City Research Online

Steganalysis of Hydan

Blasco, J., Hernandez-Castro, J. C., Tapiador, J. M. E., Ribagorda, A. and Orellana-Quiros, M. A. (2009). Steganalysis of Hydan. IFIP Advances in Information and Communication Technology, 297, pp. 132-142. doi: 10.1007/978-3-642-01244-0_12

Abstract

Hydan is a steganographic tool which can be used to hide any kind of information inside executable files. In this work, we present an efficient distinguisher for it: We have developed a system that is able to detect executable files with embedded information through Hydan. Our system uses statistical analysis of instruction set distribution to distinguish between files with no hidden information and files that have been modified with Hydan. We have tested our algorithm against a mix of clean and stego-executable files. The proposed distinguisher is able to tell apart these files with a 0 ratio of false positives and negatives, thus detecting all files with hidden information through Hydan.

Publication Type: Article
Additional Information: The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-01244-0_12
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments: School of Mathematics, Computer Science & Engineering > Engineering
School of Mathematics, Computer Science & Engineering > Engineering > Electrical & Electronic Engineering
URI: http://openaccess.city.ac.uk/id/eprint/13755
[img]
Preview
Text - Accepted Version
Download (349kB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login