Research On Identification Of Steganography Software Based On Core Codes

Reliable identification of steganography software is an.important means of steganographyforensics, and it is an important complement to existing steganography forensics. Theidentification of steganography software used by the man who hid information can provideimportant technical support, and thus can help for the extraction of secret information. How toidentify a steganography software based on the own characteristics of the steganographyalgotithm is the difficulty. Based on the state of the arts of reverse analysis and steganographysoftware identification, the identification of steganography software is discussed in depth. Thecontents of this thesis are as follows.1) A framework of identification of steganography software based on core codes is proposed.Against the existing state of affairs of the lack of practical framework, a framework based on theanalysis of core codes and feature extraction is proposed. The framework first analysis the corecodes which represent the functional information of the software, and then extract the feature ofcore codes, at last, identify the steganography software by comparing the features. Thisframework considers the principle of the steganography algorithm, and identifies steganographysoftware from the perspective of the core codes, and it can help to the research of identificationof steganography software because of its versatility.2) An algorithm based on the core codes template matching is proposed. This algorithm hastwo parts: the construction of the library of core codes template and template matching. In theparts of the construction of the library, the same way of achieve the core codes is established aunified template after extracting the core codes of steganography software. Different templatesare added to the template library. In the parts of template matching, first the algorithm slices thecodes based on the dependency analyzed between the instructions, and then matches the templatewith the sliced instructions. If the matching is successful, it judges that the software has the sameway of realizing of the steganography algorithm with the template. Experiment shows that thetemplate established in the proposed algorithm can identify a variety of software which has thesame way of programming, and the template has a certain expansion.3) A steganography software identification algorithm based on compute feature of core codesis proposed. The algorithm takes the embedding flow of the steganography algorithm, especiallythe process of embedding the secrets bits into the picture as the compute feature. At the time ofidentifying a piece of software, the algorithm locates the codes which meet the compute featureof core codes of steganography software. If it can locate the codes, it judges that this softwarecan implement the function of steganography. Experiment shows that this algorithm can identifya variety of steganography software based on the LSB replacement algorithm.4) A steganography software identification algorithm based on use-define chains of corecodes is proposed. The algorithm uses dataflow analysis techniques to get the information ofhow to use and define a variable and analyze the dependency of the use and definition of avariable. And then the use-define chains of the codes is established. The similarity of thesteganography software and other software is characterized by optimal matching. Experiment shows that this algorithm can identify given steganography software and its confused versions,and it has high resilience performance to resist transformations that do not affect dataflowinformation of codes.Finally, a conclusion with a discussion of the direction for the future research is given.