A study on the false positive rate of Stegdetect

In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive rate. In doing so, we process more than 40,000 images randomly downloaded from the Internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts, aiming to study a large number of image files during an investigation, to better understand the capabilities and the limitations of steganalysis tools like Stegdetect. The results obtained show that the rate of false positives generated by Stegdetect depends highly on the chosen sensitivity value, and it is generally quite high. This should support the forensic expert to have better interpretation in their results, and taking the false positive rates into consideration. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in detection between selected groups, close groups and different groups of images. This method can be applied to any steganalysis tool, which gives the analyst a better understanding of the detection results, especially when he has no prior information about the false positive rate of the tool

Stealthy Plaintext

Correspondence through email has become a very significant way of communication at workplaces. Information of most kinds such as text, video and audio can be shared through email, the most common being text. With confidential data being easily sharable through this method most companies monitor the emails, thus invading the privacy of employees. To avoid secret information from being disclosed it can be encrypted. Encryption hides the data effectively but this makes the data look important and hence prone to attacks to decrypt the information. It also makes it obvious that there is secret information being transferred. The most effective way would be to make the information seem harmless by concealing the information in the email but not encrypting it. We would like the information to pass through the analyzer without being detected. This project aims to achieve this by “encrypting” plain text by replacing suspicious keywords with non-suspicious English words, trying to keep the grammatical syntax of the sentences intact

Using Transcoding for Hidden Communication in IP Telephony

The paper presents a new steganographic method for IP telephony called TranSteg (Transcoding Steganography). Typically, in steganographic communication it is advised for covert data to be compressed in order to limit its size. In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed. The obtained experimental results are enclosed in this paper. They prove that the proposed method is feasible and offers a high steganographic bandwidth. TranSteg detection is difficult to perform when performing inspection in a single network localisation.Comment: 17 pages, 16 figures, 4 table