Steganalysis of Hydan
Hydan is a steganographic tool which can be used to hide any kind of information inside executable files. In this work, we present an efficient distinguisher for it: We have developed a system that is able to detect executable files with embedded information through Hydan. Our system uses statistical analysis of instruction set distribution to distinguish between files with no hidden information and files that have been modified with Hydan. We have tested our algorithm against a mix of clean and stego-executable files. The proposed distinguisher is able to tell apart these files with a 0 ratio of false positives and negatives, thus detecting all files with hidden information through Hydan.
KeywordsDiscrete Cosine Transform Covert Channel Encrypt Message Executable File Audio Steganography
- 5.Kipper, G.: Investigator’s Guide to Steganography. CRC Press, Boca Raton (2004)Google Scholar
- 7.Naor, M., Yung, M.: Universal One-Way Hash Functions and Their Cryptographic Applications. In: Proceedings of the twenty-first annual ACM symposium on Theory of computing, pp. 33–43. ACM, New York (1989)Google Scholar
- 10.Petitcolas, F.A.P.: MP3Stego (2006) (Cited October 20, 2008), http://www.petitcolas.net/fabien/steganography
- 11.Shirali-Shahreza, M., Shirali-Shahreza, M.H.: Text Steganography In SMS. In: Int. Conference on Convergence Information Technology, pp. 2260–2265 (2007)Google Scholar
- 13.Zhu, W., Thomborson, C.: Recognition in Software Watermarking. In: Proceedings of the 4th ACM international workshop on Contents protection and security, pp. 29–36. ACM, New York (2006)Google Scholar