Securing LSB embedding against structural steganalysis

Abstract

This work explores the extent to which LSB embedding can be made secure against structural steganalysis through a modification of cover image statistics prior to message embedding. LSB embedding disturbs the statistics of consecutive k-tuples of pixels, and a kth-order structural attack detects hidden messages with lengths in proportion to the size of the imbalance amongst sets of k-tuples. To protect against kth-order structural attacks, cover modifications involve the redistribution of k-tuples among the different sets so that symmetries of the cover image are broken, then repaired through the act of LSB embedding so that the stego image bears the statistics of the original cover. We find this is only feasible for securing against up to 3rd-order attacks since higher-order protections result in virtually zero embedding capacities. To protect against 3rd-order attacks, we perform a redistribution of triplets that also preserves the statistics of pairs. This is done by embedding into only certain pixels of each sextuplet, constraining the maximum embedding rate to be $⩽ 2 / 3$ bits per channel. Testing on a variety of image formats, we report best performance for JPEG-compressed images with a mean maximum embedding rate undetectable by 2nd- and 3rd-order attacks of 0.21 bpc.

Keywords

LSB embedding structural steganalysis

1. Introduction

Hiding secret messages in the least significant bits of pixels in digital images is the oldest steganographic technique. It follows a simple rule: to embed a message bit into a pixel of value x, flip the pixel’s least significant bit (LSB) to match the message bit, $\begin{matrix} (1) & flip (x) = \{\begin{matrix} x + 1 & for x even \\ x - 1 & for x odd . \end{matrix} \end{matrix}$ The beauty of this technique is the simplicity of message retrieval: one needs merely to read off the LSBs of the pixels (perhaps scrambled in some way) to obtain the hidden message. No special software or complex operations are needed. Since only the LSBs of only some pixels are modified, LSB embedding is also virtually impossible to detect visually. Alas, it does tend to affect pixel value statistics in an idiosyncratic way. Consider a pair of consecutive pixel values, $2 k$ and $2 k + 1$ . If we embed a message bit of 1 into the pixel of value $2 k$ , its value becomes $2 k + 1$ . Conversely, if we embed a message bit of 0 into the pixel of value $2 k + 1$ , its value becomes $2 k$ . Meanwhile, embedding a 0 into the $2 k$ pixel or a 1 into the $2 k + 1$ pixel results in no change. If we have an equal chance of embedding into a $2 k$ - or $2 k + 1$ -valued pixel (i.e. if the cover image has nearly an equal number of even- and odd-valued pixels), and if the message bit has a 50% chance of being either a 1 or 0 (e.g. if the message is encrypted and so pseudo-random), then LSB embedding tends to “even out” consecutive pairs of pixel values $(2 k, 2 k + 1)$ , converting even-valued pixels to odd and odd-valued pixels to even in approximately equal numbers. The extent to which these even out depends on the stego load: if we fully embed the cover the image, then we expect the number of pixels of value $2 k$ and $2 k + 1$ to become nearly equal, $n_{2 k} \approx n_{2 k + 1}$ . Figure 1 shows the effect on pixel values of a fully embedded image.

Fig. 1.

(a) Illustration of how pixel value pairs $(2 k, 2 k + 1)$ even-out under LSB embedding. (b) Histogram of pixel values comparing original image (gray) with stego image (red) after complete LSB embedding. Notice how neighboring pixel values tend to equality.

This asymmetry has given rise to a barrage of steganalytic attacks over the last two decades, starting in 2000 with the histogram attack [60] which seeks to detect LSB embedding by examining the extent to which neighboring bins in the image’s pixel value histogram tend to equality as a result of this embedding asymmetry. This attack only works well for high embedding rates, and so new techniques looking for changes in higher-order statistics, like correlations among neighboring pixel values, were developed [6–8,19,30,31,33]. These powerful methods are generally referred to as structural steganalysis, because they target the statistical properties of image structures (like pixel pairs, triplets, and so on). Structural steganalysis is based on the idea that the cardinalities of certain sets of consecutive pixel groups should be approximately equal for natural images, but diverge in an idiosyncratic way under LSB embedding. Structural attacks analyze the count statistics of these pixel groups and render an estimate of the hidden message length in proportion to this divergence. The most sensitive attacks in this family are able to detect embedding rates as low as 3% [30], and are more accurate than other prominent attacks against LSB embedding [5,10,18,34,70] for certain image formats, like JPEG-compressed images. We discuss these methods at length in Section 4.

In this work, we seek a means of securing LSB embedding against higher-order structural steganalysis, including both RS/Sample Pairs Analysis (SPA) [7,8,19] and Triples analysis [31], that 1) does not produce obvious statistical artifacts, 2) does not require significant additional secret data for message recovery, and 3) preserves the computational and algorithmic simplicity of LSB embedding. We develop a method of cover modification, in which pixel values of the cover are modified, disturbing the natural count statistics of various pixel groups prior to message embedding, such that the act of embedding the message restores the count statistics to their natural values. With apparently normal set cardinalities, structural analyzers will then be fooled into concluding that no hidden message is present. This kind of cover modification was presented as a defense against SPA in [55], and we extend it here to protect against up to third-order (Triples) attacks. This extension is not straight-forward: to protect against all orders up to some order k, the statistics of n-tuples must be preserved, where n is the least common multiple of all orders up to and including k. We find that cover modifications in terms of sextuplets, required to preserve the statistics of both pairs and triplets, are highly constrained and result in cover images with virtually zero embedding capacity. We demonstrate how to instead perform cover modifications at third-order, which is much less constrained, by redistributing triplets in such a way that also preserves the statistics of pairs. The trade-off is that only certain pixels in the image can be embedded, and so steganographic capacities are reduced.

We test this method against a range of different image types and find that we can achieve maximum undetectable embedding rates of 0.12, 0.17, and 0.21 bits per channel for uncompressed grayscale, uncompressed color, and JPEG-compressed color raster images. We also argue that extending protections to higher-order (quadruples analysis [32]) is only possible at the cost of virtually zero embedding capacity; however, such detectors are difficult to implement in practice.

This paper is organized as follows: Section 2 explores related prior art on the subject of improving the security of LSB embedding against structural steganalysis, and Section 3 provides some rationale for still considering LSB embedding in today’s steganographic landscape. Section 4 reviews the family of structural steganalysis techniques and in Section 5 we introduce the procedure of cover modification as it is used to secure LSB embedding against SPA in [55], with some new elements necessary for extending it to higher-order. Section 6 develops the new cover modification procedure to protect against both second- and third-order structural attacks, and presents results of testing on a data set of grayscale and color images. In Section 7 we discuss the possibility of extending this methodology to higher-order, and in Section 8 we conclude.

2. Related work

Due its simplicity, there has been much work on improving the security of LSB embedding against the ever-escalating wave of steganalytic attacks. These approaches evade statistical attacks focused on image structures by preserving these statistics during the embedding process. There are three broad approaches to this problem: embedding strategies, in which LSB embedding is only performed on subgroups of pixels that preserve certain statistics; statistical restoration, in which portions of the cover image are altered after LSB embedding to recover certain statistics of the cover image; and cover modification, in which the cover image is altered prior to embedding so that the stego image retains certain statistics of the cover image. Some methods incorporate more than one of these aspects. We review several relevant works in this section.

The earliest approaches attempted to circumvent histogram-based attacks. In the work of [13], the histogram is preserved by encoding the message such that the probabilities of 1’s and 0’s in the message are precisely those required to keep the frequencies of adjacent bins unchanged. Some protection against second-order statistics is conferred if the pixel pairs are chosen such that their frequencies in the image co-occurrence matrix are unchanged after the embedding; however, this method is not protective against second-order attacks like RS analysis [2]. This procedure is only applicable for high embedding rates, since otherwise the histogram attack is not particularly effective. In [9], the histogram-preserving data mapping introduced under the assumption that pixels are i.i.d., embeds data with the same distribution as the cover image histogram so as to minimize their relative entropy. The i.i.d. assumption is in general not true for natural images, however, and so this method is susceptible to higher-order structural attacks, e.g. as shown in [59].

The LSB+ method of Wu et al. [63] also seeks to preserve the pixel value histogram by compensating for bits embedded into a given pair of neighboring bins by appropriately changing the values of other pixels from these bins reserved for this purpose. To protect against second-order attacks, like SPA, only restricted groupings of pixels are embedded so that these statistics too can be preserved; the result is that test images had a very low average embedding capacity of around 2.5%. Protection against higher-order statistics would result in even lower embedding capacities. An improvement in capacity is offered by [24] but this method is equally susceptible to higher-order structural steganalysis.

With the increasing use of the powerful SPA technique, steganographers recognized the need to go beyond the preservation of first-order image statistics. In [48], an inverse histogram transformation is applied to the cover image prior to embedding. This operation compresses the range of pixel values in the cover image, essentially coarse-graining the image prior to embedding. Since structural attacks like RS and SPA rely primarily on trace sets with small differences among neighboring pixels, as these are the most common pairs, the method of [48] is able to defeat these attacks for a wide range of embedding rates. To recover the hidden message, the recipient must reverse the compression. The trouble with this method is that the compression transformation eliminates entire pixel values from the stego image, which appear as empty bins in the image histogram. Analysis of the histogram enables one to reverse the transformation and then directly analyze the LSB-embedded image. Lou and Hu [44] correct this problem by performing multiple transformations with different parameters on different pixel groups of the cover, with the result that the combined histogram has no missing levels. Depending on the pixel grouping strategy, the authors of [44] acknowledge that this approach could be susceptible to a brute force attack wherein the steganalyst examines the histograms of many different pixel groups looking for evidence of missing levels. As the number of pixel groups grows, such that the histograms contain ever fewer pixels, missing levels could occur naturally and the authors argue that in this case there are insufficient histogram statistics to support steganalysis. This claim, however, remains to be validated in general.

An interesting example of statistical restoration is provided by the method of dynamic compensation [47]. Here the message is embedded and the values of half of the image pixels are increased by one. This has the effect of essentially “resetting” the statistics of the stego image, and structural steganalysis is unable to detect any hidden messages. The pixels used for this compensation must generally be chosen dynamically such that detection by common structural attacks is minimized. The main drawback of this method is that message retrieval requires a reversal of this compensation procedure, and so the locations of all modified pixels must be communicated to the recipient. This is a sizable amount of data: for a $512 \times 512$ image, this amounts to a 300 kB secret key that must be securely exchanged along with the image. A related approach was explored in [54] where half of the image LSBs are flipped after embedding so that SPA and RS tests are fooled into concluding that images are maximally embedded regardless of the true embedding rate. While indeed these tests are in error, it is not clear how this result safeguards the stego image since such a detection would likely arouse suspicion that the image was either fully LSB embedded or had at least been tampered with. Further, message extraction requires knowledge of which LSBs were flipped so that the this operation can be reversed.

An approach that combines cover modification with an embedding scheme based on the eight-queens problem is presented in [1]. Here, each LSB is flipped or not according to whether its pixel, when taken as part of an eight-pixel block, is masked by one of the 92 eight-queens solutions. A group of pixels is reserved to restore set cardinalities to approximate those of the cover so that SPA is unable to detect the message. A general upper bound on embedding capacities is not established in [1], but sample images are tested up to relative payloads of 30%. This is lower than the cover modification technique of [55], discussed below, and similarly does not protect against higher-order attacks. It should also be noted that message extraction using eight-queens encoding is greatly more complicated than simple LSB embedding, and does not confer additional security against structural steganalysis.

Most recently, the work of [55] considers cover modification where the cardinalities of sets analyzed by SPA to detect the presence of LSB steganography are adjusted prior to message embedding such that the relevant second-order statistics are preserved in the process. This approach successfully protects against SPA at the cost of lower embedding capacities, upwards to around 50% on average [55]. Though second-order statistics are carefully preserved in this method, higher-order statistics can still be targeted by Triples analysis to uncover the hidden message length.

3. Why LSB embedding?

The technique of substituting, or embedding, message bits into the least significant bits of cover image pixels is perhaps the oldest and arguably the simplest steganographic technique. Since its inception, LSB embedding has been targeted by a wide range of steganalysis, and is considered today to be effectively broken. A number of techniques were soon developed that incorporate LSB matching [52] into more secure frameworks.1

¹
In LSB matching pixel values are randomly changed by $\pm 1$ so that their LSB’s match message bits; this process does not cause obvious statistical artifacts like LSB embedding.

These include encoding schemes [12,17,23,49] to reduce the number of modified pixels, adaptive embedding strategies [22,27,28,40,42,46,50,51,62] which select pixels for modification that minimize some measure of distortion, and methods that employ game-theoretic optimizations [11,39]. The adaptive strategy, HILL [40], was one of the most successful algorithms on the BOSS image database [4] as of 2016. Since that time, machine-learning-based methods have come to the fore [26,29,43,53,57,58,65,71], some of the most powerful using generative adversarial networks (GANs) to embed images in ways undetectable by prospective deep learning-based steganalyzers. Given this prodigious improvement in the state-of-the-art, one would expect steganagraphy based on LSB-embedding to be effectively extinct. And, yet, LSB embedding is still implemented in a large number of open source and commercial data hiding products [20]. Even within academia, there is considerable research interest: at least a dozen papers in 2021 alone, found via a scholar.google.com database search, focused on various applications and security improvements of LSB embedding.

Possible reasons for the tenacious popularity of LSB embedding include 1) its simplicity (in terms of code, compute, storage, and hardware requirements), 2) its availability, 3) its ease of message extraction (in terms of additional data required, beyond perhaps a once-pre-shared key), and 4) that the expected threat of sophisticated steganalysis is not sufficiently high to warrant more advanced approaches. While it is difficult to know to what extent the use of steganography over lower-risk channels influences the popularity of LSB embedding, pragmatism argues that one “do only what is necessary, and no more.” This maxim shapes standard tradecraft in fields like penetration testing, in which simple, unsophisticated attacks are used whenever and wherever possible. We argue below that state-of-the-art methods suffer from a number of these kinds of impracticality, favoring the use of simpler stegangraphy, like LSB embedding, particularly over lower-risk channels. In this paper, we therefore seek to improve its security against those steganalytic attacks designed to target it in practice.

3.1. Simplicity and availability

To exemplify the simplicity of LSB embedding, it can be implemented with an 80-character Perl code at the Linux command-line [30]. Software for both message embedding and extraction are widely available for free on the Internet (see [61] for a list of steganography programs, many of which are free and include LSB embedding). The code used to perform the cover modifications and embedding described in this paper is publicly available:2

²
https://github.com/bapowellphys/LSB_cover_mods

it is written in Python and makes use of standard libraries. This code takes a few seconds to create a

512 \times 512

stego image on a MacBook Pro with 2.3 GHz processor and 16 GB RAM. While the algorithmic complexities of adaptive methods like HUGO [50], UNIWARD [27], and HILL [40] are considerably greater than LSB embedding, these techniques are not particularly resource intensive and can be run on standard hardware. Much of this software is also available in C/C

+ +

and Matlab [15].

In contrast, methods employing machine learning are significantly more complex and pre-trained networks are generally unavailable; for example, several popular implementations [53,57,58,65] have no reported open source code. These techniques require considerable expertise to develop from scratch: as examples typical of this class of methods, the works [57,58,71] make use of sets of deep convolutional neural networks that must be trained via adversarial learning. Generally tens or hundreds of thousands of images [26,29,57,58,71] are required for training, ideally on high-performance hardware like GPUs to speed-up training and hyperparameter optimization. Training times vary, ranging from upwards of 78 hours for ASDL-GAN [58] to 9 hours for UT-GAN [65] on a single GPU. These methods, while state-of-the-art, are very much research-oriented and not suited for wide deployment outside of academia. In short, actors employing steganography to send secret messages are generally not artificial intelligence engineers capable of training deep neural networks.

A further observation is that, while some GAN-based methods have embedding capacities competitive with state-of-the-art adaptive techniques [69], most can accomplish at most 0.4 bits per pixel with detection error rates in the 20%-30% range [26,57,58,65,71], and are limited to working with smaller images ( $32 \times 32$ in the case of [26]) or image patches ( $16 \times 16$ for [71]).

3.2. Ease of message extraction

Traditional steganography embeds encrypted messages in the cover image; this is done both for security and because the resulting pseudo-random bit stream nicely randomizes pixel modifications. Messages are also typically embedded into a pseudo-random pixel sequence. Each of these operations requires that (at least one) secret key be pre-shared between sender and recipient, and anything else required for message extraction is considered additional data. LSB embedding requires nothing beyond the pre-shared secret key, and this is true as well of the modification described in this paper. The need for additional data, particularly data specific to individual stego images, increases the difficulty of practical implementation because it requires the existence of a secure channel that can be accessed on a per-message basis.

The powerful adaptive techniques described above work by selecting pixels for embedding such that some optimization criterion is achieved. In order for the recipient to extract the message, they must know which pixels were embedded. Many of these methods [22,27,28,40,51] use syndrome trellis codes (STC) to reduce the number of pixel modifications, and require the parity-check matrix of the code for message extraction. This matrix encodes the embedding specific to a single stego image, and so must be shared along with the image for extraction. In addition, it must be kept secret since an adversary that intercepts it can use it to extract the message. As an example, for HUGO [50] this matrix has dimensions $\sim α n^{2}$ for an embedding rate of α into an n-pixel image. For certain embedding rates, the data structure used to represent this matrix could be comparable in size to the message, in which case one might as well use the secure channel to exchange the message itself and forego steganography entirely. In any case, the requirement that a secure channel be available for the exchange of secret data “on-demand” is potentially prohibitive for all but the most well-resourced of actors.

Machine learning-based methods are also impractical from this standpoint, since they generally require that the recipient has a specially-trained neural network for message extraction. The extractor must typically be trained on the same data set as the generator, and so in the above scenarios it is developed by the sender and must be sent to the recipient. Short of providing a fully-executable neural network, the sender could opt to send the recipient only the parameters (weights, biases, activations) of the network which they would then use to develop their own network. The extractor networks, however, can be rather large and the data structure representing these parameters can be sizeable, e.g. almost 70 Mb for the model of [26] according to [68]. Some deep learning-based models that implement adaptive strategies [53] or matrix embedding [57] must additionally provide parity-check matrices. And so, like the adaptive methods, machine learning-based models require considerable additional data for message extraction, challenging their practicality.

3.3. Prevalence of state-of-the-art steganalysis

Deep learning has also been applied to steganalysis [3,4,41,56,64,66,67], notably as the discriminator networks in GAN-based steganography. The 20-layer convolutional model, called Xu-Net [64], serves as the discriminator for several of the above methods [57,58,65]. Outside of this application, deep learning-based steganalyzers are some of the most powerful general purpose detectors ever developed, with the 11-layer SRNet [3] cited as one of the most powerful at the end of 2018 [4]. While several of these models have publicly-available code [3,64,66,67], as deep neural networks like the above GANs, considerable resources and expertise are required to train and implement these algorithms. As noted for example in [4], SRNet “requires strong know-how for its initialization.” Meanwhile, machine learning-based steganalyzers without deep architectures, like rich models [21], and ensemble and SVM-based classifiers [38], are available [14,16] and easier to train, but still require careful hyperparameter optimization and regularization for good generalizability [37].

Deep learning-based steganalysis is an exciting but immature technology, and its complexity and training requirements prevent its wide-spread adoption in practical detectors. In contrast, the family of structural attacks, like SPA, Triples, and Weighted Stego, are publicly available, require no training, and work “out-of-the-box”. A low-resourced or unsophisticated “warden” might therefore be expected to opt for this brand of steganalysis, and it is this “lower-risk channel” for which a more secure LSB embedding algorithm, like ours and those reviewed in the Related Work section, might find useful application given its relative ease of use (in comparison with machine learning-based models) and ease of message extraction (unlike adaptive and machine learning-based models).

4. Structural steganalysis

Structural steganalysis refers to a family of techniques that seek to detect hidden messages in spatial domain images by analyzing the statistical properties of contiguous groups of pixels. These methods have had good success detecting randomized LSB embedding at even low embedding rates.

4.1. First-order attacks

First-order statistics, like frequency counts of pixel values, were the basis of the early histogram-based attacks. Often referred to in the literature as the histogram attack, the approach of [60] employs a $χ^{2}$ test to determine whether the tendency of LSB embedding to even-out the counts of consecutive even-odd pixel values can be distinguished from the histograms of typical cover images. The histogram attack is particularly useful against serially embedded messages, but is only effective against randomized embedding when the relative payload is high, around 1 bit/pixel. The trouble is that first-order statistics vary considerably from image to image, and so it is difficult to ascertain whether an image with nearly equal numbers of even-odd pixel values is hiding data, or whether it just looks that way naturally.

Also based on the image histogram, the work of [25] modeled LSB steganography as additive noise and observed that the smoothing-out of neighboring histogram bins observed in [60] could be quantified in terms of the center of mass of the histogram characteristic function. In [25], this attack was only tested on a few color images at full embedding capacity, and so its performance against lower rates has not been carefully studied. Absent good models of first-order statistics for natural images, we expect this method to likewise struggle to detect lower embedding rates.

4.2. Second-order attacks

Sample pairs analysis (SPA) [7,8,19,30] considers the second-order statistics of natural images, and is based on the premise that natural images of objects with continuous shading should exhibit fairly small differences between neighboring pixels, and, for a given pair of such neighboring pixels, $(u, v)$ , we should just as readily expect $u < v$ as $v < u$ . This assumption is based on the expectation that natural images have no preferred direction of gradient. It is further supposed that this parity between pairs with $u < v$ and $v < u$ should hold regardless of whether u or v happens to even or odd. It can be shown that LSB embedding spoils this parity in a distinctive way, and SPA was developed to translate these observed parity deviations into an estimate of the hidden message length.

We define a sample pair as a doublet of neighboring pixels $(x_{1}, x_{2})$ , where each pixel (or channel for color images) takes on a b-bit value (typically $b = 8$ bits). All the pairs in an image form a multiset,3

³
A multiset is the generalization of a set to include non-unique elements. Hereafter we will simply refer to them as sets.

P

. Interestingly, LSB embedding does not change the value

⌊ x_{2} / 2 ⌋ - ⌊ x_{1} / 2 ⌋ = m

of the pair

(x_{1}, x_{2})

. All such pairs form the trace set,

\begin{matrix} (2) & C_{m} = {(x_{1}, x_{2}) \in P | ⌊ x_{2} / 2 ⌋ - ⌊ x_{1} / 2 ⌋ = m} . \end{matrix}

Further, a particular pair

(x_{1}, x_{2})

falls into one of two different subsets, where we use the concise notation of Ker [31]:

\begin{array}{rcl} (3) & E_{m} & = & {(x_{1}, x_{2}) \in P | x_{2} - x_{1} = m, with x_{1} even}, \\ (4) & O_{m} & = & {(x_{1}, x_{2}) \in P | x_{2} - x_{1} = m, with x_{1} odd} . \end{array}

The trace set

C_{m}

contains the four subsets:

E_{2 m}

O_{2 m - 1}

E_{2 m + 1}

, and

O_{2 m}

. Now, the trace set

C_{m}

is closed under the action of LSB embedding, and so we expect the number of pairs in

C_{m}

of the cover to be the same as the number of pairs in the stego image,

C_{m}^{'}

, that is,

| C_{m} | = | C_{m}^{'} |

, where vertical bars indicate the cardinality of the set. However, the trace subsets are not closed under LSB embedding, with transitions occurring according to the diagram in Fig. 2. The subsets transform under LSB embedding according to,

\begin{matrix} (5) & (\begin{matrix} E (| E_{2 m}^{'} |) \\ E (| O_{2 m - 1}^{'} |) \\ E (| E_{2 m + 1}^{'} |) \\ E (| O_{2 m}^{'} |) \end{matrix}) = (\begin{matrix} b^{2} & a b & a b & a^{2} \\ a b & b^{2} & a^{2} & a b \\ a b & a^{2} & b^{2} & a b \\ a^{2} & a b & a b & b^{2} \end{matrix}) (\begin{matrix} | E_{2 m} | \\ | O_{2 m - 1} | \\ | E_{2 m + 1} | \\ | O_{2 m} | \end{matrix}) \end{matrix}

where

a = p

b = 1 - p

, and p is the probability that the LSB of a single pixel is changed. The quantity

E (| E_{2 m}^{'} |)

is the expectation value of the cardinality of the set

E_{2 m}^{'}

after LSB embedding; it is a random variable because the embedding process is probabilistic. In what follows, though, we will assume that the measured values of these sets are close to the expectations and simply write

| \cdot |

in place of

E (| \cdot |)

Fig. 2.

Transition probabilities of subsets of the trace set $C_{m}$ . .

In terms of the above sets, the SPA4

⁴

Often in the literature, the term “SPA” refers specifically to the technique used in [8] to compute the change rate, p, from Eq. (9); here, we use it more generally to refer to the 2nd-order structural steganalysis and cover assumptions that yield Eq. (9), irrespective of how it is solved.

cover image assumption can be written simply as

| E_{2 m + 1} | = | O_{2 m + 1} |

; it is clear from looking at Fig. 2 that this condition will in general fail to hold under LSB embedding. For example, LSB embedding changes the cardinalities of the subsets

E_{2 m + 1}

and

O_{2 m + 1}

according to

\begin{array}{l} (6) & | E_{2 m + 1}^{'} | = p (1 - p) | E_{2 m} | + p^{2} | O_{2 m - 1} | + {(1 - p)}^{2} | E_{2 m + 1} | + p (1 - p) | O_{2 m} |, \\ (7) & | O_{2 m + 1}^{'} | = p^{2} | E_{2 m + 2} | + p (1 - p) | O_{2 m + 1} | + p (1 - p) | E_{2 m + 3} | + {(1 - p)}^{2} | O_{2 m + 2} | . \end{array}

In general, we therefore expect

| E_{2 m + 1}^{'} | \neq | O_{2 m + 1}^{'} |

To infer the embedding rate, $α = 2 p$ , we must consider the inverse of Eq. (5) since the stego image only gives us access to the primed quantities, $\begin{matrix} (8) & (\begin{matrix} | E_{2 m} | \\ | O_{2 m - 1} | \\ | E_{2 m + 1} | \\ | O_{2 m} | \end{matrix}) = γ (\begin{matrix} b^{2} & - a b & - a b & a^{2} \\ - a b & b^{2} & a^{2} & - a b \\ - a b & a^{2} & b^{2} & - a b \\ a^{2} & - a b & - a b & b^{2} \end{matrix}) (\begin{matrix} | E_{2 m}^{'} | \\ | O_{2 m - 1}^{'} | \\ | E_{2 m + 1}^{'} | \\ | O_{2 m}^{'} | \end{matrix}) \end{matrix}$ where $γ = {(b - a)}^{- 2}$ . Under the assumption $| E_{2 m + 1} | = | O_{2 m + 1} |$ , we obtain the quadratic expression, $\begin{array}{l} α^{2} (| C_{m} | - | C_{m + 1} |) + 2 α (| E_{2 m + 2}^{'} | + | O_{2 m + 2}^{'} | - 2 | E_{2 m + 1}^{'} | + 2 | O_{2 m + 1}^{'} | \\ (9) & - | E_{2 m}^{'} | - | O_{2 m}^{'} |) + 4 (| E_{2 m + 1}^{'} | - | O_{2 m + 1}^{'} |) = 0 . \end{array}$ There is an equation like this for each m, and to obtain α one option is to sum them all together and solve the resultant single quadratic equation. Alternatively, the least squares method of [45] can be used to estimate the value of α that minimizes the sum of the squared errors, $\begin{matrix} (10) & \hat{α} = \underset{α}{arg min} \sum_{m} {(| E_{2 m + 1} | - | O_{2 m + 1} |)}^{2} . \end{matrix}$ Because this second approach generalizes well to alternative cover assumptions that we will be making, we adopt the least squares approach in this study.

Sample pairs analysis using least squares optimization has proven quite successful at detecting embedding rates as low as 5% [45], and the additional optimizations of [30] have achieved rates as low as 3% [31]. But, it is possible to do better by considering the higher-order statistics of larger sets of pixels.

4.3. Higher-order attacks

Ker [31] has developed a generalized approach for analyzing n-tuples of pixels; specifically, he explored whether the cardinalities of sets of triplets of consecutive pixels, $(x_{1}, x_{2}, x_{3})$ , can reveal LSB embedding. Trace sets are defined in this case as $\begin{matrix} (11) & C_{m, n} = {(x_{1}, x_{2}, x_{3}) \in P | ⌊ x_{i + 1} / 2 ⌋ - ⌊ x_{i} / 2 ⌋ = m_{i}}, \end{matrix}$ with subsets $\begin{array}{l} (12) & E_{m, n} = {(x_{1}, x_{2}, x_{3}) \in P | x_{i + 1} - x_{i} = m_{i}, with x_{i} even}, \\ (13) & O_{m, n} = {(x_{1}, x_{2}, x_{3}) \in P | x_{i + 1} - x_{i} = m_{i}, with x_{i} odd}, \end{array}$ with $1 ⩽ i ⩽ 2$ . Each trace set has eight subsets: $E_{2 m, 2 n}$ , $O_{2 m - 1, 2 n}$ , $E_{2 m + 1, 2 n - 1}$ , $O_{2 m, 2 n - 1}$ , $E_{2 m, 2 n + 1}$ , $O_{2 m - 1, 2 n + 1}$ , $E_{2 m + 1, 2 n}$ , and $O_{2 m, 2 n}$ . At higher-order, there are more symmetries to exploit for detection: there is the analog of the SPA parity symmetry, $| E_{2 m + 1, 2 n + 1} | = | O_{2 m + 1, 2 n + 1} |$ , the order symmetry, $| E_{m, n} | = | E_{n, m} |$ for each m, n (and likewise $| O_{m, n} | = | O_{n, m} |$ ), and also a reflectional symmetry that relates sets under the transformation $(m, n) \to (- n, - m)$ . In [31], only the parity symmetry is considered which leads to a cubic analog of Eq. (9) in terms of the variable $q = 1 / (1 - 2 p)$ . This method, called Triples analysis, has some interesting properties: it performs rather unpredictably against stego images with high embedding rates ( $≳ 50 %$ ), but does well for lower rates. It showed to be slightly more sensitive than RS and SPA, detecting embedding rates as low as 4% and with a lower false alarm rate for uncompressed images; it did remarkably better than these lower-order techniques against JPEG-compressed images.

Finally, an analysis of quadruples was also studied [32]. The cover image symmetries considered were the analog parity symmetry, the inversion symmetry $| E_{m, n, o} | = | O_{- m, - n, - o} |$ , and the permutative symmetry $| E_{m, n, o} | = | E_{π (m, n, o)} |$ for any permutation, π. Each of these symmetries provides a separate estimate of the change rate, p, via a quartic polynomial in $q = 1 / (1 - 2 p)$ . These equations have multiple roots and it is not clear which one to choose as the best estimate for p: in [32], Ker suggests selecting the root closest to a prior estimate of p from SPA or Triples analysis. When this can be done, the quadruples detector appears to be mostly consistent with lower-order tests.

5. Cover modifications to defeat SPA

Sample pairs analysis is premised on the key assumption that natural images should satisfy the constraint $| E_{2 m + 1} | \approx | O_{2 m + 1} |$ . Certainly there are exceptions, but a decade’s worth of analysis on a variety different image data sets confirms this hypothesis as generally true. But, what if one could deliberately modify the statistics of the cover image to violate it prior to LSB embedding? Would it be possible to modify the image in such a way that, after embedding a secret message, the statistics of the stego image are returned to those of the original cover? This technique was recently demonstrated successfully in [55], and we review it here in our own notation. Hereafter, we refer to the practice of altering cover image statistics prior to applying steganography as cover modification.

Schematically, LSB embedding transforms a cover image, I, into a stego image, $I^{'}$ , as $I^{'} = L \cdot I$ . The basic idea is to come up with a transformation, T, such that $I^{'} = L T \cdot I = I$ . While the pixel-wise act of embedding into LSB’s cannot be inverted, we can invert the effects of LSB embedding on trace subset cardinality. The desired transformation has already been written down: it is the matrix in Eq. (8). Here, though, we wish to apply this transformation not to the stego image trace sets, but the cover image sets, $\begin{matrix} (14) & (\begin{matrix} | E_{2 m}^{M} | \\ | O_{2 m - 1}^{M} | \\ | E_{2 m + 1}^{M} | \\ | O_{2 m}^{M} | \end{matrix}) = γ (\begin{matrix} b^{2} & - a b & - a b & a^{2} \\ - a b & b^{2} & a^{2} & - a b \\ - a b & a^{2} & b^{2} & - a b \\ a^{2} & - a b & - a b & b^{2} \end{matrix}) (\begin{matrix} | E_{2 m} | \\ | O_{2 m - 1} | \\ | E_{2 m + 1} | \\ | O_{2 m} | \end{matrix}) \end{matrix}$ giving us modified trace sets, $C_{m}^{M}$ . The effect on the $m = 1$ trace subsets of a sample cover image is shown in Fig. 3. Because $O_{1}$ is larger than $E_{3}$ , Fig. 3 (left), there is a net transfer of pairs from $O_{1}$ to $E_{3}$ after LSB embedding (right). But, if we anticipate these transitions by preemtively moving pairs from $E_{3}$ to $O_{1}$ prior to embedding, the stego image will exhibit the same statistics as the original cover, that is, the set cardinalities of trace subsets should be approximately equal (compare the black “original cover” in Fig. 3 (left) with the red “stego modified cover” on the right). Sets like $E_{3}$ from which pairs must be moved to other sets during cover modification are called donor subsets.

Fig. 3.

The effect of LSB embedding on trace subsets of an original and modified cover image. On the left are subset cardinalities of the original and modified cover, and on the right is how these cardinalities change after some amount of LSB embedding. The dashed horizontal lines are a guide to assess how well the “stego modified cover” (red) in the right plot resembles the “modified cover” (black) in the left plot.

The more data we wish to embed into the cover image, the more pairs need to be moved out of donor subsets. Since the donor subsets are of finite cardinality, there is a limit to the embedding capacity that depends on the particular cover image. Each trace set, $C_{m}$ , will have at least one donor subset, and the amount of data that can be embedded into pairs belonging to that trace set is constrained by the subset that empties at the smallest α. In practice, to find this α we solve each equation of Eq. (14) separately with the left-hand-side set to zero (corresponding to an empty subset in the modified cover) and pick the smallest α. Call this $α_{m}$ , the smallest embedding capacity allowed by trace set $C_{m}$ . Then, the maximum embedding capacity allowed for the image is the minimum capacity of all trace sets, $α = min {α_{m}}$ .

The number of trace sets to modify is arbitrary, though good results are obtained for $- 5 ⩽ m ⩽ 5$ . This is the same range of sets found in [31] and [45] to provide reliable detections, as higher-order trace sets tend to become sparsely populated and do not reliably satisfy the condition $| E_{2 m + 1} | = | O_{2 m + 1} |$ . Even within the lower-order sets, it might occur that one or a few trace sets severely constrain α such that their omission from embedding results in a higher embedding capacity. As an extreme example, if a single donor set is already empty in any of the trace sets, the image cannot be embedded at all unless the pixels in this trace set are excluded from the embedding. This is very uncommon for pairs analysis, though becomes more of a problem with higher-order cover modifications as we will see. We therefore propose the following rule for identifying the maximum embedding capacity: set $α = α_{\tilde{m}}$ , where, $\begin{array}{rcl} (15) & \tilde{m} & = & \underset{m}{arg max} α_{m} (1 - \frac{S_{m}}{N}) \\ (16) & S_{m} & = & \sum_{i | α_{i} < α_{m}} | C_{i} |, \end{array}$ where N is the total number of pixels in the image. We exclude all trace sets $C_{i}$ with $α_{i} < α_{\tilde{m}}$ from the LSB embedding process. The quantity $α = α_{\tilde{m}}$ is the effective maximum embedding rate that results after these trace sets have been excluded.

In any case, once the value of α has been obtained, we are ready to perform the cover modification. This is just a redistribution of pairs among the trace subsets according to Eq. (14) with the chosen embedding rate, α. The appropriate number of pairs are moved out of each donor subset into non-donor subsets according to their deficits. For color images, trace sets are adjusted separately for each color channel.

This kind of cover modification has been shown to be quite effective at evading SPA [55], but what about higher-order attacks? How does redistributing pixel pairs in this way affect the distribution of triplets? We perform a test on 1000 $512 \times 512$ images from the BOSS database5

⁵

http://agents.fel.cvut.cz/boss/

of uncompressed, grayscale raster images. LSB steganography was performed by embedding a pseudo-random bit stream, simulating an encrypted message, into pseudo-randomly selected LSBs at the embedding capacity of each image. We present results in Fig. 4: black points are the detected embedding rates using SPA, and the red squares are those using Triples. The horizontal lines mark the 95% confidence bounds for a detection with SPA (black) or Triples (red).6

⁶

Confidence limits were established by running SPA and Triples detections on the raw un-embedded images.

Negative embedding rates are of course not possible, and are simply how these algorithms interpret certain set imbalances. But, since negative α below the lower confidence bound might suggest that the image has been tampered with, such predictions can be considered detections. Points that fall on the diagonal are perfect predictions of the true rate. Only cover images that are below the SPA detection threshold were selected for cover modification.

The Triples analysis of [31] is able to detect the presence of a hidden message in almost every image, and estimate its length to within 50% accuracy for most. The noisiness observed in the Triples detections at high embedding rate possibly arises from the same instability observed by Ker in [31]. And so, perhaps unsurprisingly, a second-order cover modification is insufficient for securing LSB embedding against higher-order structural attacks.

Fig. 4.

The results of SPA and triples detections on 1000 uncompressed grayscale raster images with cover modifications made to defeat SPA. Dashed lines indicate 95% confidence limits for detection by the detector with the corresponding color.

6. Cover modifications to defeat both SPA and triples

To understand why the second-order cover modification did not also provide third-order protections, consider two consecutive triplets,

where the $m_{i} = x_{i + 1} - x_{i}$ denote the differences of the indicated pixel values. The pairs in this sextuplet belong to the trace sets $C_{m_{1}}$ , $C_{m_{3}}$ , and $C_{m_{5}}$ . Embedding into this sextuplet will in general transform all the $m_{i} \to m_{i}^{'}$ ; however, cover modifications based on pairs will only adjust pixels according to the transitions with $i = 1, 3, 5$ . But pixel $x_{3}$ also belongs to the first triplet, and so helps determine $m_{2}$ , while pixel $x_{4}$ belongs to the second triplet and helps determine $m_{4}$ . If pixel $x_{3}$ is adjusted during cover modification according only to $m_{3}$ , as would happen under a second-order cover modification, the effect on $m_{2}$ will be essentially random, and likewise for the effect on $m_{4}$ of adjusting $x_{4}$ . It would appear that in order to preserve both second- and third-order statistics after LSB embedding, we must make cover modifications at sixth-order, in terms of sextuplets.7

⁷
In what follows, we refer to an nth-order cover modification as one that adjusts the cardinalities of sets of n-tuples.

6.1. Attempt at a full sixth-order solution

In [31], Ker developed an approach to structural steganalysis to arbitrary order, which we apply here. Trace sets carry five indices denoting the differences between consecutive pixels in the sextuplet, $\begin{array}{rcl} (18) & C_{m_{1}, \dots, m_{5}} = {(x_{1}, \dots, x_{6}) \in P | ⌊ x_{i + 1} / 2 ⌋ - ⌊ x_{i} / 2 ⌋ = m_{i}} \end{array}$ and the subsets are defined analogously to the triplets case, $\begin{array}{l} (19) & E_{m_{1}, \dots, m_{5}} = {(x_{1}, \dots, x_{6}) \in P | x_{i + 1} - x_{i} = m_{i}, with x_{i} even}, \\ (20) & O_{m_{1}, \dots, m_{5}} = {(x_{1}, \dots, x_{6}) \in P | x_{i + 1} - x_{i} = m_{i}, with x_{i} odd} . \end{array}$ There are 64 subsets in each $C_{m_{1}, \dots, m_{5}}$ that can enumerated as follows [31]: first, write $A_{0, m_{1}, \dots, m_{5}}$ for $E_{m_{1}, \dots, m_{5}}$ and $A_{1, m_{1}, \dots, m_{5}}$ for $O_{m_{1}, \dots, m_{5}}$ . Writing the concatenation of two sequences $s$ and $t$ as $s . t$ , the trace subsets of $C_{t . k}$ can be obtained recursively from the subsets $A_{s_{1}} ... A_{s_{n}}$ of $C_{t}$ as $\begin{array}{rcl} (21) & \begin{matrix} A_{s_{1} . (2 k + β_{1})}, \dots, A_{s_{n} . (2 k + β_{n})}, \\ A_{s_{1} . (2 k + β_{1} + 1)}, \dots, A_{s_{n} . (2 k + β_{n} + 1)} \end{matrix} \end{array}$ where $β_{i} = 0$ if $\sum_{i} s_{i}$ is even and $β_{i} = - 1$ if the sum is odd. Writing $P (A_{s_{i}}, A_{s_{j}})$ for the transition probability between the two subsets $A_{s_{i}}$ and $A_{s_{j}}$ we have $\begin{array}{rcl} (22) & \begin{array}{l} P (A_{s_{i} . (2 k + β_{i})}, A_{s_{j} . (2 k + β_{j})}) = (1 - p) P (A_{s_{i}}, A_{s_{j}}) \\ P (A_{s_{i} . (2 k + β_{i} + 1)}, A_{s_{j} . (2 k + β_{j})}) = p P (A_{s_{i}}, A_{s_{j}}) \\ P (A_{s_{i} . (2 k + β_{i})}, A_{s_{j} . (2 k + β_{j} + 1)}) = p P (A_{s_{i}}, A_{s_{j}}) \\ P (A_{s_{i} . (2 k + β_{i} + 1)}, A_{s_{j} . (2 k + β_{j} + 1)}) = (1 - p) P (A_{s_{i}}, A_{s_{j}}) . \end{array} \end{array}$ Finally, the transition matrices can be obtained recursively from lower-order matrices via the g-fold Kronecker products,

and similarly for the inverses,

With so many more subsets per trace set at sixth-order, there is a real danger that we will encounter trace sets with at least one empty subset, preventing us from embedding into that trace set. To find out, we test this cover modification on 1000 uncompressed grayscale raster images ( $512 \times 512$ PGM format from the BOSS database cited earlier) and 1000 uncompressed color raster images (high-resolution TIF format from the USDA NRCS archive8

⁸
http://photogallery.nrcs.usda.gov/

resized to

640 \times 450

). Indeed, all of the trace sets in 20% of the grayscale and 50% of the color images had at least one empty subset, with the result that these images could not be modified and so could not serve as covers. The remaining images in each data set overwhelmingly contained only a single trace set with no empty subsets (typically

C_{0, 0, 0, 0, 0}

), with a resulting very low embedding capacity: 0.01% and 0.02% for grayscale and color, respectively. Evidently, a full sixth-order cover modification can only be done at the expense of a virtually empty stego image.

6.2. Third-order solutions with partial embedding strategies

The problem with the sixth-order approach is that a single empty subset excludes all the pixels in its trace set. We cannot get rid of empty subsets because they are a property of the cover image which we intend to preserve; but, we can mitigate the collateral damage their exclusion has on other subsets. One idea is to reduce the sizes of the trace sets so that the number of pixels that must be omitted from embedding is smaller in the event that the trace set contains an empty subset. One way to reduce the number of subsets per trace set is to reduce the dimensionality of the transformation: while we are stuck preserving sixth-order statistics, we are not actually stuck with the sixth-order transformation, $T_{6}$ , and the corresponding large 64-dimensional trace sets. At the start of this section, we argued that the trouble with modifying second- or third-order statistics such that the other is also preserved lies in the middle pair, $(x_{4}, x_{5})$ , of the sextuplet Eq. (17). To accommodate these pixels, we were forced to consider the sixth-order statistics of the cover, which we’ve just seen is not possible. Alternatively, we can simply omit these pixels from the embedding,

Then, $m_{1}$ and $m_{2}$ transform solely due to changes to pixels $x_{1}$ and $x_{2}$ , and $m_{4}$ and $m_{5}$ solely to changes to pixels $x_{5}$ and $x_{6}$ . The middle index $m_{3}$ is left unchanged. Cover modification can be done on triplets, and since only pairs that are fully inside triplets are embedded, these modifications will work to preserve second-order statistics as well. In this way, we break the sixth-order problem up into two separate third-order problems.

Since only two pixels in each triplet are ever embedded, each triplet undergoes a second-order transformation governed by $T_{2}$ of Eq. (5). The first triplet belongs to either the trace set { $E_{2 m, 2 n}$ , $O_{2 m - 1, 2 n}$ , $E_{2 m + 1, 2 n - 1}$ , $O_{2 m, 2 n - 1}$ } or { $E_{2 m, 2 n + 1}$ , $O_{2 m - 1, 2 n + 1}$ , $E_{2 m + 1, 2 n}$ , $O_{2 m, 2 n}$ }, and the second triplet to either the trace set{ $E_{2 m, 2 n}$ , $E_{2 m, 2 n - 1}$ , $E_{2 m + 1, 2 n + 1}$ , $E_{2 m + 1, 2 n}$ } or{ $O_{2 m, 2 n + 1}$ , $O_{2 m - 1, 2 n + 1}$ , $O_{2 m + 1, 2 n}$ , $O_{2 m, 2 n}$ }, and so the original 64-dimensional, sixth-order transition matrix decomposes as $\begin{matrix} (28) & 64 = 8 \otimes 8 = (4 \oplus 4) \otimes (4 \oplus 4) . \end{matrix}$ The four-dimensional trace sets are smaller and so the damage incurred from empty subsets is better contained. Subsets are also much less likely to be empty in the first place since they are larger and more inclusive. The cost is that we must exclude 1/3 of the image pixels from the embedding process.9

⁹
We also considered the strategy of omitting the four middle pixels from Eq. (17), which, on its face would seem worse since twice as many pixels are excluded at the outset. But, the trace sets are even smaller in this case and the subsets even more general, and so the maximum α could be large enough to compensate for the loss of pixels. The LSB embedding transformation is composed of two separate families of single-pixel transformations on triplets: $E_{2 m, □} \leftrightarrow O_{2 m - 1, □}$ with $□ = 2 n, 2 n + 1$ , and $O_{2 m, □} \leftrightarrow E_{2 m + 1, □}$ with $□ = 2 n, 2 n - 1$ for the first triple in each sextuplet (in which the first pixel is embedded); and $E_{□, 2 n} \leftrightarrow E_{2 m, 2 n + 1}$ with $□ = 2 m, 2 m + 1$ , and $O_{2 m, 2 n - 1} \leftrightarrow O_{□, 2 n}$ with $□ = 2 m, 2 m - 1$ for the second triple in each sextuplet (in which the last pixel is embedded). Each of these transitions defines a separate trace set, of which there are eight for each m each with only two subsets: ${E_{2 m, □}, O_{2 m - 1, □}}$ and ${E_{2 m + 1, □}, O_{2 m, □}}$ for triplets $(x_{1}, x_{2}, x_{3})$ ; and ${E_{□, 2 m}, E_{2 m, 2 n + 1}}$ and ${O_{2 m, 2 n - 1}, O_{□, 2 n}}$ for triplets $(x_{4}, x_{5}, x_{6})$ . The transition matrix decomposes as $\begin{matrix} (29) & 64 = 8 \otimes 8 = ⨁_{i = 1}^{4} 2_{i} \otimes ⨁_{i = 1}^{4} 2_{i}, \end{matrix}$ so that each of the eight trace sets are acted on by $T_{1}$ . In comparison with the strategy in the body, though α tends to be larger for the image types tested, it does not offset the reduction in capacity from discarding the additional 1/3 of pixels.

Fig. 5.

Distribution of maximum embedding rates α for images cover-modified to resist both SPA and triples steganalysis. Results of 1000 (a) uncompressed grayscale, (b) uncompressed color, (c) JPEG-compressed color raster images.

To perform this cover modification, we consider sets with $- 5 ⩽ m, n ⩽ 5$ . The first triplet in each sextuplet is placed into the set called $P_{1}$ and the second into the set called $P_{2}$ . The maximum embedding capacity is determined by applying Eq. (16) to $P_{1}$ and $P_{2}$ separately, and the smaller of the two is selected. For almost all images, there were several omitted trace sets; all included trace subsets were then adjusted according to the method outlined in Section 4. We test the effectiveness of this cover modification against SPA and Triples analysis for the three image data sets: uncompressed grayscale, uncompressed color, and JPEG-compressed color raster images (jpg format from the NRCS archive resized to $640 \times 450$ and converted to bitmaps). Only cover images that were consistent with zero embedding at 95% CL according to both detectors were selected for testing. Some images nonetheless still lead to detections at this threshold, and so for these we tuned the embedding rate down until it was no longer detected by either attack. The distribution of maximum embedding rates that escape both SPA and Triples detections are shown in Fig. 5 for uncompressed grayscale images (a) and uncompressed color images (b). Both images formats support undetectable embedding rates between around 0.05–0.25 bits per channel (bpc), with an average of 0.12 bpc for grayscale and 0.17 bpc for color.

For JPEG-compressed images, we find that larger embedding rates are possible, with a range of 0.05–0.40 bpc, and an average of 0.21 bpc, Fig. 5(c). This result is especially of interest since Triples analysis has shown to be much more reliable than pairs analysis at both detecting messages and estimating their length in JPEG-compressed covers, making it the last line of defense against these image types. Cover modifications that resist these attacks at moderate embedding capacities might therefore be of considerable value.

Before closing this section, we note that since first-order statistics, namely the quantities characterizing the distribution of single pixel values, are not adjusted during cover modification, the pixel value histogram will reflect LSB embedding. However, the $χ^{2}$ inference used to detect LSB embedding is not discriminating for randomly embedded messages with the relatively low embedding rates possible with cover modification at this order.

6.3. Message embedding and extraction

Once the cover modification is complete, messages can be embedded in the standard way, typically along a pixel path selected pseudo-randomly from the image. This pseudo-random sequence can be generated via a stream cipher with a secret key shared between the sender and receiver. The difficulty here, though, is that some pixels along the pseudo-random path might not be suitable for embedding for one of two reasons: i) the pixel belongs to an omitted trace set, or ii) the pixel belongs to the middle pair of a sextuplet (position $x_{3}$ or $x_{4}$ in Eq. (27)), which must be excluded according to our chosen embedding strategy. Assuming the sender performed the cover modification and so knows the omitted trace sets and the embedding strategy, they can simply skip these pixels when encountered along the pseudo-random path during the embedding procedure; the recipient, however, also must know which pixels have been skipped so that they extract data only from embedded pixels. Otherwise, the extracted message will contain point errors corresponding to non-embeddable pixels whose LSB’s do not carry message bits. Since the embedding strategy is a fixed feature of this method, it can be reasonably assumed that the recipient knows this strategy and so skips middle-pair pixels during extraction. The recipient, however, does not in general know which trace sets have been omitted, because these depend on the particular cover image chosen, and so will unwittingly extract LSBs from these non-embeddable pixels. This is not a problem as long as these LSBs can later be identified and removed. One way to do this is to simply provide the list of omitted trace sets to the recipient. For $- 5 ⩽ m, n ⩽ 5$ , this is a $2 \times 11^{2} = 242$ bit data structure, where the factor of two arises from the two separate families of trace sets: those of triplet type $(x_{1}, x_{2}, x_{3})$ and those of type $(x_{4}, x_{5}, x_{6})$ . This structure can typically be compressed by a factor of 5 or so, down to around 50 bits. If a covert channel exists between the sender and receiver, this data can be directly shared. A more convenient and practical solution is to embed it along with the message into the stego image: all that is needed is a contiguous group of embeddable pixels along the pseudo-random path large enough to contain the data structure (about 50 pixels for a 50 bit structure).10

¹⁰
Even for the small $512 \times 512$ grayscale images considered in this study, such regions are typically plentiful with room to spare.

The recipient first extracts the LSBs from the pixels along the pseudo-random path, skipping middle-pair pixels (but including the LSBs of pixels from omitted trace sets because these are unknown to the recipient.) They then scan the extracted data for this 50-bit data structure: since it is embedded in a contiguous group of embeddable pixels, it can be recovered without error and used immediately to identify the omitted trace sets. With this information, the recipient can then remove the LSBs of omitted pixels from the extracted data to obtain the correct message.

It is also standard to encrypt the message prior to embedding, both for confidentiality and so that, as an effectively pseudo-random bit sequence, the message won’t introduce statistical artifacts into the image. Here, if the message is encrypted and then embedded, the recipient’s decrypted message will contain errors because the extracted sequence will contain additional bits—those corresponding to the LSBs of omitted pixels—that were ignored during encryption. For example, schematically, key bit $k_{i}$ is used to encrypt message bit $m_{i}$ . But, suppose that there is a pair of pixels from an omitted trace set between the first and the nth pixels along the pseudo-random path. Then, key bit $k_{n}$ will be used to decrypt message bit $m_{n - 2}$ , causing errors throughout the remainder of the sequence. So, instead of encrypting the message itself, the sender must take into account the extra bits that the recipient will unwittingly attempt to decrypt along with the message. Here is how that is done.

Rather then encrypt the message itself (hereafter $m_{K}$ for a message of length K), the sender encrypts a certain master sequence $M$ that is constructed as follows. First, the sender computes the pseudo-random pixel path, $x$ , through the image, excluding middle-pair pixels, but including pixels from omitted sets. If pixel $x_{i}$ is embeddable, then $M_{i} = m_{i}$ ; else, set $M_{i}$ to some arbitrary constant, say $M_{i} = 1$ . These values are arbitrary because they are merely serving as place holders to keep the encryption and decryption processes in synch; these values are never actually used in the embedding. The master sequence, $M$ , therefore includes both message bits and place holder values (corresponding to omitted pixels) in the order determined by the pseudo-random pixel path. Then, $M$ is encrypted bit-wise to form the sequence $\overline{M}$ , and embedded along the pseudo-random pixel path as follows: if ${\overline{M}}_{i}$ is a message bit, embed it into the LSB of $x_{i}$ ; otherwise, skip it and the pixel $x_{i}$ .

Upon receipt, the recipient extracts all LSBs along the pseudo-random path (excluding middle-pair pixels, since the embedding strategy is assumed known to them), and decrypts the resulting bit sequence obtaining the sequence $\tilde{M}$ . The LSBs of pixels from omitted trace sets that were not embedded will generally decrypt in error (won’t decrypt to the place holder value), and so $M \neq \tilde{M}$ , but as long as the cipher is synchronous these will be point errors and not affect neighboring bits. Therefore, message bits will decrypt correctly, with ${\tilde{m}}_{i} = m_{i}$ . The recipient then scans the decrypted sequence for the 50-bit data structure indicating the omitted trace sets, and uses this information to drop the associated LSBs to recover the message, $m$ . This process is illustrated schematically in Fig. 6.

Fig. 6.

Message encryption/embedding (left) and extraction/decryption (right) processes. Gray squares indicate omitted pixels and red squares indicate decryption errors. See text for symbol definitions and discussion.

7. Security against higher-order structural attacks

We have demonstrated that LSB embedding can be secured against second- and third-order structural attacks. But this raises the obvious question: is it susceptible to fourth-order attacks? In principle, yes. The quadruples analysis of [32] was shown generally effective but difficult to apply, owing to the uncertainty over which root of the quartic polynomial for q to select as the predicted change rate. Ker suggests selecting the root closest to the estimate from a prior detection using SPA or Triples; however, these methods fail to detect any embedded message for covers modified according to Section 5. It is therefore unclear how quadruples analysis could be applied in practice against these kinds of stego images.

An extension of this methodology to provide fourth-order protections is possible, but we find that embedding capacities are close to zero. This is due to two factors: the loss of available pixels from the embedding strategy, and the limits imposed by donor set cardinality during cover modification. The embedding strategy is necessary since to preserve all statistics up to fourth-order, one needs to work with $4 \times 3 = 12$ -tuples of pixels and these large trace sets are almost guaranteed too all have at least one empty subset (easily as big a problem as with the sixth-order cover modification seen earlier). The embedding strategy is similar to that considered in Section 5: at 12th-order, there are no pairs straddling quadruples as there were at third-order (the “middle pair”), but there are triplets which would need to be omitted from the embedding for the same reasons,

This strategy reduces the number of available pixels to $6 / 12 = 1 / 2$ the total. Average embedding capacities for a fourth-order cover modification are around 8% of embeddable pixels, giving a total capacity for the image of around 4%. This is likely too low to be of any practical use.

In general, the order of the cover modification is the least common multiple of all relevant orders whose statistics are to be preserved. Let the highest-order preserved statistic be k, and let the least common multiple be n. Then, only $⌊ k / 2 ⌋ + 1$ pixels in the first and last k-tuples in each n-tuple are embeddable (all the others belonging to tuples that straddle the interior k-tuples.) The result is that only the fraction $2 \times (⌊ k / 2 ⌋ + 1) / n$ are embeddable pixels for a general nth-order cover modification. For $k = 5$ , this fraction is 1/10 and so on average overall embedding capacities are less than 1%. We conclude from this that practical protection against structural steganalysis via cover modification does not extend beyond $k = 3$ .

8. Conclusions

This work has explored the extent to which LSB embedding can be made secure against structural steganalysis by modifying consecutive pixel count statistics of cover images prior to message embedding. It is observed that modifications to protect against structural steganalysis at a particular order do not secure LSB embedding against higher-order attacks. Given the effectiveness of the third-order Triples analysis of [31] at detecting moderate LSB embedding rates, particularly against JPEG-compressed images, we sought in this research to develop a cover modification that would be protective against both Sample Pairs and Triples analyses.

We found that the sixth-order cover modification necessary to preserve both the second- and third-order cover statistics targeted by Sample Pairs and Triples analyses resulted in virtually zero embedding capacity. This is because the large, 64-dimensional trace sets overwhelmingly tend to have at least one empty subset, preventing the redistribution of sextuplets within that trace set. We therefore considered instead reverting to a third-order cover modification, but only embedding into certain pixels so that both second- and third-order statistics would be preserved. Specifically, if all but the middle two pixels in each sextuplet are available for embedding, redistribution of pixel triplets also preserves second-order statistics and moderate embedding rates can be achieved. We find that for uncompressed color and grayscale raster images, undetectable embedding rates range from around 0.05-0.30 bpc, with an average of 0.12 bpc and 0.17 bpc, respectively. For JPEG-compressed color images, we find generally higher undetectable payloads upwards to 0.40 bpc, with an average of 0.21 bpc. Since Triples analysis has shown to be superior to SPA at detecting the presence of messages and estimating their length in JPEG-compressed images [31], cover modifications that can defeat Triples are especially salient for this image type.

We also conclude that cover modifications performed at higher than third order result in virtually zero embedding capacity, and so protections cannot be extended beyond Triples analysis. This finding suggests that quadruples and even higher-order structural steganalysis should continue to be matured and developed in the face of these kinds of cover modifications.

Though accurate and powerful, structural steganalysis is not the only attack against LSB embedding. For example, the weighted stego-image [18,34] and asymptotic uniform most powerful (AUMP) [10] tests are robust detectors of LSB embedding that operate according to different principles, and so are not defeated with these kinds of cover modifications. It is an open question whether the cover statistics targeted by structural steganalysis can be modified while also preserving the cover models exploited by weighted stego-image and AUMP steganalysis. Our approach might also be extended to secure against more general pixel grouping geometries like those explored in the Closure of Sets work of [35,36].

Lastly, a nagging shortcoming of this methodology is the need to omit the pixels of entire trace sets in order to increase the maximum embedding rate. This requires that the recipient perform the additional work of identifying and removing the LSBs of the omitted pixels from the extracted data before a meaningful message can be recovered. Further, of course, having these pixels available for embedding in the first place would considerably increase the embedding capacity in many cases. Future work could explore cover pre-processing (prior to the modifications studied here) that redistributes pixels in trace sets with small (and, hence, limiting) donor subsets; such transfers, however, would not be reversed in the course of LSB embedding and so would stand as permanent modifications to the cover image. Such alterations would need to be performed carefully to avoid the introduction of statistical artifacts, and hence warrant further study.

Footnotes

Acknowledgment

The author thanks colleague Max Kresch for helpful discussions and for providing the NRCS image data set. The author acknowledges use of the software available at http://dde.binghamton.edu/.

References

Bansal,

Muttoo and

Kumar, Security against sample pair steganalysis in eight queens data hiding technique, International Journal of Computer Network and Information Security 8 (2016), 39–46. doi:10.5815/ijcnis.2016.08.05.

Böhme and

Westfeld, Exploiting preserved statistics for steganalysis, in: Information Hiding,

Fridrich, ed., Springer, Berlin, Heidelberg, 2005, pp. 82–96.

Boroumand,

Chen and

Fridrich, Deep residual network for steganalysis of digital images, IEEE Transactions on Information Forensics and Security 14(5) (2019), 1181–1193. doi:10.1109/TIFS.2018.2871749.

Chaumont, 14 – deep learning in steganography and steganalysis, in: Digital Media Steganography,

Hassaballah, ed., Academic Press, 2020, pp. 321–349. doi:10.1016/B978-0-12-819438-6.00022-0.

Dabeer,

Sullivan,

Madhow,

Chandrasekaran and

Manjunath, Detection of hiding in the least significant bit, Signal Processing, IEEE Transactions on 52 (2004), 3046–3058. doi:10.1109/TSP.2004.833869.

Dumitrescu and

Wu, Lsb steganalysis based on high-order statistics, in: Proceedings of the 7th Workshop on Multimedia and Security, Association for Computing Machinery, New York, NY, USA, 2005, pp. 25–32. doi:10.1145/1073170.1073176.

Dumitrescu,

Wu and

N.D.

Memon, On steganalysis of random lsb embedding in continuous-tone images, in: Proceedings. International Conference on Image Processing, Vol. 3, 2002, pp. 641–644. doi:10.1109/ICIP.2002.1039052.

Dumitrescu,

Wu and

Wang, Detection of lsb steganography via sample pair analysis, Signal Processing, IEEE Transactions on 51 (2003), 1995–2007. doi:10.1109/TSP.2003.812753.

J.J.

Eggers,

Bäuml and

Girod, A communications approach to image steganography, in: Proceedings of SPIE: Electronic Imaging 2002, Security and Watermarking of Multimedia Contents IV, SPIE, 2002, pp. 26–37.

10.

Fillatre, Adaptive steganalysis of least significant bit replacement in grayscale natural images, IEEE Transactions on Signal Processing 60 (2012), 556–569. doi:10.1109/TSP.2011.2174231.

11.

Filler and

Fridrich, Design of adaptive steganographic schemes for digital images, in: Media Watermarking, Security, and Forensics III (SPIE, 2011), 7880,

N.D.

Memon,

Dittmann,

A.M.

Alattar and

E.J.

Delp III, eds, International Society for Optics and Photonics, 2011, pp. 140–153.

12.

Filler,

Judas and

Fridrich, Minimizing embedding impact in steganography using trellis-coded quantization, IEEE Transactions on Information Security and Forensics 6 (2010), 754105.

13.

Franz, Steganography preserving statistical properties, in: Information Hiding,

F.A.P.

Petitcolas ed., Springer, Berlin, Heidelberg, 2003, pp. 278–294. doi:10.1007/3-540-36415-3_18.

14.

Fridrich, Ensemble classifier – matlab implementation (2013), [Online; accessed, 9-September-2021.

15.

Fridrich, Steganographic algorithms (2015), [Online; accessed, 9-September-2021.

16.

Fridrich, Quantitative steganalysis using rich models, 2013, Online; accessed, 9-September-2021.

17.

Fridrich and

Filler, Practical methods for minimizing embedding impact in steganography, in: Security, Steganography, and Watermarking of Multimedia Contents IX,

E.J.

Delp III and

P.W.

Wong, eds, International Society for Optics and Photonics, Vol. 6505, SPIE, 2007, pp. 13–27. doi:10.1117/12.696519.

18.

Fridrich and

Goljan, On estimation of secret message length in LSB steganography in spatial domain, in: Security, Steganography, and Watermarking of Multimedia Contents VI, International Society for Optics and Photonics, Vol. 5306, SPIE, 2004, pp. 23–34. doi:10.1117/12.521350.

19.

Fridrich,

Goljan and

Du, Detecting lsb steganography in color and gray-scale images, IEEE MultiMedia 8(4) (2001), 22–28. doi:10.1109/93.959097.

20.

Fridrich and

Kodovsky, Steganalysis of lsb replacement using parity-aware features, Information Hiding 05 (2012), 31–45.

21.

Fridrich and

Kodovsky, Rich models for steganalysis of digital images, IEEE Transactions on Information Forensics and Security 7 (2012), 868–882. doi:10.1109/TIFS.2012.2190402.

22.

Fridrich and

Kodovsky, Multivariate Gaussian model for designing additive distortion for steganography, in: International Conference on Acoustics, Speech, and Signal Processing, 1988, ICASSP-88, IEEE, 2013, pp. 2949–2953.

23.

Fridrich and

Soukal, Matrix embedding for large payloads, Trans. Info. For. Sec. 1 (2006), 390–395. doi:10.1109/TIFS.2006.879281.

24.

Ghazanfari,

Ghaemmaghami and

S.R.

Khosravi, Lsb++: An improvement to lsb+ steganography, in: TENCON 2011 – 2011 IEEE Region 10 Conference, 2011, pp. 364–368. doi:10.1109/TENCON.2011.6129126.

25.

Harmsen and

Pearlman, Steganalysis of additive-noise modelable information hiding, in: Security and Watermarking of Multimedia Contents V,

E.J.

Delp III and

P.W.

Wong, eds, International Society for Optics and Photonics, Vol. 5020, SPIE, 2003, pp. 131–142. doi:10.1117/12.476813.

26.

Hayes and

Danezis, Generating steganographic images via adversarial training, in: Proceedings of the 31st International Conference on Neural Information Processing Systems, NIPS’17, Curran Associates Inc., Red Hook, NY, USA, 2017, pp. 1951–1960.

27.

Holub and

Fridrich, Designing steganographic distortion using directional filters, in: 2012 IEEE International Workshop on Information Forensics and Security (WIFS), IEEE, 2012, pp. 234–239. doi:10.1109/WIFS.2012.6412655.

28.

Holub,

Fridrich and

Denemark, Universal distortion function for steganography in an arbitrary domain, EURASIP Journal on Information Security 2014(1) (2014), 1. doi:10.1186/1687-417X-2014-1.

29.

Hu,

Wang,

Jiang,

Zheng and

Li, A novel image steganography method via deep convolutional generative adversarial networks, IEEE Access 6 (2018), 38303–38314. doi:10.1109/ACCESS.2018.2852771.

30.

Ker, Improved detection of lsb steganography in grayscale images, in: Information Hiding, Springer-Verlag, Berlin, Heidelberg, 2004, pp. 296–311.

31.

Ker, A general framework for structural steganalysis of lsb replacement, in: Proceedings of the 7th International Conference on Information Hiding, IH’05, Springer-Verlag, Berlin, Heidelberg, 2005, pp. 296–311.

32.

Ker, Fourth-order structural steganalysis and analysis of cover assumptions, in: Security, Steganography, and Watermarking of Multimedia Contents VIII,

E.J.

Delp III and

P.W.

Wong, eds, International Society for Optics and Photonics, Vol. 6072, SPIE, 2006, pp. 25–38.

33.

Ker, Optimally weighted least-squares steganalysis, in: Security, Steganography, and Watermarking of Multimedia Contents IX,

E.J.

Delp III and

P.W.

Wong, eds, International Society for Optics and Photonics, Vol. 6505, SPIE, 2007, pp. 66–81.

34.

Ker and

Böhme, Revisiting weighted stego-image steganalysis, in: Security, Forensics, Steganography, and Watermarking of Multimedia Contents X,

E.J.

Delp III,

P.W.

Wong,

Dittmann and

N.D.

Memon, eds, International Society for Optics and Photonics, Vol. 6819, SPIE, 2008, pp. 56–72.

35.

Khosravirad,

Eghlidos and

Ghaemmaghami, Higher-order statistical steganalysis of random lsb steganography, in: 2009 IEEE/ACS International Conference on Computer Systems and Applications, 2009, pp. 629–632. doi:10.1109/AICCSA.2009.5069392.

36.

Khosravirad,

Eghlidos and

Ghaemmaghami, Closure of sets: A statistically hypersensitive system for steganalysis of least significant bit embedding, Signal Processing, IET 5 (2011), 379–389. doi:10.1049/iet-spr.2010.0048.

37.

Kodovský and

Fridrich, Quantitative steganalysis using rich models, in: Media Watermarking, Security, and Forensics 2013,

A.M.

Alattar,

N.D.

Memon and

C.D.

Heitzenrater, eds, International Society for Optics and Photonics, Vol. 8665, SPIE, 2013, pp. 228–238.

38.

Kodovsky,

Fridrich and

Holub, Ensemble classifiers for steganalysis of digital media, IEEE Transactions on Information Forensics and Security 7 (2012), 432–444. doi:10.1109/TIFS.2011.2175919.

39.

Kouider,

Chaumont and

Puech, Adaptive steganography by oracle (aso), in: 2013 IEEE International Conference on Multimedia and Expo (ICME), 2013, pp. 1–6.

40.

Li,

Wang,

Huang and

Li, A new cost function for spatial image steganography, in: 2014 IEEE International Conference on Image Processing (ICIP), 2014, pp. 4206–4210. doi:10.1109/ICIP.2014.7025854.

41.

Li,

Wei,

Ferreira and

Tan, Rest-net: Diverse activation modules and parallel subnets-based cnn for spatial image steganalysis, IEEE Signal Processing Letters 25(5) (2018), 650–654. doi:10.1109/LSP.2018.2816569.

42.

Liao,

Yin,

Chen and

Qin, Adaptive payload distribution in multiple images steganography based on image texture features, IEEE Transactions on Dependable and Secure Computing (2020), 1–1.

43.

Liu,

Ke,

Zhang,

Lei,

Li,

Zhang and

Yang, Recent advances of image steganography with generative adversarial networks, IEEE Access 8 (2020), 60575–60597. doi:10.1109/ACCESS.2020.2983175.

44.

Lou and

Hu, Lsb steganographic method based on reversible histogram transformation function for resisting statistical steganalysis, Information Sciences 188 (2012), 346–358. doi:10.1016/j.ins.2011.06.003.

45.

Lu,

Luo,

Tang and

Shen, An improved sample pairs method for detection of lsb embedding, in: Information Hiding,

Fridrich, ed., Springer, Berlin, Heidelberg, 2005, pp. 116–127.

46.

Luo,

Huang and

Huang, Edge adaptive image steganography based on lsb matching revisited, IEEE Transactions on Information Forensics and Security 5 (2010), 201–214. doi:10.1109/TIFS.2010.2041812.

47.

Luo,

Liu and

Lu, A lsb steganography approach against pixels sample pairs steganalysis, International Journal of Innovative Computing, Information and Control 3 (2007), 575–588.

48.

Marçal and

Pereira, A steganographic method for digital images robust to rs steganalysis, in: Image Analysis and Recognition,

Kamel and

Campilho, eds, Springer, Berlin, Heidelberg, 2005, pp. 1192–1199. doi:10.1007/11559573_144.

49.

Mielikainen, Lsb matching revisited, IEEE Signal Processing Letters 13 (2006), 285–287. doi:10.1109/LSP.2006.870357.

50.

Pevný,

Filler and

Bas, Using high-dimensional image models to perform highly undetectable steganography, in: Information Hiding,

Böhme,

P.W.L.

Fong and

Safavi-Naini, eds, Springer, Berlin, Heidelberg, 2010, pp. 161–177. doi:10.1007/978-3-642-16435-4_13.

51.

Sedighi,

Cogranne and

Fridrich, Content-adaptive steganography by minimizing statistical detectability, IEEE Transactions on Information Forensics and Security 11(2) (2016), 221–234. doi:10.1109/TIFS.2015.2486744.

52.

Sharp, An implementation of key-based digital signal steganography, in: Lecture Notes in Computer Science, Vol. 2137, Springer-Verlag, Berlin, Heidelberg, 2001, pp. 13–26.

53.

Shi,

Dong,

Wang,

Qian and

Zhang, SSGAN: Secure steganography based on generative adversarial networks, in: Advances in Multimedia Information Processing – PCM 2017–18th Pacific-Rim Conference on Multimedia, Revised Selected Papers, Part I, Harbin, China, September 28–29, 2017, Lecture Notes in Computer Science, Vol. 10735, Springer, 2017, pp. 534–544.

54.

Shreelekshmi,

Wilscy and

C.E.V.

Madhavan, Cover image preprocessing for more reliable lsb replacement steganography, in: Proceedings of the 2010 International Conference on Signal Acquisition and Processing, ICSAP’10, IEEE Computer Society, USA, 2010, pp. 153–156. doi:10.1109/ICSAP.2010.40.

55.

Shreelekshmi,

Wilscy and

C.E.V.

Madhavan, Undetectable least significant bit replacement steganography, Multimedia Tools and Applications 78 (2018), 10565–10582. doi:10.1007/s11042-018-6541-0.

56.

Tan,

Wu,

Shao,

Li,

Li and

Huang, Calpa-net: Channel-pruning-assisted deep residual network for steganalysis of digital images, IEEE Transactions on Information Forensics and Security 16 (2021), 131–146. doi:10.1109/TIFS.2020.3005304.

57.

Tang,

Li,

Tan,

Barni and

Huang, Cnn-based adversarial embedding for image steganography, IEEE Transactions on Information Forensics and Security 14(8) (2019), 2074–2087. doi:10.1109/TIFS.2019.2891237.

58.

Tang,

Tan,

Li and

Huang, Automatic steganographic distortion learning using a generative adversarial network, IEEE Signal Processing Letters 24(10) (2017), 1547–1551. doi:10.1109/LSP.2017.2745572.

59.

Tzschoppe,

Baeuml,

Huber and

Kaup, Steganographic system based on higher-order statistics, in: Security and Watermarking of Multimedia Contents V,

E.J.

Delp III and

P.W.

Wong, eds, International Society for Optics and Photonics, Vol. 5020, SPIE, 2003, pp. 156–166. doi:10.1117/12.477301.

60.

Westfeld and

Pfitzmann, Attacks on steganographic systems, in: Information Hiding,

Pfitzmann, ed., Springer, Berlin, Heidelberg, 2000, pp. 61–76. doi:10.1007/10719724_5.

61.

Wikipedia contributors, Steganography tools (2021), [Online; accessed 9-September-2021].

62.

Wu and

Tsai, A steganographic method for images by pixel-value differencing, Pattern Recognition Letters 24(9) (2003), 1613–1626. doi:10.1016/S0167-8655(02)00402-6.

63.

Wu,

J.-L.

Dugelay and

Cheung, A data mapping method for steganography and its application to images, in: Information Hiding,

Solanki,

Sullivan and

Madhow, eds, Springer, Berlin, Heidelberg, 2008, pp. 236–250. doi:10.1007/978-3-540-88961-8_17.

64.

Xu,

H.-Z.

Wu and

Y.-Q.

Shi, Structural design of convolutional neural networks for steganalysis, IEEE Signal Processing Letters 23(5) (2016), 708–712. doi:10.1109/LSP.2016.2548421.

65.

Yang,

Ruan,

Huang,

Kang and

Y.-Q.

Shi, An embedding cost learning framework using gan, IEEE Transactions on Information Forensics and Security 15 (2020), 839–851. doi:10.1109/TIFS.2019.2922229.

66.

Ye,

Ni and

Yi, Deep learning hierarchical representations for image steganalysis, IEEE Transactions on Information Forensics and Security 12(11) (2017), 2545–2557. doi:10.1109/TIFS.2017.2710946.

67.

Yedroudj,

Comby and

Chaumont, Yedroudj-net: An efficient cnn for spatial steganalysis, in: 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2018, pp. 2092–2096. doi:10.1109/ICASSP.2018.8461438.

68.

Yedroudj,

Comby and

Chaumont, Steganography using a 3-player game, Journal of Visual Communication and Image Representation (2020).

69.

K.A.

Zhang,

Cuesta-Infante,

Xu and

Veeramachaneni, Steganogan: High capacity image steganography with gans, 2019.

70.

Zhang and

Ping, A new approach to reliable detection of lsb steganography in natural images, Signal Process. 83 (2003), 2085–2093. doi:10.1016/S0165-1684(03)00169-5.

71.

Zhu,

Kaplan,

Johnson and

Fei-Fei, Hidden: Hiding data with deep networks, in: Proceedings of the European Conference on Computer Vision (ECCV), 2018.

Securing LSB embedding against structural steganalysis

Abstract

Keywords

1. Introduction

3. Why LSB embedding?

1 In LSB matching pixel values are randomly changed by ± 1 so that their LSB’s match message bits; this process does not cause obvious statistical artifacts like LSB embedding.

2 https://github.com/bapowellphys/LSB_cover_mods

3.3. Prevalence of state-of-the-art steganalysis

4. Structural steganalysis

4.1. First-order attacks

4.2. Second-order attacks

3 A multiset is the generalization of a set to include non-unique elements. Hereafter we will simply refer to them as sets.

5. Cover modifications to defeat SPA

7 In what follows, we refer to an nth-order cover modification as one that adjusts the cardinalities of sets of n-tuples.

8 http://photogallery.nrcs.usda.gov/

10 Even for the small 512 × 512 grayscale images considered in this study, such regions are typically plentiful with room to spare.

8. Conclusions

Footnotes

Acknowledgment

References

¹
In LSB matching pixel values are randomly changed by $\pm 1$ so that their LSB’s match message bits; this process does not cause obvious statistical artifacts like LSB embedding.

²
https://github.com/bapowellphys/LSB_cover_mods

³
A multiset is the generalization of a set to include non-unique elements. Hereafter we will simply refer to them as sets.

⁷
In what follows, we refer to an nth-order cover modification as one that adjusts the cardinalities of sets of n-tuples.

⁸
http://photogallery.nrcs.usda.gov/

¹⁰
Even for the small $512 \times 512$ grayscale images considered in this study, such regions are typically plentiful with room to spare.