STEGANALYSIS

Steganalysis is a relatively new branch of research. While steganography (which is somewhat different from watermarking) deals with techniques for hiding information, the goal of steganalysis is to detect and/or estimate potentially hidden information from observed data with little or no knowledge about the steganography algorithm and/or its parameters. It is fair to say that steganalysis is both an art and a science. The art of steganalysis plays a major role in the selection of features or characteristics a typical stego message might exhibit while the science helps in reliably testing the selected features for the presence of hidden information. While it is possible to design a reasonably good

steganalysis technique for a specific steganography algorithm, the long term goal must be to develop a steganalysis framework that can work effectively at least for a class of steganography methods if not for all. Clearly, this poses a number of mathematical challenges and questions some of which are summarized below.

1.Can the current and future steganography algorithms be categorized into distinct classes of mathematical
techniques?

2.What is a good mathematical definition of steganalysis?

3.What a priori knowledge can we assume the steganalyst possesses?

4.What mathematical properties a class of steganography algorithms must satisfy for which good steganalysis techniques can be developed? This will give rise to a new notion of security in steganography that could be quite different from the popular information theoretic definition.1

5.What are the candidate cost or risk functions that a steganalyst must optimize during hidden data detection or extraction procedure?

6.What are the performance trade-offs involved if a steganalysis algorithm is designed only to detect, only to extract, or detect and extract the hidden message?

We attempt to address some of these questions in this paper and develop a formal theory of steganalysis. We note that in our present analysis we assume the steganalyst has reasonable computational resources and time. In a traditional steganography set-up formulated as a prisoner’s problem,2 Alice wishes to send a secret message to Bob by hiding information in a cover message. The stego message (cover+message) passes through Wendy (a warden) who inspects it to

determine if there is anything suspicious about it. Wendy could perform one or several tests to decide if the message from Alice to Bob contains any secret information. If her decision is negative then Wendy forwards the message to Bob—Wendy acts as a passive warden. On the other hand, Wendy can take a conservative approach and modify all the messages from Alice to Bob irrespective of whether any information is hidden by Alice or not. In this case, Wendy is called an active warden. Of course, Wendy will have constraints such as the maximum allowable distortion when modifying the message etc. For example, if the cover messages are digital images, then Wendy cannot modify the stego message to an extent that perceptually significant distortions are induced. While current steganalysis techniques focus on detecting the presence/absence of a secret message in observed message, to our knowledge there seems to have been no attempt in extracting the secret message. In general, extraction of the secret message could be a harder problem than mere detection.

Therefore, based on the ultimate outcome of the effort we classify steganalysis into two categories:

Passive steganalysis: Detect the presence or absence of a secret message in an observed message

Active steganalysis: Extract a (possibly approximate) version of the secret message from a stego message.

Note that active steganalysis could be different from an active warden case. An active warden manipulates the stego message in the hopes of destroying the

secret message (if any) but an active steganalyst attempts to estimate and extract the secret message without destroying it. In this paper, we discuss a mathematical framework for active steganalysis when a certain class of linear steganography algorithms are employed. We also discuss the strengths and limitations of the proposed framework and provide numerical examples. Without loss of generality we consider digital images as cover messages for our experiments. Our primary goal is to estimate the cover message, secret message, and even perhaps the steganography key using only the observed stego messages. During this process we exploit spatial diversity and temporal diversity information.