JOURNAL OF COMPUTING, VOLUME 4, ISSUE 4, APRIL 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

181

A Steganalytic Based on DCT and Markov and Spatial Domain for JPEG Images
Bouguerne Imen and Tlili Yamina
AbstractSteganography is a science of hiding messages into multimedia documents. A message can be hidden in a document only if the content of a document has high redundancy. Although the embedded message changes the characteristics and nature of the document, it is required that these changes are difficult to be identified by an unsuspecting user. On the other hand, steganalysis develops theories, methods and techniques that can be used to detect hidden messages in multimedia documents. The documents without any hidden messages are called cover documents and the documents with hidden messages are named stego documents. In past several years so many feature sets for steganalysis were proposed to detect stego images, these features based on different ideas and were considered to be effective for most steganography schemes. In this paper, a universal steganalysis scheme for JPEG images based upon hybrid transform features is presented. We first analyzed two different transform domains (Discrete Cosine Transform and contourlet transform (CT)). Then a combination of these two feature sets is constructed and employed for steganalysis. However a systematically comparison of these features have not been made in previous papers. In order to get a view of performance of current features in state of art, we designed several experiment to make a evaluation of them. Experiment result and conclusions draw from it were proposed in this paper.

Index TermsSteganography, feature, stego, steganalysis.

1 INTRODUCTION

N the erea of new generation technology, the Internet and multimedia applications have reached places where other communication or transport means are still at its infancy. It is now convenient for people to transmit mass data in the form of text, images, audio and video through internet. However, there is always a threat from the hackers of stealing the valuable information. The organizations such as banking, commerce, diplomacy and medicine, private communications are essential. Security is an important issue in the information technology now-a-days[16]. Modern cryptography provides a variety of mathematical tools for protecting privacy and security that extend far beyond the ancient art of encrypting messages. However, for carrying out confidential communication over public networks, simply concealing the contents of a message using cryptography is found to be inadequate as it can still raise suspicion to eaves droppers[20]. People have found the solution to this problem in Steganography. Steganography deals with a host of techniques that conceal the existence of a hidden communication. The secret message to be transmited is camouflaged in a carrier media so that its detection becomes difficult. For the passive Steganalysis, has been shown that natural images can be characterized by digital characteristics and distributions of this later of the cover images are

probably different from those of their corresponding stego images. In this article, we studied the concept of shorthand of data hidden in digital images. The purpose of this approach is to restore image which are modified during the coating in different domains, is one of the growing research areas in recent years because of its capability of providing robustness to attacks and posing a real challenge to anybody trying to discover and decode hidden messages. Wavelet transforms are most widely-used tool in signal processing due to its inherent multi-resolution representation the same to the operation of the human visual system. However, the research on applying the wavelets to data hiding techniques is still too weak, only a few publications deal with this topic at present. Virtually all of the methods of steganography, rate of detection are still high from the place, the limited number of characteristics could not achieve good classification accuracy. This paper focuses on this challenging research topic[17,18]. The rest of the paper is organized as follows: section 2 presents a review of the work spent based on extraction of characteristics. The Section 3 presents techniques of feature extraction. The system architecture is presented in Section4. Conclusions and future are presented in section 5.

F.A. Bouguerne Imen is with the LRI Laboratory, TeamSFR, Department First, Features are usually constructed according to the of Computer Science, Faculty of Science, University Badji- Mokhtar BP.12, Sidi Amar, Annaba, Algeria. heuristic principles that in one sense or another goal to S.B. Tlili Yamina is with LRI Laboratory, TeamSFR, Department of capture small modifications due to the integration of steComputer Science, Faculty of Science, University Badji- Mokhtar BP.12, ganography. The idea using the classifier detection stegaSidi Amar, Annaba, Algeria.

2 PAST WORK

nography was first proposed by Avcibas et al. [4]. Among

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 4, APRIL 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

182

the recent techniques of steganalysis, we find the "Steganalysis by characteristics .In this paper, we propose a method of universal steganalysis based on statistical deviations. First of all we need to extract the various features of a JPEG image, based on wavelet decomposition [20]. The authors have used measures of quality of image characteristics and tested their system on several algorithms. Later in their work [5], they proposed a different set of features based on the binary similarity measures between the lowest bit to classify images of cover and the stego images. Farid [5] built features of times of higher order of distribution of the coefficients of wavelet high frequency under several groups and their local linear prediction errors. Lyu et al. [6] proposed a universal Steganalysis based on the statistics of wavelet of order for a scale of gray images. The first four statistical moments of wavelet coefficients and their errors of linear prediction of several high frequency Sub-bands premises were used to form 72 dimensional characteristics (72-D) for the steganalysis vector. Later, [9], he examined the histogram between pairs of Images RGB channels and reduced computing requirements. Almost all previous methods of steganography, the detection rate is still high from the place, the limited number of characteristics could not achieve good classification accuracy [8]. Fridrich [2] proposed the concept of calibration to obtain statistics of coefficients DCT .Authors has chosen 23 functions directly from the domain of DCT and is evidence of these characteristics to be positive for the rate of detection for some popular steganography algorithms. However, all of the harvested capabilities in the field of the DCT is not enough, the detection accuracy is not satisfactory for images stego with some steganography as Jphide and Steghide [10]. Shi [3] proposes a set of new features, the proposed characteristics of Markov is defined as a model of differences between the absolute values of the DCT coefficients and a Markov process, including the detection accuracy is remarkably better. Later Barbier [7], propose a steganalysis feature extraction technique of two areas of transformation; are interested in analyzing two different areas (Discrete Cosine Transform and discrete Contourlet Transform) separately. These characteristics are studied individually and combinatorial way. Experiments with hybrids of transforming characteristics show that extraction of characteristics in more than one area of processing improves performance Steganalysis[23].

of Steganography. The algorithm was chosen because of its performance. By applying this algorithm hiding each image's own base generates a stego-image. Thus the image base will consist of 4720 images (blank + steganographies). Feature extraction plays an important role in blind steganalysis. A good feature should be representative and sensitive to steganographic operations. Moreover, the feature should be insensitive to image content. In the following subsection, several well known steganalysis techniques are discussed. The emphasis will be on feature extraction algorithms.

3.1 The DCT feature Extraction Several works on the extraction of feature of the image to the JPEG image steganalysis have been proposed, for example, a merge of these sets of function is a simple method to improve the accuracy of the steganalysis. Combining different sets of functionality can retain the advantage of statistical information on the image, the combination of feature optimization is also considered here to overcome the most problem caused by learning of dimension. To integrate the benefits of the different characteristics, fusion approach we adopt to reduce the characteristic last dimensionality and at the same time preserve the more useful information. In our approach, we first see the different methods to use in the stage of extraction of the feature [19]. 3.1.1 Calibration based steganalysis One of the most useful information the steganalyzer could wish to get, for the steganalysis to be made easier, is the original cover image. From it, estimating whether the image has been tampered with would be very easy. While this never comes true in practice (except if the sender is not careful regarding the choice of the images), the cover image behavior and characteristics can be estimated, by the process of calibration [22]. In [5], Fridrich et al. crop the image by a certain number of pixels in both vertical and horizontal directions. The goal is to possibly break the inherent stego message lying in the image, and thus regain access to image characteristics that are close to that of the cover one. Figure 1 illustrates the idea: the suspicious image JPEG_1 is first decompressed to the spatial domain, and then cropped horizontally and vertically by n = 4 pixels (n can be different from 4). The resulting cropped image is then recompressed into JPEG_2 using the very same parameters (quantization matrix, quality factor) as that of JPEG_1.
The calibration has been introduced in 2002 as a new concept to attack the F5 algorithm. Since then, it has become a essential part of a large number of features based on the passive Steganalysis and targeted in JPEG format and space. The calibration has been also shown to improve the accuracy of detection of the passive steganalysis based on the characteristics, and is to estimate the characteristics of the stego image cover image. Thus, the net effect of the

3 FEATURE EXTRACTION TECHNIQUES

To validate an approach to steganalysis, a large number of images is necessary; the size of the image base used can also increase performance and reliability of the approach. The basis is the basis of images UCID [17] consists of 1180 images JPEG. The images are all the same size (512 384). The algorithm steghide [19] is used for experiments to validate the results in a relatively wide range of methods

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 4, APRIL 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

183

calibration is to reduce variation from image to image and increase the sensitivity of the features to integrate [5].

image and the changes in general little in the process of integration. Therefore, it considers that the 63 coefficients remaining in each DCT block[21]. * Global histogram: the frequency plot of quantised DCT coefficients * Individual histogram: low frequency coefficient of individual DCT mode histogram where five DCT modes are selected * Dual Histogram: frequency of occurrence for a (i, j)-th quantised DCT coefficients in an 8 8 block equal to a fixed value, d over the whole image and defined as follows:

Fig. 1. The calibration process [2]

3.1.2 Calibration based steganalysis

The calibration is a process used to estimate the macroscopic properties of the cover image and image stego; therefore calibrated image should be extremely close to cover at least a statistical aspect image to determine the likelihood of incorporation of the suspect image successfully. The most effective way to determine how similar imagesis to compare two histograms and overlaying plots. Figure 2 watches the histogram of the image of coverage, the calibrated image and also the histogram of the stegogramme. The stegogramme was created by the incorporation of a message to 50% of their capacity using the F4 algorithm.

TABLE 1 EXTRACTION OF THE 23 DCT FEATURE

(1)
As we can see in Figure 2, the histogram of the image of the cover and the calibrated image is very close, meaning that the process of calibration was successful. We have managed to create an image that contains almost the same property of the original cover image statistics, even if we did not have access to the image of the cover at any point. Suppose that the processed file is a JPEG image with a size M n. DCT (i, j) refers to the coefficient DCT to locaVariation V measures the inter-block dependency and is defined as follows:

(2)
Blockiness measures the spatial inter-block boundary discontinuity defined as follows:

(3)
The co-occurrence matrix:

(4)
Fig. 2. Comparing the histogram of the image calibrated with that of the cover image.

tion (i, j) in an 8 8 DCT block, where 1 i 8 and 1 j 8 in each block, DCT (1.1) is called the DC coefficient, which contains a significant fraction of the energy on the

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 4, APRIL 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

184

3.4 THE MERGED FEATURE

Direct combination of the two sets of characteristics produce a 517-dimension vector of characteristics. To reduce the dimensionality of result, they use the averFig. 3. ROC curves using DCT based features. (a) F5 (without matrix embedding) (b) F5 (with matrix embedding) (c) MB1 (without deblocking) (d) MB2 (with deblocking).

age calibrated, to the place.

four

matrices

3.2 THE FEATURE OF MARKOV The function of Markov proposed in [3] is defined as a model of differences between the absolute values of the neighbouring DCT coefficients and a Markov process. The calculation of functions starts forming the matrix F (u, v) of the absolute values of the image DCT coefficients. F (u, v) DCT coefficients are arranged in the same way as pixels in the image by replacing each block 8 8 pixels with the corresponding coefficients DCT block.
Then, four tables of difference are calculated according to four directions: horizontal, vertical, diagonal, and minor in diagonal (also noted and respectively). From these different tables, four transition probability matrices built. are

This characteristic vector has 81dimensionality. They observe that average performance characteristics product very similar to that of their full version After the merger of the 193 characteristics DCT characteristics of Markov, the result dimension features extended with calibrated average 81 merged will be 193 + 81 = 274. Table 1 lists the types of individual characteristics and symbols to help that they make reference in this document. This feature set has been chosen because it is very popular and because it provides results reliable steganalysis [1].

3.3 THE FEATURE OF CONTOURLET The contourlet transform CT is a new extension to two dimensions of the wavelet using multi directional and the banks of filters. For the extraction of characteristics in the discrete domain Contourlet Transform, they have had decomposed image into three pyramidal levels and directions 2n where n = 0, 2, 4. Figure 1 shows the levels and the selection of the Sub-bands for this decomposition. For the phase of decomposition Laplacian pyramid, the "" Haar" filter was used." In each level of coarse to fine, the number of branches is 1.4, and 16. They apply directional pyramidal decomposition Bank of filters and to ignore the low pass sub-band more beautiful reconciliation, they received a total of 23 Sub-bands. And will calculate the first three moments FC standard for each of the 23 Sub-bands, which gives a vector of characteristics 69-D [7].

Fig. 5. ROC curves using Hybrid features. (a) F5 (without matrix embedding) (b) F5 (with matrix embedding) (c) MB1 (without deblocking) (d) MB2 (with deblocking).

4 SYSTEM ARCHITECTURE

Fig. 6. Architecture Proposed

Extraction algorithm: Step1: apply the calibration process to test image Step2: extract the functions in the areas transformation (DCT, CT, Markov) Step3: merged the three areas of

Fig. 4. The contourlet transformation

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 4, APRIL 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

185

Step4: extraction of the feature

5 CONCLUSION
Work on the extraction of characteristics for the JPEG image steganalysis has been proposed. Different sets of functionality can provide different information to form a classifier. Thus, the merger of these sets of function is a simple method to improve the accuracy of the steganalysis. Well combining different sets of functionality can retain the advantage of statistical information, and the feature combination optimization is also considered here to overcome the most problem caused by learning of dimension.

References
[1] J. Fridrich. (2005), Feature-Based Steganalysis for JPEG Images and its Implications for Future Design of Steganographic Schemes. In J. Fridrich, editor, Information Hiding, 6th International Workshop, volume 3200 of Lecture Notes in Computer Science, pages 6781. Y. Q. Shi, C. Chen, and W. Chen. (2006), A Markov process based approach to effective attacking JPEG steganography . In Proceedings of the 8-th Information Hiding Workshop. J. Fridrich, T. Pevny .(2006), Multi-class Blind Steganalysis for JPEG Images . In E. Delp and P. W. Wong, editors, Proceedings of SPIE Electronic Imaging, Security, Steganography, and Watermarking of Multimedia Contents VIII. J. Fridrich, J. Kodovsk.(2007), Calibration Revisited. MM&Sec09, September 78, 2009, Princeton, New Jersey, USA. Copyright 2009 ACM 978-1-60558-492. J. Fridrich, M. Goljan and D. Hogea.(2002), Steganalysis of JPEG images: Breaking the F5 algorithm . In Information Hiding , 5th International Workshop, volume 2578 of Lecture Notes in Computer Science, pages 310323, Noordwijkerhout, The Netherlands, SpringerVerlag, New York. Jon Yngve Hardeberg, Robert Jenssen.(2009), Image Analysis, 16th Scandinavian Conference, SCIA 2009 Oslo, Norway. chapitre33. A New Hybrid DCT and Contourlet Transform Based JPEG Image Steganalysis Technique. Ying Wang.(2006), Optimized Feature Extraction for Learning-Based Image Steganalysis. Student Member, IEEE, and Pierre Moulin, Fellow, IEEE. T. Pevny and J. Fridrich. (2005), Towards Multi-class Blind Steganalyzer for JPEG Images . In Proc. IWDW, pp.39-53. Zhuo Li, Kuijun Lu, Xianting Zeng, Xuezeng Pan.(2010), A Blind Steganalytic Scheme Based on DCT and Spatial Domain for JPEG Images. JOURNAL OF MULTIMEDIA, VOL. 5, NO. 3. T Pevny et J Fridrich. (2006) , Determining the Stego Algorithm for JPEG Images. SUNY Binghamton, Binghamton, NY 13902_6000. M. Kharrazi, H. T. Sencar, and N. Memon.(2005), Benchmarking steganographic and steganalytic techniques. In E. Delp and P. W. Wong, editors, Proceedings of SPIE Electronic Imaging, Security, Steganography and Watermarking of Multimedia Contents VII, volume 5681, pages 252_263. Guorong Xuan1, Yun Q. Shi2.(2005), Steganalysis Based on Multiple Features Formed by Statistical Moments of Wavelet Characteristic Functions. IH 2005, LNCS 3727, pp. 262 277. Qingxiao Guan, Jing Dong, and Tieniu Tan.(2011), Blind Quantitative Steganalysis Based on Feature Fusion and Gradient Boosting, H.-J. Kim, Y. Shi, and M. Barni (Eds.): IWDW 2010, LNCS 6526, pp. 266279.

[2]

[3]

[4]

[5]

[14] Pevn, T., Fridrich, J. (2008),Multiclass Detector of Current Steganographic Methods for JPEG Format. IEEE Transactions On Information Forensics And Security 3(4), 635650 [15] R. Bohme and A. Westfeld.(2004), Breaking cauchy model-based JPEG steganography with first order statistics. 9th European Symposium on Research Computer Security, 3193:125140. [16] A. Cheddad, J. Condell, K. Curran, and P. McKevitt.(2010), Digital image steganography: Survey and analysis of current methods. Signal Processing, 90(3):727752. [17] I. J. Cox, M. L. Miller, J. A. Bloom, J. Fridrich, and T. Kalker.(2008), Digital watermarking and steganography. The Morgan Kaufmann series in multimedia information and systems. Morgan Kaufmann Publishers, 2nd edition. [18] J. Davis, J. MacLean, and D. Dampier.(2010), Methods of information hiding and detection in file systems. 5th IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pages 66 69. [19] A. Jain and D. Zongker.(1997), Feature Selection: Evaluation, Application, and Small Sample Performance. IEEE Transactions on Pattern Analysis and Machine Intelligence, 19(2). [20] S. Lyu and H. Farid.(2006), Steganalysis Using Higher-Order Image Statistics. IEEE Transactions on Information Forensics and Security, 1(1):111119. [21] Y.-y. Meng, B.-j. Gao, Q. Yuan, F.-g. Yu, and C.-f.(2008), Wang. A novel steganalysis of data hiding in binary text images. 11th IEEE Singapore International Conference on Communication Systems, pages 347351. [22] N. Provos.(2001), Defending Against Statistical Steganalysis. Proceedings of the 10th conference on USENIX Security Symposium, 10:323335. [23] Y. Q. Shi, G. Xuan, D. Zou, J. Gao, C. Yang, Z. Zhang, P. Chai, W. Chen, and C. Chen.(2005), Image Steganalysis Based on Moments of Characteristic Functions Using Wavelet Decomposition, Prediction-Error Image, and Neural Network. IEEE International Conference on Multimedia and Expo, pages 269272.

[6]

[7]

[8] [9]

[10] [11]

[12]

[13]