Steganography and Steganalysis:Current Status and Future Directions

Eman Abdelfattah and Ausif Mahmood

Abstract Steganography is the art of hiding a secret object in a cover media,while Steganalysis is the art of discovering the secret object from the cover media.With the increased emphasis in security, both steganography and steganalysis haverecently drawn great research attention. While it is relatively easy to embed asecret message in a media such as an image, audio or video, the detection of anembedded message i.e., steganalysis is challenging because of the many differentmethods used in steganography and the continuous evolution of new steganogra-phy algorithms. In this paper we discuss the different techniques of steganographyand steganalysis used in popular cover types i.e., images and audio. We alsopresent an overview of some of the state-of-the-art tools used in this field. Our goalis to provide this as a survey paper identifying the current state of research, andpossible future directions in this field.

1 Introduction

Steganography has been defined as the art of invisible communication, whilesteganalysis is the art of discovering hidden data in stego objects [1]. The stegoobject i.e., the object that contains the hidden information is created by modifyingthe original object with an embedding algorithm. The original object is oftenreferred to as the cover object in steganography terminology. An extractionalgorithm that is the opposite of the embedding algorithm is employed to recoverthe embedded information from a stego object. Figure 1 shows a general model forsteganography [2].

E. Abdelfattah (&) � A. MahmoodComputer Science Department, University of Bridgeport, Bridgeport, CT 06604 USAe-mail: e_abd@yahoo.com

T. Sobh and K. Elleithy (eds.), Emerging Trends in Computing, Informatics,Systems Sciences, and Engineering, Lecture Notes in Electrical Engineering 151,DOI: 10.1007/978-1-4614-3558-7_34, � Springer Science+Business Media New York 2013

411

Steganography is generally considered to be secure, if the set of stego objectshas the same statistical properties as the set of cover-objects. As described later inthis paper, one of the popular steganalysis techniques employed is to see if thestatistical properties such as distribution of DCT coefficients in the stego object (incase of images) differ from the original cover object. Having similar statisticalfeatures in the cover and stego makes it extremely difficult to know if the objectcontains any hidden information.

There are three kinds of steganography approaches; pure steganography, privatekey steganography and public key steganography. The technique for embeddingthe message in pure steganography is unknown to warden and shared as a secretbetween the sender and receiver. Thus, this technique relies on the secrecy of thealgorithm itself which is not a good practice as the security is compromised oncethe algorithm is known. Secure steganograhy systems depend on the secrecy of thekey. In private key steganography both the sender and the receiver share a secretkey which is used to embed the message. The warden has no knowledge about thesecret key. However, he/she is aware of the algorithm that they could beemploying for embedding messages. In public key steganography, both the senderand the receiver have private–public key pairs and know each other’s public key.

The purpose of steganalysis is to identify if a carrier (image, text, audio orvideo) has been manipulated by embedding a secret message using someembedding technique. These two factors; different carrier types and many possibleembedding techniques, introduce a great complexity in designing a reliablesteganalyzer.

The steganalysis techniques are classified under two categories; specific anduniversal steganalysis. The specific steganalysis techniques are designed for atargeted embedding technique. Thus, they yield very accurate decisions when theyare used against the particular steganographic technique. In universal techniques,dependency on the behavior of the individual embedding techniques is removed bydetermining and collecting a set of distinguishing statistics that are sensitive to awide variety of embedding operations. As an example, universal steganalyzersdealing with images are composed of two important components; feature extrac-tion and feature classification. In feature extraction, a set of distinguishingstatistics (e.g., DCT coefficients) are obtained from a data set of images byobserving general image features that exhibit a strong variation under embedding.

EmbeddingAlgorithm

ExtractionAlgorithm

Cover Message

SuppressMessage

No

Secret Message

Hidden MessageIs StegoMessage?Secret Key

Yes

Stego Message

Sender Warden Receiver

Secret Key

Fig. 1 A general model for steganography [2]

412 E. Abdelfattah and A. Mahmood

Feature classification uses the distinguishing statistics from both cover and stegoimages to train a classifier. Then, the trained classifier is used to classify an inputimage as either cover or a stego in the test process.

The remainder of the paper is organized as follows. In Sect. 2, we discuss thesteganography and steganalysis approaches used for images. In Sect. 3, we describethe methods used for audio embedding and its detection. Then, in Sect. 4 we reportthe methods employed for other media types. Finally, we introduce some stega-nography and steganalysis tools in Sect. 5, and the paper is concluded in Sect. 6along with comments on some possible future directions in this field.

2 Image Steganography and Steganalysis

With the wide availability of digital images, and the high degree of redundancypresent in them (despite compression), digital images have drawn great attentionas cover-objects for the purpose of steganography [3]. Most reported steganog-raphy techniques dealing with images embed a secret message in the spatialdomain, or the transform domain. While some methods such as the least significantbit (LSB) modification approaches embed in the spatial domain, other techniquessuch as Discrete Cosine Transform (DCT) methods and Discrete Wavelet Trans-form (DWT) embed in the transform domain.

The goal, in general, in all universal steganalysis approaches is extractingreliable distinguishable features between the cover and the stego object. Theextracted features in current image steganalysis techniques belong to the followingcategories: binary similarity measures (BSMs), wavelet-based (WB), or feature-based (FB). Once the distinguishing features corresponding to an image have beenobtained, then these features are used to train a classifier. Researchers select aclassifier from the different classifiers that can be employed for classification suchas Fisher’s linear discriminate (FLD), support vector machines (SVM), NeuralNetworks (NN). In this section, we present a brief summary for some of theexisting steganalysis techniques.

Fridrich et al., discuss Feature-Based Steganalysis (FBS) where JPEG imagesare first decompressed, and then crop the spatial representation by four lines ofpixels in both horizontal and vertical directions to estimate statistics of the originalimage, before embedding [1]. Then, the image is JPEG recompressed with theoriginal quantization table. The difference between statistics obtained from thegiven JPEG image and its original estimated version are obtained through a set offunctions that operate on both spatial and DCT domains. According to authors‘‘techniques (such as FBS) that rely on DCT based statistical features are expectedto perform better than binary similarity measures (BSM) and Wavelet-BasedSteganalysis (WBS)’’.

Lyu et al., used Wavelet-Based Steganalysis (WBS) to build a model for naturalimages by using higher order statistics and then show that images with messagesembedded in them deviate from this model [4, 5]. Quadratic mirror filters (QMFs)

Steganography and Steganalysis 413

are used to decompose the image into the wavelet domain, after which statisticssuch as mean, variance, skewness, and kurtosis are calculated for each sub-band.Additionally the same statistics are calculated for the error obtained from a linearpredictor of the coefficient magnitudes of each sub-band, as the second part of thefeature set. The images are decompressed before being fed into the steganalyzerbecause this technique operates on spatial domain. The authors conclude that theirapproach scores reasonable accuracy results. However, if a small message isembedded, this leads to poor performance detection.

Martín investigated the effect of embedding a secret message into a naturalimage on the statistics of the image to examine the possibility of the detection ofthe presence of this secret message [6]. The three different embedding algorithmsthat are used in the experiments are: Jsteg [7], MHPDM [8], and one of thealgorithms in S-Tools [9]. JSTEG is one of the early embedding tools that waspublically available. MHPDM is a modified version of Histogram-Preserving DataMapping (HPDM) which embeds into DCT coefficients. S-tools hides files in bothBMP and GIF files. The following five different statistical models of naturalimages are used: Areas of Connected Components Model [10, 11], Adjacent PixelValues Model [12–14], Laplacian Distribution Model [15], Wavelet CoefficientsModel and DCT Coefficients Model. They concluded that the effect is insignificantto the natural images when the analysis is independent of the steganograhyalgorithms. However, if a prior knowledge of the embedding algorithm is known, abetter classification can be obtained.

Avcibas et al. used binary Similarity Measures (BSMs) to calculate three typesof features; computed similarity differences, histogram and entropy related fea-tures, and a set of measures based on a neighborhood-weighting mask by lookingat the seventh and the eighth bit planes of an image [16, 17]. The images aredecompressed before being fed into the steganalyzer because this techniqueoperates on spatial domain. The authors conclude that their technique demon-strates comparable results to the results obtained by Farid’s scheme [18].

Goljan et al. present a method that calculates the features in the wavelet domainas higher-order absolute moments of the noise residual [19]. The advantage ofcalculating the features from the noise residual is that it increases the features’sensitivity to embedding. Therefore, this method outperforms a previously pro-posed method by Holotyak et al. [20]. A classifier using Fisher Linear Discrimi-nant (FLD) is constructed and it is called WAM classifier. Also, WAM classifier isused to examine the security of three steganographic schemes: pseudo-random ±1embedding using ternary matrix embedding, adaptive ternary ±1 embedding, andperturbed quantization. The authors conclude that perturbed quantization stega-nography technique is the most secure because it is the least detectable approach.Moreover, the adaptive ternary ±1 embedding scheme is more secure compared topseudo-random ±1 embedding scheme.

Kharrazi et al. study the performance of three distinct blind steganalysistechniques against four different steganographic embedding techniques: Outguess[21], F5 [22], Model-Based [23] and perturbed quantization PQ [24]. The usedcover media is JPEG images. The collected data set is categorized with respect to

414 E. Abdelfattah and A. Mahmood

size, quality, and texture to find out their impact on steganalysis performance.Blind steganalysis is composed of two components: feature extraction and featureclassification. The three techniques used for feature extraction are binary similaritymeasures (BSMs), wavelet-based steganalysis (WBS) and feature-based steg-analysis (FBS). A linear support vector machine (SVM) is employed to avoid highcomputational power if nonlinear kernel SVM is employed. The authors concludethat FBS achieves superior performance because the used data set is compressedJPEG images. Moreover, PQ steganography embedding technique is the best onebecause it is the least detectable technique. As the quality factor of imagesincreases, the distinguishability between the cover and stego images decreases.Recompression of JPEG images makes the distinguishability between the coverand stego images harder where the recompressed cover images are obtained byrecompressing the original images using their estimated quality factor [25].

Ella conducted a survey of the methodology of information hiding anddescribes some techniques used in steganography and steganalysis [26]. Anexperiment is conducted on a set of images from Wikipedia by downloading themusing the program Wikix. The program StegAlyzerSS [27] is used to scan theimages. The results show that some images were found to have appended infor-mation. But, this result is not enough evidence for the existence of stego imagesbecause this appended information can be a result of manipulating images by someprograms or information left from cameras. However, the author concludes thatthere were no confirmed instances of steganography found in the scans whichmakes blind steganalysis not an easy problem.

3 Audio Steganography and Steganalysis

Although significant research efforts are reported in the domain of image steganalysis,fewer efforts are reported in the field of audio steganalysis. This might be attributed tothe different nature of audio from image which introduces challenges in obtaining thestatistical features of audio. In this section we present an overview of some theadvanced audio steganography and steganalysis techniques.

Tian et al. propose an m-sequence based Steganography technique for Voiceover IP [28]. The technique succeeds to achieve good security, sufficient capacityand low latency by using least-significant-bits (LSB) substitution method. More-over, m-sequence encryption approach is used to eliminate the correlation amongsecret messages so that the statistical steganalysis algorithm can hardly detectstego-speech. Also, a synchronization mechanism is suggested to guarantee theaccurate restoration of secret messages at the receiver side. A technique for thetransmission of synchronization patterns (SPs) is proposed that allows onlinedistribution of some important parameters by distributing the SPs among somefields in the IP header that are available for steganography. Thus, it is possible toconstruct the covert communication in real time.

Steganography and Steganalysis 415

Tian et al. introduce an adaptive Steganography scheme for Voice over IP(VoIP) [29]. An evaluation for the proposed method is conducted. The evaluationis based on designing five different steganography modes. Two modes are based onthe traditional LSBs substitution method and the other three modes are based onthe suggested adaptive Steganography scheme. They conclude that the adaptiveSteganography approach outperforms the traditional LSBs substitution methodsince it enhances the embedding transparency by taking into account the similaritybetween Least Significant Bits (LSBs) and the embedded messages.

Liu et al. present two methods: the statistics of the high-frequency spectrum andthe Mel-cepstrum coefficients of the second-order derivative are extracted foraudio steganalysis, and a wavelet-based spectrum and Mel-cepstrum audio steg-analysis [30]. A support vector machine is applied to the extracted features. Acomparison among these two methods and the signal-based Mel-cepstrum audiosteganalysis method is conducted. The proposed methods outperform the signal-based Mel-cepstrum approach. Moreover, the derivative-based approach outper-forms the wavelet-based approach.

Liu et al. suggest a stream data mining approach for audio steganalysis based onsecond order derivative of audio streams by extracting Mel-cepstrum coefficients andMarkov transition features on the second order derivative [31]. Signal complexityhas been taken into consideration as an important parameter for evaluating the per-formance of audio steganalysis. A support vector machine is applied to the extractedfeatures. Both techniques that apply second order derivative improve the detectionperformance compared to signal based Mel-cepstrum audio steganalysis. Moreover,Markov approach based on second order derivative outperforms Mel-cepstrumapproach based on second order derivative as reported by the authors.

Qiao et al. present an approach of detecting the hidden information in MP3audio streams [32]. The moment statistical features of Generalized GaussianDistribution (GGD) shape parameters of the Modified Discrete Cosine Transform(MDCT) sub-band coefficients, as well as the moment statistical features, neigh-boring joint densities, and Markov transition features of the second order deriv-atives are merged. Support Vector Machines (SVMs) are applied to the extractedfeatures for detection. An accuracy detection of 94.1 % is achieved when themodification density is 16 %. Moreover, the percentage accuracy detection isincreased to 95.6 % when the modification density is increased to 20 %.

4 Other Steganography and Steganalysis Used Media

In addition to the previously discussed carriers such as images and audios, someother digital entities can be used as cover media. For example, HTML files(hypertext markup language) have appropriate potentials for information hiding.While processing HTML files, the browser ignores spaces, tabs, certain charactersand extra line breaks which could be used as locations for hiding information.Another example, unused or reserved space on a disk is a second type of media

416 E. Abdelfattah and A. Mahmood

that can be used to hide information. Also, data can be hidden in unused space infile headers. Last but not least, network protocols such as TCP, UDP, and/or IP canbe used for hiding the messages and transmit them through the network [33].

Li et al. suggest using torrent files, a crucial part of the BitTorrent P2P network,as host carriers for secret messages [34]. The authors used both Letter CaseChange (LCC) and Field Reusage (FR) techniques to produce the stego-torrentfiles. Letter Case Change (LCC) was suggested based on the knowledge that somefields such as announce and announce-list fields in torrent files are case insensitive.This technique has the advantage of maintaining the size of the stego-torrent file asthe original torrent file which provides a high level of transparency and security.Field Reusage method is suggested because of the redundancy of some other fieldssuch as comment and publisher. The advantage of this method is the ability toembed data with huge capacity without rising suspicion. Moreover, FR methodguarantees security by encrypting the stego-message with Data Encryption Stan-dard (DES) technique. The detector will have no suspicion because a large portionof the torrent file already contains Secure Hash Algorithm 1 (SHA1) hashedpieces. Both an embedding algorithm and an extraction algorithm are presented toembed and extract secret messages.

5 Existing Tools

There are many tools reported in literature that perform steganography. In thissub-section we present some steganography tools such as Outguess, F5, DataStash, S-tools and wbStego4. Moreover, there are few tools reported in literaturethat are used by steganalysists. These tools are limited in their capabilities andtarget one or few specific cover objects. In this sub-section we present somesteganalysis tools such as Stegdetect and StegAlyzerSS.

(1) Outguess [21]: it identifies the redundant DCT coefficients that have minimaleffect on the cover image, and based on this information it chooses bits in whichit would embed the message. Outguess program recompresses the image with aquality factor defined by the user, and then it uses the obtained DCT coefficientto embed the message. The estimated quality factor of the image is commu-nicated to the Outguess program in order to minimize recompression artifacts.When embedding messages in a clean image, noise is introduced in the DCTcoefficient, therefore increasing the spatial discontinuities along the 8 9 8 jpegblocks. Given a stego image if a message is embedded in the image again thereis partial cancellation of changes made to the LSB of DCT coefficients, thus theincrease in discontinuities will be smaller. This increase or lack of increase inthe discontinuities is used to estimate the message size which is being carriedby a stego image.

(2) F5 [22]: It embeds messages by modifying the DCT coefficients. The mainoperation done by F5 is matrix embedding with the goal of minimizing the

Steganography and Steganalysis 417

amount of changes made to the DCT coefficients. ‘‘The method takes n DCTcoefficients and hashes them to k bits, where k and n are computed based onthe original images as well as the secret message length. If the hash valueequals the message bits, then the next n coefficients are chosen, and so on.Otherwise one of the n coefficients is modified and the hash is recalculated.The modifications are constrained by the fact that the resulting n DCT coef-ficients should not have a hamming distance of more than dmax from theoriginal n DCT coefficients. This process is repeated until the hash valuematches the message bits.’’ [25] F5 recompresses the image, with a qualityfactor input by the user, after which the DCT coefficients are used forembedding the message.

F5 alters the histogram of DCT coefficients. Thus, Fridrich et al. proposes asimple technique to estimate the original histogram so that the number of changesand length of the embedded message could be estimated [35]. The originalhistogram is simply estimated by cropping the jpeg image by 4 columns and thenre-compressing the image using the same quantization table. Although noanalytical proof is given for the estimation method, steganalysis based on thissimple technique performs very well.

(3) Data Stash [36] is a steganographic tool that allows the user to hide secret datafiles within other files. The user can hide secret files into .exe,.com,.jpg,.mpg,and so on. In this tool the vault file is the cover file and the file to be stashed isthe secret message that we are interested to embed it. The option restore in thistool returns the files to their original status.

(4) S-tools [37] S-Tools is a steganography tool that hides files in BMP and GIFfiles. We used S-tools for embedding a secret message in cover images withextensions .bmp and .gif producing stego images with the same extensions.Then, images with extension.bmp are recognized with StegAlyzerSS v3.1 toolunder the LSB Analysis option as shown in Fig. 2. However, the images withextension .gif are not identified as stego images because StegAlyzerSS v3.1recognizes only the BMP file.

(5) wbStego4 [38] is a steganography tool for Windows95/98/Me, Windows NT4.0 and Windows 2000. It hides data in bitmap images, ASCII and ANSI textfiles, HTML files and Adobe Acrobat (PDF files).

(6) Stegdetect [39] performs steganalysis using statistical tests to determine ifsteganographic content is present. Furthermore, it tries to find the embeddingtechnique that has been used to embed the hidden information by the followingtools: jsteg, outguess, jphide, F5, appendX and camouflage, and invisiblesecrets.

(7) The Steganography Analyzer Signature Scanner [27] is one of the computerforensic analysis tools. It is limited to recognize only three tasks: the signatureof a particular algorithm, appended information after the end-of-file character,and disturbances to the least significant bits of BMP image file. When we usedStegAlyzerSS tool after embedding a secret message in cover files producingstego files, these files are recognized under Append Analysis option. However,

418 E. Abdelfattah and A. Mahmood

this option implies that these files contain any information appended to a filepast its end-of-file marker. Files that are found to contain appended infor-mation may or may not contain steganography. Thus, Append Analysis optionis not automated steganography detection algorithm. No solid conclusion canbe reached about the files under investigation whether they are covers orstegos. Further analysis should be conducted to identify cover or stego file. Toevaluate the performance of StegAlyzerSS v3.1, we tested it using 10 Kimages and it finished the scan in 2:08 min in one experiment and in 1:54 minin another experiment. When StegAlyzerSS v3.1 runs on 100 K images, scanfinished in 19:52 min.

6 Conclusion and Future Directions

The fields of steganography and steganlaysis received increased attention in therecent years. A stego object is obtained by modifying the cover object using anembedding technique. The object might be an image, text, audio or video. However,most of the reported techniques in literature deal with images.

The main focus in steganalysis is only to detect the presence of a hidden object.Most of the reported steganalysis techniques in literature handle specific embed-ding techniques. Other techniques that deal with several embedding techniques aredesigned to handle a specific data type.

We found that existing steganalysis tools are limited in their detection capa-bilities and far from being considered as automated steganalyzer.

One of the fundamental challenges in steganalysis is to come up with adetection mechanism that will work on all different steganography techniques.

Fig. 2 LSB analysis option in StegAlyzerSS tool

Steganography and Steganalysis 419

Since there are quite a few existing algorithms in steganography, and further sincenew algorithms are continuously being devised that generate similar statisticalfeatures in the stego object as the original media, a single steganalysis algorithmmay not be possible. One of the approaches taken in the future may be perhapsmulti- algorithms running in parallel or as a collection of web services in service-oriented architecture (SOA) that is extensible to include detection of newersteganography algorithms. Another important concern would be the steganalysisexecution time reduction. With the vast amount of information being exchangedon the internet, a highly efficient real-time steganalyzer would be needed by manysecurity organizations. So far, the researchers have not focused much on executiontime reduction of steganalysis, but parallel and distributed techniques need to bedeveloped for steganalysis for this purpose.

It is notable that different research efforts do not cross-validate new results withearlier published results. This raises the need to develop benchmarks that can beused to evaluate new techniques and see how well they perform.

Many of the reported steganalysis techniques handle specific image types suchas JPEG or audio types such as WAV have reached a high degree of detection ofthe stego object. We envision that research groups will put more emphasis indeveloping new techniques that handle uncommon types.

The competition between the camp of steganography and the camp of steg-analysis will continue to fuel research efforts in these fields where new algorithmsand techniques are expected to be developed in the future.

References

1. Fridrich J (2004) Feature-based steganalysis for jpeg images and its implications for futuredesign of steganographic schemes. In: Proceedings 6th information hiding workshop,Toronto, 2004, pp 67–81

2. Chandramouli R, Kharrazi M, Memon N (2004) Image steganography and steganalysis:concepts and practice. Lecture Notes in Computer Science, Springer, Berlin, pp 204–211

3. Kharrazi M, Sencar HT, Memon N (2005) Benchmarking steganographic and steganalysistechniques, security, steganography, and watermarking of multimedia contents VII. In: Delp,Edward J, III Wong Ping W (eds) Proceedings of the SPIE, vol 5681, pp 252–263

4. Lyu S, Farid H (2002) Detecting hidden messages using higher-order statistics and supportvector machines. In: Proceedings of 5th International workshop on information hiding,pp 340–354

5. Lyu S, Farid H (2004) Steganalysis using color wavelet statistics and one-class support vectormachines. Proc SPIE 5306:35–45

6. Martin A, Sapiro G, Seroussi G (2005) Is image steganography natural? IEEE Trans ImageProcess 12:2040–2050

7. Upham D JPEG-JSTEG—modifications of the independent JPEG groups JPEG software for1-Bit steganography in JFIF output files. ftp://ftp.funet.fi/pub/crypt/steganography/

8. Tzschoppe R, Bäuml R, Huber JB, Kaup A (2003) Steganographic system based on higher-order statistics, SPIE security and watermarking of multimedia Contents V, Santa Clara, CA

9. Brown A (1994) S-Tools for windows. ftp://ftp.ntua.gr/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/s-tools4.zip

420 E. Abdelfattah and A. Mahmood

10. Gousseau Y, Morel JM (2001) Are natural images of bounded variation. SIAM J Math Anal33(3):634–648

11. Alvarez L, Gousseau Y, Morel JM (1999) The size of objects in natural images, in CMLA.Cachan Ecole Normale Sup, France

12. Grenander U, Srivastava A (2001) Probability models for clutter in natural images. IEEETrans Pattern Anal Mach Intell 23(4):424–429

13. Srivastava A, Liu X, Grenander U (2002) Universal analytical forms for modeling imageprobabilities. IEEE Trans Pattern Anal Mach Intell 24(9):1200–1214

14. Grenander U (2003) Toward a theory of natural scenes. Technical report, Brown University,Providence, RI. http://www.dam.brown.edu/ptg/REPORTS/natural.pdf

15. Green ML (2002) Statistics of images, the TV algorithm of Rudin-Osher-Fatemi for imagedenoising and an improved denoising algorithm. Technical report, University California, LosAngeles. ftp://ftp.math.ucla.edu/pub/camreport/cam02-55.pdf

16. Avcibas I, Memon N, Sankur B (2001) Steganalysis using image quality metrics. In:Proceedings security and watermarking of multimedia contents, San Jose, CA, pp 523–531

17. Avcibas I, Kharrazi M, Memon N, Sankur B (2005) Image steganalysis with binary similaritymeasures. EURASIP J Appl Signal Process 17:2749–2757

18. Farid H (2002) Detecting hidden messages using higher-order statistical models. In:Proceedings IEEE international conference on image processing (ICIP’02), vol 2, Rochester,NY, USA, Sept 2002, pp 905–908

19. Goljan M, Fridrich J, Holotyak T (2006) New blind steganalysis and its implications. In:Proceedings SPIE, electronic imaging, security, steganography, and watermarking ofmultimedia contents VIII, vol 6072, San Jose, CA, 16–19 Jan 2006, pp 1–13

20. Holotyak T, Fridrich J, Voloshynovskiy S (2005) Blind statistical Steganalysis of additivesteganography using wavelet higher order statistics 9th IFIP TC-6 TC-11 conference oncommunications and multimedia security, LNCS vol 3677, Springer-Verlag, Berlin,pp 273–274

21. http://www.outguess.org/detection.php22. Westfeld A (2001) F5-A Steganographic algorithm: high capacity despite better steganalysis.

Proceedings of the 4th international workshop on information hiding. LNCS 21(37):289–30223. Sallee P (2003) Model-based steganography. In: Proceedings international workshop on

digital watermarking, Seoul, Korea, pp 254–26024. Fridrich J, Goljan M, Soukal D (2004) Perturbed quantization steganography with wet paper

codes. In Proceedings ACM multimedia workshop, Magdeburg, Germany, pp 4–1525. Kharrazi M, Sencar HT, Memon N (2006) Performance study of common image

steganography and steganalysis techniques. J Electron Imaging 15(4):21–4126. Ella W (2008) Detecting steganography on a large scale, crossroads, ACM, pp 3–627. http://sarc-wv.com/products/stegalyzerss.aspx28. Tian H, Zhou K, Jiang H, Liu J, Huang Y, Feng D (2009) An M-Sequence based

steganography model for voice over IP, ICC ‘09. In: IEEE international conference oncommunications, August 2009, pp 1–5

29. Tian H, Zhou K, Jiang H, Liu J, Huang Y, Feng D (2009) An adaptive steganography schemefor voice over IP. In: The 2009 IEEE international symposium on circuits and systems,pp 2922–2925

30. Liu Q, Sung AH, Qiao M (2009) Temporal derivative-based spectrum and mel-cepstrumaudio steganalysis. IEEE Trans Inf Forensics and Sec 4(3):359–368

31. Liu Q, Sung AH, Qiao M (2009) Novel stream mining for audio steganalysis. In: Proceedingsof the seventeen ACM international conference on multimedia, 19–24 Oct 2009, Beijing,China, pp 95–104

32. Qiao M, Sung AH, Liu Q (2009) Feature mining and intelligent computing for MP3steganalysis. In: 2009 international joint conference on bioinformatics, systems biology andintelligent computing, pp 627–630

33. http://wandership.ca/projects/deogol/intro.html

Steganography and Steganalysis 421

34. Li Z, Sun X, Wang B, Wang X (2008) A steganography scheme in P2P network, IIHMSP ‘08international conference on intelligent information hiding and multimedia signal processing,Aug 2008, pp 20–24

35. Fridrich J, Goljan M, Hogea D, Soukal D (2003) Quantitive steganalysis of digital images:estimating the secret message length, ACM multimedia systems journal, special issue onmultimedia security, pp 288–302

36. http://www.skyjuicesoftware.com/software/ds_info.html37. http://www.spychecker.com/program/stools.html38. http://wbstego.wbailer.com/39. http://www.brothersoft.com/stegdetect-download-306943.html

422 E. Abdelfattah and A. Mahmood