An Efficient Technique to Detect Stegosploit Generated Images on Windows and Linux Subsystem on Windows
DOI:
https://doi.org/10.26438/ijcse/v7i12.2126Keywords:
Steganography, Steganalysis, Stegosploit, Exploit Detection, Image Steganography, Image Exploits, PolyglotsAbstract
Steganography as being a very useful technique for content hiding is the first choice of criminals, terrorists, and hackers. The steganalysis itself is very complex, and lots of research work is going on all around the world on steganography and steganalysis. However, when the steganography hides exploit instead of simple messages, it becomes more severe and damaging. Stegosploit is a similar toolkit that allows hackers to inject exploits for known vulnerabilities into images. These images, when accessed or downloaded can infect a machine very effectively compared to other ways of doing it. This paper emphasis on a technique that detects such stego images having an exploit inside it. We developed a script that detects this type of image, which is in-general not identified by known anti-viruses including virus total. The study also focuses on the effectiveness of the script for the Windows operating system and Linux Subsystem on Windows. The script derived from this research will help end-users, security professionals, forensic investigators, and researchers in detecting and thus preventing possible cybercrimes.
References
[1] Cox, I., Miller, M., Bloom, J., Fridrich, J., & Kalker, T. (2007). Digital watermarking and steganography. Morgan Kaufmann.
[2] Dumitrescu, D., Stan, I.-M., & Simion, E. (2017). Steganography Techniques.
[3] Cheddad, A., Condell, J., Curran, K., & Mc Kevitt, P. (2010). Digital image steganography: Survey and analysis of current methods. Signal processing, 90(3), 727-752.
[4] Johnson, N. F., & Jajodia, S. (1998). Exploring steganography: Seeing the unseen. Computer, 31(2).
[5] Wu, H. C., Wu, N. I., Tsai, C. S., & Hwang, M. S. (2005). Image steganographic scheme based on pixel-value differencing and LSB replacement methods. IEE Proceedings-Vision, Image and Signal Processing, 152(5), 611-615.
[6] Ingemar, J. C., Miller, M. L., Jeffrey, A. B., Fridrich, J., & Kalker, T. (2008). Digital Watermarking and Steganography. Digital Watermarking and Steganography. Elsevier Inc.
[7] Yang, C.-N., Lin, C.-C., & Chang, C.-C. (2013). Steganography and watermarking. Steganography and Watermarking.
[8] Gupta, S., Goyal, A., & Bhushan, B. (2012). Information hiding using least significant bit steganography and cryptography. International Journal of Modern Education and Computer Science, 4(6), 27.
[9] Song, S., Zhang, J., Liao, X., Du, J., & Wen, Q. (2011). A novel secure communication protocol combining steganography and cryptography. Procedia Engineering, 15, 2767-2772.
[10] Abikoye, O. C., Adewole, K. S., & Oladipupo, A. J. (2012). Efficient data hiding system using cryptography and steganography.
[11] Shah S. (2015), Pastor Manul Laphroaig’s, Export–Controlled, Church Newsletter
[12] Vaniea, K., & Rashidi, Y. (2016, May). Tales of software updates: The process of updating software. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 3215-3226). ACM.
[13] Park, B., Kim, D., & Shin, D. (2015). A Study on a Method Protecting a Secure Network against a Hidden Malicious Code in the Image. Indian Journal of Science and Technology, 8(26).
[14] Jeyasekar, A., Bisht, D., & Dua, A. (2016). Analysis of Exploit Delivery Technique using Steganography. Indian Journal of Science and Technology, 9(39).
[15] Dudheria, R. Attacking Smartphones by Sharing Innocuous Images via QR Codes.
[16] Harblson, C. (2015). Hacking with pictures; new stegosploit tool hides malware inside internet images for instant drive-by pwning.
[17] Pevný, T., Kopp, M., Křoustek, J., & Ker, A. D. (2016). Malicons: Detecting Payload in Favicons. Electronic Imaging, 2016(8), 1-9.
[18] Fridrich, J. (2006). Steganalysis. In Multimedia Security Technologies for Digital Rights Management (pp. 349–381). Elsevier Inc.
[19] Schaathun, H. G. (2012). Histogram Analysis. In Machine Learning in Image Steganalysis (p. 82230).
[20] Provos, N. H. G. K. (2003). Statistical Steganalysis. ProQuest Information and Learning Company, 78–80.
[21] Huang, F., Li, B., Shi, Y. Q., Huang, J., & Xuan, G. (2010). Image steganalysis. Studies in Computational Intelligence, 282, 275–303.
[22] Al-Jarrah, M. M., Al-Taie, Z. H., & Abuarqoub, A. (2017). Steganalysis Using LSB-Focused Statistical Features. In Proceedings of the International Conference on Future Networks and Distributed Systems - ICFNDS ’17 (pp. 1–5). New York, New York, USA: ACM Press
[23] Harshal V. Patil1, B. H. Barhate2, "A Review Paper on Data Hiding Techniques: Stegnography", International Journal of Scientific Research in Computer Science and Engineering, Vol.06, Issue.01, pp.64-67, 2018
[24] Manisha Verma, Hardeep Singh Saini, "Analysis of Various Techniques for Audio Steganography in Data Security", International Journal of Scientific Research in Network Security and Communication, Vol.7, Issue.2, pp.1-5, 2019
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
