Different Types Of Existing Steganalysis Method
Raw Quick Pairs Analysis is an older method for detection of random LSB embedding that may in some exceptional cases give better results than RS steganalysis (especially for small images with low number of unique colors).
Palette Quick Pairs Analysis
Palette Quick Pairs Analysis should be applied only to GIF images and it can detect messages embedded in GIF images using some steganographic algorithm that preprocesses the palette by creating clusters of close colors that differ in their LSBs only.
Visual attacks
Most steganographic programs embed message bits either sequentially or in some pseudo-random fashion. In most programs, the message bits are chosen non-adaptively independently of the image content. If the image contains connected areas of uniform color or areas with the color saturated at either 0 or 255, we can look for suspicious artifacts using simple visual inspection after preprocessing the stego image. Even though the artifacts cannot be readily seen, we can plot one bit-plane (for example, the LSB plane) and inspect just the bit-plane itself. This attack is especially applicable to palette images for LSB embedding in indices to the palette. If, at the same time, the message is embedded sequentially, one can have a convincing argument for the presence of steganographic messages in an image. However, as Pfitzmann and Westfeld report20, it may be impossible to distinguish noisy images or highly textured images from stego images using this technique. Although visual attacks are simple, they are hard to automatize and their reliability is highly questionable.
Statistical analysis of pairs of values (histogram analysis)
Pfitzman and Westfeld20 introduced a powerful statistical attack that can be applied to any steganographic technique in which a fixed set of Pairs of Values (PoVs) are flipped into each other to embed message bits. For example, the PoVs can be formed by pixel values, quantized DCT coefficients, or palette indices that differ in the LSB. Before embedding, in the cover image the two values from each pair are distributed unevenly. After message embedding, the occurrences of the values in each pair will have a tendency to become equal (this depends on the message length). Since swapping one value into another does not change the sum of occurrences of both colors in the image, one can use this fact to design a statistical Chi-square test. We can test for the statistical significance of the fact that the occurrences of both values in each pair are the same. If, in addition to that, the stego-technique embeds message bits sequentially into subsequent pixels/indices/coefficients starting in the upper left corner, one will observe an abrupt change in our statistical evidence as we encounter the end of the message.
Dual statistics methods (RS Analysis)
Statistical methods that start with sample counts, such as the methods by Westfeld20 or Provos17 neglect a large amount or very important information – the placement of pixels in the stego-image. It is intuitively clear that utilizing the spatial correlations in the stego image, one should be able to build much more reliable and accurate detection. However, it is not easy to uncover and quantify the weak relationship between some pseudo-random components present in the image (e.g., the LSB plane) and the image itself. Once this relationship is quantified using a measure, one could study how this measure changes with message embedding. The derived relationship can serve as a basis for steganalytic techniques.
Steganalysis based on JPEG compatibility
All steganographic methods strive to achieve the minimal amount of distortion in order to minimize the likelihood of introducing detectable artifacts. However, if the cover-image, was initially stored in the JPEG format (as it is frequently the case), message embedding in the spatial domain will disturb but not erase the characteristic structure created by the JPEG compression and one can still easily determine whether or not a given image has been stored as JPEG in the past. Indeed, it is possible to recover the JPEG quantization table from the stego-image by carefully analyzing the values of DCT coefficients in all 8×8 blocks. After message embedding, however, the cover-image will become (with a high probability) incompatible with the JPEG format in the sense that it may be possible to prove that a particular 8×8 block of pixels could not have been produced by JPEG decompression of any block of quantized coefficients. This finding provides strong evidence that the block has been slightly modified. Indeed, it is highly suspicious to find an image stored in a lossless format that bears a strong fingerprint of JPEG compression, yet is not fully compatible with any JPEG compressed image. This can be interpreted as evidence of steganography.
By checking the JPEG compatibility of every block, we can potentially detect messages as short as one bit. And the steganalytic method will work for virtually any spatial steganographic or watermarking method, not just the LSB embedding. One can even attempt to estimate the message length and its position in the image by determining which 8×8 blocks are incompatible with JPEG compression. It is even possible to analyze the image and estimate the likely candidate for the cover-image or its blocks (the "closest" JPEG compatible image/block). This way, we may be able to
Some steganographic techniques or their specific implementations create very unique and easily detectable artifacts. For example, the demo version of the
2 comments:
yes...thks..neeed those now doing the review chapter..and it need to be a stand alone chapter,the requirement here are killing me.
hmmm, it seems than that the standard for the reports there are very high.
Post a Comment