Abstract
In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive ratio. In doing so, we process more than 40,000 image files randomly downloaded from the internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts aiming to study a large number of image files during an investigation. The results obtained shows that the ratio of false positive generated by Stegdetect depends highly on setting the sensitivity value, and it is generally quite high. This should inform the forensic expert and help to better interpret results, particularly false positives. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in ‘difference in detection’ between selected groups, close groups and different groups, of images. This method can be applied to any other steganalysis tools, which gives the analyst a better understanding of the results, especially when he has no prior information about the false positive ratio of the selected tool.
Original language | English |
---|---|
Pages (from-to) | 235-245 |
Number of pages | 11 |
Journal | Digital Investigation |
Volume | 9 |
Issue number | 3-4 |
DOIs | |
Publication status | Published - Feb 2013 |
Keywords
- Stegdetect
- steganalysis
- steganography
- digital forensics
- computer forensics
- detection
- false positive