on dangers of overtraining steganography to incomplete
play

On Dangers of Overtraining Steganography to Incomplete Cover Model - PowerPoint PPT Presentation

Jul 19, 2023 •95 likes •259 views

On Dangers of Overtraining Steganography to Incomplete Cover Model Jan Kodovsk, Jessica Fridrich, Vojt ech Holub September 30, 2011 / MMSEC On Dangers of Overtraining Steganography to Incomplete Cover Model 1 / 14 Steganography

  1. On Dangers of Overtraining Steganography to Incomplete Cover Model Jan Kodovský, Jessica Fridrich, Vojtˇ ech Holub September 30, 2011 / MMSEC On Dangers of Overtraining Steganography to Incomplete Cover Model 1 / 14

  2. Steganography Steganography by cover modification Cover images Stego images Embedding x ∼ P c y ∼ P s algorithm x , y ∈ C . . . space of images, e.g. C = { 0 , . . . , 255 } 512 × 512 Goal: keep P s close to P c (minimize KL divergence) Steganographer’s options: Map everything into feature space F and preserve cover pdf there Minimize distortion function D ( x , y ) On Dangers of Overtraining Steganography to Incomplete Cover Model 2 / 14

  3. OutGuess JPEG domain steganographic algorithm [Provos 2001] Feature space F . . . histogram of DCT coefficients Statistical restoration (LSB embedding + correction) Fully preserves cover pdf in F ⇒ undetectable within F Problem: first order statistics is a poor model of cover images Successful attacks using higher order statistics [2002-2011] Overtrained to incomplete model On Dangers of Overtraining Steganography to Incomplete Cover Model 3 / 14

  4. Feature Correction Method (FCM) General framework for steganography that approximately preserves given feature vector [Kodovský 2008, Chonev 2011] Minimize distortion function defined in F : n ( x i − y i ) 2 n . . . number of features � D ( x , y ) = var i . . . variance of the i th feature var i i =1 Two-pass procedure, greedy approach, already in the first phase make ± 1 changes to minimize distortion Implemented for the case of 274 PEV features [Pevný 2007] Captures both inter- and intra-block dependencies Local histograms, co-occurences, Markov models On Dangers of Overtraining Steganography to Incomplete Cover Model 4 / 14

  5. Feature Correction Method (FCM) 0.50 Classification error P E Performance in F 0.40 Different cropping 0.30 F ≡ 274 PEV 0.20 SVM classifier 0.10 P FA + P MD P E = min 0 2 0 0.05 0.10 0.15 0.20 P FA Payload (bpac) Overtrained to incomplete model On Dangers of Overtraining Steganography to Incomplete Cover Model 5 / 14

  6. Optimized ± 1 embedding in JPEG domain Minimal-distortion steganography [Filler 2011] Adaptive scheme with empirically designed distortion function: N N . . . number of changeable � D ( x , y ) = ρ i ( x , y i ) , coefficients i =1 where ρ i ( x , y i ) ∈ R is the cost of changing x i → y i Costs are functions of inter- and intra-block neighbors optimized w.r.t. given model (feature space) Will be abbreviated MOD (Model Optimized Distortion) On Dangers of Overtraining Steganography to Incomplete Cover Model 6 / 14

  7. Details of MOD algorithm Optimize parameters of the cost function To minimize the margin of linear SVM in F Nelder-Mead simplex-reflection algorithm Fixed misclassification cost C Less than 100 images needed Feature space F ≡ 548-dim CC-PEV [Kodovský 2009] CC-PEV = PEV enhanced by Cartesian calibration Preliminary experiments showed no indication of overtraining Different calibration cropping CDF = CC-PEV + SPAM features [Pevný 2009] On Dangers of Overtraining Steganography to Incomplete Cover Model 7 / 14

  8. Histogram of changed DCT coefficients Payload 0.10 bpac 60 Histogram 40 20 0 -30 -20 -10 -2 2 10 20 30 Changed DCT coefficient x i CC-PEV: inter-block co-occurences are constrained to [-2,2] 95% of changes are made out of the model On Dangers of Overtraining Steganography to Incomplete Cover Model 8 / 14

  9. Extending the model 0.5 SVM classifier CC-PEV Classification error P E 0.4 P FA + P MD 0.3 P E = min 2 P FA 0.2 co-occurence 0.1 model out of model Dimension (2 T + 1) 2 0 0 2 4 6 8 10 Range of the co-occurence matrix T Extending inter-block co-occurences compromises the security We can extend the range of other parts of the CC-PEV model On Dangers of Overtraining Steganography to Incomplete Cover Model 9 / 14

  10. Attacking MOD algorithm 0.50 Performance in F Classification error 0.40 Out of model 0.30 F ≡ 548 CC-PEV 0.20 Extended co-occurence and Markov features 0.10 Dimension 882 0 0 0.05 0.10 0.15 0.20 Payload (bpac) Optimization moved changes out of the incomplete model On Dangers of Overtraining Steganography to Incomplete Cover Model 10 / 14

  11. HUGO Minimal distortion steganography in spatial domain [Pevný 2010] BOSS (Break Our Steganographic System) F . . . 3D co-occurence matrices of pixel differences For differences d = ( d 1 , d 2 , d 3 ) . . . co-occurence bin value C d ( x ) T = 90 ⇒ dimension 2(2 T + 1) 3 = 11 , 859 , 482 Distortion function - weighted L 1 -norm in F T 1 � D ( x , y ) = · | C d ( x ) − C d ( y ) | 1 + || d || 2 d 1 ,d 2 ,d 3 = − T On Dangers of Overtraining Steganography to Incomplete Cover Model 11 / 14

  12. Model weakness Abrupt end at T = 90 ⇒ model treats pixels above T differently 3D co-occurence is sparse around T = 90 ⇒ form marginals h i ( x ) . . . number of adjacent pixel pairs whose difference is i 200 cover 180 Count 160 140 120 100 84 86 88 90 92 94 96 98 Histogram bin h i On Dangers of Overtraining Steganography to Incomplete Cover Model 12 / 14

  13. Model weakness Abrupt end at T = 90 ⇒ model treats pixels above T differently 3D co-occurence is sparse around T = 90 ⇒ form marginals h i ( x ) . . . number of adjacent pixel pairs whose difference is i 200 cover 180 stego (0.4 bpp) Count 160 140 120 100 84 86 88 90 92 94 96 98 Histogram bin h i On Dangers of Overtraining Steganography to Incomplete Cover Model 12 / 14

  14. Attacking HUGO with 4 features Almost payload-independent detection Works better on noisy and textured images Abrupt end of model creates security weakness 0.50 Classification error P E 0.40 0.30 Features { h 89 , h 90 , h 91 , h 92 } 0.20 0.10 0 0 0.10 0.20 0.30 0.40 0.50 Payload (bpp) On Dangers of Overtraining Steganography to Incomplete Cover Model 13 / 14

  15. Conclusions Overtraining to simplified cover model seems to be a common security flaw of modern schemes It is difficult to find a good (complete) model for cover images Steganography: high dimension is not sufficient Steganalysis: high dimension is not necessary Straightforward security improvements: HUGO . . . increase T = 255 MOD embedding . . . increase range in CC-PEV Suggestion: use rich and diverse models On Dangers of Overtraining Steganography to Incomplete Cover Model 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Steganography Implementation & Detection Robert Krenn rkrenn@xidc.nl January 21, 2004

Steganography Implementation & Detection Robert Krenn rkrenn@xidc.nl January 21, 2004

Steganography Implementation & Detection Robert Krenn rkrenn@xidc.nl January 21, 2004 Overview What is steganography? Implementations Detection Defeating steganography Conclusion Questions What is steganography?

488 views • 34 slides
Steganography with Public-Key Cryptography for Videoconference XXX CNMAC - Set/2007 Fbio

Steganography with Public-Key Cryptography for Videoconference XXX CNMAC - Set/2007 Fbio

Steganography with Public-Key Cryptography for Videoconference XXX CNMAC - Set/2007 Fbio Borges de Oliveira Steganography with Public-Key Cryptography for Videoconference p.1/26 Steganography Source: Steganography: Steganography with

786 views • 34 slides
Steganography and Steganalysis in digital age Tom Pevn Agent Technology Center, CTU 3rd

Steganography and Steganalysis in digital age Tom Pevn Agent Technology Center, CTU 3rd

Steganography and Steganalysis in digital age Tom Pevn Agent Technology Center, CTU 3rd December 2009 T. Pevn | Steganography and Steganalysis 1/30 Outline 1 Introduction What is steganography and steganalysis Definition of security

310 views • 30 slides
On the Gold Standard for Security of Universal Steganography Sebastian Berndt and Maciej

On the Gold Standard for Security of Universal Steganography Sebastian Berndt and Maciej

On the Gold Standard for Security of Universal Steganography Sebastian Berndt and Maciej Likiewicz Institute of Theoretical Computer Science, Universitt zu Lbeck EUROCRYPT, 2018 Steganography / Subliminal Communication Modern

652 views • 36 slides
DANGERS OF SECONDARY CRASHES By Bill Fuller DANGERS OF SECONDARY CRASHES Danger to Motorists

DANGERS OF SECONDARY CRASHES By Bill Fuller DANGERS OF SECONDARY CRASHES Danger to Motorists

DANGERS OF SECONDARY CRASHES By Bill Fuller DANGERS OF SECONDARY CRASHES Danger to Motorists Can be more severe than original incident Can occur as a result of traffic slowing quickly : Around a curve Beyond hill crest Larger

207 views • 7 slides
What Time Is It? Steganography in File System Metadata Sebastan Neuner, SBA Research whoami

What Time Is It? Steganography in File System Metadata Sebastan Neuner, SBA Research whoami

What Time Is It? Steganography in File System Metadata Sebastan Neuner, SBA Research whoami Security Researcher at SBAResearch Bug Hunter / Pentester CTFs!!11elf 2/40 What to Expect Today What is steganography Examples

489 views • 45 slides
HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

BlackHat Europe 2010, Barcelona Mario Vuksan, Tomislav Pericin & Brian Karney HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda Introduction to steganography in archives Introduction to

606 views • 46 slides
CHYMERA ACRASTRIP PRODUCTS www.chymeragroup.com Q.: Why Eliminate Acetone From Your Facility?

CHYMERA ACRASTRIP PRODUCTS www.chymeragroup.com Q.: Why Eliminate Acetone From Your Facility?

CHYMERA ACRASTRIP PRODUCTS www.chymeragroup.com Q.: Why Eliminate Acetone From Your Facility? Are you aware of the dangers and costs associated with using acetone? Dangers of storage ? Dangers of improper container grounding ? Dangers of

525 views • 19 slides
Incomplete Information Econ 400 University of Notre Dame Econ 400 (ND) Incomplete Information

Incomplete Information Econ 400 University of Notre Dame Econ 400 (ND) Incomplete Information

Incomplete Information Econ 400 University of Notre Dame Econ 400 (ND) Incomplete Information 1 / 25 Games of Incomplete Information In game theory, there are two sources of uncertainty related to information: Econ 400 (ND) Incomplete

1.05k views • 59 slides
Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel Jrgen Wurzer Institute of IT Security Research St. Plten University of Applied Sciences DeepSec 2010 November 25 th 2010 Mobile VoIP Steganography

528 views • 27 slides
5: Overtraining and Cross-validation Machine Learning and Real-world Data Helen Yannakoudakis 1

5: Overtraining and Cross-validation Machine Learning and Real-world Data Helen Yannakoudakis 1

5: Overtraining and Cross-validation Machine Learning and Real-world Data Helen Yannakoudakis 1 Computer Laboratory University of Cambridge Lent 2018 1 Based on slides created by Simone Teufel Last session: smoothing and significance testing

1.56k views • 15 slides
5: Overtraining and Cross-validation Machine Learning and Real-world Data Simone Teufel and Ann

5: Overtraining and Cross-validation Machine Learning and Real-world Data Simone Teufel and Ann

5: Overtraining and Cross-validation Machine Learning and Real-world Data Simone Teufel and Ann Copestake Computer Laboratory University of Cambridge Lent 2017 Last session: smoothing and significance testing You looked at various possible

208 views • 16 slides
Perfect vs. Imperfect Steganography Stegosystems can be divided into two classes: Perfectly

Perfect vs. Imperfect Steganography Stegosystems can be divided into two classes: Perfectly

Fisher Information Determines Capacity of -secure Steganography Tom Filler and Jessica Fridrich Dept. of Electrical and Computer Engineering SUNY Binghamton, New York 11th Information Hiding, Darmstadt, Germany, 2009 Perfect vs.

391 views • 24 slides
5: Overtraining and Cross-validation Machine Learning and Real-world Data Paula Buttery (based

5: Overtraining and Cross-validation Machine Learning and Real-world Data Paula Buttery (based

5: Overtraining and Cross-validation Machine Learning and Real-world Data Paula Buttery (based on slides created by Simone Teufel) Computer Laboratory University of Cambridge Lent 2019 Last session: smoothing and significance testing You

580 views • 15 slides
HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

BlackHat Europe 2010, Barcelona BlackHat Europe 2010, Barcelona Mario Vuksan, Tomislav Pericin & Brian Karney HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda Introduction to steganography in

696 views • 43 slides
A Study of Embedding Operations and Locations for Steganography in H.264 Video Andreas Neufeld

A Study of Embedding Operations and Locations for Steganography in H.264 Video Andreas Neufeld

A Study of Embedding Operations and Locations for Steganography in H.264 Video A Study of Embedding Operations and Locations for Steganography in H.264 Video Andreas Neufeld and Andrew D. Ker Oxford University Department of Computer Science

547 views • 19 slides
Generative Adversarial Networks (part 2) Benjamin Striner 1 1 Carnegie Mellon University April 22,

Generative Adversarial Networks (part 2) Benjamin Striner 1 1 Carnegie Mellon University April 22,

Recap Understanding Optimization Issues GAN Training and Stabilization Take Aways Generative Adversarial Networks (part 2) Benjamin Striner 1 1 Carnegie Mellon University April 22, 2020 Benjamin Striner CMU GANs Recap Understanding

955 views • 69 slides
Introduction to TMVA and Primary Electron Track Determination Erin Conley SNB/LE Working Group

Introduction to TMVA and Primary Electron Track Determination Erin Conley SNB/LE Working Group

Introduction to TMVA and Primary Electron Track Determination Erin Conley SNB/LE Working Group Meeting June 20, 2018 6/20/2018 1 Introduction 30.25 MeV Event Display: Time (ticks) vs. Wire in CC interactions Goal: determine

538 views • 23 slides
Perceptrons Steven J Zeil Old Dominion Univ. Fall 2010 1 Introduction: Neural Networks The

Perceptrons Steven J Zeil Old Dominion Univ. Fall 2010 1 Introduction: Neural Networks The

Introduction: Neural Networks The Perceptron Multilayer Perceptrons Training MLPs Applying MLPs Perceptrons Steven J Zeil Old Dominion Univ. Fall 2010 1 Introduction: Neural Networks The Perceptron Multilayer Perceptrons Training MLPs

589 views • 47 slides
Statistical Tools in Collider Experiments Multivariate analysis in high energy physics Lecture 3

Statistical Tools in Collider Experiments Multivariate analysis in high energy physics Lecture 3

Statistical Tools in Collider Experiments Multivariate analysis in high energy physics Lecture 3 Pauli Lectures - 08/02/2012 Nicolas Chanon - ETH Zrich 1 Outline 1.Introduction 2.Multivariate methods 3.Optimization of MVA methods

598 views • 26 slides
Machine Learning Anders Holst SICS Big Data Analytics Analysis Big Data Big Value Big Data

Machine Learning Anders Holst SICS Big Data Analytics Analysis Big Data Big Value Big Data

Machine Learning Anders Holst SICS Big Data Analytics Analysis Big Data Big Value Big Data Analytics Analysis Big Data Big Value Real world Question Data Model Conclusion Machine Learning Use real data to train a model, which can

625 views • 27 slides
Generative and Discriminative Learning Machine Learning 1 What we saw most of the semester

Generative and Discriminative Learning Machine Learning 1 What we saw most of the semester

Generative and Discriminative Learning Machine Learning 1 What we saw most of the semester A fixed, unknown distribution D over X Y X: Instance space, Y: label space (eg: {+1, -1}) Given a dataset S = {(x i , y i )} Learning

218 views • 20 slides
Natural Language Processing Classification I Dan Klein UC Berkeley 1 2 Classification

Natural Language Processing Classification I Dan Klein UC Berkeley 1 2 Classification

Natural Language Processing Classification I Dan Klein UC Berkeley 1 2 Classification Classification Automatically make a decision about inputs Example: document category Example: image of digit digit Example: image

757 views • 50 slides
Machine Learning Techniques for HEP Data Analysis with T MVA Andreas Hoecker ( * ) (CERN) Seminar,

Machine Learning Techniques for HEP Data Analysis with T MVA Andreas Hoecker ( * ) (CERN) Seminar,

Machine Learning Techniques for HEP Data Analysis with T MVA Andreas Hoecker ( * ) (CERN) Seminar, LAL Orsay, June 21, 2007 ( * ) On behalf of the author team: A. Hoecker, P. Speckmayer, J. Stelzer, F. Tegenfeldt, H. Voss, K. Voss And the

700 views • 48 slides

More recommend