Abstract
The main characteristic of Advanced Persistent Threats is the stealthy and long period of attack. These threats usually aim at stealing secure information and include six phases: (i) Reconnaissance, (ii) Delivery, (iii) Initial intrusion, (iv) Command and control, (v) Lateral movement, and (vi) Data exfiltration. This paper proposes an APT attack scheme that exploits image steganography, in which a malicious code is embedded into a digital image. The stego-image can be triggered by an extractor program. The most common methods of delivering malicious code to target include phishing, watering hole attack, removable drive, compromised control system, and provided system service; these can all be detected. In contrast, schemes using our steganography-based approach are less likely to be detected since there is no detecting system/software that analyzes pixel values of an image. The behavior and signature of the extractor program are very different with the other malwares. The steganography is always used to deliver secret message by building a covert channel, but this technique can also be used to hide malware. In our experiments, both stego-image analysis and extractor program are tested. We present the more efficient detection methods to countermeasure advanced persistent threat in this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aburrousa, M., Hossaina, M.A., Dahala, K., Thabtahb, F.: Intelligent phishing detection system for e-banking using fuzzy data mining. Expert Syst. Appl. 37(12), 7913–7921 (2010)
Blum, A., Wardman, B., Solorio, T., Warner, G.: Lexical feature based phishing URL detection using online learning. In: AISec ’10 Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, pp. 54–60, October 2010
Bazzell, M.: Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, 5th edn. CCI Publishing, Aarhus (2016). ISBN-13 978-1530508907
Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: International Federation for Information Processing (IFIP) International Conference on Communications and Multimedia Security, pp. 63–72 (2014)
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI ’06 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590, April 2006
Fridrich, J., Goljan, M., Du, R.: Detecting LSB steganography in color, and gray-scale images. IEEE MultiMed. 8(4), 22–28 (2001)
Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5(2), 56–64 (2014)
Hong, J.: The state of phishing attacks. Commun. ACM 55(1), 74–81 (2012)
Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issue Inf. Warf. Secur. Res. 1, 80–106 (2011)
Kayarkar, H., Sanyal, S.: A survey on various data hiding techniques and their comparative analysis. ACTA Technica Corviniensis 5(3), 35–40 (2012)
Kamila, S., Roy, R., Changder, S.: A DWT based steganography scheme with image block partitioning. In: International Conference on Signal Processing and Integrated Networks (SPIN) (2015)
Kittawi, N., Al-Haj, A.: Reversible data hiding in encrypted images. In: International Conference on Information Technology (ICIT) (2017)
Kushner, D.: The real story of stuxnet. IEEE Spectr. 50(3), 48–53 (2013)
Li, X., Li, J., Li, B., Yang, B.: High-fidelity reversible data hiding scheme based on pixel-value-ordering and prediction-error- expansion. Signal Process. 93(1), 198–205 (2013)
Mao, Q., Li, F., Chang, C.-C.: Reversible data hiding with oriented and minimized distortions using cascading trellis coding. Inf. Sci. 317, 170–180 (2015)
Ross, R.S.: Managing information security risk: organization, mission, and information system view. National Institute of Standards and Technology (NIST) Report Number 800-39, March 2011
Saini, L.K., Shrivastava, V.: A survey of digital watermarking techniques and its applications. In: International Joint Conference On Science And Technology (IJCST), May–June 2014, vol. 2(3), pp. 70–73
Sutaone, M.S., Khandare, M.V.: Image based steganography using LSB insertion technique. In: IET Conference on Wireless, Mobile and Multimedia Networks, pp. 146–151 (2008)
Thakur, K., Kopecky, S., Nuseir, M., Ali, M.L., Qiu, M.: Advanced Persistent Threats: Behind the Scenes. In: IEEE 3rd International Conference on Cyber Security and Cloud Computing (2016)
Tian, J.: Reversible data embedding using a difference expansion. IEEE Trans. Circuits Syst. Video Technol. 13(8), 890–896 (2003)
Westfeld, A., Pfitzmann, A.: Attacks on steganographic systems. In: Breaking the Steganographic Utilities EzStego Jsteg Steganos and S- Tools—and Some Lessons Learned. Lecture Notes in Computer Science (LNCS), vol. 1768 (1999)
Walker, M.: CEH Certified Ethical Hacker All-in-One Exam Guide, 2nd edn. McGraw-Hill Education, New York (2011). ISBN-13 978-0071772297
Yang, C-H.: Reversible data hiding in encrypted image based on frequency domain. In: Cryptology and Information Security Conference (CISC) (2014)
Zhicheng, N., Shi, Y.Q., Ansari, N., Su, W.: Reversible data hiding. IEEE Trans. Circuits Syst. Video Technology 16(3), 354–362 (2006)
iThome: First Bank ATM Heist of Taiwan. https://www.ithome.com.tw/news/107294 (2018). Accessed 17 Jan 2018
Exploit Database: Google Hacking Database. https://www.exploit-db.com/google-hacking-database (2018). Accessed 19 Jan 2018
Guillermito: Chi-square Steganography Test Tool. http://www.guillermito2.net/stegano/tools/ (2018). Accessed 19 Jan 2018
Samba.org.: Samba 4.5.9 Available for Download. https://www.samba.org/samba/history/samba-4.5.9.html (2018). Accessed 19 Jan 2018
SANS Institute InfoSec Reading Room: Social Engineering: A Means To Violate A Computer System. https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529 (2018). Accessed 19 Jan 2018
Shah, S.: Stegosploit Exploit-Delivery with Steganography and Polyglots. http://stegosploit.info/, https://www.blackhat.com/eu-15/briefings.html (2018). Accessed 19 Jan 2018
Acknowledgement
We thank Jui-Tai Wang for performing these experiments. This research was partially supported by the Ministry of Science and Technology of the Republic of China under the Grant MOST 107-2221-E-015-001-MY2-.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ko, HJ., Huang, CT., Horng, G., Wang, SJ. (2020). Embedding Advanced Persistent Threat in Steganographic Images. In: Jain, L., Peng, SL., Wang, SJ. (eds) Security with Intelligent Computing and Big-Data Services 2019. SICBS 2019. Advances in Intelligent Systems and Computing, vol 1145. Springer, Cham. https://doi.org/10.1007/978-3-030-46828-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-46828-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-46827-9
Online ISBN: 978-3-030-46828-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)