A Response to the Threat of Stegware

dc.contributor.author Martin, Abby
dc.contributor.author Lin, Li
dc.contributor.author Chen, Wenhao
dc.contributor.author Pierre, Seth
dc.contributor.author Guan, Yong
dc.contributor.author Newman, Jennifer
dc.contributor.department Center for Statistics and Applications in Forensic Evidence
dc.contributor.department Electrical and Computer Engineering
dc.contributor.department Mathematics
dc.date 2021-06-21T20:28:34.000
dc.date.accessioned 2021-08-14T04:10:50Z
dc.date.available 2021-08-14T04:10:50Z
dc.date.copyright Fri Jan 01 00:00:00 UTC 2021
dc.date.embargo 2021-06-18
dc.date.issued 2021-02-01
dc.description.abstract <p>Stegware refers to software, programs or apps that allow insertion of malware into a digital file, such as an image or video, using steganography techniques. Although it has been in action for around 15 years, “steganography” and “stegware” have recently just attracted the attention of law enforcement agencies as the use of stegware appears to be rising [1]. This technique has been used for international economic espionage [2], tracking of photos shared by users on social media platforms [3], and industrial and governmental espionage by hacker groups using PNG images to hide malicious code [4]. The war between the stegware and steganalysis tools is a typical cat-and-mouse game. Although many up-todate steganalysis tools claim their abilities to prevent steganography by utilizing the most advanced detection algorithms from the academic worlds, such as [5], these tools focus mainly on one or two embedding algorithms and lack support to detect a wide range of stego objects. The capability of these current tools to prevent a stegware attack has never been tested. In this research, we collect more than 70 stego apps and image steganography software and 10 of the most popular steganalysis tools. We propose a strategy to defend real-world attacks from stegware by combining functions from on-line steganalysis tools and algorithms from recent academic discoveries. We believe this will significantly increase the chance of identifying the threat from stegware by identifying files that have the potential to contain malicious code. Our team is working to develop a prototype of such a comprehensive steganalysis tool that provides user-friendly software for non-experts such digital evidence practitioners. We also summarized the characteristics of the code for many stego apps by reverse engineering and program analysis. The coding characteristics reflect their core embedding algorithms and encryption techniques, allowing us to classify the intent of the app as stegware even before installing it on a mobile phone. Our automatic tool to analyze app code can detect most Android stego apps that implement common spatial domain and frequency domain embedding algorithms with more than 95% accuracy. To our knowledge, this is the first study to evaluate the performance of most recent steganalysis tools in detecting a large set of stegware. The results will provide valuable guidance to the forensic communities to develop more powerful steg analyzers</p>
dc.description.comments <p>Posted with permission of CSAFE.</p>
dc.format.mimetype application/pdf
dc.identifier archive/lib.dr.iastate.edu/csafe_conf/73/
dc.identifier.articleid 1077
dc.identifier.contextkey 23415212
dc.identifier.s3bucket isulib-bepress-aws-west
dc.identifier.submissionpath csafe_conf/73
dc.identifier.uri https://dr.lib.iastate.edu/handle/20.500.12876/gwW7Q17w
dc.language.iso en
dc.source.bitstream archive/lib.dr.iastate.edu/csafe_conf/73/AAFS2021_presentation.pptx|||Fri Jun 18 16:04:40 UTC 2021
dc.source.bitstream archive/lib.dr.iastate.edu/csafe_conf/73/AAFS2021_presentation__1_.pdf|||Sat Jan 15 01:46:11 UTC 2022
dc.source.bitstream archive/lib.dr.iastate.edu/csafe_conf/73/AAFS2021_presentation__1_.pptx|||Sat Jan 15 01:46:10 UTC 2022
dc.subject.disciplines Forensic Science and Technology
dc.title A Response to the Threat of Stegware
dc.type article
dc.type.genre presentation
dspace.entity.type Publication
relation.isOrgUnitOfPublication d8a3c72b-850f-40f6-87c4-8812547080c7
relation.isOrgUnitOfPublication a75a044c-d11e-44cd-af4f-dab1d83339ff
relation.isOrgUnitOfPublication 82295b2b-0f85-4929-9659-075c93e82c48
Original bundle
Now showing 1 - 3 of 3
No Thumbnail Available
1.32 MB
Adobe Portable Document Format
No Thumbnail Available
5.47 MB
Microsoft Powerpoint XML
No Thumbnail Available
5.47 MB
Microsoft Powerpoint XML