StegaSpider Surveillance System

Steganographic pattern analysis agent for detecting hidden messages on the web

The StegaSpider Surveillance System is an agent-based information warfare advisor system developed by Tristan Barnett for detecting covert communication channels on the Internet. StegaSpider, or Steganography Spider, searches for hidden messages embedded into documents on the Internet.

For example, a family photo sent between two parties online over an Internet forum would seem innocent to most users but could contain a hidden message with meeting times, building plans and bomb instructions. Automated techniques to detect these communication channels are necessary to intercept such messages.

StegaSpider was presented at Projects Day 2008 at the University of Johannesburg, making it to the final round for Top Honours Project.

“Given the wide variety of steganographic tools available for download for free off the Internet, we would be well advised to devise quicker and more efficient methods of analysis and decryption.” — Evan F. Kohlmann (terrorism consultant)

System features

StegaSpider uses a programmable logic-based agent that is parameterised using conditional statements. The agent uses these parameters to guide its Internet searches. Using steganalysis algorithms, mathematical anomalies characteristic of embedded hidden messages are reported to the user. An extensive Graphical User Interface (GUI) is used to parameterise the intelligent agent and view reports on analyses. Ease-of-use features includes a Multi-document Interface (MDI), click-and-drag functions for adding URI’s and tests, context popup menus and tool tips. An expression builder allows the user to intuitively program the intelligent agent’s behaviour.

Features of the system include:

  • Intelligent logic-based agent with multi-threaded web crawling capabilities and steganalytic modules.
  • Agent parameterisation GUI to control every aspect of the agent’s behaviours.
  • Custom-made logic-based agent programming language based on XML.
  • Reporting system indicating the likelihood of files to contain hidden messages as well as reporting on the agent’s behaviour.
  • Simulated website using generated pages and containing over 8000 test images, some innocent and others with varying difficulties of steganographic content.