Open access repository

Home Open access repository

In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).

» Openaccess proceedings » 6th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2011)

6th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2011)

6th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2011)
London, UK, July 7-8, 2011
ISBN: 978-1-84102-285-7

Title: Reconstructive Steganalysis by Source Bytes Lead Digit
Distribution Examination
Author(s): Alexandros Zaharis, Adamantini Martini, Theodore Tryfonas, Christos Illioudis, George Pangalos
Reference: pp55-68
Keywords: Steganalysis, Image Reconstruction, JPEG, Benford’s Law, lead digit distribution
Abstract: This paper presents a novel method of JPEG image steganalysis. Our approach is driven by the
need for a quick and accurate identification of stego-carriers from a collection of files of
different formats, where there is no knowledge of the steganography algorithm used, nor
previous database of suspect carrier files created. The suspicious image is analysed in order to
identify the encoding algorithm while various meta-data is retrieved. An image file is then
reconstructed in order to be used as a measure of comparison. A generalisation of the basic
principles of Benford’s Law distribution is applied on both the suspicious and the
reconstructed image file in order to decide whether the target is a stego-carrier. We
demonstrate the effectiveness of our technique with a steganalytic tool that can blindly detect
the use of JPHide/JPseek/JPHSWin, Camouflage and Invisible Secrets. Experimental results
show that our steganalysis scheme is able to efficiently detect the use of different
steganography algorithms without the use of a time consuming training step, even if the
embedding data rate is very low. The accuracy of our detector is independent of the payload.
The method described can be generalised in order to be used for the detection of different type
images which act as stego-carriers.
Download count: 2296

How to get this paper:

Download a free PDF copy of this paperBuy this book at

PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.