Abstract
Hydan is a steganographic tool which can be used to hide any kind of information inside executable files. In this work, we present an efficient distinguisher for it: We have developed a system that is able to detect executable files with embedded information through Hydan. Our system uses statistical analysis of instruction set distribution to distinguish between files with no hidden information and files that have been modified with Hydan. We have tested our algorithm against a mix of clean and stego-executable files. The proposed distinguisher is able to tell apart these files with a 0 ratio of false positives and negatives, thus detecting all files with hidden information through Hydan.
Chapter PDF
References
Anckaert, B., De Sutter, B., Chanet, D., De Bosschere, K.: Steganography for executables and code transformation signatures. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 425–439. Springer, Heidelberg (2005)
El-Khalil, R.: Hydan: Hiding information in program binaries. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 187–199. Springer, Heidelberg (2004)
Hernandez-Castro, J.C., Lopez, I.B., Tapiador, J.M.E., Ribagorda, A.: Steganography in Games. Computers and Security 25(1), 64–71 (2006)
Johnson, N.F., Jajodia, S.: Exploring steganography: Seeing the unseen. Computer 31(2), 26–34 (1998)
Kipper, G.: Investigator’s Guide to Steganography. CRC Press, Boca Raton (2004)
Murdoch, S.J., Lewis, S.: Embedding Covert Channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005)
Naor, M., Yung, M.: Universal One-Way Hash Functions and Their Cryptographic Applications. In: Proceedings of the twenty-first annual ACM symposium on Theory of computing, pp. 33–43. ACM, New York (1989)
Peterson, W., Brown, D.: Cyclic Codes for Error Detection. Proceedings of the IRE 49(1), 228–235 (1961)
Petitcolas, F.A.P., Anderson, R.J., Kuhn, M.G.: Information Hiding:A Survey. Proceedings of the IEEE 87(7), 1062–1078 (1999)
Petitcolas, F.A.P.: MP3Stego (2006) (Cited October 20, 2008), http://www.petitcolas.net/fabien/steganography
Shirali-Shahreza, M., Shirali-Shahreza, M.H.: Text Steganography In SMS. In: Int. Conference on Convergence Information Technology, pp. 2260–2265 (2007)
Simmons, G.J.: The History of Subliminal Channels. IEEE Journal on Selected Areas in Communications 16(4), 452–462 (1998)
Zhu, W., Thomborson, C.: Recognition in Software Watermarking. In: Proceedings of the 4th ACM international workshop on Contents protection and security, pp. 29–36. ACM, New York (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Blasco, J., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A., Orellana-Quiros, M.A. (2009). Steganalysis of Hydan. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)