LSB Replacement Steganography Software Detection Based on Model Checking

Steganography software detection is one of effective approaches for steganography forensics using software analysis. In this paper a method of LSB replacement steganography software detection is proposed. Firstly three typical implementations of LSB replacement algorithms are analyzed and Finite Automatons description of them are presented. Secondly the control flow automatons are constructed for softwares to be detected. Finally, the model checking method for identifying LSB replacement steganography software is adopted. Experimental results show that the proposed method can reliably detect LSB replacement steganography softwares of different versions and those that are reimplemented relatively.

[1]  Andrew Walenstein,et al.  Normalizing Metamorphic Malware Using Term Rewriting , 2006, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.

[2]  Akito Monden,et al.  Dynamic Software Birthmarks to Detect the Theft of Windows Applications , 2004 .

[3]  Byung Ro Moon,et al.  Malware detection based on dependency graph using hybrid genetic algorithm , 2010, GECCO '10.

[4]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[5]  Markus Schmall Classification and identification of malicious code based on heuristic techniques utilizing meta languages , 2003 .

[6]  David Schuler,et al.  A dynamic birthmark for java , 2007, ASE.

[7]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[8]  Christian S. Collberg,et al.  K-gram based software birthmarks , 2005, SAC '05.

[9]  Jessica J. Fridrich,et al.  Steganalysis of LSB Replacement Using Parity-Aware Features , 2012, Information Hiding.

[10]  Fenlin Liu,et al.  Identification of Steganography Software Based on Core Instructions Template Matching , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[11]  Xingming Sun,et al.  A Combined Static and Dynamic Software Birthmark Based on Component Dependence Graph , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.