Text Steganography Methods and their Influence in Malware: A Comprehensive Overview and Evaluation

Text Steganography Methods and their Influence in Malware: A Comprehensive Overview and Evaluation

연구 분야: Strategies

학회: IH&MMSec '24: Proceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security

Steganography describes techniques and algorithms for hiding secret information in a cover medium such as images, audio or text files. Malware that makes use of steganographic techniques, known as stegomalware, is becoming increasingly common. This paper provides a comprehensive analysis of various text steganography methods and their application in the context of stegomalware. We give an extensive overview of occurrences of text stegomalware in the real world and the steganographic methods used in these attacks. The cover text includes any files or data containing natural language text or machine-readable digital texts and source code such as HTML, CSS, JavaScript, etc. A categorical overview of known text steganography methods is presented, whereas text steganography techniques are classified into the categories insertion, substitution, permutation and generation. For each category, selected representatives have been practically implemented and tested with different cover text files and messages of varying lengths. The authors also look at real-world applications and instances of stegomalware that utilize these methods. The paper reveals that while there is a vast array of text steganography methods, only a few are used in practice. To assess the strengths and weaknesses of each method, the evaluation is based on the metrics capacity, imperceptibility and robustness, which are commonly used to evaluate steganographic methods, and additionally complexity. The evaluation results show the performance of each method based on the defined metrics. We further discuss possible countermeasures and their effect on each steganography method. The analysis also shows that with the rise of machine learning and large language models, text steganography methods might become more common in the future.