CANVASS - A Steganalysis Forensic Tool for JPEG Images

Steganography is a way to communicate a message such that no one except the sender and recipient suspects the existence of the message. This type of covert communication lends itself to a variety of different purposes such as spy-to-spy communication, exchange of pornographic material hidden in innocuous image files, and other illicit acts. Computer forensic personnel have an interest in testing for possible steganographic files, but often do not have access to the technical and financial resources required to perform steganalysis in an effective manner. This paper describes the results of a funded effort by a grant from the National Institutes of Justice to develop a user friendly and practical software program that has been designed to meet the steganalysis needs of the Iowa Division of Criminal Investigation in Ankeny, Iowa. The software performs steganalysis on JPEG image files in an efficient and effective way. JPEG images are popular and used by a great many people, and thus are naturally exploited for steganography. The commercial software that is available for detection of hidden messages is often expensive and does not fit the need of smaller police forensic labs. Our software checks for the presence of hidden payloads for five different JPEG-embedding steganography algorithms with the potential of identifying stego images generated by other (possibly unknown) embedding algorithm. Keywords: steganography, steganalysis, JPEG images, GUI softwar

Pseudo-random number generators and an improved steganographic algorithm

Steganography is the art and science of hiding secret information in a cover medium such that the presence of the hidden information cannot be detected. This thesis proposes a new method of steganography by cover modification in JPEG images. Essentially, the algorithm exercises LSB replacement using the definition for steganographic values from F5. After the nonzero quantized DCT coefficients of a cover image undergo a pseudorandom walk, the coefficients and the payload are split into an equal number of partitions and paired. Each coefficient partition is permuted again by the 1/P pseudo-random number generator until an optimal embedding efficiency for its corresponding payload is achieved. Using this method, we achieve a higher embedding efficiency than that of LSB replacement alone. We evaluate the detectability of our algorithm by creating a multi-classifier based on the output of multiple non-linear, soft-margin support vector machines trained on POMM features. We show that our algorithm performs nearly as well as the state-of-the-art nsF5 algorithm, and outperforms other state-of-the-art algorithms under most conditions