Steganography Detection with Stegdetect
Stegdetect is an automated tool for detecting steganographic
content in images. It is capable of detecting several different
steganographic methods to embed hidden information in JPEG images.
Currently, the detectable schemes are
Stegbreak is used to launch dictionary attacks against JSteg-Shell,
JPHide and OutGuess 0.13b.
- jphide (unix and windows),
- invisible secrets,
- outguess 01.3b,
- F5 (header analysis),
- appendX and camouflage.
Stegdetect and Stegbreak have been developed by Niels Provos.
Automated Detection of New Steganographic Methods
Stegdetect 0.6 supports linear discriminant analysis. Given a set
of normal images and a set of images that contain hidden content by a new
steganographic application, Stegdetect can automatically determine a
linear detection function that can be applied to yet unclassified images.
Linear discriminant analysis computes a dividing hyperplane that separates
the no-stego images from the stego images. The hyperplane is characterized
as a linear function. The learned function can be saved for later use on
Stegdetect supports several different feature vectors and automatically
computes receiver operating characteristic which can be used to evaluate
the quality of the automatically learned detection function.
You can download stegdetect from the
download page, including stegbreak and Xsteg,
the graphical frontend to stegdetect.
$ stegdetect *.jpg
cold_dvd.jpg : outguess(old)(***) jphide(*)
dscf0001.jpg : negative
dscf0002.jpg : jsteg(***)
dscf0003.jpg : jphide(***)
$ stegbreak -tj dscf0002.jpg
Loaded 1 files...
dscf0002.jpg : jsteg(wonderland)
Processed 1 files, found 1 embeddings.
Time: 36 seconds: Cracks: 324123, 8915 c/s
Further information on how stegdetect works and on how to use it can be
found in the following links.