Detection of Malicious Images in Production-Quality Scenarios with the SIMARGL Toolkit
Authors: 
Luca Caviglione, Martin Grabowski, Kai Gutberlet, Adrian Marzecki, Marco Zuppelli, Andreas Schaffhauser, Wojciech MazurczykAuthors Info & Claims
Luca Caviglione, Martin Grabowski, Kai Gutberlet, Adrian Marzecki, Marco Zuppelli, Andreas Schaffhauser, Wojciech MazurczykAuthors Info & ClaimsARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security
Article No.: 46, Pages 1 - 7
Abstract
An increasing trend exploits steganography to conceal payloads in digital images, e.g., to drop malicious executables or to retrieve configuration files. Due to the very attack-specific nature of the exploited hiding mechanisms, developing general detection methods is a hard task. An effective approach concerns the creation of ad-hoc solutions to be integrated within general toolkits, also to holistically face unknown threats. Therefore, this paper discusses the integration of a tool for detecting malicious contents hidden in digital images via the Invoke-PSImage technique within the Secure Intelligent Methods for Advanced Recognition of Malware and Stegomalware framework. Since the real impact of images embedding steganographic threats and the behavior of ad-hoc solutions in realistic scenarios are still unknown territories, this work also showcases a performance evaluation conducted in a nation-wide telecommunication provider. Results demonstrated the effectiveness of the approach and also support the need of modular architectures to face the emerging wave of highly-specialized threats.
References
[1]
Benedikt Boehm. 2014. Stegexpose-A tool for detecting LSB steganography. arXiv preprint arXiv:1410.6656(2014).
[2]
Luca Caviglione. 2021. Trends and challenges in network covert channels countermeasures. Applied Sciences 11, 4 (2021), 1641.
[3]
Luca Caviglione, Michał Choraś, Igino Corona, Artur Janicki, Wojciech Mazurczyk, Marek Pawlicki, and Katarzyna Wasielewska. 2020. Tight arms race: Overview of current malware threats and trends in their detection. IEEE Access 9(2020), 5371–5396.
[4]
Luca Caviglione, Wojciech Mazurczyk, Matteo Repetto, Andreas Schaffhauser, and Marco Zuppelli. 2021. Kernel-level tracing for detecting stegomalware and covert channels in Linux environments. Computer Networks 191(2021), 108010.
[5]
Aviad Cohen, Nir Nissim, and Yuval Elovici. 2020. MalJPEG: Machine learning based solution for the detection of malicious JPEG images. IEEE Access 8(2020), 19997–20011.
[6]
Danny Hendler, Shay Kels, and Amir Rubin. 2018. Detecting malicious powershell commands using deep neural networks. In Proceedings of the 2018 on Asia conference on computer and communications security. 187–197.
[7]
Donghui Hu, Liang Wang, Wenjie Jiang, Shuli Zheng, and Bin Li. 2018. A novel image steganography method via deep convolutional generative adversarial networks. IEEE Access 6(2018), 38303–38314.
[8]
Mikolaj Komisarek, Marek Pawlicki, Rafal Kozik, and Michal Choras. 2021. Machine Learning Based Approach to Anomaly and Cyberattack Detection in Streamed Network Traffic Data.J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 12, 1(2021), 3–19.
[9]
Song Luo and Malek Ben Salem. 2016. Orchestration of software-defined security services. In 2016 IEEE International Conference on Communications Workshops (ICC). IEEE, 436–441.
[10]
Xiang-Yang Luo, Dao-Shun Wang, Ping Wang, and Fen-Lin Liu. 2008. A review on blind detection for image steganography. Signal Processing 88, 9 (2008), 2138–2157.
[11]
Daniel L Marino, Chathurika S Wickramasinghe, and Milos Manic. 2018. An adversarial approach for explainable ai in intrusion detection systems. In IECON 2018-44th Annual Conference of the IEEE Industrial Electronics Society. IEEE, 3237–3243.
[12]
Wojciech Mazurczyk and Luca Caviglione. 2015. Information Hiding as a Challenge for Malware Detection. IEEE Security Privacy 13, 2 (2015), 89–93.
[13]
Maria-Elena Mihailescu, Darius Mihai, Mihai Carabas, Mikołaj Komisarek, Marek Pawlicki, Witold Hołubowicz, and Rafał Kozik. 2021. The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset. Sensors 21, 13 (2021), 4319.
[14]
Damian Puchalski, Luca Caviglione, Rafał Kozik, Adrian Marzecki, Sławomir Krawczyk, and Michał Choraś. 2020. Stegomalware detection through structural analysis of media files. In Proceedings of the 15th International Conference on Availability, Reliability and Security. 1–6.
[15]
Jiaohua Qin, Yuanjing Luo, Xuyu Xiang, Yun Tan, and Huajun Huang. 2019. Coverless Image Steganography: A Survey. IEEE Access 7(2019), 171372–171394.
[16]
Matteo Repetto, Alessandro Carrega, and Riccardo Rapuzzi. 2021. An architecture to manage security operations for digital service chains. Future Generation Computer Systems 115 (2021), 251–266.
[17]
Hadi Shiravi, Ali Shiravi, and Ali A Ghorbani. 2011. A survey of visualization systems for network security. IEEE Transactions on visualization and computer graphics 18, 8(2011), 1313–1329.
[18]
Yuqiong Sun, Susanta Nanda, and Trent Jaeger. 2015. Security-as-a-service for microservices-based cloud applications. In 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, 50–57.
[19]
Steffen Wendzel and Jörg Keller. 2014. Hidden and under control. annals of telecommunications-annales des télécommunications 69, 7(2014), 417–430.
[20]
Doris Xin, Litian Ma, Jialin Liu, Stephen Macke, Shuchen Song, and Aditya Parameswaran. 2018. Accelerating human-in-the-loop machine learning: Challenges and opportunities. In Proceedings of the second workshop on data management for end-to-end machine learning. 1–4.
[21]
Elzbieta Zielińska, Wojciech Mazurczyk, and Krzysztof Szczypiorski. 2014. Trends in Steganography. Commun. ACM 57, 3 (March 2014), 86–95.
[22]
Marco Zuppelli, Giuseppe Manco, Luca Caviglione, and Massimo Guarascio. 2021. Sanitization of Images Containing Stegomalware via Machine Learning Approaches. In Proceedings of the Italian Conference on Cybersecurity. 374–386.
Index Terms
- Detection of Malicious Images in Production-Quality Scenarios with the SIMARGL Toolkit
Recommendations
An Adaptive Steganographic Scheme for Color Images
In this paper, a new palette-based image steganography is proposed. Palette-based images such as GIF files have been widely used on the Internet and web pages such that all browsers can recognize them. Palette-based images can be used as good carriers ...
An Adaptive Steganographic Scheme for Color Images
In this paper, a new palette-based image steganography is proposed. Palette-based images such as GIF files have been widely used on the Internet and web pages such that all browsers can recognize them. Palette-based images can be used as good carriers ...
An adaptive steganographic method based on the measurement of just noticeable distortion profile
This paper presents an adaptive steganographic method based on just noticeable distortion (JND) profile measurement. According to the input requirements, our method can produce a higher quality or higher embedding capacity stego-image. In the embedding ...
Comments
Information & Contributors
Information
Published In
August 2022
1371 pages
ISBN:9781450396707
DOI:10.1145/3538969
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 23 August 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- European Commission - H2020
Conference
ARES 2022
ARES 2022: The 17th International Conference on Availability, Reliability and Security
August 23 - 26, 2022
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 294Total Downloads
- Downloads (Last 12 months)199
- Downloads (Last 6 weeks)35
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in