Skip to content

Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching

Conference/Workshop:
IEEE Conference on Communications and Network Security (CNS)
Published: 2021
Primary Author: Wenhao Chen
Secondary Authors: Li Lin, Jennifer Newman, Yong Guan
Research Area: Digital

The recent focus of cyber security on automated detection of malware for Android apps has omitted the study of some apps used for “legitimate” purposes, such as steganography apps. Mobile steganography apps can be used for delivering harmful messages, and while current research on steganalysis targets the detection of stego images using academic algorithms and well-built benchmarking image data sets, the community has overlooked uncovering a mobile app itself for its ability to perform steganographic embedding. Developing automatic tools for identifying the code in a suspect app as a stego app can be very challenging: steganography algorithms can be represented in a variety of ways, and there exists many image editing algorithms which appear similar to steganography algorithms.This paper proposes the first automated approach to detect Android steganography apps. We use symbolic execution to summarize an app’s image operation behavior into expression trees, and match the extracted expression trees with reference trees that represents the expected behavior of a steganography embedding process. We use a structural feature based similarity measure to calculate the similarity between expression trees. Our experiments show that, the propose approach can detect real world Android stego apps that implement common spatial domain and frequency domain embedding algorithms with a high degree of accuracy. Furthermore, our procedure describes a general framework that has the potential to be applied to other similar questions when studying program behaviors.

Related Resources

Source Camera Identification with Multi-Camera Smartphones

Source Camera Identification with Multi-Camera Smartphones

An overview of source camera identification on multi-camera smartphones, and introduction to the new CSAFE multi-camera smartphone image database, and a summary of recent results on the iPhone 14 Pro’s.
An Anti-Fuzzing Approach for Android Apps

An Anti-Fuzzing Approach for Android Apps

One of significant mobile app forensic analysis problems is the app evidence extraction from the device. Given the fact that mobile apps could generate more than 19K files in a…
Forensic Analysis of Android Cryptocurrency Wallet Applications

Forensic Analysis of Android Cryptocurrency Wallet Applications

Crypto wallet apps that integrate with various block-chains allow the users to make digital currencies transaction with QR codes. According to reports from financesonline [3], there is over 68 million…
Variations and Extensions of Information Leakage Metrics with Applications to Privacy Problems with Imperfect Statistical Information

Variations and Extensions of Information Leakage Metrics with Applications to Privacy Problems with Imperfect Statistical Information

The conventional information leakage metrics assume that an adversary has complete knowledge of the distribution of the mechanism used to disclose information correlated with the sensitive attributes of a system.…