This paper considers the research goal of dependable steganalysis: where false positives occur once in a million or less, and this rate is known with high precision. Despite its importance for real-world application, there has been almost no study of steganalysis which produces very low false positives. We test existing and novel classifiers for their low false-positive performance, using millions of images from Flickr. Experiments on such a scale require considerable engineering. Standard steganalysis classifiers do not perform well in a low false-positive regime, and we make new proposals to penalize false positives more than false negatives.
The model mismatch problem occurs in steganalysis when a binary classifier is trained on objects from one cover source and tested on another: an example of domain adaptation. It is highly realistic because a steganalyst would rarely have access to much or any training data from their opponent, and its consequences can be devastating to classifier accuracy. This paper presents an in-depth study of one particular instance of model mismatch, in a set of images from Flickr using one fixed steganography and steganalysis method, attempting to separate different effects of mismatch in feature space and find methods of mitigation where possible. We also propose new benchmarks for accuracy, which are more appropriate than mean error rates when there are multiple actors and multiple images, and consider the case of 3-valued detectors which also output `don't know'. This pilot study demonstrates that some simple feature-centering and ensemble methods can reduce the mismatch penalty considerably, but not completely remove it.
Contemporary steganalysis is driven by new steganographic rich feature sets, which consist of large numbers of weak features. Although extremely powerful when applied to supervised classification problems, they are not compatible with unsupervised universal steganalysis, because the unsupervised method cannot separate the signal (evidence of steganographic embedding) from the noise (cover content). This work tries to alleviate the problem, by means of feature extraction algorithms. We focus on linear projections informed by embedding methods, and propose a new method which we call calibrated least squares with the specific aim of making the projections sensitive to stego content yet insensitive to cover variation. Different projections are evaluated by their application to the anomaly detector from Ref. 1, and we are able to retain both the universality and the robustness of the method, while increasing its performance substantially.
We consider the problem of universal pooled steganalysis, in which we aim to identify a steganographer who
sends many images (some of them innocent) in a network of many other innocent users. The detector must deal
with multiple users and multiple images per user, and particularly the differences between cover sources used by
different users. Despite being posed for five years, this problem has only previously been addressed by our 2011
paper.
We extend our prior work in two ways. First, we present experiments in a new, highly realistic, domain: up
to 4000 actors each transmitting up to 200 images, real-world data downloaded from a social networking site.
Second, we replace hierarchical clustering by the method called local outlier factor (LOF), giving greater accuracy
of detection, and allowing a guilty actor sending moderate payloads to be detected, even amongst thousands of
other actors sending hundreds of thousands of images.
The state of the art steganalytic features for spatial domain, and to some extent for transfer domains (CDT) as well, are based on histogram of co-occurances of neighboring elements. The rationale behind is that neighboring pixels in digital images are correlated, which is caused by the smoothness of our world and by the usual image processing. The limitation of the histogram-based features is that they do not scale well with respect to the number of modeled neighboring elements, since the number of histogram bins (hence number of features) depends exponentially on this quanitity.
The remedy adopted by the prior art is to sum values of neighboring bins together, which can be seen as a vector quantization controlled by the position of the quantization centers. So far the quantization centers has been determined manually according to the intuition of the staganalyst. Heere we proposedto use Linde, Buso, and Gray algorithm in order to automatically find quantization centers maximizing the detection accuracy of resulting features. The quantization centers found by the proposed algorithm are experimentally compared to the ones used by the prior art on the steganalysis of Hugo algorithm. Tbhe results show a non-negligible improvements in the accuracy, especially when more complicated filters and higher-order histograms are used.
This work focuses on the problem of developing a blind steganalyzer (a steganalyzer relying on machine learning
algorithm and steganalytic features) for detecting stego images with different payload. This problem is highly
relevant for practical forensic analysis, since in practice, the knowledge about the steganographic channel is very
limited, and the length of hidden message is generally unknown. This paper demonstrates that the discrepancy
between payload in training and testing / application images can significantly decrease the accuracy of the
steganalysis. Two fundamentally different approaches to mitigate this problem are then proposed. The first
solution relies on quantitative steganalyzer. The second solution transforms one-sided hypothesis test (unknown
message length) to simple hypothesis test by assuming a probability distribution on length of messages, which
can be efficiently solved by many machine-learning tools, e.g. by Support Vector Machines. The experimental
section of the paper (a) compares both solutions on steganalysis of F5 algorithm with shrinkage removed by
wet paper codes for JPEG images and LSB matching for raw (uncompressed) images, (b) investigates the effect
of the assumed distribution of the message length on the accuracy of the steganalyzer, and (c) shows how the
accuracy of steganalysis depends on Eve's knowledge about details of steganographic channel.
We propose a new paradigm for blind, universal, steganalysis in the case when multiple actors transmit multiple
objects, with guilty actors including some stego objects in their transmissions. The method is based on clustering
rather than classification, and it is the actors which are clustered rather than their individual transmitted objects.
This removes the need for training a classifier, and the danger of training model mismatch. It effectively judges
the behaviour of actors by assuming that most of them are innocent: after performing agglomerative hierarchical
clustering, the guilty actor(s) are clustered separately from the innocent majority. A case study shows that this
works in the case of JPEG images. Although it is less sensitive than steganalysis based on specifically-trained
classifiers, it requires no training, no knowledge of the embedding algorithm, and attacks the pooled steganalysis
problem.
YASS is a steganographic algorithm for digital images that hides messages robustly in a key-dependent transform
domain so that the stego image can be subsequently compressed and distributed as JPEG. Given the fact that
state-of-the-art blind steganalysis methods of 2007, when YASS was proposed, were unable to reliably detect
YASS, in this paper we steganalyze YASS using several recently proposed general-purpose steganalysis feature
sets. The focus is on blind attacks that do not capitalize on any weakness of a specific implementation of the
embedding algorithm. We demonstrate experimentally that twelve different settings of YASS can be reliably
detected even for small embedding rates and in small images. Since none of the steganalysis feature sets is in
any way targeted to the embedding of YASS, future modifications of YASS will likely be detectable by them as
well.
Quantitative steganalyzers are important in forensic steganalysis
as they can estimate the payload, or, more precisely, the number of
embedding changes in the stego image. This paper proposes a general
method for constructing quantitative steganalyzers from features used
in blind detectors. The method is based on support vector regression,
which is used to learn the mapping between a feature vector extracted
from the image and the relative embedding change rate. The performance is evaluated by constructing quantitative steganalyzers for eight steganographic methods for JPEG files, using a 275-dimensional feature set. Error distributions of within- and between-image errors are empirically estimated for Jsteg and nsF5. For Jsteg, the accuracy is compared to state-of-the-art quantitative steganalyzers.
A JPEG image is double-compressed if it underwent JPEG compression twice, each time with a different quantization
matrix but with the same 8 × 8 grid. Some popular steganographic algorithms (Jsteg, F5, OutGuess)
naturally produce such double-compressed stego images. Because double-compression may signficantly change
the statistics of DCT coefficients, it negatively influences the accuracy of some steganalysis methods developed
under the assumption that the stego image was only single-compressed. This paper presents methods for detection
of double-compression in JPEGs and for estimation of the primary quantization matrix, which is lost during
recompression. The proposed methods are essential for construction of accurate targeted and blind steganalysis
methods for JPEG images, especially those based on calibration. Both methods rely on support vector machine
classifiers with feature vectors formed by histograms of low-frequency DCT coefficients.
Blind steganalysis based on classifying feature vectors derived from images is becoming increasingly more powerful.
For steganalysis of JPEG images, features derived directly in the embedding domain from DCT coefficients
appear to achieve the best performance (e.g., the DCT features10 and Markov features21). The goal of this paper
is to construct a new multi-class JPEG steganalyzer with markedly improved performance. We do so first by extending
the 23 DCT feature set,10 then applying calibration to the Markov features described in21 and reducing
their dimension. The resulting feature sets are merged, producing a 274-dimensional feature vector. The new feature
set is then used to construct a Support Vector Machine multi-classifier capable of assigning stego images to
six popular steganographic algorithms-F5,22 OutGuess,18 Model Based Steganography without ,19 and with20
deblocking, JP Hide&Seek,1 and Steghide.14 Comparing to our previous work on multi-classification,11, 12 the
new feature set provides significantly more reliable results.
In this paper, we construct blind steganalyzers for JPEG images capable of assigning stego images to known steganographic programs. Each JPEG image is characterized using 23 calibrated features calculated from the luminance component of the JPEG file. Most of these features are calculated directly from the quantized DCT coefficients as their first order and higher-order statistics. The features for cover images and stego images embedded with three different relative message lengths are then used for supervised training. We use a support vector machine (SVM) with Gaussian kernel to construct a set of binary classifiers. The binary classifiers are then joined into a multi-class SVM using the Max-Win algorithm. We report results for six popular JPEG steganographic schemes (F5, OutGuess, Model based steganography, Model based steganography with deblocking, JP Hide and Seek, and Steghide). Although the main bulk of results is for single compressed stego images, we also report some preliminary results for double-compressed images created using F5 and OutGuess. This paper demonstrates that it is possible to reliably classify stego images to their embedding techniques. Moreover, this approach shows promising results for tackling the diffcult case of double compressed images.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.