CARVIEW

MOTORHOMES

Select Language

HTTP/1.1 200 OK Date: Sat, 11 Oct 2025 06:40:24 GMT Server: Apache/2.4.7 (Ubuntu) Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1969 Content-Type: text/html Steganography If you are a reporter and have questions about the research, please have a look at the Steganography Press Information.

Defeating Statistical Steganalysis

Abstract

The main purpose of steganography is to hide the occurrence of communication. While most methods in use today are invisible to the observer's senses, mathematical analysis may reveal statistical discrepancies in the stego medium. These discrepancies expose the fact that hidden communication is happening.

This talk presents a new method to preserve the statistical properties of the cover medium. After applying a correcting transform to an image, statistical steganalysis is no longer able to detect the presence of steganography. We present an a priori estimate to determine the amount of data that can be hidden in the image while still being able to maintain frequency count based statistics. This way, we can quickly choose an image in which a given message can be hidden safely. To evaluate the effectiveness of our approach, we present statistical tests for the JPEG image format and explain how our new method defeats them. For background material, see

Defending Against Statistical Steganalysis - Niels Provos, 10th USENIX Security Symposium, August 2001. [February 2001, CITI Techreport 01-4]
Probabilistic Methods for Improving Information Hiding - Niels Provos, CITI Techreport, January 2001.

All methods have been implemented in the OutGuess system.

Detecting Steganographic Content on the Internet

Abstract

Recently, there has been rumors about terrorist using steganography to hide their communication and secret plans. However, it is difficult to verify these claims. To answer this question, I have created a detection framework that consists of several elements:

A web crawler that saves JPG images.
Its output is piped into stegdetect, a tool for automatic detection of steganographic content.
The positive results are distributed to a loosely couple cluster of workstations with disconcert.
On the clients, stegbreak is used to launch a dictionary attack against the positive images. A normal stegbreak job runs on a few hundred clients.

So far we have analyzed 2 Million images obtained from ebay auctions. So far not a single hidden message could be found. However, these images provided valuable insight in how to improve the system for the next round where images will be analyzed from a number of other locations.

disconcert is available only as snapshot without documentation.

Detecting Steganographic Content on the Internet [ps] - Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002. [August 2001, CITI Techreport].
Detecting Steganographic Content on the Internet - August, 2001, HAL 2001 Presentation, Slides.
Detecting Steganographic Content on the Internet - November, 2001, CSL EE380 Colloquium, Stanford University, Slides.
Detecting Steganographic Content on the Internet - November, 2001, CSL EE380 Colloquium, Stanford University, Video.

Analysing USENET content

We are analyzing USENET images for steganographic content. Stegdetect has analyzed approximately one million images. The positive images are being processed on a disconcert cluster with about two hundred workstations.

The current results are available here.

Original Source | Taken Source