication for image Database B . . . . The accuracy of the identication for image Database C . . .

Feature selection comparison for SFFS, T-test and Bhattacharyya . 114 Comparison for the proposed technique and the Farid technique . . 128 Comparison for the proposed technique and the COM technique . . 129 Comparison for the proposed technique and the MW technique . . . 129

vi

ABSTRACT

Steganography is a science of hiding messages into multimedia documents. A message can be hidden in a document only if the content of a document has high redundancy. Although the embedded message changes the characteristics and nature of the document, it is required that these changes are dicult to be identied by an unsuspecting user. On the other hand, steganalysis develops theories, methods and techniques that can be used to detect hidden messages in multimedia documents. The documents without any hidden messages are called cover documents and the documents with hidden messages are named stego documents. The work of this thesis concentrates on image steganalysis. We present four dierent types of steganalysis techniques. These steganalysis techniques are developed to counteract the steganographic methods that use binary (black and white) images as the cover media. Unlike greyscale and colour images, binary images have a rather modest statistical nature. This makes it dicult to apply directly the existing steganalysis on binary images. The rst steganalysis technique addresses blind steganalysis. Its objective is to detect the existence of a secret message in a binary image. Since the detection of a secret message is often modelled as a classication problem, consequently it can be approached using pattern recognition methodology. The second steganalysis technique is known as multi-class steganalysis. Its purpose is to identify the type of steganographic method used to create the stego image. This extends the earlier blind steganalysis from two-class (cover or stego image) to multi-class (cover or dierent types of stego images) classication. Similar to blind steganalysis, this technique is also based on the pattern recognition methodology to perform the classication. The third steganalysis technique uses rst-order statisticbinary pattern histogramto estimate the length of an embedded message. This technique is used specically to analyse the steganography developed by Liang et al. The estimated message length usually plays an important role and is needed at other levels of analysis. The fourth steganalysis technique identies the steganographic payload locations based on multiple stego images. This technique can reveal which pixels in the binary image carry the message bits. This technique is crucial as it not only vii

reveals the existence of a hidden message, it also provides information to locate the hidden message. Finally, we proposed two improvements to existing JPEG image steganalysis. We combined several feature sets and applied a feature selection technique to obtain a set of powerful features. We showed that by minimising the inuence of image content, we can improve the features sensitivity with respect to steganographic alteration.

viii

STATEMENT OF CANDIDATE

I certify that the work in this thesis entitled STEGANALYSIS OF BINARY IMAGES has not previously been submitted for a degree nor has it been submitted as part of requirements for a degree to any other university or institution other than Macquarie University. I also certify that the thesis is an original piece of research and it has been written by me. Any help and assistance that I have received in my research work and the preparation of the thesis itself have been appropriately acknowledged. In addition, I certify that all information sources and literature used are indicated in the thesis.

KANG LENG CHIEW (41375521) 8 June 2011

ix

LIST OF PUBLICATIONS

1. K. L. Chiew and J. Pieprzyk. Features-Pooling Blind JPEG Image Steganalysis. IEEE Conference on Digital Image Computing: Techniques and Applications, 96103, 2008. 2. K. L. Chiew and J. Pieprzyk. JPEG Image Steganalysis Improvement via Image-to-image Variation Minimization. International IEEE Conference on Advanced Computer Theory and Engineering, 223227, 2008. 3. K. L. Chiew and J. Pieprzyk. Estimating Hidden Message Length in Binary Image Embedded by Using Boundary Pixels Steganography. International Conference on Availability, Reliability and Security, 683688, 2010. 4. K. L. Chiew and J. Pieprzyk. Blind Steganalysis: A Countermeasure for Binary Image Steganography. International Conference on Availability, Reliability and Security, 653658, 2010. 5. K. L. Chiew and J. Pieprzyk. Binary Image Steganographic Techniques Classication Based on Multi-Class Steganalysis. 6th International Conference on Information Security, Practice and Experience, 6047:341358, 2010. 6. K. L. Chiew and J. Pieprzyk. Identifying Steganographic Payload Location in Binary Image. 11th Pacic Rim Conference on MultimediaAdvances in Multimedia Information Processing, 6297:590600, 2010.

x

ACKNOWLEDGMENTS

I would like to express my sincere appreciation to my supervisor, Professor Josef Pieprzyk for his countless help, assistance and guidance in every stage of my research. I have beneted a lot from the valuable discussion with him since the very beginning of my research. I would also like to express my gratitude and special thanks to Dr. Scott McCallum for being so patient and inspiring in guiding my academic writing skill. The interaction with him has tremendously improved my understanding in academic writing. I want to take this opportunity to thank Ministry of Higher Education Malaysia and Universiti Malaysia Sarawak for providing me with SLAI scholarship for the research. I am also very grateful for the HDR Project Support Funds supported by Macquarie University. Very special thanks to Joan for spending valuable time to proof-read my thesis. I would like to thank Nana who always provides me with valuable information, hints and updates related to my research. I would also like to thank Gaurav for the enjoyable discussions and interactions. To all the sta in the Department of Computing, their excellent supports are highly appreciated. Thanks to my parent, brother, sister and brother-in-law for their continuous support, encouragement and motivation in me throughout the years. I am so grateful to my wife, for her love, thoughtful comment, support and nurturing in all aspect. Her advice and encouragement have been always be the point of reference whenever I am lost. The surviving moment would be much tougher if without her accompany. And nally, to all the people who have helped directly and indirectly to support me throughout this undertaking, thank you. This thesis was edited by Dr Lisa Lines, and editorial intervention was restricted to Standards D and E of the Australian Standards for Editing Practice.

xi

Chapter 1 IntroductionThe process of sending messages between two parties through a public channel in such a way that it deceives the adversary from realising the existence of the communication is known as steganography. Tracing back to antiquity, Histaiacus shaved a slaves head, wrote a message on his scalp and the slave was sent as a messenger after his hair grew back to convey steganographic content [12]. The Greeks received warning about the intention of invasion by Xerxes from a message underneath a writing tablet covered by wax [3, 84]. In a more recent history, invisible ink was used as a form of steganography during World War II [12, 59] to establish covert communication. An application of steganography was reported in the literature around 1980s when British Prime Minister Margaret Thatcher had the word processors programmed to encode the identity in the word spacing to trace disloyal ministers that were responsible for the leaks of cabinet documents [2, 3]. The ongoing development of computer and network technologies provides an excellent new channel for steganography. Most digital documents contain redundancy. This means that there are parts of documents that can be modied without an impact on their quality. The redundant parts of a document can be identied in many distinct ways. Consider an image. Typically, margins of the image do not convey any signicant information and they can be used to hide a secret message. Also, some pixels of the image can be modied to carry a small number of secret bits as small modication (e.g., least signicant bit of pixels) will not be noticeable to an unsuspecting user. As the redundant parts of a digital document can be determined in a variety of ways, many steganographic methods can be developed. Mainly, steganography considers methods and techniques that can create covert 1

communication channels for unobtrusive transmission for military purposes. Steganography is also used for automatic monitoring of radio advertisements, indexing of videomail (to embed comments) and medical imaging (to embed information like patient and physician names, DNA sequences and other particulars) [3]. Other applications include: smart video-audio synchronization, secure and invisible storage of condential information, identity cards (to embed individuals details) and checksum embedding [12]. Steganography is also used for the less dramatic purpose of watermarking. The applications of watermarking mainly involve the protection of intellectual property such as ownership protection, le duplication management, document authentication (by inserting an appropriate digital signature) and le annotation.

1.1

Motivations

Like most other areas, steganography has thrived in the digital era. Many interesting steganographic techniques have been created and its continuing evolution is guaranteed by a growing need for information security. Inevitably, they are potentially open to abuse and can be used by criminals and terrorists. An article from USA Today stated that steganography was used by terrorists [60], although there was little evidence to substantiate this claim [79]. Nonetheless, after the 9/11 incident, it has triggered immediate concern on the possibility that steganography can be used in the terrorism planning. In addition, several reports from the literature stated that steganography has been suspected as a possible means of covert communication and planning of terrorist attacks [6, 103, 52]. A training manual for the Mujahideen, which contains an exposition on image steganography over the Internet is also reported in Hogans PhD thesis [52]. While initially the use of steganography by terrorists appeared doubtful, it has since become accepted and should be treated seriously. For the less drastic case, those who wish to evade surveillance (e.g., who have reason to fear punishment for expressing sensitive political thoughts) can use steganography. For example, the communication between members of a political dissident organisation is usually under surveillance. The adversary (i.e., government agencies) may arrest the dissidents if evidence of sensitive issue being discussed and planned is found. Therefore, steganography may be the safest form of communication between dissidents. There are a large number of steganographic

2

tools available as commercial software or freeware, which can be easily downloaded. With these tools, accomplishing such activities will become even simpler1 . As a result, this has created unique challenges for law enforcement agencies. Digital media and information technology have developed rapidly and are ubiquitous. Information is stored digitally and is abundant. Specically, there are a multitude of daily tasks that involves dealing with documents. The originals of these documents might be digital or they may be converted from hardcopies into appropriate digital formats. In general, the majority of documents are binary (black and white), which consist of foreground (black) and background (white). Scanning such a document obtains a binary image that can potentially be used as a medium for steganography. This deserves a careful analysis. Despite the importance and widespread use of binary images in steganography, it has received little attention, especially the steganalysis of binary image steganography. More research is found on the more commonplace steganalysis of greyscale and colour images; however, these techniques cannot be directly used to analyse binary image steganography. Therefore, a more appropriate and eective set of techniques should be developed.

1.2

Research Problems

In general, the steganalysis techniques can be categorised into six levels depending on how much information about the hidden messages we require. These levels (ordered according to the increased amount of information acquired) are as follows: Dierentiation between cover and stego documentsthis is the rst step in steganalysis and the purpose of this technique is to determine if a given document carries a hidden message. Identication of steganographic methodthis technique identies the type of steganographic method used and it is the so-called multi-class steganalysis. Estimation of the length of a hidden messagethis technique reveals the amount of embedded message as the acquired information. Identication of stego-bearing pixelsthis technique uncovers the exact locations where the pixels are used to carry the message bits. Retrieval of stegokeythis technique provides access to the stego-bearing1

A list of free steganographic tools can be found in the citation entry #25 given in [12].

3

pixels as well as the embedding sequence. Message extractionthis technique normally involves extracting and deciphering the hidden message to obtain a meaningful message.

1.3

Objectives

The main part of the thesis is steganalysis of information hiding techniques. The task of steganalysis is to design an algorithm that can tell apart a cover document from its copy but with a hidden message. A larger part of steganalysis works published so far deals with grayscale and color images. We consider a less explored area of binary image steganography, which becomes more and more important for electronic publishers, distribution, management of printed documents and electronic libraries. To summarise, our main objectives cover the following: To study techniques that can be applied to distinguish the images hidden with secret messages from those without. This technique will serve as an automated system to perform the analysis on a large number of images. To evaluate the functionality of the steganalysis technique across dierent steganographic methods. In particular, we are going to investigate how the steganalysis technique could be used to detect new and unknown steganographic methods. To investigate dierent types of binary image steganography. This is important to gain an understanding of the internal mechanism used during the embedding operation. To make contributions that will extend the steganalysis technique to extract additional secret parameters. These secret parameters include hidden message length, type of steganographic method used, locations of stego-bearing pixels and secret key. Note that there are two aspects of steganalysis. The rst relates to the attempt to break or attack a steganography; the second uses it as an eective way of evaluating and measuring steganography security performance. This work studies steganalysis in terms of the rst aspect. In particular, we aim to carry out dierent levels of analysis to extract the relevant secret parameters.

4

Background and Review

Binary Image Steganalysis

Steganalysis Enhancement

1. Introduction

2. Background and Concepts

4. Blind Steganalysis

8. Feature-Pooling Steganalysis 9. Improving JPEG Image Steganalysis

10. Conclusion

3. Literature Review

5. Multi-Class Steganalysis 6. Message Length Estimation 7. Payload Location Identifcation

Figure 1.1: Overview of the thesis

1.4

Research Overview

The general structure of the thesis is shown in Figure 1.1. The chapters can be divided into the following three parts: background and review, binary image steganalysis and steganalysis enhancement. The background and review part describes the main developments and concepts in steganography and its analysis. It also describes the state of the art and major publications that have inuenced the research developments in the eld. The binary image steganalysis part presents techniques to counteract binary image steganography. The underlying ideas are to employ statistical techniques to analyse the given images. The steganalysis enhancement part provides improvement to some of the existing steganalysis techniques that deal with JPEG images.

1.4.1

Contributions

The major contributions of this thesis are listed below. Blind steganalysis. We have developed a steganalysis technique to distinguish a stego image from a cover image. Mainly, we have broken several steganographic methods from the literature. This technique uses an image processing technique that extracts sensitive statistical data as the feature set. From the feature set, it employs classier to determine the existence of a secret message. In addition, this technique can be rened and used to detect a dierent type of steganographic method. This property is important when dealing with an unknown and new steganographic method. 5

Multi-class steganalysis. We have extended our blind steganalysis to determine the type of steganographic method used to produce the stego image. This is important information that allows an adversary to mount a more specic attack. From the literature review, this is the rst multi-class steganalysis technique developed particularly to attack binary image steganography. Message length estimation. We have designed a simple yet eective technique based on rst-order statistic to estimate the length of an embedded message. This estimation is crucial and normally is required if we intend to extract a hidden message. We have identied that the notches and protrusions can be utilised to approximate the degree of image distortion caused by embedding operation. In particular, this technique attacks the steganographic method developed in [69]. Steganographic payload locations identication. We have presented a technique to identify the locations where hidden message bits are embedded. This technique is one of the very few researches in the literature that is able to extract additional secret information. Eventually, this information is very important for an adversary who wishes to remove a hidden message or deceive communication. Enhancement of existing steganalysis techniques. We have proposed improvement to existing JPEG image steganalysis. Specically, we select and combine several types of features from several existing steganalysis techniques by using a feature selection technique to form a more powerful blind steganalysis. We have shown that the technique has improved the detection accuracy and also reduced the computational resources. We also show that by minimising the inuence of image content, the detection accuracy can be improved.

1.4.2

Organisation of the Thesis

The rest of the thesis is organised into nine chapters. Chapter 2 introduces some background to explore the state-of-the-art techniques studied in this work. Additionally, we introduce the fundamental concepts that will be used in the following chapters. More precisely, this chapter gives short introductions to the eld, including the denitions, terms, synonyms and taxonomy. Chapter 3 reviews the literature related to our work. We select several steganalysis 6

techniques that are going to be analysed in the thesis. To make the presentation as meaningful as possible, the reviews are organised into dierent levels of analysis. There are myriad of possible steganographic methods available; however, we will discuss only the methods selected for our analysis. Please refer to [12] for a comprehensive review of steganography. Our steganalysis starts from nding an algorithm that is able to distinguish a cover image from a stego one. This work employs pattern recognition methodology to perform the classication. Our focus is to extract a discriminative feature set to enable accurate detection of the existence of secret messages. This analysis was published in [20] and is presented in Chapter 4. Chapter 5 discusses an algorithm for identication of a steganographic method that has been used to embed a secret message into a binary image. We assume that the collection of possible methods is known. The objective of this analysis is twofold: to dierentiate an image with hidden message from one without and to identify the type of steganographic method used. This analysis is an extension on the work presented in Chapter 4 to form a more powerful multi-class steganalysis. This work has been published in [19]. In Chapter 6, we present a technique for estimating the length of a hidden message embedded in a binary image. This estimated length is one of the important secret steganographic parameters and is usually required to accomplish further analysis, such as retrieving the stegokey shared between the sender and receiver. The technique presented in this chapter has also been published in [21]. The work done in the previous chapters so far has enabled us to discriminate images with a hidden message from those without one. However, the ability to discriminate images does not enable us to locate the hidden message. Therefore, we wish to investigate the identication of hidden message bits location in an image. The work is based on the concept developed by Ker [62] where it is assumed that we may access dierent stego images with message bits embedded in the same locations. This assumption is possible when the same stegokey is reused for a batch of secret communications. The essential dierence is the medium under the analysis, namely the binary image, which is known to have modest statistical characteristics. This work is presented in Chapter 7. An initial study of this chapter has been published in [22]. Although the previous chapters focused primarily on binary image steganalysis, we have also paid attention to the steganalysis in other image domains. Our

7

contribution to greyscale image steganalysis is supplementary, but is as important as that of the other chapters and is presented in Chapters 8 and 9. This work can be considered an adjunct to existing steganalysis techniques that contributes some enhancements. The enhancements discussed in Chapters 8 and 9 have been published in [17] and [18], respectively. We conclude the thesis in Chapter 10 where we discuss possible future directions for the research.

8

Chapter 2 Background and ConceptsThis chapter introduces and denes the concepts used throughout this thesis and provides relevant background information. We start by providing an overview of steganography and a formal denition. We also provide the description of its counterpart, namely steganalysis. We discuss dierent types of steganalysis, which are referred to as dierent levels of analysis. For steganalysis that involves classication, we dedicate a section that discusses dierent types of classiers. Finally, since this thesis focuses on the analysis of image steganography, we also provide a description of a variety of common digital images used for steganography.

2.1

Overview of Steganography

Usually cryptography is used to protect a communication from eavesdropping. Messages are encrypted and only a rightful recipient can decrypt and read the messages. However, encrypted messages are obvious, which might arouse the suspicion of an eavesdropper. Consequently, the communication is probably susceptible to attacks. Steganography is an alternative method for privacy and security. Instead of encrypting, we can hide the messages in other innocuous looking medium (carrier) so that their existence is not revealed. Clearly, the goal of cryptography is to protect the content of messages, steganography is to hide the existence of messages. An advantage of steganography is that it can be employed to secretly transmit messages without the fact of the transmission being discovered. Often, cryptography and steganography are used together to achieve higher security.

9

Message

Message

Carrier

Embedding Public Channel

Extraction

KeyFigure 2.1: General model of steganography Steganography can be mathematically dened as follows:

Emb : C M K S Ext : S K M, (2.1)

such that Emb(C, M, K) = S and Ext(S, K) = M. Emb and Ext are the embedding and extraction mapping functions, respectively. C is the cover medium, S is the medium embedded with message M and K denotes the key. Figure 2.1 shows a simple representation of the generic embedding and extraction operation in steganography. During the embedding operation, a message is inserted into the medium by altering some portion of it. The extraction operation involves the recovery of the message from the medium. In this example, the message is embedded inside a carrier and is transmitted via a public channel (e.g., internet). While at the receiving site, the message is extracted using the key shared between the sender and receiver. The message is the hidden information and can be a plain text, cipher text, image or anything that can be converted into stream of bits. Consider a typical image steganography. In the embedding operation, a secret message is transformed into a bit stream of bits, which is embedded into the least signicant bits (LSBs) of the image pixels. The embedding overwrites the pixel LSB with the message bit if the pixel LSB and message bit do not match. Otherwise, no changes are necessary. For the extraction operation, message bits are retrieved from pixel LSBs and combined to form the secret message. There are two main selection algorithms that can be employed to embed secret message bits: sequential and random. For sequential selection, the locations of

10

pixels used for embedding are selected sequentiallyone after another. For instance, pixels are selected from left to right and top to bottom until all message bits are embedded. With random selection, the locations of the pixels used for embedding are permuted and distributed over the whole image. The distribution of the message bits is controlled by a pseudorandom number generator (PRNG) whose seed is a secret shared by the sender and the receiver. This seed is also called the stegokey. The latter selection method provides better security than the former because random selection scatters the image distortion over the whole image, which makes it less perceptible. In addition, the complexity of tracing the selection path for an adversary is increased when random selection is applied. Apart from this, steganographic security can be enhanced by encrypting the secret message before embedding it. Almost any form of digital media can be used for steganographic purposes as long as the information in the media has redundancy. These media can be classied (but not limited) to the following categories: images, videos, audios, texts, executable les and computer le systems [67, 94, 5, 81, 29, 26, 104, 118, 46, 1, 28, 83]. The most common medium is an image, as the large redundancy of images allows easy embedding of messages [78]. The input image used in the embedding operation is called the cover image; the generated output image (with the secret message embedded in it) is called the stego image. Ideally, the cover and stego images should appear identicalit should be dicult for an unsuspecting user to tell apart the stego image from the cover image. A list of possible choices for cover images includes binary (black and white), greyscale and colour images. Tseng and Pan [107] developed a steganography that embeds a secret message in a binary image, and Liang et al. [69] used binary images in their steganography. The OutGuess [90] and F5 [110] are examples of steganography that apply greyscale and colour images. A more recent steganographic method developed by Yang (see [117]) uses colour images.

2.2

SteganalysisModel of Adversary

The invasive nature of steganography leaves detectable traces within the stego image. This allows an adversary to use steganalysis techniques to reveal that a secret communication is taking place. Sometimes, an adversary is also referred

11

to as a warden. In general, there are two types of warden: passive and active. A passive warden only examines the communication and wishes to know if the communication contains some hidden messages. The warden does not modify the content of the communication. For example, the communication is allowed if no evidence of secret message is found. Otherwise, it is blocked. On the other hand, an active warden may introduce distortion to interrupt and destroy the communication although there is no evidence of secret communication. Most current steganographic methods are designed for the passive warden scenario. Without loss of generality, we will use the term adversary instead of warden in all the following steganalysis scenarios. Beside the warden scenario discussed above, sometimes an adversary may not have the authority or resources to block the communication. Then, the adversary might wish to acquire related secret information (parameters) or even to extract the secret message. Note that our works are based on this type of adversary who wants to extract information about a secret message. We will discuss this at length shortly in the next section. In general, there are two types of steganalysis: targeted and blind. Targeted steganalysis is designed to attack one particular embedding algorithm. For example, the work in [7, 49, 57, 42] is considered targeted steganalysis. Targeted steganalysis can produce more accurate results, but it normally fails if the embedding algorithm used is not the target. Blind steganalysis can be considered a universal technique for detecting dierent types of steganography. Because blind steganalysis can detect a wider class of steganographic techniques, it is generally less accurate; however, blind steganalysis can detect new steganographic techniques where there is no targeted steganalysis available yet. In other words, blind steganalysis is an irreplaceable detection tool if the embedding algorithm is unknown or secret. The feature-based steganalysis developed in [35] is one example of successful blind steganalysis. Other examples are to be found in [99, 70]. The most widely used denition of steganography security is based on Cachin scheme [8]. Let the distribution of cover image and stego image be denoted as PC and PS , respectively. Cachin dened steganography security by comparing the distribution, PC and PS . The comparison can be made by using Kullback-Leibler distance dened as follows: D(PC PS ) =cC

PC (c) log

PC (c) . PS (c) 12

(2.2)

When D(PC PS ) = 0, it means the distribution of stego image, PS is identical to the distribution of cover image, PC . This implies the steganography is perfectly secure because it is impossible for the adversary to distinguish between cover and stego images. If D(PC PS ) , then Cachin dened the steganography as -secure. Thus, the smaller is, the greater the likelihood that a covert communication (i.e., steganography) will not be detected. As discussed in [25], another possible way to dene steganography security is based on a specic steganalysis technique. Alternatively, one could dene the security with respect to the inability of an adversary to prove the existence of covert communication. In other words, a steganographic method may be considered practically secure if no existing steganalysis technique can be used to mount a successful attack.

2.3

Level of Analysis

Under ideal circumstances, an adversary applying steganalysis intends to extract the full hidden information. This task can be very dicult, or even impossible to achieve. Thus, the adversary may start steganalysis with more realistic and modest goals in mind, such as restricting the eort to dierentiating cover and stego images, classifying the embedding technique, estimating the length of hidden messages, identifying the locations where bits of hidden information are embedded and retrieving the stegokey. Achieving some of these goals allows improvement of the steganalysis, making it more eective and appropriate for the steganographic method. The rst step in analysing steganography can be distinguishing cover from stego images. This involves analysing the characteristics of the image and looking for the evidence of abnormalities. This step is plausible because the embedding operation will distort the image content and produce deviations from normal image characteristics. For example, the rst-order statistic of a stego image tends to form histogram bin pairing, where this abnormal characteristic practically never occurs in a cover image. Normally, this analysis is known as the most basic level of blind steganalysis. It is also possible to extend this level of blind steganalysis to a more involved level, known as multi-class steganalysis. From a practical perspective, multi-class steganalysis is similar to the basic level; however, instead of classifying two classes

13

(cover and stego images), multi-class steganalysis can classify images into more classes that come from dierent types of stego images produced by dierent embedding techniques. Hence, the task of multi-class steganalysis is to identify the embedding algorithm applied to produce a given stego image, or to classify it as a cover image if no embedding is performed on it. Normally, to avoid suspicion, the amount of message embedded is far less than the image can accommodate. Thus, an adversary cannot tell how much information has been embedded based on the size of the image and a statistical approach needs to be utilised to estimate the hidden message length. Note that the terms message, hidden message and secret message are used interchangeably. The message length is the number of bits embedded in the image. It is normally dened by the ratio between the number of embedded message bits and the maximum number of bits that can be embedded in a given image. It can also be measured as bits per pixel (bpp). The analysis levels discussed so far cannot reveal the locations where hidden message bits are embedded. However, with the help of estimated hidden message length as side information, an adversary can proceed to identify the stego-bearing pixels. Identifying the exact location of stego-bearing pixels is not easy for two reasons. First, the message bits are often randomly scattered throughout the whole image. Second, it is dicult or impossible to detect hidden message bits that are unchanged with respect to the cover image. Identifying the stego-bearing pixels locates the message bits, but does not determine the sequence of the message bits. Thus, the next level of steganography analysis is to retrieve the stegokey. Successfully retrieving the stegokey can be considered a bigger achievementit provides access to the stego-bearing pixels as well as the embedding sequence. In other words, a correct stegokey will give information about the order of bits that create the hidden message. Studies related to each analysis technique will be given and elaborated in Section 3.2.

2.4

Blind Steganalysis as Pattern Recognition

An example of classication problem involves dividing a set of many possible objects into disjoint subsets where each subset forms a class. Usually, the pattern recognition techniques are used to solve this problem. Pattern recognition is an important aspect of Computer Science that focuses on recognising complex pat-

14

Image Feature Extraction Features Classification Training Testing

Trained Model

Decision (Cover or Stego)

Figure 2.2: General framework of blind steganalysis terns from samples and making intelligent decisions based on the patterns. As discussed in Section 2.3, blind steganalysis examines the image characteristics (samples) and determines whether these characteristics exhibit abnormalities (decision making). This means that, given an image, the steganalysis should be able to decide the class (cover or stego) in which the image belongs. Hence, the problem of blind steganalysis can be considered a classication problem and techniques from pattern recognition can be employed. Dierent embedding techniques are thought to produce dierent changes in image characteristics. In other words, the characteristics of cover and stego images dier, and those resulting from dierent stego images (stego images produced by dierent embedding techniques) dier as well. Therefore, it is possible to extend the pattern recognition techniques to dierentiate and classify these images. This extended blind steganalysis is known as multi-class steganalysis. As with any pattern recognition methodology, blind and multi-class steganalysis consist of two processesfeature extraction and classication. The general framework for blind steganalysis is shown in Figure 2.2.

2.4.1

Feature Extraction

Feature extraction is a process of constructing a set of discriminative statistical descriptors or distinctive statistical attributes from an image. These descriptors or 15

attributes are called features. Alternatively, feature extraction can be considered a form of dimensionality reduction. It is desirable that the extracted features should be sensitive to the embedding artefact, as opposed to the image content. Some examples of the features extracted in the early stage of blind steganalysis research include image quality metrics, wavelet decompositions and moment of image statistic histograms. These features were used in the blind steganalysis developed in [4], [73] and [48], respectively. More recent features developed include Markov empirical transition matrix, moment of image statistic from spatial and frequency domains and the co-occurrence matrix, which are employed in [54], [14] and [116], respectively. The details of these features will be covered in Section 3.2.

2.4.2

Classication

Classication identies or categorises images into classes (such as a cover or stego image) based on their feature values. The primary classication involved in steganalysis is supervised learning. In supervised learning, a set of training samples (consisting of input features and class labels) is fed in to train the classier. Once the classier is trained (trained model), it predicts the class label based on the given features. Some of the common classiers used in steganalysis include multivariate regression, Fisher linear discriminant, neural network and support vector machines (SVM). Multivariate regression [11] provides a trained model, which consists of regression coecients. During training, regression coecients are predicted using the minimum mean square error. For example, let the target label (or class label) be yi and xij denotes the features, where i = 1, . . . , N indicates the ith image and j = 1, . . . , n indicates the jth feature, then the linear expression would be as shown below:

y1 y2 yN

= =

1 x11 + 2 x12 + + n x1n + 1 , 1 x21 + 2 x22 + + n x2n + 2 , . . . 1 xN 1 + 2 xN 2 + + n xN n + N , (2.3)

=

where is the regression coecient and is the zero mean Gaussian noise. N and

16

n are the total number of samples and features, respectively. With these regression coecients, a given image can be classied by regressing the image features. The computed target value is then compared to a threshold to determine the right image class. Fisher linear discriminant is a classication method that projects multidimensional features, x onto a linear space [16]. Suppose two classes of observations have means y=0 and y=1 , and covariances y=0 and y=0 , the linear combination of features w x will have means w y=i and variances w T y=i w for i = 0, 1. Fisher linear discriminant is dened as a linear combination of features that maximizes the following separation, S:2 between class , 2 within class (w y=0 w y=1 )2 , w T y=0 w + w T y=1 w (w(y=0 y=1 ))2 . w T (y=0 + y=1 )w

S

= = =

(2.4)

Next, it can be shown that the optimal w is given by w = (y=0 + y=1 )1 (y=0 y=1 ). (2.5)

Finally, an image can be classied by linearly combining its extracted features with w and comparing the result to a threshold. Articial neural network, usually called neural network, is an informationprocessing model inspired by the way the biological nervous system (e.g., the brain) processes information. The basic building block of the neural network is the processing element (PE), commonly known as the neuron. The processing capabilities are derived from a collection of interconnected neurons (PEs). Mathematically, a neural network can be considered a mapping function F : X n Y , where n dimensions of features X are the inputs to the neural network, with decision values Y (class labels) [119]. The function F can be dened as a composition of other functions Gi = (G1 , . . . , Gm ). In addition, function Gi can further be dened as a composition of other functions. The composition of these function denitions forms the neural network. The structure of these functions and their dependencies between inputs and outputs will determine the type of neural network. The most common types used in classication are feedforward and backpropagation neural network. As with any other supervised learning, the classication 17

Y

X

Figure 2.3: Two-class SVM classication process in a neural network involves two operationstraining and testing. During training, the neural network learns to associate outputs with input patterns. This is carried out by systematically modifying the weights of the inputs throughout the neural network. When the neural network is used for testing, it identies the input pattern and tries to determine the associated output. When the input pattern has no associated output, the neural network provides an output that corresponds to the best match of the learned input patterns. Support vector machines (SVM) are a classication technique that can learn from a sample. More precisely, we can train the SVM to recognise and assign class labels based on a given collection of data (i.e., features). For example, we train the SVM to dierentiate cover images from stego images by examining the extracted features from many instances of cover and stego images. To illustrate the point, let us interpret this example using the illustration shown in Figure 2.3. The X and Y axes represent two dierent features. Cover and stego images are represented by circles and stars, respectively. Given an unknown image (represented by a square), the SVM is required to predict the class to which it belongs. This example is easy, as the two classes (cover and stego) form two distinct clusters that can be separated by a straight line. Hence, the SVM nds the separating line and determines the cluster for the unknown image. Finding the right separating line is crucial and it is provided during the training. In practice, the feature dimensionalities are higher and we need a separating plane, known as separating hyperplane, instead of a line. Thus, the goal of SVM is to nd a separating hyperplane that can eectively separate classes. To do that, the SVM will try to maximise the margin of the separating hyperplane during training. Obtaining this maximum-margin hyperplane will optimise the SVMs ability to predict the correct class of an unknown object (image). 18

However, there are often non-separable datasets that cannot be separated by a straight separating line or at plane. The solution to this diculty is to use a kernel function. A kernel function is a mathematical routine that projects the features from a low-dimensional space into a higher dimensional space. Note that the choice of kernel function will aect the classication accuracy. For additional reading on SVMs, see [80].

2.5

Digital Images

As discussed in the overview of steganography section, practically any form of digital media can be used to carry secret messages. Examples of these media include image, video, audio, text, etc. By far the most popular choice is image. In this section we will introduce various digital images, since the vast majority of research in steganography is concerned with image steganography. In addition, the work of the thesis is concentrated on image steganalysis. A digital image is produced through a process called digitisation. Digitising an image involves converting analogue information into digital information; thus, a digital image is the representation of an original image by discrete sets of points. Each of these points is called a picture element or pixel. Pixels are normally arranged in a two-dimensional grid corresponding to the spatial coordinates in the original image. The number of distinct colours in a digital image depends on the number of bits per pixel (bpp). Hence, the types of digital image can be classied according to the number of bits per pixel. There are three common types of digital image: Binary image. In a binary image, only one bpp is allocated for each pixel. Since a bit has only two possible states (on or o), each pixel in a binary image must represent one of two colours. Usually, the two colours used are black and white. A binary image is also called a bi-level image. Greyscale image. A greyscale image is a digital image in which the only colours are shades of grey. The darkest possible shade is black, whereas the lightest possible shade is white. Normally, there are eight bits per pixel assigned for a greyscale image. This creates 256 possible dierent shades of grey. Colour image. In general, a pixel in a colour image consists of several primary colours. Red, green and blue are the most commonly used primary colours. 19

Each primary colour forms a single component called a channel, with eight bits usually allocated for each channel, producing 24 bits per pixel. This corresponds to roughly 16.7 million possible distinct colours. When the channels in a colour image are split, each forms a dierent greyscale image.

2.5.1

Image File Formats

After digitisation, a digital image can be stored in a specic le format. Although many le formats exist, the major formats include BMP, JPEG, TIFF, GIF and PNG. Images stored in these formats are considered raster graphics. Another type of graphic image is a vector graphic image. Unlike raster graphics, which use pixels, vector graphics use geometric primitives such as points, lines and polygons to represent the images. The rendering of the geometric primitives in vector graphics is based on mathematical equations. This thesis focuses on raster rather than vector graphics. In a raw image, the data captured from a digital device sensor are preserved and stored in a le. The data captured are raw in the sense that no adjustment or processing is applied. The data are merely a collection of pixel values captured at the time of exposure. Note that there is no standard for a raw image and it is device dependent. Hence, a raw image is often considered an image, rather than a standard image le format. The bitmap or BMP format is considered a simple image le format. Normally the data is uncompressed and easy to manipulate. However, the uncompressed BMP format gives a BMP image a larger le size than that of a compressed image. A BMP image can also use a colour palette for indexed-colour images. Nonetheless, a colour palette is not used for BMP images greater than 16 bpp or higher. The joint photographic experts group (JPEG) format is by far the most common image le format. JPEG images are very popular and primarily used in photographs. Their popularity is due to the excellent image quality they produce despite a smaller le size. This is achieved through lossy compression. Many imaging applications allow users to control the level of compression. This is useful because users can trade o image quality for a smaller le size and vice versa. However, lossy compression reduces the image quality and cannot be reversed. In situations where the image quality is as important as the le size, the tagged 20

image le format (TIFF) could be a suitable choice. The TIFF format uses lossless compression, which reduces the image le size while preserving the original image quality. This makes TIFF a popular image archive option. In addition, as the name implies, the TIFF format also oers exible information elds in the image header called tags. These tags are very useful and can be dened to hold application-specic information. The graphics interchange format (GIF) uses a colour palette to produce an indexedcolour image. It also uses lossless compression. GIF can oer optimum compression when the image contains solid colour graphics (such as a logo, diagram, drawing, or clipart). In addition, GIF supports transparency and animation. These features make GIF an excellent format for certain web images. However, GIF is not suitable for complex photographs with continuous tones, as a GIF image can store only 256 distinct colours. Compared with GIF, the portable network graphics (PNG) format provides more improvements. These improvements include greater compression, better colour support, gamma correction in brightness control and image transparency. The PNG format is an alternative to GIF and is expected to become a mainstream format for web images.

2.5.2

Spatial and Frequency Domain Images

In a general sense, an image (I) can be considered a result of the projection of a scene (S) [34]. The spatial domain image is said to have a normal image space, which means that each image element at location in image I is a projection at the same location in scene S. The distance in spatial domain corresponds to the real distance. A common example of the spatial domain image is BMP image. The frequency domain image has a space where each element value at location in image I represents the rate of change over a specic distance related to the location . A popular frequency domain image is the JPEG image.

21

Chapter 3 Literature ReviewThis chapter considers research relevant to both steganography and steganalysis. Steganography is presented in Section 3.1. We give an overview of dierent types of steganography with the emphasis on image steganography. In particular, we discuss binary image steganography in the rst part of the section and JPEG image steganography in the second part. Steganalysis is discussed in Section 3.2. We review and highlight the most relevant existing techniques in steganalysis. These techniques are specically used in analysing image steganography. The discussion is divided into six subsections. We follow and organise the discussion according to the dierent levels of analysis, which is presented in Section 2.3.

3.1

Steganography

This section discusses some of the selected steganographic methods. These particular methods are used as a subject in our analysis. The rst ve subsections discuss steganographic methods that use binary images as the cover images and the rest of the subsections discuss methods that use JPEG images.

3.1.1

Liang et al. Binary Image Steganography

Consider a variant of boundary pixel steganography proposed by Liang et al. [69]. Boundary pixel steganography hides a message along the edges, where white and black pixels meetthese are known as boundary pixels. Note that the boundary pixels are those pixels within the image where there is colour transition occurred 22

between white and black pixels. The boundary pixels should not be confused with the four borders of an image. To obtain higher imperceptibility, the pixel locations used for embedding are permuted and distributed over the whole image. The distribution of message bits is controlled by a pseudorandom number generator whose seed is a secret shared by the sender and the receiver of the hidden message. This seed is also called stegokey. As the message bits are embedded on the boundary pixels of the image, it is important to identify the boundary pixels and their orders unambiguously. Once the sequence of boundary pixels is obtained, a pseudorandom number generator is used to determine the place where the message bits should be hidden. The authors of [69] dene boundary pixels as those that have at least one neighbouring pixel with a dierent intensity. For example, a white (black) pixel must have at least one black (white) neighbouring pixel. Note that a pixel can have, at most, four neighbours (left, right, top and bottom). Not all boundary pixels are suitable for carrying message bits because embedding a bit into an arbitrary boundary pixel may convert it into a non-boundary one. If this happens, then the extraction will not be correct and recovery of the hidden message is impossible. Because of this technical diculty, the authors have proposed a modied algorithm that adds restrictions on the selection of boundary pixels for embedding. A currently evaluated boundary pixel, P is considered eligible for embedding if the following two conditions are satised: i. Among the four neighbouring pixels, there exist at least two unmarked neighbouring pixels and their pixel values must be dierent. ii. For each marked neighbouring pixel (if any), its neighbouring pixels (excluding the current pixel, P ) must also satisfy the rst criterion. A pixel is said to be marked if it has already been evaluated or is assigned a (pseudorandom) index with a smaller value than the current index. In contrast, a pixel is said to be unmarked if it is evaluated after the current pixel. Figures 3.1 and 3.2 show some examples of eligible and ineligible pixels, respectively. The shaded box represents a pixel value of zero and the white box represents a pixel value of one. These pixels are taken from some portion of a binary image. Pixel P is the currently evaluated pixel and the number inside each box is the 23

pseudorandom index. This index will indicate if a pixel is unmarked or marked. For example, in Figure 3.1(b), the current pixel, P will have three unmarked (i.e., left, right and top neighbouring pixels) and one marked pixels (i.e., bottom neighbouring pixel). Pixel P in Figure 3.1(a) is an eligible pixel because it satises the rst condition and it does not have any marked neighbouring pixel. Pixel P in Figure 3.1(b) satises both conditions and thus, it is an eligible pixel. On the other hand, pixel P in Figure 3.2(a) is an ineligible pixel because it does not satisfy the rst condition. Pixel P in Figure 3.2(b) only satises the rst condition; therefore, it is also considered ineligible.Current pixel, P Current pixel, P

10 55 12 90

63 7 22 56(a)

67 30 21 9

45 32 80 73

10 55 12 90

63 7 22 56(b)

67 30 21 9

45 32 80 73

Figure 3.1: Example of eligible pixels

Current pixel, P

Current pixel, P

10 55 12 90

63 7 22 56(a)

67 30 21 9

45 32 80 73

10 55 12 90

63 7 22 56(b)

67 30 21 9

45 32 80 73

Figure 3.2: Example of ineligible pixels

Once the boundary pixel is found eligible, the message bit will be embedded in the pixel by overwriting its value if the message bit does not match the value; otherwise, the pixel is left intact. This procedure is applied and repeated to embed other message bits.

24

3.1.2

Pan et al. Binary Image Steganography

Motivated by Wu and Lee [113], Pan et al. developed a steganographic method that embeds secret messages in binary images [82]. Compared with [113], this method is more exible, in terms of choosing the cover image block. The Pan et al. method uses every block within an image to carry a secret message. This gives it a greater embedding capacity. The security is also improved by having less alteration of the cover image. In this embedding algorithm a random binary matrix, and a secret weight matrix, are dened and shared between the sender and receiver. Both matrices are of size mn. is a binary matrix and the matrix has elements of {1, 2, . . . , 2r 1} where r is the number of message bits to be embedded within a block. A given binary image is partitioned into non-overlapping blocks, Fi of size m n and the following matrix, i is computed: i = [(Fi ) ], (3.1)

where and are the bitwise exclusive-OR and pair-wise multiplication operators, respectively. [] is the arithmetic summation of all elements in the matrix. r message bits, mN = (m1 m2 . . . mr ) are embedded in block Fi by ensuring the following invariant: i mN mod 2r , (3.2)

where mN is the decimal representation of the message bits and () is the binary to decimal conversion. If the invariant holds, the Fi from i (Equation (3.1)) is left intact. Otherwise, some pixels from Fi will be altered. In most cases, one pixel will be ipped if there is a mismatch and an alteration is required. However, if ipping one pixel is not sucient, ipping a second pixel will guarantee the invariant to be held. Hence, only two pixels of Fi will be altered, at most. This method can embed up to r = log2 (mn + 1) bits per block. Successfully extracting a secret message requires the correct combination of and . and , in this case, can be considered the stegokey. The receiver also needs to know the correct parameters (m, n and r) used in the embedding. Then the secret message bits embedded in a block can be extracted through Equation (3.2)mN = i mod 2r . The extracted mN from each block is converted into binary bits and concatenated to form the secret message.

25

3.1.3

Tseng and Pan Binary Image Steganography

Although the method developed in [82] generally enhanced security (by altering fewer pixels for the same amount of embedded message), the quality of the stego image has not been taken into consideration. Noise may become prominent in certain blocks after embedding. For example, an isolated dot may exist in an entirely black or white block. As a sequel to the work done in [82], Tseng and Pan revised the method and enhanced it [107]. The main contribution of this work was to maintain the image quality through sacricing some of the payload. According to the authors, the image quality can be greatly improved while still maintaining a good embedding rateas much as r = log2 (mn + 1) 1 bits per block, where m n is the size of a block. On average, r is only one bit per block less than their previous method. To maintain image quality, the method discards any block that is either entirely black or white. In addition, when a pixel must be ipped to carry a message bit, the selection of which pixel to ip is governed by a distance matrix. The distance matrix selects only a pixel in which the new value (after ipping) is the same as the pixel value of its majority neighbouring pixels. This prevents the generation of isolated dots, which degrades the image quality. For example, Figure 3.3 shows two possible ways of ipping a pixel. Obviously, the eect of ipping will be less visible in Figure 3.3(b) than in Figure 3.3(c). The authors also dened an additional criterion for the secret weight matrix, which also improves the image quality.Flipped pixel Flipped pixel

(a)

(b)

(c)

Figure 3.3: Eect of ipping a pixel: (a) original block of pixels; (b) no isolated dot (c) obvious isolated dot

Similar to their previous method, the maximum number of pixels that must be altered per block to carry the message bits is, at most, two. The rest of the embedding and extraction algorithms are similar to the previous method. However, 26

if block Fi becomes entirely black or white after embedding, it is skipped. The alteration of that block will not be reversed and the same message bits will be embedded in the next block. This is important to ensure the correctness of message extraction. Both methods have the exibility to adjust between security level and payload size. When increased security is necessary, the block size (parameters m and n) can be increased. This larger block size will reduce the payload size because the total number of blocks per image will be reduced when the block size is larger. Eventually, with the same r bits per block, the total payload is reduced as the total number of blocks is reduced.

3.1.4

Chang et al. Binary Image Steganography

The steganographic method developed by Chang et al. [10] can be considered a variant improved from the binary image steganography developed by Pan et al. [82]. In general, this method oers the same embedding rate as the Pan et al. method, which is r = log2 (mn + 1) bits per block (m n is the block size). However, this method is superior to the Pan et al. method in the sense that it alters one pixel (at most) to embed the same amount of message bits within a block (as opposed to two pixels in the Pan et al. method). Thus, this method provides a higher level of security by reducing the alteration of the stego image. Practically, the Chang et al. method also employs two matrices during embedding: a random binary matrix and serial number matrix. The main dierence in the Chang et al. method is the introduction of the serial number matrix to replace the secret weight matrix. This enables this method to work with less image alteration. With the serial number matrix, r linear equations, known as general hiding equations, are dened to embed r bits of message in a block. The general hiding equations are used to determine the pixel suitable for ipping. To obtain valid general hiding equations, the serial number matrix is required to have 2r 1 elements with non-duplicate decimal values. For message extraction, each block is transformed using the bitwise exclusiveOR operator with the random binary matrix. For each block, r general hiding equations are dened through the serial number matrix. The parities of results calculated from the r general hiding equations are obtained as the message bits. Clearly, the random binary matrix and serial number matrix are used as the stegokey and shared between the sender and receiver. 27

3.1.5

Wu and Liu Binary Image Steganography

Another steganography using a block-based method to embed secret messages in binary images is that developed by Wu and Liu in [112]. This technique also starts by partitioning a given image into blocks. To avoid synchronisation problems (which lead to incorrect message extraction) between embedding and extraction, this technique embeds a xed number of message bits within a block. In their implementation details, the authors opt to embed one message bit per block. The embedding algorithm is based on the odd-even relationship of the number of black pixels within a block. In other words, the total number of black pixels within a block is kept as an odd number when a message bit of ones is embedded, whereas the total number of black pixels is kept as an even number for a message bit of zeros. If the odd-even relationship matches the message bit, no ipping is needed. Otherwise, some pixels must be ipped. Like any other embedding technique, the most important part is the selection of pixels for ipping. An ecient selection approach ensures minimum distortion. That is why, in [112], Wu and Liu introduced a ippability scoring system for selecting pixels for ipping. The score for each pixel is computed by examining the pixel and its immediate neighbours (those within a 3 3 block). The ippability score is produced by a decision module based on the input of two measurements. The rst measurement is the smoothness, which computes the total number of transitions in the vertical, horizontal and two diagonal directions. The second measurement is the connectivity, which computes the total number of black and white clusters formed within a block. These measurements are all computed within a 3 3 block. An illustration of these measurements is shown in Figure 3.4.

3.1.6

F5 Steganography

In [111], Westfeld and Ptzmann observed that an embedding algorithm that overwrites the LSB of JPEG coecients causes the JPEG distribution to form pair of values (PoV). PoV occurs when two adjacent frequencies in the JPEG distribution are similar (Figure 3.12 shows the eect of PoV). By exploiting the PoV, Westfeld and Ptzmann concluded that a steganographic method can be broken. They showed the analysis and attack on Jsteg using the chi-square test (details of this attack are discussed in Subsection 3.2.3). As a result, Westfeld developed a new steganography called F5 [110]. F5 is for-

28

0 0

0 0

1 0

1 1 1

0 1 1 Horizontal(a)

1 1

1 1

Vertical

Diagonal

Anti-diagonal

3 x 3 block

1 white cluster

(b)

2 black clusters

Figure 3.4: Measurement of smoothness and connectivity: (a) smoothness is measured by the total number of transitions in four directions (the arrows indicate the transition directions, 0 indicates no transition and 1 indicates a transition) (b) Connectivity is measured by the number of the black and white clusters (four white pixels forming 1 cluster and 5 black pixels forming 2 clusters)

mulated to preserve the original property of the statistic (i.e., the JPEG distribution). When alteration is required during embedding, F5 will decrement the absolute value of JPEG coecients by one, instead of overwriting the LSBs with message bits. This prevents the formation of the PoV; hence, F5 cannot be detected through the chi-square test. To minimise the changes caused by embedding, matrix encoding is employed to increase embedding eciency. Finally, to avoid concentrating the embedded message bits in a certain part of the image, F5 embeds on the randomly permuted sequence of coecients. The random sequences are generated by a PRNG.

3.1.7

OutGuess Steganography

OutGuess is a type of JPEG image steganography developed by Provos in [90]. This method was developed to withstand the chi-square attack and the extended chi-square attack as well. This method can be summarised as two main operations: embedding and statistical correction. Similar to other JPEG image steganographies, OutGuess embeds message bits by altering the LSBs of JPEG coecients. The embedding is spread randomly 29

throughout the whole image using a random selection that proceeds with the coecients from the beginning until the end of the image. To select the next coecient, OutGuess computes a random oset and adds the oset to the current coecient location. The random osets are computed by a PRNG. Note that the embedding will cause the image statistics (i.e., the distribution of the coecients) to deviate, hence some coecients are reserved (unaltered) with the intention of correcting the statistical deviation. In other words, after all the message bits are embedded, the reserved coecients will be adjusted accordingly. The adjustment is carried out such that the distributions of cover and stego images are similar.

3.1.8

Model-Based Steganography

Based on the concept of statistical modelling and information theory, Sallee developed a steganography called model-based steganography [96]. Model-based steganography is designed to withstand a rst-order statistical attack while maintaining a high embedding rate. Unlike OutGuess, which preserves only the distribution of an image, model-based steganography preserves the distributions of individual coecient modes. To start the embedding, model-based steganography separates an image into an unalterable x and alterable part x . If a JPEG image is used as the cover image, the most signicant bits of the coecients will be the x and the least signicant bits will be the x . x is used to build a conditional probability P (x |x ) from a selected cover image model. Together with this conditional probability and a secret message, a non-adaptive arithmetic decoder is used to generate a new part x , which will carry the message bits. The selection of the coecients to use is based on a PRNG. Finally, x and x are combined to form the stego image. The embedding algorithm is shown in Figure 3.5(a). To extract the secret message, steps similar to those discussed above are followed with the exception of the non-adaptive arithmetic decoder. An arithmetic encoder is used instead of an arithmetic decoder. The input to the non-adaptive arithmetic encoder is x and the conditional probability P (x |x ). Since x is unaltered, the conditional probability can be regenerated. Therefore, the secret message can be extracted successfully through the non-adaptive arithmetic encoder. Figure 3.5(b) illustrates the extraction algorithm.

30

Cover image x x

Image model

Message

Conditional probability generation x Stego image x'

Entropy decoding

(a)Image model

Conditional probability generation x Stego image x'

Entropy encoding

Message

(b)

Figure 3.5: (a) Embedding algorithm of model-based steganography (b) extraction algorithm of model-based steganography

3.2

Steganalysis

This review and organisation of the types of steganalysis is not intended to be exhaustive, but that it is organised according to the dierent levels of possible steganographic analysis. More precisely, these levels are ordered according to the type of secret information or parameter an adversary wishes to extract. We begin with the techniques employed by the adversary to detect the presence of a secret message in an image and to determine which type of steganographic method is used. After that, we discuss the techniques used to recover some attributes (secret parameters) of the embedded secret message. This attributes include secret message length, location of stego-bearing pixels and stegokey.

3.2.1

Dierentiation of Cover and Stego Images

In this scenario, it is assumed that the adversary has access to an image (or a collection of images) and tries to determine if the image contains a secret message (stego image) or does not (cover image). This task is doable only if the statistical features present in both cover and stego images are dierent enough to make a reliable decision. In order to do that, dierent feature extraction techniques 31

can be applied to extract relevant statistical features. The following collection of statistical features can be found in the literature: Co-occurrence matrix Statistical moments Wavelet subbands Pixel dierence The next step is to perform classication based on the extracted features. Because the distributions of cover and stego images will never be exactly known, sometimes overlapping happens. To alleviate this problem, cover image estimation is utilised to derive a more sensitive feature for steganalysis. In the following subsections, we are going to discuss how these features have been applied in steganalysis, follow by the discussion on classication and last but not least, we will discuss cover image estimation as well.

Co-occurrence matrix Sullivan et al. use an empirical matrix as the feature set to construct a steganalysis [102]. The steganalysis technique developed can detect several variants of spread-spectrum data hiding techniques [24, 76] and perturbed quantisation steganography [36]. This empirical matrix is also known as a co-occurrence matrix. The authors observe that the empirical matrix of a cover image is highly concentrated along the main diagonal. However, data hiding will spread the concentration away from the main diagonal. An example of this eect is shown in Figure 3.6. To capture this eect, the six highest probabilities (the elements of the empirical matrix with the highest probability) along the main diagonal are chosen. Then ten nearest elements of each highest probability element are also chosen. This creates a feature set with 66-dimensional vectors. Next, the authors subsample the remaining main diagonal elements by four and obtain another feature set with 63-dimensional vectors. A feature set with 129 dimensions is used in their steganalysis. The feature set selected in [102] is stochastic and may not eectively capture the embedding artefacts. Xuan et al. [116] constructed a better feature set from the co-occurrence matrices. They generated four co-occurrence matrices from 32

(a)

Spread away from diagonal (b)

Figure 3.6: Plot of co-occurrence matrices extracted from: (a) cover image; (b) stego image

the horizontal, vertical, main and minor diagonal directions (as opposed to using only the horizontal direction as in [102]). These four matrices are averaged and normalised to form a nal matrix. Note that, because the nal co-occurrence matrix is symmetric, it is sucient to use the main diagonal and part of the upper triangle of the co-occurrence matrix. Xuan et al. selected 1018 elements from this area to form their feature set (a 1018-dimensional feature set). A specically tuned classier (class-wise non-principal components analysis) is used to obtain a high detection rate. Xuan et al. proved its eciency with JPEG and spatial domain image steganography. However, their high dimensional features may suer from the curse of dimensionality when applied to other types of classier. Although their current implementation is arguably optimal, it is threshold dependent, which limits its exibility for blind steganalysis. Chen et al. developed a blind steganalysis based on a co-occurrence matrix [15]. It is well known that direct use of a co-occurrence matrix as the feature will create an expansion of the matrix dimension. For example, for an 8-bit image, the cooccurrence matrix will have 256256 dimensions. Therefore, Chen et al. projected the co-occurrence matrix into a rst-order statistic to reduce its dimensionality. More precisely, this rst-order statistic is the frequency of occurrence along the horizontal axis of the co-occurrence matrix. In [43], the authors exploited the correlations between the discrete cosine transform (DCT) coecients in intra- and inter-blocks of JPEG images. Intra-block correlation is the correlation between neighbouring coecients within a block; inter-block correlation measures the correlation between a DCT coecient in one block and the coecient of the same position in another block.

33

The authors arranged the DCT coecients in a block into a one-dimensional vector using the zigzag order. For each block, only AC coecients are considered while the DC coecient is discarded. This is because normally DC coecients are not changed in JPEG steganography. In addition, the authors also discard some coecients with a high frequency of occurrence (i.e. coecients with a value of zero). All the blocks in a JPEG image are scanned in a xed pattern to form a new re-ordered block called a 2-D array. Only the magnitudes of the coecients are used. Markov empirical transition matrices are used to capture these dependencies. Horizontal and vertical Markov empirical transition matrices are used to capture the intra- and inter-block correlations, respectively. The authors also further trim the dimensionality of the matrices by thresholding the 2-D array. In other words, elements with a magnitude greater than the threshold are assigned a maximum value (the threshold value).

Statistical moments Harmsen and Pearlman [48] showed that additive noise data hiding techniques are equivalent to a low-pass ltering of image histograms. The centre of mass (COM) is used to quantify this eect. Note that COM is the rst-order of statistical moment. The authors have shown that it is better to compute the COM from the frequency domain. Hence, the discrete Fourier transform is applied to transform the image histogram. This transformation produces a histogram characteristic function. COM is computed based on this characteristic function. The detection accuracy reported exceeded 95 per cent when the embedding rate was 1.0 bpp. Unfortunately, the authors did not test for a smaller embedding rate. In most cases, decreasing the embedding rate reduces the detection accuracy. Further, only 24 images were used to test the detection accuracy. This smaller subset of images may not fully represent the actual accuracy. However, the use of COM as the feature in [48] has brought insight into much research. For instance, Shi et al. [100] used a set of statistical moments as the features in their blind steganalysis. First, the authors use the Haar wavelet to decompose the image. After the decomposition, eight wavelet subbands are produced and a discrete Fourier transform was applied on the probability density

34