Forensic Image Trace Map for Image-Stego-Malware Analysis: Validation of the Effectiveness with Structured Image Sets

Forensic Image Trace Map for Image-Stego-Malware Analysis: Validation of the Effectiveness with Structured Image Sets

연구 분야: Safety

학회: IH&MMSec '24: Proceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security

Cybersecurity incident become more and more hardened with obfuscation techniques such as steganography. Especially image data is often used for malicious action such as infiltration, exfiltration and Command&Control. To allow an easy forensic assessment of steganographic images traces in Stego-Malware, we propose a Forensic Image Trace Map motivated from Trace Map in [4] from general IT forensic incident handling. The trace map for images include properties of meta data and media data traces such as used in image forensics from European Network of Forensic Science Institutes (ENFSI) [5]. The approach is validated based on four validation metrics from [4] within an informed analysis of four simple known image techniques and a test set of 10 challenging heterogeneous JPEG image samples. In the validation we structure the traces in the Forensic Image Trace Map and from the map we can conclude that out of the 9 primary traces, some are more distinctive between stego tools and their parametrization, such as file size alteration, and their combination enhances the discriminatory power. Also, some image type characteristics influence the support of individualization, the synthetic bicolour image from our test set resulted in very distinctive cover images.