On Tuning the Knobs of Distribution-Based Methods for Detecting VoIP Covert Channels

Arackaparambil, Chrisil; Yan, Guanhua; Bratus, Sergey; Çağlayan, Alper

doi:10.1109/hicss.2012.456

Cited by 7 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The "cost" for the extra reliability is a loss of some fraction of the steganographic bandwidth. Arackaparambil et al [2012] described a simple VoIP steganography method in which chosen RTP packets' payloads are replaced with a steganogram and the RTP header's sequence number, and/or timestamp fields are intentionally changed to make them appear as if they were excessively delayed by the network. This solution can be treated as a variation of the LACK method described above.…”

Section: Hybrid Methods (S3)mentioning

confidence: 99%

“…Experimental results showed that the subspace-based model proved to be very simple and yielded very good performance, while the convex set-based one was more powerful, but more timeconsuming. Arackaparambil et al [2012] analysed how in distribution-based steganalysis, the length of the window of the detection threshold and in which the distribution is measured, should be depicted to provide the greatest chance for success. The results obtained showed how these two parameters should be set for achieving a high rate of detection, whilst maintaining a low rate of false positives.…”

Section: Voip Steganalysismentioning

confidence: 99%

See 1 more Smart Citation

VoIP steganography and its Detection—A survey

Mazurczyk

2013

ACM Comput. Surv.

View full text Add to dashboard Cite

Steganography is an ancient art that encompasses various techniques of information hiding, the aim of which is to embed secret information into a carrier message. Steganographic methods are usually aimed at hiding the very existence of the communication. Due to the rise in popularity of IP telephony, together with the large volume of data and variety of protocols involved, it is currently attracting the attention of the research community as a perfect carrier for steganographic purposes. This paper is a first survey of the existing VoIP steganography methods and their countermeasures. include circumvention of web censorship and surveillance, computer/network forensics, or copyright protection. Techniques can be used with VoIP to improve its resistance to packet losses and improve voice quality [Aoki 2003;2004], extend communication bandwidth [Aoki 2007] or provide means for secure cryptographic key distribution [Huang et al. 2011a].The expansion of TCP/IP networks opened up many possibilities for covert communication due to changes in the traditional circuit-switched networks paradigm; services/applications are created by the network users rather than by the network itself, the transport and control functions are not separated and can be

show abstract

Section: Hybrid Methods (S3)mentioning

confidence: 99%

Section: Voip Steganalysismentioning

confidence: 99%

VoIP steganography and its Detection—A survey

Mazurczyk

2013

ACM Comput. Surv.

View full text Add to dashboard Cite

show abstract

“…Arackaparambil et al analyzed how, in distribution‐based steganalysis, the length of the window of the detection threshold and in which the distribution was measured should be depicted to provide the greatest chance of success. The results obtained showed how these two parameters should be set for achieving a high rate of detection, while maintaining a low rate of false positives.…”

Section: Related Workmentioning

confidence: 99%

On the undetectability of transcoding steganography

Janicki

Mazurczyk

Szczypiorski

2015

Security Comm Networks

View full text Add to dashboard Cite

Transcoding Steganography (TranSteg) is a fairly new IP telephony steganographic method that is characterized by a high steganographic bandwidth, low introduced distortions, and high undetectability. TranSteg utilizes compression of the overt data to free space for the secret data bits. In this paper, we focus on evaluating different possibilities for TranSteg detection. Building on the previous works, we perform a wide analysis of different steganalysis methods to assess the possibility of TranSteg detection and identify the most 'undetectable' pairs of voice codecs.

show abstract

“…We assume that for the purposes of this paper it is not crucial which steganogram spreading mechanism is used, and thus it is out of the scope of this work. (1), typically transcoded (2), and encoded with covert codec (3) The performance of TranSteg depends, most notably, on the characteristics of the pair of codecs: the overt codec originally used to encode user speech and the covert codec utilized for transcoding. In ideal conditions the covert codec should not significantly degrade user voice quality compared to the quality of the overt codec (in an ideal situation there should be no negative influence at all).…”

Section: Introductionmentioning

confidence: 99%

Steganalysis of transcoding steganography

2013

View full text Add to dashboard Cite

Transcoding steganography (TranSteg) is a fairly new IP telephony steganographic method that functions by compressing overt (voice) data to make space for the steganogram by means of transcoding. It offers high steganographic bandwidth, retains good voice quality, and is generally harder to detect than other existing VoIP steganographic methods. In TranSteg, after the steganogram reaches the receiver, the hidden information is extracted, and the speech data is practically restored to what was originally sent. This is a huge advantage compared with other existing VoIP steganographic methods, where the hidden data can be extracted and removed, but the original data cannot be restored because it was previously erased due to a hidden data insertion process. In this paper, we address the issue of steganalysis of TranSteg. Various TranSteg scenarios and possibilities of warden(s) localization are analyzed with regards to the TranSteg detection. A novel steganalysis method based on Gaussian mixture models and melfrequency cepstral coefficients was developed and tested for various overt/covert codec pairs in a single warden scenario with double transcoding. The proposed method allowed for efficient detection of some codec pairs (e.g., G.711/G.729), while some others remained more resistant to detection (e.g., iLBC/AMR).

show abstract

On Tuning the Knobs of Distribution-Based Methods for Detecting VoIP Covert Channels

Cited by 7 publications

References 16 publications

VoIP steganography and its Detection—A survey

VoIP steganography and its Detection—A survey

On the undetectability of transcoding steganography

Steganalysis of transcoding steganography

Contact Info

Product

Resources

About