RTP timestamp steganography detection method

A histogram cosine similarity matching method for real-time transport protocol (RTP) timestamp difference vectors and a clustering method of the area between the best-fit curves of 2 RTP timestamp difference sequences are presented. These 2 methods realize timestamp-based least significant bit (LSB) steganography detection respectively. A clustering analysis of the area between the 5th-degree polynomial best-fit curves with message windows w of 20, 50, 100, and 200 was conducted. The results indicated that when the message window w was 100, the result was the best when the characteristic extraction time was shortest, and the initial clustering accuracy was 84.5%. Through further analysis, the clustering accuracy was increased to 100% in the 2nd round of clustering based on whether the mean distance from a data point in an initial cluster to each cluster center was changed