Volume 13 - Issue 3
Detection of Steganographic Threats Targeting Digital Images in Heterogeneous Ecosystems Through Machine Learning
- Nunziato Cassavia
Institute for High Performance Computing and Networking (ICAR), National Research Council of Italy (CNR), Rende, Italy
nunziato.cassavia@icar.cnr.it
- Luca Caviglione
Institute for Applied Mathematics and Information Technologies (IMATI), National Research Council of Italy (CNR), Genova, Italy
luca.caviglione@ge.imati.cnr.it
- Massimo Guarascio
Institute for High Performance Computing and Networking (ICAR), National Research Council of Italy (CNR), Rende, Italy
massimo.guarascio@icar.cnr.it
- Giuseppe Manco
Institute for High Performance Computing and Networking (ICAR), National Research Council of Italy (CNR), Rende, Italy
giuseppe.manco@icar.cnr.it
- Marco Zuppelli
Institute for Applied Mathematics and Information Technologies (IMATI), National Research Council of Italy (CNR), Genova, Italy
marco.zuppelli@ge.imati.cnr.it
Keywords: image steganography, machine learning, deep neural networks, stegomalware
Abstract
Steganography is increasingly exploited by malware to avoid detection and to implement different
advanced offensive schemes. An attack paradigm expected to become widely used in the near future
concerns cloaking data in innocent-looking pictures, which are normally used by several devices and
applications, for instance to enhance the user experience. Therefore, with the increasing popularity
of application stores, availability of cross-platform services, and the adoption of various devices for
entertainment and business duties, the chances for hiding payloads in digital pictures multiply in an
almost unbounded manner. To face such a new challenge, this paper presents an ecosystem exploiting
a classifier based on Deep Neural Networks to reveal the presence of images embedding malicious
assets. Collected results indicated the effectiveness of the approach to detect malicious contents, even
in the presence of an attacker trying to elude our framework via basic obfuscation techniques (i.e.,
zip compression) or the use of alternative encoding schemes (i.e., Base64). Specifically, the achieved
accuracy is always 100% with minor decays in terms of precision and recall caused by the presence
of additional information caused by compression.