Skip to main content
SpringerLink
Log in

Embedding Advanced Persistent Threat in Steganographic Images

  • Conference paper
  • First Online:
Security with Intelligent Computing and Big-Data Services 2019 (SICBS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1145))

  • 369 Accesses

Abstract

The main characteristic of Advanced Persistent Threats is the stealthy and long period of attack. These threats usually aim at stealing secure information and include six phases: (i) Reconnaissance, (ii) Delivery, (iii) Initial intrusion, (iv) Command and control, (v) Lateral movement, and (vi) Data exfiltration. This paper proposes an APT attack scheme that exploits image steganography, in which a malicious code is embedded into a digital image. The stego-image can be triggered by an extractor program. The most common methods of delivering malicious code to target include phishing, watering hole attack, removable drive, compromised control system, and provided system service; these can all be detected. In contrast, schemes using our steganography-based approach are less likely to be detected since there is no detecting system/software that analyzes pixel values of an image. The behavior and signature of the extractor program are very different with the other malwares. The steganography is always used to deliver secret message by building a covert channel, but this technique can also be used to hide malware. In our experiments, both stego-image analysis and extractor program are tested. We present the more efficient detection methods to countermeasure advanced persistent threat in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aburrousa, M., Hossaina, M.A., Dahala, K., Thabtahb, F.: Intelligent phishing detection system for e-banking using fuzzy data mining. Expert Syst. Appl. 37(12), 7913–7921 (2010)

    Article  Google Scholar 

  2. Blum, A., Wardman, B., Solorio, T., Warner, G.: Lexical feature based phishing URL detection using online learning. In: AISec ’10 Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, pp. 54–60, October 2010

    Google Scholar 

  3. Bazzell, M.: Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, 5th edn. CCI Publishing, Aarhus (2016). ISBN-13 978-1530508907

    Google Scholar 

  4. Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: International Federation for Information Processing (IFIP) International Conference on Communications and Multimedia Security, pp. 63–72 (2014)

    Google Scholar 

  5. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI ’06 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590, April 2006

    Google Scholar 

  6. Fridrich, J., Goljan, M., Du, R.: Detecting LSB steganography in color, and gray-scale images. IEEE MultiMed. 8(4), 22–28 (2001)

    Article  Google Scholar 

  7. Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5(2), 56–64 (2014)

    Google Scholar 

  8. Hong, J.: The state of phishing attacks. Commun. ACM 55(1), 74–81 (2012)

    Article  Google Scholar 

  9. Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issue Inf. Warf. Secur. Res. 1, 80–106 (2011)

    Google Scholar 

  10. Kayarkar, H., Sanyal, S.: A survey on various data hiding techniques and their comparative analysis. ACTA Technica Corviniensis 5(3), 35–40 (2012)

    Google Scholar 

  11. Kamila, S., Roy, R., Changder, S.: A DWT based steganography scheme with image block partitioning. In: International Conference on Signal Processing and Integrated Networks (SPIN) (2015)

    Google Scholar 

  12. Kittawi, N., Al-Haj, A.: Reversible data hiding in encrypted images. In: International Conference on Information Technology (ICIT) (2017)

    Google Scholar 

  13. Kushner, D.: The real story of stuxnet. IEEE Spectr. 50(3), 48–53 (2013)

    Article  Google Scholar 

  14. Li, X., Li, J., Li, B., Yang, B.: High-fidelity reversible data hiding scheme based on pixel-value-ordering and prediction-error- expansion. Signal Process. 93(1), 198–205 (2013)

    Article  Google Scholar 

  15. Mao, Q., Li, F., Chang, C.-C.: Reversible data hiding with oriented and minimized distortions using cascading trellis coding. Inf. Sci. 317, 170–180 (2015)

    Article  Google Scholar 

  16. Ross, R.S.: Managing information security risk: organization, mission, and information system view. National Institute of Standards and Technology (NIST) Report Number 800-39, March 2011

    Google Scholar 

  17. Saini, L.K., Shrivastava, V.: A survey of digital watermarking techniques and its applications. In: International Joint Conference On Science And Technology (IJCST), May–June 2014, vol. 2(3), pp. 70–73

    Google Scholar 

  18. Sutaone, M.S., Khandare, M.V.: Image based steganography using LSB insertion technique. In: IET Conference on Wireless, Mobile and Multimedia Networks, pp. 146–151 (2008)

    Google Scholar 

  19. Thakur, K., Kopecky, S., Nuseir, M., Ali, M.L., Qiu, M.: Advanced Persistent Threats: Behind the Scenes. In: IEEE 3rd International Conference on Cyber Security and Cloud Computing (2016)

    Google Scholar 

  20. Tian, J.: Reversible data embedding using a difference expansion. IEEE Trans. Circuits Syst. Video Technol. 13(8), 890–896 (2003)

    Article  Google Scholar 

  21. Westfeld, A., Pfitzmann, A.: Attacks on steganographic systems. In: Breaking the Steganographic Utilities EzStego Jsteg Steganos and S- Tools—and Some Lessons Learned. Lecture Notes in Computer Science (LNCS), vol. 1768 (1999)

    Google Scholar 

  22. Walker, M.: CEH Certified Ethical Hacker All-in-One Exam Guide, 2nd edn. McGraw-Hill Education, New York (2011). ISBN-13 978-0071772297

    Google Scholar 

  23. Yang, C-H.: Reversible data hiding in encrypted image based on frequency domain. In: Cryptology and Information Security Conference (CISC) (2014)

    Google Scholar 

  24. Zhicheng, N., Shi, Y.Q., Ansari, N., Su, W.: Reversible data hiding. IEEE Trans. Circuits Syst. Video Technology 16(3), 354–362 (2006)

    Article  Google Scholar 

  25. iThome: First Bank ATM Heist of Taiwan. https://www.ithome.com.tw/news/107294 (2018). Accessed 17 Jan 2018

  26. Exploit Database: Google Hacking Database. https://www.exploit-db.com/google-hacking-database (2018). Accessed 19 Jan 2018

  27. Guillermito: Chi-square Steganography Test Tool. http://www.guillermito2.net/stegano/tools/ (2018). Accessed 19 Jan 2018

  28. Samba.org.: Samba 4.5.9 Available for Download. https://www.samba.org/samba/history/samba-4.5.9.html (2018). Accessed 19 Jan 2018

  29. SANS Institute InfoSec Reading Room: Social Engineering: A Means To Violate A Computer System. https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529 (2018). Accessed 19 Jan 2018

  30. Shah, S.: Stegosploit Exploit-Delivery with Steganography and Polyglots. http://stegosploit.info/, https://www.blackhat.com/eu-15/briefings.html (2018). Accessed 19 Jan 2018

Download references

Acknowledgement

We thank Jui-Tai Wang for performing these experiments. This research was partially supported by the Ministry of Science and Technology of the Republic of China under the Grant MOST 107-2221-E-015-001-MY2-.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Chung-Hsing University, Taichung City, Taiwan

    Hung-Jui Ko & Gwoboa Horng

  2. Department of Information Management, Oriental Institute of Technology, New Taipei City, Taiwan

    Cheng-Ta Huang

  3. Department of Information Management, Central Police University, Taoyuan City, Taiwan

    Shiuh-Jeng Wang

Authors
  1. Hung-Jui Ko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cheng-Ta Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gwoboa Horng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shiuh-Jeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shiuh-Jeng Wang .

Editor information

Editors and Affiliations

  1. University of Technology Sydney, Broadway, NSW, Australia

    Lakhmi C. Jain

  2. CSIE Department, National Dong Hwa University, Hualien City, Taiwan

    Sheng-Lung Peng

  3. Central Police University, Taoyuan City, Taiwan

    Shiuh-Jeng Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ko, HJ., Huang, CT., Horng, G., Wang, SJ. (2020). Embedding Advanced Persistent Threat in Steganographic Images. In: Jain, L., Peng, SL., Wang, SJ. (eds) Security with Intelligent Computing and Big-Data Services 2019. SICBS 2019. Advances in Intelligent Systems and Computing, vol 1145. Springer, Cham. https://doi.org/10.1007/978-3-030-46828-6_1

Download citation

Publish with us

Policies and ethics

Search

Navigation