Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are
- jsteg,
- jphide (unix and windows),
- invisible secrets,
- outguess 01.3b,
- F5 (header analysis),
- appendX and camouflage.
Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.
Stegdetect and Stegbreak have been developed by Niels Provos.
Automated Detection of New Steganographic Methods
Stegdetect 0.6 supports linear discriminant analysis. Given a set of normal images and a set of images that contain hidden content by a new steganographic application, Stegdetect can automatically determine a linear detection function that can be applied to yet unclassified images.
Linear discriminant analysis computes a dividing hyperplane that separates the no-stego images from the stego images. The hyperplane is characterized as a linear function. The learned function can be saved for later use on new images.
Stegdetect supports several different feature vectors and automatically computes receiver operating characteristic which can be used to evaluate the quality of the automatically learned detection function.
You can download stegdetect from the download page, including stegbreak and Xsteg, the graphical frontend to stegdetect.
Example
| |
References
Further information on how stegdetect works and on how to use it can be found in the following links.
- Hide and Seek: An Introduction to Stegangography - Niels Provos and Peter Honeyman, IEEE Security & Privacy Magazine, May/June 2003.
- Hiding in Plain Sight : Steganography and the Art of Covert Communication - Explains how to use stegdetect and stegbreak.