Steganographic channels can be abused for malicious purposes, thus raising the need to detect malicious embedded steganographic information (steganalysis). This chapter will cover the little-studied problem of steganography and steganalysis over a noisy channel, providing a detailed modeling for the special case of spatial-domain image steganography. It will approach these issues from both a theoretical and a practical point of view. After a description of spatial-domain image steganography, the impact of Gaussian noise and packet loss on the steganographic channel will be discussed. Characterization of the substitution-insertion-deletion (SID) channel parameters will be performed through experiments on a large number of images from the ALASKA database. Finally, a steganalysis technique for error-affected spatial-domain image steganography using a convolutional neural network (CNN) will be introduced, studying the relationship between different types and levels of distortions and the accuracy of malicious image detection.
TopIntroduction
Among numerous cybersecurity threats, malicious steganography is a potentially powerful and yet often-overlooked attack vector. Malicious steganography is a threat for systems with a protected part that is isolated from the outside world. The adversaries can define steganographic channels through which they leak sensitive data to unauthorized parties located outside the system while overcoming existing isolation mechanisms. Perhaps even more disturbing, it was recently shown how a malicious steganographic channel can work in the opposite direction, namely to control malware in an isolated system by instructions sent by an attacker located in the outside world (Segal et al., 2017). Figure 1 illustrates both scenarios. In Figure 1a, the protected system sends images through a legitimate communication channel called cover channel. For instance, the system may transmit a video stream (sequence of images) meant to be viewed by the general public, but it has no other connections with the outside world. The first adversary, Alice, is assumed to be inside the protected perimeter and has access to the server. She intends to send some sensitive information, e.g., an encryption key, to the second adversary, Bob, who is located outside and does not have access to the system’s internal information. To this end, Alice embeds the bits she wants to send (payload) into the cover images (original images) being sent through the cover channel. Bob, who is allowed to see the transmitted images but has no other means of communicating with Alice, receives the images and extracts the bits of the encryption key sent by Alice, thus overcoming the isolation.
Figure 1. Malicious steganography between Alice (who has access to a protected system but no communication channel to outside world) and Bob (located in the outside world). Passive scenario (information leakage) is shown in (a); active scenario (controlling malware) in (b).
Figure 1b shows the active manipulation scenario based on malicious steganography. Here, Alice and Bob intend to have a piece of malware installed on the protected server such that it can be controlled from outside. The role of Alice (the adversary with access to the server) is to pre-install malware on the server, the role of Bob is to send control instructions. The cover channel in this case transmits images in the other direction than in Figure 1a, namely from outside to inside the protected system. For example, the sender may be a surveillance camera that sends the recorded video stream to the protected server for analysis. Bob has gained access to the camera and embeds control instructions for malware as payload into the images that the camera is transmitting. Alice’s malware automatically extracts this payload, recognizes such instructions and acts accordingly.
Different steganographic algorithms for embedding payload into cover images are known. This chapter focuses on spatial-domain steganography (Morkel et al., 2005; Hussain et al., 2018), where payload bits are directly written into low-significance bits of the cover image. Its findings are likely extendable to other types of stego approaches, such as the transform-domain steganography, where the image first undergoes DCT (Discrete Cosine Transform) and payload bits are incorporated into the coefficients (Kaur et al., 2011). Several methods for spatial-domain steganography were introduced recently (Boromand et al., 2018; You et al., 2020; Zhang et al., 2018 and 2019), including approaches that leverage quantum computations (Abd El Latif et al., 2019; Li et al., 2019). In this chapter, three classical state-of-the-art stego algorithms, WOW (Holub & Fridrich, 2012), HUGO (Filler & Fridrich, 2010; Pevny et al., 2010) and S-UNIWARD (Holub et al., 2014), are used for experiments. These algorithms embed the payload information into carefully selected pixels of the cover image where small modifications are not directly noticeable, helping the adversaries Alice and Bob to avoid detection.