Abstract
Digital image steganalysis is the process of detecting if an image
contains concealed data embedded within its pixel space inserted via a
steganography algorithm. The detection of these images is highly
motivated by Advanced Persistent Threat (APT) groups, such as APT37
Reaper, commonly utilizing these techniques to transmit malicious
shellcode to perform further post-exploitation activity on a compromised
host. Performing detection has become increasingly difficult due to
modern steganography algorithms advancing at a greater rate than the
steganalysis techniques designed to combat them. The task of detection
is challenging due to modern steganography techniques that embed
messages into images with only minor modifications to the original
content which varies from image to image. In this paper, we pipeline
Spatial Rich Models (SRM) feature extraction, Principal Component
Analysis (PCA), and Deep Neural Networks (DNNs) to perform image
steganalysis. Our proposed model, Neural Spatial Rich Models (NSRM) is
an ensemble of DNN classifiers trained to detect 4 different
state-of-the-art steganography algorithms at 5 different embedding
rates, allowing for an end-to-end model which can be more easily
deployed at scale. Additionally our results show our proposed model
outperforms other current state-of-the-art neural network based image
steganalysis techniques. Lastly, we provide an analysis of the current
academic steganalysis benchmark dataset, BOSSBase, as well as
performance of detection of steganography in various file formats with
the hope of moving image steganalysis algorithms towards the point they
can be utilized in actual industry applications.