Digital image forensics is a young but maturing field, encompassing key areas such as camera identification, detection of forged images, and steganalysis. However, large gaps exist between academic results and applications used by practicing forensic analysts. To move academic discoveries closer to real-world implementations, it is important to use data that represent “in the wild” scenarios. For detection of stego images created from steganography apps, images generated from those apps are ideal to use. In this paper, we present our work to perform steg detection on images from mobile apps using two different approaches: “signature” detection, and machine learning methods. A principal challenge of the ML task is to create a great many of stego images from different apps with certain embedding rates. One of our main contributions is a procedure for generating a large image database by using Android emulators and reverse engineering techniques, the first time ever done. We develop algorithms and tools for signature detection on stego apps, and provide solutions to issues encountered when creating ML classifiers.
Tackling Android Stego Apps in the Wild

Conference/Workshop:
IEEE Asia-Pacific Signal and Information Processing Association, 2018, Annual Summit and Conference (APSIPA ASC)
IEEE Asia-Pacific Signal and Information Processing Association, 2018, Annual Summit and Conference (APSIPA ASC)
Journal: Proceedings, APSIPA Annual Summit and Conference 2018
Published: 2018
Primary Author: Wenhao Chen
Secondary Authors: L. Lin, M. Wu, Y. Guan, J. Newman
Type: Publication
Research Area: Digital
Related Resources
LibDroid: Summarizing information flow of Android Native Libraries via Static Analysis
With advancements in technology, people are taking advantage of mobile devices to access e-mails, search the web, and video chat. Therefore, extracting evidence from mobile phones is an important component…
Evaluating Reference Sets for Score-Based Likelihood Ratios for Camera Device Identification
An investigator wants to know if an illicit image captured by an unknown camera was taken by a person of interest’s (POI’s) phone. Score-based likelihood ratios (SLRs) have been used…
Likelihood Ratios for Categorical Evidence with Applications to Digital Forensics
In forensic investigations, the goal of evidence evaluation is often to address source-/identity-based questions in which the evidence consists of two sets of observations: one from an unknown source tied…
Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching
The recent focus of cyber security on automated detection of malware for Android apps has omitted the study of some apps used for “legitimate” purposes, such as steganography apps. Mobile…