Abstract. Steganography can be used to hide information in audio media both for the purposes of digital watermarking and establishing covert communication channels. Digital audio provides a suitable cover for highthroughput steganography as a result of its transient and unpredictable characteristics. Distortion measure plays an important role in audio steganalysis -the analysis and classification method of determining if an audio medium is carrying hidden information. In this paper, we propose a novel distortion metric based on Hausdorff distance. Given an audio object x which could potentially be a stego-audio object, we consider its de-noised version x as an estimate of the cover-object. We then use Hausdorff distance to measure the distortion from x to x . The distortion measurement is obtained at various wavelet decomposition levels from which we derive high-order statistics as features for a classifier to determine the presence of hidden information in an audio signal. Extensive experimental results for the Least Significant Bit (LSB) substitution based steganography tool show that the proposed algorithm has a strong discriminatory ability and the performance is significantly superior to existing methods. The proposed approach can be easily applied to other steganography tools and algorithms.
Malware, or malicious software, is capable of performing any action or command that can be expressed in code and is typically used for illicit activities, such as e-mail spamming, corporate espionage, and identity theft.Most organizations rely on anti-virus software to identify malware, which typically utilize signatures that can only identify previously-seen malware instances. We consider the detection of malware executables that are downloaded in streaming network data as a supervised machine learning problem. Using malware data collected over multiple years, we characterize the effect of concept drift and class imbalance on batch and streaming decision tree ensembles. In particular, we illustrate a surprising vulnerability generated by precisely the aspect of streaming methods that seemed most likely to help them, when compared to batch methods.
Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations avoid the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting exfiltration of sensitive data through the high speed network. We propose a multilevel approach that consists of three main components: 1) network level application identification, 2) content signature generation and detection, and 3) covert communication detection.The key scientific approach used for all the above components is applying statistical and signal processing techniques on network traffic to generate signatures and/or extract features for classification purposes. We provide a summary of the approaches used in network level application identification and content signature generation and detection and briefly describe our approach in detecting covert communications. This paper touches on these issues and outlines overall directions for our research.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.