LSB replacement steganography software detection based on model checking

Authors:
Zheng Zhao;Fenlin Liu;Xiangyang Luo;Xin Xie;Lu Yu
Affiliations:
Department of Network Engeering, Zhengzhou Information Science and Technology Institute, Zhengzhou, China;Department of Network Engeering, Zhengzhou Information Science and Technology Institute, Zhengzhou, China;Department of Network Engeering, Zhengzhou Information Science and Technology Institute, Zhengzhou, China,State Key Laboratory of Information Security, Institute of Information Engineering, Chines ...;Department of Network Engeering, Zhengzhou Information Science and Technology Institute, Zhengzhou, China;Department One, The Academy of National Defense Information, Wuhan, China
Venue:
IWDW'12 Proceedings of the 11th international conference on Digital Forensics and Watermaking
Year:
2012

Citing 9
Cited 0

Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
K-gram based software birthmarks

Proceedings of the 2005 ACM symposium on Applied computing
Normalizing Metamorphic Malware Using Term Rewriting

SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
Static analysis of executables to detect malicious patterns

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A dynamic birthmark for java

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
A Combined Static and Dynamic Software Birthmark Based on Component Dependence Graph

IIH-MSP '08 Proceedings of the 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing
Malware detection based on dependency graph using hybrid genetic algorithm

Proceedings of the 12th annual conference on Genetic and evolutionary computation
Identification of Steganography Software Based on Core Instructions Template Matching

MINES '11 Proceedings of the 2011 Third International Conference on Multimedia Information Networking and Security
Steganalysis of LSB replacement using parity-aware features

IH'12 Proceedings of the 14th international conference on Information Hiding

Quantified Score

Hi-index	0.00

Visualization

Abstract

Steganography software detection is one of effective approaches for steganography forensics using software analysis. In this paper a method of LSB replacement steganography software detection is proposed. Firstly three typical implementations of LSB replacement algorithms are analyzed and Finite Automatons description of them are presented. Secondly the control flow automatons are constructed for softwares to be detected. Finally, the model checking method for identifying LSB replacement steganography software is adopted. Experimental results show that the proposed method can reliably detect LSB replacement steganography softwares of different versions and those that are reimplemented relatively.