Destruction of Image Steganography using Generative Adversarial Networks

Destruction of Image Steganography using Generative Adversarial Networks

Abstract

Digital image steganalysis, or the detection of image steganography, has been studied in depth for years and is driven by Advanced Persistent Threat (APT) groups’, such as APT37 Reaper, utilization of steganographic techniques to transmit additional malware to perform further post-exploitation activity on a compromised host. However, many steganalysis algorithms are constrained to work with only a subset of all possible images in the wild or are known to produce a high false positive rate. This results in blocking any suspected image being an unreasonable policy. A more feasible policy is to filter suspicious images prior to reception by the host machine. However, how does one optimally filter specifically to obfuscate or remove image steganography while avoiding degradation of visual image quality in the case that detection of the image was a false positive? We propose the Deep Digital Steganography Purifier (DDSP), a Generative Adversarial Network (GAN) which is optimized to destroy steganographic content without compromising the perceptual quality of the original image. As verified by experimental results, our model is capable of providing a high rate of destruction of steganographic image content while maintaining a high visual quality in comparison to other state-of-the-art filtering methods. Additionally, we test the transfer learning capability of generalizing to to obfuscate real malware payloads embedded into different image file formats and types using an unseen steganographic algorithm and prove that our model can in fact be deployed to provide adequate results.

Steganalysis, Deep Learning, Machine Learning, Neural Networks, Steganography, Image Steganalysis, Information Hiding
1

I Introduction

Steganography is the usage of an algorithm to embed hidden data into files such that during the transferral of the file only the sender and the intended recipient are aware of the existence of the hidden payload [12]. In modern day applications, adversaries and Advanced Persistent Threat (APT) groups, such as APT37 Reaper [6], commonly utilize these algorithms to hide the transmission of shellcode or scripts to a compromised system. Once the file is received, the adversary then extracts the malicious payload and executes it to perform further post-exploitation activity on the target machine. Due to the highly undetectable nature of the current state-of-the-art steganography algorithms, adversaries are able to evade defensive tools such as Intrusion Detection Systems (IDS) and/or Antivirus (AV) software which utilize heuristic and rule-based techniques for detection of malicious activity.

Modern steganalysis methods, or techniques developed to specifically detect steganographic content, utilize analytic or statistical algorithms to detect traditional steganography algorithms, such as Least Significant Bit (LSB) steganography [9]. However, these methods struggle to detect advanced steganography algorithms, which embed data using unique patterns based on the content of each individual file of interest. This results in high false positive rates when detecting steganography and poor performance when deployed, effectively making it unrealistic to perform preventative measures such as blocking particular images or traffic from being transmitted within the network. Furthermore, image steganalysis techniques are typically only capable of detecting a small subset of all possible images, limiting them to only detect images of a specific size, color space, or file format.

To address these issues, the usage of steganography destruction techniques can be used to provide a more feasible policy to handling potential false alarms. Instead of obstructing the transmission of suspicious images, filtering said images to remove steganographic content effectively making it unusable by potential adversaries provides a simpler solution. However, traditional and unintelligent steganographic filtering techniques result in the additional issue of degrading image quality.

In this paper, we propose an intelligent image steganography destruction model which we term Deep Digital Steganography Purifier (DDSP), which utilizes a Generative Adversarial Network (GAN) [16] trained to remove steganographic content from images while maintaining high perceptual quality. To the best of our knowledge, our DDSP model removes the greatest amount of steganographic content from images while maintaining the highest visual image quality in comparison to other state-of-the-art image steganography destruction methods detailed in Section II-A.

The rest of the paper is organized as follows. Section II will discuss the prior work in the image steganography purification domain, along with the background information on GANs. The dataset used for evaluating our image purification model will be presented in Section III, followed by a detailed description of DDSP in Section IV. The experimental results will be discussed and analyzed in Section V. Finally the conclusion and future works will be presented in Section VI.

Ii Background

Ii-a Prior Work

Attacks on steganographic systems [35] have been an active topic of research with differing objectives of either completely removing hidden steganographic content or slightly obfuscating the steganographic data to be unusable while avoiding significant degradation of file quality. Within the same realm of machine learning based steganographic attacks, the PixelSteganalysis [20] method utilizes an architecture based on PixelCNN++ [28] to build pixel and edge distributions for each image which are then manually removed from the suspected image. The PixelSteganalysis method is experimented against three steganographic algorithms, Deep Steganography [7] a Deep Neural Network (DNN) based algorithm, Invisible Steganography GAN (ISGAN) [36] a GAN based algorithm, and the Least Significant Bit (LSB) algorithm. The majority of other steganographic destruction techniques are based on non-machine learning based methods which utilize various digital filters or wavelet transforms [4, 5, 2, 29, 1, 30, 3, 31]. While these approaches may appear simple to implement and do not require training on a dataset, they do not specifically remove artifacts and patterns left by steganographic algorithms. Instead these techniques look to filter out high frequency content, which can result in image quality degradation due to perceptual quality not being prioritized.

Ii-B Super Resolution GAN

The application of GANs for removing steganographic content while maintaining high visual quality draws inspiration from the application of GANs to the task of single image super resolution (SISR). Ledig et. al’s research [22] utilized the GAN framework to optimize a ResNet [17] to increase the resolution of low resolution images to be as visually similar as possible to their high resolution counterparts. Their research additionally detailed that using the GAN framework as opposed solely to a pixel-wise distance loss function, e.g. mean squared error (MSE), results in additional high frequency texture detail to be recreated. They note that using the MSE loss function alone results in images that appear perceptually smooth due to the averaging nature of their objective function. Instead, the authors optimize a multi-objective loss function which is composed of a weighted sum of the pixel-wise MSE as a content loss and the adversarial loss produced by the GAN framework to reconstruct the low and high frequency detail, respectively.

Iii Data

To train our proposed model, we utilized the BOSSBase dataset [8] because it is used as a benchmark dataset for numerous steganalysis papers. The dataset contains 10,000 grayscale images of size 512x512 of the portable gray map (PGM) format. The images were preprocessed prior to training by converting to the JPEG format with a quality factor of 95% and resizing to 256x256 dimensions. As seen in Figure 1, 4 different steganography algorithms are used to embed payloads into the 10,000 images. These algorithms (HUGO [27], HILL [23], S-UNIWARD [18], and WOW [19]) are a few state-of-the-art steganography algorithms which are difficult to detect even by modern steganalysis algorithms. These algorithms are open source and made available by the Digital Data Embedding Laboratory of Binghamton University [15]. For each of these steganography algorithms, 5 different embedding rates, 10%, 20%, 30%, 40%, and 50%, were used with 10% being the most difficult to detect, and 50% being the easiest to detect. This process created a total of 210,000 images consisting of 200,000 steganographic images, and 10,000 cover images. The BOSSBase dataset was then split into train and test sets using a train/test split criterion of 75%/25%.

Fig. 1: Steganography dataset creation process
Fig. 2: Deep Digital Steganography Purifier (DDSP) Architecture
Fig. 3: Autoencoder Architecture
Fig. 4: Encoder Network Architecture

Iv Deep Digital Steganography Purification

Deep Digital Steganography Purifier (DDSP) consists of a similar architecture to SRGAN [22]. However instead of using a large ResNet, DDSP utilizes a pretrained autoencoder as the generator network in the GAN framework to remove the steganographic content from images without sacrificing image quality. The DDSP model can be seen in Figure 2. The autoencoder is initially trained using the MSE loss function and then fine tuned using the GAN training framework. This is necessary because autoencoders are trained to optimize MSE which can cause images to have slightly lower quality than the original image due to the reasons discussed in Section II-B. More detailed descriptions of the architectures are discussed in the following sections.

Iv-a Autoencoder Architecture

The residual autoencoder, seen in Figure 3, consists of encoder and decoder networks. The encoder learns to reduce the size of the image while maintaining as much information necessary. The decoder then learns how to optimally scale the image to its original size while having removed the steganographic content.

Encoder Architecture

The encoder, seen in Figure 4, takes an image with steganography as its input. The input image is then normalized using Min-Max normalization, which scales pixel values to the range of . After normalization, the image is fed into a 2-D convolutional layer with a kernel size of 9x9 and 64 filters, followed by a ReLU activation [26]. The output of the convolutional layer is then fed into a downsample block, seen in Figure 5. The downsample block consists of two 2-D convolutional layers with the first one having a stride of 2 which causes the image to be downsampled by a factor of 2. The use of a convolutional layer to downsample the image is important because it allows the model to learn the near optimal approach to downsample the image while maintaining high image quality. The downsampled output is then passed into 16 serial residual blocks. The residual block architecture can be seen in Figure 6. Following the residual blocks, a final 2-D convolutional layer with batch normalization is added with the original output of the downsample block in a residual manner to form the encoded output.

Decoder Architecture

The decoder, seen in Figure 9, takes the output of the encoder as its input. The input is then upsampled using nearest interpolation with a factor of 2. This will increase the shape of the encoder’s output back to the size of the original input image. The upsampled image is then fed into a 2-D convolutional layer with a kernel size of 3x3 and 256 filters followed by a ReLU activation. This is then fed into another 2-D convolutional layer with a kernel size of 9x9, and 1 filter followed by a Tanh activation. Since the output of the Tanh activation function is in the range , the output is denormalized to scale the pixel values back to the range . This output represents the purified image.

Fig. 5: Downsample Block Architecture
Fig. 6: Residual Block Architecture
Fig. 7: Discriminator Architecture for the DDSP
Fig. 8: Discriminator Block Architecture
Fig. 9: Decoder Network Architecture

Autoencoder Training

To train the autoencoder, steganographic images are used as the input to the encoder. The encoder creates the encoded image which is fed into the decoder which decodes the image back to its original size. The decoded image is then compared to its corresponding cover image counterpart using the MSE loss function. The autoencoder was trained using early stopping and was optimized using the Adam optimizer [21] with a learning rate , , and .

Iv-B GAN Training

Similar to the SRGAN training process, we use the pretrained model to initialize the generator network. As seen in Figure 7, the discriminator is similar to the SRGAN’s discriminator with the exception of DDSP’s discriminator blocks, seen in Figure 8, which contains the number of convolutional filters per layer in decreasing order to significantly reduce the number of model parameters which decreases training time.

To train the DDSP model, the GAN is trained by having the generator produce purified images. These purified images along with original cover images are passed to the discriminator which is then optimized to distinguish between purified and cover images. The GAN framework was trained for 5 epochs (enough epochs for the model to converge) to fine tune the generator to produce purified images with high frequency detail of the original cover image more accurately.

V Results

(a) Original Image
(b) Bicubic Interpolation.
(c) Denoising Wavelet Filter
(d) Autoencoder
(e) DDSP
Fig. 10: Examples of Scrubbed Images Using Various Models

To assess the performance of our proposed DDSP model in comparison to other steganography removal methods, image resizing and denoising wavelet filters, the testing dataset was used to analyze the image purification quality of the DDSP model. Image quality metrics in combination with visual analysis of image differencing are used to provide further insight to how each method purifies the images. Finally, the DDSP model’s generalization abilities are analyzed by testing the transfer learning performance of purifying steganography embedded using different steganography algorithms and file types.

V-a Image Purification Quality

To compare the quality of the resulting purified images, the following metrics were calculated between the purified images and their corresponding steganographic counterpart images: Mean Squared Error (MSE), Peak Signal-to-Noise Ratio (PSNR), Structural Similarity Index (SSIM) [32], and Universal Quality Index (UQI) [33]. The MSE and PSNR metrics are point-wise measurements of error while the SSIM and UQI metrics were developed to specifically assess image quality. To provide a quantitative measurement of the model’s distortion of the pixels to destroy steganographic content, we utilize the bit error ratio (BER) metric, which in our use case can be summarized as the number of bits in the image that have changed after purification, normalized by the total number of bits in the image.

Our proposed DDSP is then baselined against several steganography removal or obfuscation techniques. The first method simply employs bicubic interpolation to downsize an image by a scale factor of 2 and then resize the image back to its original size. As seen in Figure 10(\subreffig:bicubic_scrub), the purified image using bicubic interpolation is blurry and does not perform well with respect to maintaining high perceptual image quality. The next baseline method consists of denoising filters using Daubechies 1 (db1) wavelets [13] and BayesShrink thresholding [11]. An example of the resulting denoised image can be seen in Figure 10(\subreffig:wavelet_scrub). It is notable that the wavelet denoising method is more visually capable of maintaining adequate image quality in comparison to the bicubic resizing method. The final baseline method we compare our DDSP model against is using the pretrained autoencoder prior to GAN fine tuning as the purifier. As seen in Figure 10(\subreffig:autoencoder_scrub), the autoencoder does a sufficient job in maintaining image quality while purifying the image. Finally, the resulting purified image from the DDSP can be seen in Figure 10(\subreffig:gan_scrub). The DDSP and the autoencoder’s purified images have the best visual image quality, with the wavelet filtered image having a slightly lower image quality.

Not only does our proposed DDSP maintain very high perceptual image quality, it is quantitatively better image purifier based on image quality metrics. As seen in Table I, the images purified using DDSP resulted in the greatest performance with respect to the BER, MSE, PSNR, SSIM and UQI metrics in comparison to all baselined methods. Since our proposed DDSP model resulted in the highest BER at 82%, it changed the greatest amount of bits in the image, effectively obfuscating the most amount of steganographic content. Even though our proposed DDSP model changed the highest amount of bits within each image, it produces outputs with the highest quality as verified by the PSNR, SSIM, and UQI metrics, indicating it is the paramount method to use for steganography destruction.

(a) Original Steganography
(b) Bicubic Interpolation
(c) Denoising Wavelet Filter
(d) Autoencoder
(e) DDSP
Fig. 11: Examples of Original Image Subtracted from Using Scrubbed Image from Various Models
Model BER MSE PSNR SSIM UQI
DDSP 0.82 5.27 40.91 0.99 0.99
Autoencoder 0.78 5.97 40.37 0.98 0.99
Wavelet Filter 0.52 6942.51 9.72 0.19 0.50
Bicubic Inter. 0.53 6767.35 9.82 0.22 0.51
TABLE I: Testing Results on the BossBase Dataset

V-B Image Differencing

To provide additional analysis of the different image purification models, we subtract the original cover image from their corresponding purified images allowing for the visualization of the effects caused by steganography and purification. As seen in Figure 11(\subreffig:cover_stego), when the cover image and the corresponding steganographic image are differenced, the resulting image contains a lot of noise. This is expected because the steganography algorithm injects payloads as high frequency noise into the images. The differenced bicubic interpolation purified image, seen in Figure 11(\subreffig:cover_resize), removes the majority of noise from the image. However, as discussed in the previous section, the bicubic interpolation method does not maintain good visual quality as it removes original content from the image. As seen in Figure 11(\subreffig:cover_wavelet) and Figure 11(\subreffig:cover_ae), both the denoising wavelet filter and autoencoder purifier do not remove the noise from the image. Instead, they both appear to inject additional noise into the image to obfuscate the steganographic content, making it unusable. This is visually apparent in the noise located in the whitespace near the top building within the image. For both the wavelet filter and autoencoder, this noise is visually increased in comparison to the original steganographic image. Lastly, as seen in Figure 11(\subreffig:cover_gan), the DDSP model removes the noise from the image instead of injecting additional noise. This is again apparent in the whitespace near the top of the image. In the DDSP’s purified image, almost all of the noise has been removed from these areas, effectively learning to optimally remove the steganographic pattern, which we infer makes the DDSP have the highest image quality in comparison to other methods.

V-C Transfer Learning

Transfer learning can be described as using a applying a model’s knowledge gained while training on a certain task to a completely different task. To understand the generalization capability of our model, we form experiments involving the purification of images embedded using an unseen steganography algorithm along with an unseen image format. Additionally we test the purification method of audio files embedded with an unseen steganography algorithm.

Application to LSB Steganography

To test the generalization of the DDSP model across unseen image steganography algorithms, we recorded the purification performance of the BOSSBase dataset in its original PGM file format embedded with steganographic payloads using LSB steganography [34]. The images were embedded with real malicious payloads generated using Metasploit’s MSFvenom payload generator [24], which is a commonly used exploitation tool. This was done to mimic the realism of an APT hiding malware using image steganography. Without retraining, the LSB steganography images were purified using the various methods. Similar to the results in Section V-A, the DDSP model removed the greatest amount of steganography while maintaining the highest image quality. These results can be verified quantitatively by looking at Table II.

Model BER MSE PSNR SSIM UQI
DDSP 0.82 5.09 41.05 0.98 0.99
Autoencoder 0.78 5.63 40.62 0.98 0.99
Wavelet Filter 0.53 6935.08 9.72 0.19 0.50
Bicubic Inter. 0.53 6763.73 9.83 0.22 0.51
TABLE II: Transfer Learning Results on the LSB Dataset

V-D Application to Audio Steganography

To test the generalization of DDSP across different file formats, we additionally recorded performance metrics on audio files embedded with the same malicious payloads detailed in Section V-C1, using the LSB algorithm. The audio files were from the VoxCeleb1 dataset [25], which contains over 1000 utterances from over 12000 speakers, however we only utilized their testing dataset. The testing dataset contains 40 speakers, and 4874 utterances. In order to use the DDSP model without retraining for purifying the audio files, the audio files were reshaped from vectors into matrices and then fed into the DDSP model. The output matrices from the DDSP model were then reshaped back to the original vector format to recreate the audio file. After vectorization, a butterworth lowpass filter [10] and a hanning window filter [14] were applied to the audio file to remove the high frequency edge artifacts created when vectorizing the matrices. The models were baselined against a 1-D denoising wavelet filter as well as upsampling the temporal resolution of the audio signal using bicubic interpolation after downsampling by a scale factor of 2. As seen in Table III, the pretrained autoencoder, denoising wavelet filter, and DDSP are all capable of successfully obfuscating the steganography within the audio files without sacrificing the quality of the audio, with respect to the BER, MSE, and PSNR metrics. However, the upsampling using bicubic interpolation method provides worse MSE and PSNR in comparison to the other techniques. This shows that those models are generalized and remove steganographic content in various file types and steganography algorithms. Although the wavelet denoising filter has slightly better metrics than the DDSP and the pretrained autoencoder, we believe that the DDSP model would greatly outperform wavelet filtering if trained to simultaneously remove image and audio steganography and appropriately handle 1-D signals as input.

Model BER MSE PSNR
DDSP 0.67 650.12 37.28
Autoencoder 0.67 650.14 37.28
Wavelet Filter 0.67 643.94 37.65
Bicubic Inter. 0.64 1157.01 35.54
TABLE III: Transfer Learning Results on the VoxCeleb1 Dataset

Vi Conclusion

In this paper, we developed a steganography purification model which we term Deep Digital Steganography Purifier (DDSP), which utilizes a Generative Adversarial Network (GAN) which, to the best of our knowledge, removes the highest amount of steganographic content from images while maintaining the highest visual image quality in comparison to other state-of-the-art techniques as verified by visual and quantitative results. In the future, we plan to extend the DDSP model to purify inputs of various types, sizes, and color spaces. Additionally we plan to train the DDSP model on a larger dataset to make the model more robust, thus making it ready to be operationalized for a real steganography purification system.

Vii Acknowledgements

The authors would like to thank the members of our team for their assistance, guidance, and review of our research.

Footnotes

  1. footnotetext: Patent Applied for in the United States

References

  1. F. Al-Naima, S. Y. Ameen and A. F. Al-Saad (2006) Destroying steganography content in image files. In The 5th International Symposium on Communication Systems, Networks and DSP (CSNDSP’06), Greece, Cited by: §II-A.
  2. S. Y. Ameen and M. R. Al-Badrany (2013) Optimal image steganography content destruction techniques. In International Conference on Systems, Control, Signal Processing and Informatics, pp. 453–457. Cited by: §II-A.
  3. P. Amritha, K. Induja and K. Rajeev (2016) Active warden attack on steganography using prewitt filter. In Proceedings of the International Conference on Soft Computing Systems, pp. 591–599. Cited by: §II-A.
  4. P. Amritha, M. Sethumadhavan, R. Krishnan and S. K. Pal (2019) Anti-forensic approach to remove stego content from images and videos. Journal of Cyber Security and Mobility 8 (3), pp. 295–320. Cited by: §II-A.
  5. P. Amritha, M. Sethumadhavan and R. Krishnan (2016) On the removal of steganographic content from images. Defence Science Journal 66 (6), pp. 574–581. Cited by: §II-A.
  6. APT37. External Links: Link Cited by: §I.
  7. S. Baluja (2017) Hiding images in plain sight: deep steganography. In Advances in Neural Information Processing Systems, pp. 2069–2079. Cited by: §II-A.
  8. P. Bas, T. Filler and T. Pevnỳ (2011) ”Break our steganographic system”: the ins and outs of organizing boss. In International workshop on information hiding, pp. 59–70. Cited by: §III.
  9. W. Bender, D. Gruhl, N. Morimoto and A. Lu (1996) Techniques for data hiding. IBM systems journal 35 (3.4), pp. 313–336. Cited by: §I.
  10. S. Butterworth (1930) On the theory of filter amplifiers. Wireless Engineer 7 (6), pp. 536–541. Cited by: §V-D.
  11. S. G. Chang, B. Yu and M. Vetterli (2000) Adaptive wavelet thresholding for image denoising and compression. IEEE transactions on image processing 9 (9), pp. 1532–1546. Cited by: §V-A.
  12. I. Cox, M. Miller, J. Bloom, J. Fridrich and T. Kalker (2007) Digital watermarking and steganography. Morgan kaufmann. Cited by: §I.
  13. I. Daubechies (1992) Ten lectures on wavelets. Vol. 61, Siam. Cited by: §V-A.
  14. O. M. Essenwanger (1986) Elements of statistical analysis. Cited by: §V-D.
  15. J. Fridrich Steganographic algorithms. Digital Data Embedding Laboratory, SUNY Binghamton. External Links: Link Cited by: §III.
  16. I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville and Y. Bengio (2014) Generative adversarial nets. In Advances in neural information processing systems, pp. 2672–2680. Cited by: §I.
  17. K. He, X. Zhang, S. Ren and J. Sun (2016) Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 770–778. Cited by: §II-B.
  18. V. Holub, J. Fridrich and T. Denemark (2014) Universal distortion function for steganography in an arbitrary domain. EURASIP Journal on Information Security 2014 (1), pp. 1. Cited by: §III.
  19. V. Holub and J. Fridrich (2012) Designing steganographic distortion using directional filters. In 2012 IEEE International workshop on information forensics and security (WIFS), pp. 234–239. Cited by: §III.
  20. D. Jung, H. Bae, H. Choi and S. Yoon (2019) PixelSteganalysis: destroying hidden information with a low degree of visual degradation. arXiv preprint arXiv:1902.11113. Cited by: §II-A.
  21. D. P. Kingma and J. Ba (2014) Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980. Cited by: §IV-A3.
  22. C. Ledig, L. Theis, F. Huszár, J. Caballero, A. Cunningham, A. Acosta, A. Aitken, A. Tejani, J. Totz and Z. Wang (2017) Photo-realistic single image super-resolution using a generative adversarial network. In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4681–4690. Cited by: §II-B, §IV.
  23. B. Li, M. Wang, J. Huang and X. Li (2014) A new cost function for spatial image steganography. In 2014 IEEE International Conference on Image Processing (ICIP), pp. 4206–4210. Cited by: §III.
  24. MSFvenom. Offensive Security. External Links: Link Cited by: §V-C1.
  25. A. Nagrani, J. S. Chung and A. Zisserman (2017) VoxCeleb: a large-scale speaker identification dataset. In INTERSPEECH, Cited by: §V-D.
  26. V. Nair and G. E. Hinton (2010) Rectified linear units improve restricted boltzmann machines. In Proceedings of the 27th international conference on machine learning (ICML-10), pp. 807–814. Cited by: §IV-A1.
  27. T. Pevnỳ, T. Filler and P. Bas (2010) Using high-dimensional image models to perform highly undetectable steganography. In International Workshop on Information Hiding, pp. 161–177. Cited by: §III.
  28. T. Salimans, A. Karpathy, X. Chen and D. P. Kingma (2017) Pixelcnn++: improving the pixelcnn with discretized logistic mixture likelihood and other modifications. arXiv preprint arXiv:1701.05517. Cited by: §II-A.
  29. A. Sharp, Q. Qi, Y. Yang, D. Peng and H. Sharif (2013) A novel active warden steganographic attack for next-generation steganography. In 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1138–1143. Cited by: §II-A.
  30. P. L. Shrestha, M. Hempel, T. Ma, D. Peng and H. Sharif (2011) A general attack method for steganography removal using pseudo-cfa re-interpolation. In 2011 International Conference for Internet Technology and Secured Transactions, pp. 454–459. Cited by: §II-A.
  31. C. B. Smith and S. S. Agaian (2007) Denoising and the active warden. In 2007 IEEE International Conference on Systems, Man and Cybernetics, pp. 3317–3322. Cited by: §II-A.
  32. Z. Wang, A. C. Bovik, H. R. Sheikh and E. P. Simoncelli (2004) Image quality assessment: from error visibility to structural similarity. IEEE transactions on image processing 13 (4), pp. 600–612. Cited by: §V-A.
  33. Z. Wang and A. C. Bovik (2002) A universal image quality index. IEEE signal processing letters 9 (3), pp. 81–84. Cited by: §V-A.
  34. P. Wayner (2009) Disappearing cryptography: information hiding: steganography and watermarking. Morgan Kaufmann. Cited by: §V-C1.
  35. A. Westfeld and A. Pfitzmann (1999) Attacks on steganographic systems. In International workshop on information hiding, pp. 61–76. Cited by: §II-A.
  36. R. Zhang, S. Dong and J. Liu (2019) Invisible steganography via generative adversarial networks. Multimedia Tools and Applications 78 (7), pp. 8559–8575. Cited by: §II-A.
Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
""
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
   
Add comment
Cancel
Loading ...
403053
This is a comment super asjknd jkasnjk adsnkj
Upvote
Downvote
""
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters
Submit
Cancel

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test
Test description