Related post: What is steganography?
Hidden messages on the Internet
A large number of freely available tools allow messages to be secretly embedded into documents. For example, a family photo sent between two parties online over an Internet forum would seem innocent to most users but could contain a hidden message with meeting times, building plans and bomb instructions. Automated techniques to detect these communication channels are necessary to intercept such messages. StegaSpider searches suspicious websites for documents containing secret messages. StegaSpider has the potential to discover covert communication channels between nefarious individuals involved in organised crime.
How to detect hidden messages
Whenever a secret message is embedded into a computer file, it leaves behind a “footprint” that can be detected. The process of looking for hidden messages is called steganalysis. There are far too many documents and images on the internet to analyse all of them. Hence, we must focus our search on only the parts of the Internet in which hidden messages might be transferred. In order to successfully find hidden messages, we must know where to look.
Automating the search for hidden messages online
StegaSpider uses a programmable logic-based agent that is parameterised using conditional statements. The agent uses these parameters to guide its Internet searches. Aliases of suspects, the websites they frequent and keywords can be used to automate the search.
Using steganalysis algorithms, mathematical anomalies characteristic of embedded hidden messages are reported to the user. An extensive Graphical User Interface (GUI) is used to parameterise the intelligent agent and view reports on analyses. Ease-of-use features includes a Multi-document Interface (MDI), click-and-drag functions for adding URI’s and tests, context popup menus and tool tips. An expression builder allows the user to intuitively program the intelligent agent’s behaviour.
Features of the system include:
- Intelligent logic-based agent with multi-threaded web crawling capabilities and steganalytic modules.
- Agent parameterisation GUI to control every aspect of the agent’s behaviours.
- Custom-made logic-based agent programming language based on XML.
- Reporting system indicating the likelihood of files to contain hidden messages as well as reporting on the agent’s behaviour.
- Simulated website using generated pages and containing over 8000 test images, some innocent and others with varying difficulties of steganographic content.
StegaSpider was presented at Projects Day 2008 at the University of Johannesburg and made it to the final round for Top Honours Project.