Int. J. Inf. Secur. (2009) 8:433445 DOI 10.

1007/s10207-009-0089-y

REGULAR CONTRIBUTION

Secure steganography based on embedding capacity

Hedieh Sajedi Mansour Jamzad

Published online: 15 August 2009 Springer-Verlag 2009

Abstract Mostly the embedding capacity of steganography methods is assessed in non-zero DCT coefcients. Due to unequal distribution of non-zero DCT coefcients in images with different contents, images with the same number of nonzero DCT coefcients may have different actual embedding capacities. This paper introduces embedding capacity as a property of images in the presence of multiple steganalyzers, and discusses a method for computing embedding capacity of cover images. Using the capacity constraint, embedding can be done more secure than the state when the embedder does not know how much data can be hidden securely in an image. In our proposed approach, an ensemble system that uses different steganalyzer units determines the security limits for embedding in cover images. In this system, each steganalyzer unit is formed by a combination of multiple steganalyzers from the same type, which are sensitive to different payloads. The condence of each steganalyzer on an image leads us to determine the upper bound of embedding rate for the image. Considering embedding capacity, the steganographer can minimize the risk of detection by selecting a proper cover image that is secure for a certain payload. Moreover, we analyzed the relation between complexity and embedding capacity of images. Experimental results showed the effectiveness of the proposed approach in enhancing the security of stego images. Keywords Steganalysis Steganography Embedding capacity Support vector machine Ensemble method Image complexity
H. Sajedi (B) M. Jamzad Department of Computer Engineering, Sharif University of Technology, Tehran, Iran e-mail: a_sajedi@ce.sharif.edu M. Jamzad e-mail: jamzad@sharif.edu

1 Introduction Steganography is the art and science of hiding a secret data in such a way that no one, except the intended recipient knows the existence of the data [1]. It utilizes a typical digital media such as text, image, audio, video, and multimedia as a carrier for a secret data. The success of steganography methods depends upon the carrier medium not to attract attention. Different image steganography methods have been proposed in the literature. Embedding techniques in discrete cosine transform (DCT) domain are popular because of the large usage of JPEG images. Embedding in various steganography methods such as F5 [2], model based (MB) [3], perturbed quantization (PQ) [4], and YASS [5] is done by modifying some properly selected DCT coefcients. Some other steganography methods embed secret data in other transform domains. For example, a Contourlet-based steganography method [6] embeds secret data in contourlet coefcients of an image. The goal of steganalysis methods is to detect the presence of hidden data from the observed media. Steganalyzers have achieved great advances in the past few years and a number of efcient steganalysis techniques have been proposed. Statistical steganalysis schemes work by evaluating a suspected stego image against an assumed or computed cover distribution or model. Blind statistical steganalysis methods use a supervised learning technique trained on features derived from the cover as well as the stego images. In order to have secure communication in the presence of blind steganalysis methods, the steganographer must embed secret data into a cover image in such a way that the statistical features of the cover image are not significantly perturbed during the embedding process. It is shown in [7] that, when the embedding data size gets larger than a threshold then it becomes easier for a

123

434

H. Sajedi, M. Jamzad

steganalysis technique to detect the presence of the hidden data. This gives an upper bound limit for embedding capacity, such that if the hidden data size is less than that upper bound, we may claim that the stego image is safe and the steganalysis methods cannot detect it. Embedding capacity is the key measure to compare the performance of different data embedding algorithms. In general sense, it is the maximum data size that can be securely embedded in an image with respect to certain constraints. It is shown in [8] that the average embedding capacity of existing steganography methods for grayscale JPEG images with quality factor of 70 is approximately 0.05 bits per nonzero AC DCT coefcient. Until now, embedding capacity has been considered as a property of steganography methods [710]. However, using a steganography technique, there is no guaranty that if two images have equal number of non-zero DCT coefcients, they have the same embedding capacities. Consequently, since the distribution of non-zero DCT coefcients may differ in different images, the embedding capacity should be considered relative to the images. Therefore, the embedding capacity may not be associated to a steganography method rather it depends on the content of images. Furthermore, a high-performance steganography method is the one that in average case, its produced stego images may be detected by the steganalyzers randomly (with a probability around 0.5). However, there is no guarantee that a specic stego image could not be detected reliably by the steganalyzers. Furthermore, there is not any criterion to know how much secret data one can embed in a given cover image securely. For example, if the steganographer wants to embed a secret data with size of 5,000 bits in a certain cover image, he does not know if the resulted stego image will be secure or not. Maybe had he selected another cover image, its stego version would have been misclassied by steganalysis methods. 1.1 Our contribution In this paper, we propose a structure that guarantees the security of stego images in embedding a certain payload against the existing steganalyzers. First, we determine the embedding capacity of an image regarding to the efcient and well-known steganalysis methods and then we clarify cover selection steganography based on embedding capacity. In other viewpoint, for embedding a determined size secret data, the steganography method can check an image database and suggest a set of proper cover images for embedding. This strategy can be combined with all the existing steganography methods as a preprocessing step. We should note that the embedding capacity of an image depends on its content, the steganography method used and the steganalysis algorithms. Due to the complexity of steganography and progressive strength of steganalysis algorithms, it becomes a challenge

to develop secure steganography techniques. We aim to provide a solution for this problem by determining the embedding capacity of images using an ensemble classier method. Considering the embedding capacity of an image, the steganographer can securely embed a secret data, which its size is smaller than or equal to the embedding capacity of the cover image. An ensemble classier is often used for boosting weak classiers, such as decision tree, neural networks, etc. [11]. Ensemble learning is the aggregation of multiple learned models with the goal of improving accuracy. In our work, each weak classier is a steganalyzer and our intent is to distinguish between the secure and non-secure limits of embedding rate in an image. Each steganalyzer is a voter (determinant) on whether an image is clean or stego. The combination of vote by all the steganalyzers in the ensemble determines the embedding capacity of a cover image. If the steganalyzers agree with each other that a stego image is a cover (clean) image (e.g. false negative), the goal of the steganography is satised. Therefore, we can increase the size of embedded data in an image until the distortion of image features does not overrun a safety threshold. We arranged an experiment to investigate the relation between the image complexity of a cover image and the detectability of the corresponding stego image against steganalyzers. The experimental results suggest that in order to obtain higher embedding capacity, we shall select cover images among middle and high-complexity images. To evaluate the effect of proposed embedding capacity measure on security of steganography methods, we performed different experiments. The results showed the efciency of the proposed approach in enhancing the security of stego images. The remainder of this paper is organized as follows. Section 2 describes previous works in dening embedding capacity, steganalysis methods, ensemble methods, and SVM classier briey. In Sect. 3, we introduce the embedding security definition and describe how to calculate the embedding capacity based on embedding security definition. Cover selection steganography method is also discussed in Sect. 3. Experimental results are given in Sect. 4 and nally, we conclude our work in Sect. 5.

2 Background 2.1 Previous works A number of ways to compute the embedding capacity have been proposed previously [7,9,10,13]. In [7] the definition of embedding capacity is presented from a steganalysis perspective. This work argues that as the main goal of steganography

123

Secure steganography based on embedding capacity

435

is hidden communications, embedding capacity is dependent on the type of steganalysis detector employed to break the embedding algorithm. It denes -security so that in presence of a steganalysis detector D, a steganography algorithm is said to be perfectly secure if D = 0. The work in [9] denes a steganography method to be -secure ( 0) if the relative entropy between the cover and the stego probability distributions (Pc and Ps , respectively) is at most , i.e., D(Pc |Ps ) = Pc log Pc Ps (1)

A stego technique is said to be perfectly secure if = 0. This definition assumes that cover and stego images are independent identically distributed (i.i.d.) random variables. This assumption is not true for many real life cover signals [7]. One approach to rectify this is to put the constraint that the relative entropy computed using the nth order joint probability distributions must be less than n . Then one can force a steganography technique to preserve the n order distribution. However, it may be possible to use (n + 1) order statistics for steganalysis. Estimations for embedding capacity of images, based on a parallel Gaussian model in the transform domain is provided by Moulin and Mihcak [10]. Batch steganography generalizes the problems of hiding and detecting secret data to multiple cover objects [12]. Ker in [13] denes batch-embedding capacity and theoretically proves that the size of secret data can safely increase no faster than the square root of the number of cover images. 2.2 Steganalysis methods Steganalysis methods seek to analyze an image to decide whether a secret data has been embedded in it. Consequently, steganalysis can be considered as a two-class classication problem [14]. At the heart of every steganalyzer there is a classier, which given an image feature vector, decides whether the image contains any secret messages. Essentially, there are two approaches to steganalysis: one is to come up with a steganalysis method specic for a particular steganography technique. The other is developing universal techniques that are effective for all steganography methods [15]. Specic steganalysis methods concentrate on image features, which are modied by the embedding algorithm. Although a steganalysis technique specic to an embedding method would give good results when tested only on that embedding method, but it might fail on all other steganography methods. Universal steganalysis techniques work by designing a classier based on a training set of cover images and stego images obtained from a variety of different embedding algorithms. Classication is done based on some inherent

features of cover images. These features may be modied when an image undergoes an embedding process. A number of universal steganalysis techniques are proposed in the literature. These techniques differ in the feature sets they consider for capturing the image statistics. For example, Martin et al. [14] calculates several binary similarity measures between the seventh and eighth bit planes of an image. Steganalyzers in [17,18] obtain a number of statistics from an image that is decomposed by wavelet. On the other hand, [19] utilizes statistics of DCT coefcients as well as spatial domain statistics. It is observed in [15,16] that the universal steganalysis techniques do not perform equally over all embedding techniques. In addition, they are not able to distinguish perfectly between cover and stego images. A powerful steganalyzer is able to detect the presence of an embedded data in an image with high accuracy. This implies that the embedding method employed to hide the data is insecure. In practice, since the steganalyst is not able to know what steganography technique has been employed, he has to deploy several techniques on suspected stego images. In availability of different steganalysis techniques that extract non-overlapping feature sets for analysis, each one makes mistakes independently of the rest. As a solution to this problem, we investigate how steganalyzers can incorporate together with the help of ensemble methods. 2.3 Ensemble methods In the area of machine learning, the concept of combining classiers is proposed to improve the performance of individual classiers. These classiers could be based on a variety of classication methodologies, and could achieve different rates of correctly classied data instances. The goal of an ensemble method that integrates the results of classiers is to generate more certain, precise and accurate results [20]. Ensemble learning refers to a collection of methods that learn a target function by training a number of individual learners and combining their predictions. Ensemble learning has some benets as below [21]: Accuracy: a more reliable classication result can be obtained by combining the output of multiple classiers. Furthermore, uncorrelated errors of individual classiers can be eliminated. Efciency: a complex problem can be decomposed into multiple sub-problems that are easier to understand and solve (divide-and-conquer approach). There is not a single model of classier that works for all pattern recognition problems. To solve hard problems the desired target function may not be implementable with individual classiers, but may be approximated by ensemble classiers.

123

436

H. Sajedi, M. Jamzad

modied, the type of embedding operation, and the amount of changes imposed to the cover image. Steganography is a two-class classication problem. In two-class namely, stego and cover image classication, the classier decides about the observed images based on Eq. (3) as the following: I stego, P(I stego|X I ) > 0.5 decision = no-decision, P(I cover|X I ) = 0.5 I cover, P(I cover|X I ) > 0.5

(3)

Fig. 1 A SVM trained with samples from two classes [20]. Two support vectors (data points) are shown in black circles on the border of left and right boundary lines

where P(I stego|X I ) is the posterior probability of image I represented by feature vector X I carrying a secret data. Since there are only two classes available (i.e. cover or stego), we have: P(I cover |X I ) = 1 P(I stego|X I ) (4)

2.4 Support vector machine (SVM) A classication task usually involves with training and testing data, which consist of several data instances. Each instance in the training set contains one target value (class labels) and several attributes (features). SVM is a very powerful learning tool in solving binary classication problems [2224]. The goal of SVM is to produce a model, which predicts target value of data instances in the testing set given only the attributes [25]. Here training vectors X I are mapped into a higher dimensional space. Then SVM nds a linear separating hyper-plane with the maximal margin in this higher dimensional space. The radial basis function (RBF) kernel nonlinearly maps data instances into a higher dimensional space. Therefore, unlike the linear kernel (a special case of RBF), it can handle the case when the relation between class labels and attributes is nonlinear. The RBF kernel is dened by Eq. (2). K (x, y) = exp( x y 2 ), > 0 (2)

To determine the security, rst, we compose a steganalyzer unit that is a multiple classier system. Combining different classiers to make an ensemble, we can benet from better classication performance than individual classiers and more resilience to noise. Each vote (detection result) is the condence of a classier on classifying an image to clean or stego class. The result of a steganalyzer that uses SVM classier is obtained as follows: I stego, d j (I ) > 0 decision = no-decision, d j (I ) = 0 I cover, d j (I ) < 0

(5)

Figure 1 shows a SVM for a two-class classication problem. Samples on the margins are called support vectors. Support vectors (a subset of training samples) are the data points that lie closest to the decision surface and they are the most difcult to classify. In addition, they have direct bearing on the optimum location of the decision surface.

where d j (I ) is the distance of an image in feature space from the jth decision hyper-plane between clean and stego images. The result of multiple steganalyzers can be combined using schemes such as the sum, average, or maximum rule. We consider the maximum result of all the steganalyzers as the result of the whole steganalyzer unit as the following: d = max(d j (X I )) (6)

3 Proposed approach 3.1 Embedding security We dene embedding security as follows. A stego image has embedding security when the embedded secret data is undetectable by steganalyzers. Embedding security is mostly inuenced by the places within the cover image that might be

Secure upper bound for embedding in an image is determined regarding to the maximum distance of the image from all the steganalyzer discriminant hyper-planes. This distance shows the closeness of the image to the unsafe region in feature space (stego space). If d > 0, it demonstrates that the security of the stego image is threatened by at least one of the steganalyzers. Consequently, if d 0, the stego image has embedding security and it cannot be recognized by any of the steganalyzers. In this definition, we treat cautiously and if the stego image is recognized by even one of the steganalyzers, we consider the stego image insecure.

123

Secure steganography based on embedding capacity Fig. 2 The structure of ensemble steganalyzer for determining the security of embedding in an image

437

3.2 Embedding capacity With the definition of embedding security, we are now ready to dene embedding capacity regarding to this definition. Embedding capacity is the upper limit of embedding rate that if the size of hidden data goes over that limit, the stego image can be recognized by a steganalyzer. We combine some moderately inaccurate base classiers (steganalyzers) into a combined predictor to determine the upper bound of embedding capacity of an image. Embedding capacity of an image may differ using various steganography methods. Therefore, to have a safe covert communication, each steganography method is allowed to continue embedding in the image until steganalysis algorithms do not threaten the security of the image. The steganography security scheme, which is based on an ensemble steganalyzer, is constructed according to the steganalysis methods in the literature:

3.

sis technique, which has 23-dimensional feature vector (23-dim) [19], obtains a set of distinguishing features from DCT and spatial domains. Since Markov-DCTbased steganalysis method is stronger than the 23-dim steganalyzer [27], we do not use 23-dim steganalysis method in the structure of the ensemble steganalyzer. 324-dimensional feature vector steganalysis method (324-dim) proposed by Chen et al. [28], which is an improvement of the 39 dimensional feature vector method [29], based on statistical moments of wavelet characteristic functions.

1.

2.

Wavelet-based steganalysis method (WBS) proposed by Lyu and Farid [17] where in the feature extraction part of this method, statistics such as mean, variance, skewness, and kurtosis are calculated from each wavelet decomposition sub-band of an image. WBS extracts 24 features for classication. Markov-DCT-based steganalysis method (274-dim) has a 274-dimensional feature vector that merges Markov and DCT features of an image [26]. Another steganaly-

Figure 2 shows the structure of the ensemble steganalyzer. Using this structure, we expect that the embedding capacity determined in this manner can be valid for upcoming steganalysis methods and this combination ll some gaps between feature spaces of the steganalyzers and can provide a suitable computation for secure capacity regarding to the advantage of steganalysis methods. Figure 3 shows the state of a steganalyzer unit in its feature space. In each unit, some SVM classiers separate the feature space into two parts of clean and stego spaces. If a stego image in feature space resides in the clean side close to the hyper-plane discriminator line, it is a secure stego image that is misclassied by the classier. In the presence of multiple classiers, each one is a discriminator between certain payload stego images and clean images. Gray part in Fig. 3 shows the safe region for stego images. To explain the operation

123

438

H. Sajedi, M. Jamzad

Fig. 3 Hyper-planes (discriminants) of a steganalyzer unit in its feature space

of each steganalyzer unit we show the structure with linear SVMs but in the real application, for each steganalyzer with certain payload, a nonlinear SVM is trained to classify clean and stego images. The distance of an image in feature space from decision boundary of SVM classier, represents the condence of the vote of SVM. The vote is positive if the image is recognized as a stego image; otherwise, it is negative. We assume that if a steganalyzer classies clean images and stego images with payload of 1,000 bits, this classier can correctly detect stego images with a higher payload, as well. To prove the assumption we did some experiments and veried this assumption. However, the accuracy of a steganalyzer trained with a certain payload, in detection of stego images with higher payloads is not much high. To have higher detection accuracy we train one classier for each quantized payload and let a cascade classier to detect stego images. We call each cascade classier a steganalyzer unit. The result of a steganalyzer unit is the vote of condence that the unit gives to an image. Figure 4 shows the average detection accuracy of steganalyzers for all the images. Our experimental results (the experiment setup will be described in Sect. 4) illustrated that a distinct classier for each quantized payload provides more accuracy for a steganalyzer. Therefore, we consider the pessimistic result as the limit for secure steganography. The most secure state for a stego image is when all the units in the ensemble steganalyzer announce that the image is clean. To construct each steganalyzer unit we quantized the payload range between 0 and 10,000 bits to ten equal parts. For each payload, we construct a SVM classier trained for that specic payload. Since when a steganalyzer detects a stego image, the steganography purpose gets broken, therefore the

steganalyzer unit checks the classiers in an ascending order of payloads. If any one detects the stego image, the unit stops and reports the result without checking other classiers. This structure is shown in Fig. 5. The receiver operating characteristic (ROC) is a plot of false alarm versus true alarm. Figure 7 shows the random guess state of a steganalyzer in a ROC curve. The points on the ROC curve represent the achievable performance of a steganalyzer. The steganalyzer makes purely random guess when it operates on the 45 line in the ROC plane. This means that the detector does not have sufcient information to make a correct decision. Therefore, if the embedder forces the detector to operate around the 45 ROC curve by choosing proper algorithms or parameters, then we say that the stego image is secure [7]. When the detection accuracy of a steganalyzer is 0.5, it works randomly. However, in practice, when the detection accuracy of a certain steganalyzer is less than 0.6, the steganography scheme that produces the stego images, is considered statistically undetectable against that steganalyzer [27]. We see that usually a tolerance range of 0.1 (i.e. detection accuracy in [0.5, 0.6]) is considered for random detection of steganalyzers. Using SVM classier, we consider this tolerance around the hyper-plane discriminator, which is placed on zero point. Figure 8 shows the zero point and the random decision interval that lies on [0.05, +0.05] in classier result range [1, +1]. 3.3 Determining embedding capacity of an image To determine the embedding capacity of an image an incremental embedding routine is applied. In this regard, we increase the embedding rate until the maximum distance of the image from discriminants in feature space reaches the random decision threshold, as the following relation remains true. This implies that the image is a cover. max(dU i ) 0.05 (7)

where dU i is the distance of ith steganalyzer unit from safe embedding threshold. Equation (7) shows the upper limit that we can decide an image is a cover. We allow increase embedding in an image while all the votes of the steganalyzers reside in the random guess range [0.05, +0.05]. This procedure is the operation of Evaluation block in Fig. 2. Figure 6 illustrates the block diagram of incremental embedding procedure to determine the embedding capacity of cover images. Since the feature sets employed in classication of steganalyzers are capable of detecting a wide range of stego systems, the features are map out the space of images. Therefore, it makes sense to use the features extracted from a large number of images as a practical model for images and evaluate security of stego schemes with respect to this

123

Secure steganography based on embedding capacity Fig. 4 Accuracy of classication between clean and stego images with different payloads
324-dim steganalyzer accuracy- PQ method 1.0
1.0

439
274-dim steganalyzer accuracy- PQ method

Accuracy

0.6 0.4 0.2 0.0 1 2 3 4 5 6 7 8 9 10

Accuracy

0.8

0.8 0.6 0.4 0.2 0.0 1 2 3 4 5 6 7 8 9 10

Payload(Kbit)

Payload(Kbit)
WBS steganalyzer accuracy- PQ method

1.0

Accuracy

0.8 0.6 0.4 0.2 0.0 1 2 3 4 5 6 7 8 9 10

Payload(Kbit)
one classfier for each quantized payload a classifier for all payloads

Fig. 5 The structure of a steganalyzer unit

large-dimensional model [8]. Consequently, the pdf of images can be modeled by features that are extracted from images [8]. We measure the security of stego images by the state-of-the art steganalyzers. By the proposed approach, we do not allow a stego image to deviate from the pdf of clean images in (24 + 274 + 324 = 622) features that are considered in three efcient and well-known steganalyzers. So the stego images that are produced with this constraint are secured against these state-of-the-art steganalyzers.

3.4 Cover selection steganography method Unlike other information hiding techniques such as watermarking, cover object in steganography acts only as a carrier for secret data. Therefore, the embedder is allowed to choose any cover images from a database using a cover selection module. Cover selection steganography method is a technique that tries to nd the best cover image from the database to embed

123

440

H. Sajedi, M. Jamzad

Fig. 6 Detector ROC plane

Fig. 7 The random detection interval is shown by No-decision arrow in classier result range

a given secret data. In this respect, cover images are retrieved based on a measure like undetectability of their stego image versions. Efcient retrieval of a proper cover image from the database can lead us to the secure steganography. Cover selection module can offer some ranked images according to their risk of detectability. In this manner, the steganographer could choose a cover image so that the humans and steganalyzers would misclassify its stego version. Therefore, the steganographer can minimize the detectability of a given secret data by choosing an appropriate cover image. In this section, we shortly review the existing cover selection methods and then, we propose cover selection based on embedding capacity. 3.4.1 Previous cover selection steganography methods A cover selection technique for hiding a secret image in a cover image was rst introduced in [30]. This method operates based on image texture similarity and replaces some blocks of a cover image with similar secret image blocks; then, indices of secret image blocks are stored in the cover image. In this cover selection method, the blocks of the secret image are compared with the blocks of a set of cover images and the image with most similar blocks to those of the secret image is selected as the best candidate to carry the

Fig. 8 The block diagram of incremental embedding procedure to determine the embedding capacity of cover images

secret image. An improvement on this method is proposed in [31] that uses statistical features of image blocks and their neighborhoods. Using block neighborhood information prevents appearance of virtual edges in the sides and corners of the replaced blocks. In [32], the cover selection problem was studied by investigating three scenarios in which the embedder has either no knowledge, partial knowledge, or complete knowledge of the steganalysis method. In addition, some measures for cover selection were introduced in [32] as follows:

Cardinality of changeable DCT coefcients; JPEG quality factor; Number of modications of a cover image; Mean square error (MSE) obtained from cover-stego image pairs; Local prediction error, which is the difference between the mean prediction error of the cover and stego images; Watsons metric [33] used for quantifying the quality of JPEG images;

123

Secure steganography based on embedding capacity

441

Structural similarity measure (SSIM) [34] quanties the similarity between the cover and stego images. Most of the existing work in cover selection domain like [31,32] assumed that the secret object is an image. We consider binary bit sequences with random distribution as secret objects 3.4.2 Cover selection based on embedding capacity In Sect. 3, we described a new measure that can be used for cover selection. In this way, to have a secure covert communication, the steganographer can select a cover image with high embedding capacity from a database. The embedding procedure can be carried on by any steganography method. It should be noted that the result of the cover selection scheme depends on variety of images in the database. Utilizing a database, which has images with very different contents, could result in more secure stego images.

images. Input cover images and output stego images are in JPEG format with the quality factor of 70. To train the SVM of each steganalyzer that collaborates in computing the embedding capacity, 2,000 (1,000 clean and 1,000 stego) images from the train-image database were used. Each classier is a nonlinear SVM using RBF kernel with = 1. In RBF kernel, determines the RBF width. 4.1 Incremental embedding to determine embedding capacity of images In this experiment some random images are selected from the database and their embedding capacity are determined when the steganography method is PQ. To calculate the embedding capacity of an image, the embedding rate is increased steadily until the security of the produced stego image is threatened by the ensemble steganalyzer. Figure 9 shows the results. Since the embedding capacities are determined by the ensemble steganalyzer, the security of these images with mentioned payload is satised. Although the time required for incremental embedding is more than classical embedding, but since it provides more secure stego images, its time complexity can be acceptable. Due to differences in contents of various images, the time for incremental embedding may differ from t to [(CI/1,000) t ETT]. t is the time needed by classical embedding and ETT is Ensemble Test Time, which approximately is the sum of time that each steganalyzer unit takes in the ensemble steganalyzer. In incremental embedding, the size of payload is increased by 1,000 bits in each iteration. Hence, the number of iterations is CI/1,000. At the end of each iteration, the ensemble steganalyzer evaluates the security of the stego image. For example if the embedding capacity of an image is 10,000 bits, both usual embedding and ensemble steganalyzer work 10 times. The most time consuming part in a steganalyzer unit is feature extraction part of steganalyzers. Therefore, ETT is computed as Eq. (8). Ensemble test time (ETT) (274-dim FET + 324-dim FET + WBS FET) (8)

4 Experimental results To evaluate the effect of the proposed embedding capacity measure on security of steganography methods, different experiments were done. To train the SVM classiers that collaborate in determining the embedding capacity of images, we collected 1,000 JPEG images in train-image database from Washington University image database [35] and some others from typical images. To test the performance of the proposed method, we downloaded 1,000 JPEG images from Internet to make test-image database. These images are not used in training of SVM classiers, which are utilized to determine the embedding capacity of images. All the images were converted to grayscale and then cropped to size 512 512. An image may have different embedding capacities depending on the steganography method used. We made different distinct stego datasets and classiers to determine the embedding capacity of the image using each steganography method. For example, to construct the structure for determining the embedding capacity of the image using PQ steganography method, we made stego datasets as follows. Random binary data were embedded in images using PQ steganography method. In the PQ method, the desired capacity parameter that is dened for this algorithm was set to different amounts to achieve 10 stego image datasets with different payloads. For example, those images that have the payload between 1,500 and 2,500 bits reside in 2,000-bitpayload stego dataset. Each one of ten stego datasets has 1,000 stego images. Thus, totally, we have 11,000 images in our image database, 1,000 clean images, and 10,000 stego

where Feature Extraction Time (FET) is the time that feature extraction part of a steganalyzer takes. The experimental results are carried out on a 2,046 MB PIV processor using MATLAB 7.6.0 and lib-SVM software [36]. In such environment, the average time for incremental embedding in one image is around 2 min. It should be noted that Matlab codes are usually nine or ten times slower than their C/C++ equivalents [37]. Since the main goal of steganography is to embed the secret data securely and if any of the steganalyzers gets suspicious, the purpose of steganography is broken, it is worth to spend time further to make stego images more secure.

123

442 Fig. 9 Some cover images with embedding capacity of 3,000, 5,000, and 10,000 bits using PQ steganography method

H. Sajedi, M. Jamzad

Embedding Capacity

Cover image with a certain embedding capacity

3000 bits

4500 bits

9000 bits

4.2 Cover selection based on embedding capacity of images For cover selection purpose, a batch process determines the embedding capacity of every image in the database and the results are stored in a feature database. When the steganographer wants to select a cover image, he can refer to the feature database and choose an image that can hold his secret data securely. All the images that their embedding capacities are greater than a secret data size are proper to hold the data. In this approach, the steganographer can select one of the proper images suggested by the proposed method to embed the certain payload. Figure 10 shows the results of our cover selection method when the payloads are 2,000 and 5,800 bits. The upper ve images have embedding capacity of 2,000 bits and the lower ve images have embedding capacity of 5,800 bits. In addition, a secret data with a large size can be hidden in more than one image securely if its size is larger than the embedding capacity of one image. 4.3 Relation between complexity and embedding capacity of images The following experiment is arranged to investigate the relation between the complexity of an image and its corresponding stego image detectability against steganalyzers. For this purpose, rst we group all the images in the test-image database once based on embedding capacity, and another time based on complexity. The correlation between these two separations demonstrates the relation between image complexity and embedding capacity. We use two complexity definitions for categorizing of images as following: 1. Quad-Tree-based complexity measure. This complexity measure proposed in [38] is calculated according to

quad-tree representation of an image by Eq. (9).

n

C=
i=1

(2xi )i

(9)

2.

where n is the number of quad-tree levels and xi refers to the number of nodes at level i. Uniformity-based complexity measure. One way of evaluating the uniformity of an image as a complexity measure is employment of its co-occurrence matrix [39].

Due to the wide range of image complexity values, we compute the logarithm of each image complexity value and divide the range of results to ve equal intervals namely, very low, low, middle, high and very high image complexity. Then the embedding capacity of each image is computed and at last, the average value and the standard deviation of embedding capacities in each group are achieved. Table 1 shows the relation between the complexity of all the images in the database and their embedding capacities. In other representation, the correlation analysis in Fig. 11 reveals an inverse U -shaped relation between image complexity and embedding capacity of cover images using PQ steganography method. This relation is true in applying MB and YASS steganography methods as well. The experimental results showed that using Quad-treeand Uniformity-based complexity measures, it is preferred to select a high capacity cover image among low, middle, and high complexity images in the database. In contrast, very high and very low complexity images do not have a high embedding capacity. On the other hand, steganalysis methods extract some features from cover and stego images

123

Secure steganography based on embedding capacity Fig. 10 Cover selection based on image capacity. For each secret data size, ve most proper cover images are shown for applying PQ steganography method

443

secret data size

suitable covers

2000 bits

5800 bits

Table 1 Relation between complexity and embedding capacity of images

Image complexity

Embedding capacity Average (bits) Standard deviation (bits)

Quad-tree based complexity measure Very low Low Middle High Very high Uniformity complexity (bits) Very low Low Middle High Very high 4,132 5,288 5,986 5,663 2,698 2,507 2,826 2,710 3,208 2,549 3,921 4,713 6,832 6,234 3,201 1,931 1,698 2,942 3,428 2,411

and use a learning method to train a classier. The features can be extracted in spatial domain, transform domains such as DCT, or several domains. Mostly steganalysis methods divide images to blocks of size 8 8, and extract inter and intra features from the blocks. Therefore, if an image has parts with different complexities (i.e. complex and noncomplex), extracted features will have a large variance and the steganalyzers cannot learn and vote about the image reliably. Therefore, we can conclude that steganalyzers may fail on detection of stego images if they have heterogeneous contents with different textures and various sizes of textones with dissimilar shapes.

Table 2 shows the detection accuracy of three steganalyzers on the proposed approach using PQ, MB, and YASS steganography methods and the classical usage of these methods. As we see, our approach provides higher security than classical steganography methods. The results obviously show that the stego images, which are produced by the proposed approach, are less detectable than the stego images constructed by classical use of steganography methods. Employing WBS, 274-dim, and 324-dim steganalysis methods, to train the SVM of each steganalyzer, 1,200 (600 clean and 600 stego) images from the test-image database were used. The remaining 800 images are used for testing.

4.4 Performance of the proposed approach The proposed approach can be used by every existing steganography method. In fact, the cover selection idea proposed in this paper is a preprocessing routine that can improve the performance of the existing steganography algorithms.

5 Conclusion In this paper, we dene embedding capacity in the presence of multiple steganalyzers, as a property of images regarding to the constraints of the steganography method that is used. Previous works have considered embedding capacity mea-

123

444

H. Sajedi, M. Jamzad

Embedding Capacity (bits)

Fig. 11 Inverse U -shape relation between image complexity and secure capacity of cover images

8000 7000 6000 5000 4000 3000 2000 1000 0

Very Low

Low

Middle

High

Very high

Image Complexity
Quad-tree based complexity measure Uniformity based complexity measure

Table 2 Comparing the performance of PQ, MB, and YASS steganography methods without and with applying the proposed approach Steganalysis detection accuracy (%) Steganography method Average payload (bits) Classical steganography method WBS PQ 2, 000 6, 000 10, 000 MB 2, 000 6, 000 10, 000 YASS 2, 000 6, 000 10, 000 72 76 79 71 77 86 55 62 61 274-dim 74 77 79 67 72 81 57 63 69 324-dim 57 83 91 89 96 99 59 57 65 Proposed approach using steganography method WBS 53 55 56 51 56 56 52 56 59 274-dim 53 58 60 54 52 57 56 58 60 324-dim 52 56 59 59 56 58 57 57 59

sure as a property of steganography methods. However, such prior definitions cannot guarantee the security of embedding in a certain image. Because images with similar properties in embedding capacity analysis viewpoint, may have unequal threshold for secure embedding due to their different contents. With our proposed approach, we can exactly determine the upper bound of secure embedding rate for each image. Also for embedding a secret data, the embedder can select the best cover image(s) regarding to the embedding capacity of images in the database. The capacity depends on the detectability of the steganography algorithm being used against steganalysis methods. Moreover, we analyzed the relation between the complexity and embedding capacity of images in our database. The results show that middle and high complex images have higher embedding capacity than very complex or simple (very low complex) images. However, applying global complexity measures does not assess the embedding capacity precisely. Nevertheless, using a complexity measure that

computes the complexity locally may be a more suitable measure for cover selection. In future, we intend to propose a local complexity measure and evaluate its performance in cover selection steganography.

References
1. Marvel, L.M.: Spread spectrum image steganography. IEEE Trans. Image Process. pp. 10751083 (1999) 2. Westfeld, A.: F5-a steganographic algorithm: high capacity despite better steganalysis. In: Proceedings of 4th International Workshop on Information Hiding (2001) 3. Sallee, P.: Model-based steganography. In: Proceedings of Intetrnational Workshop on Digital Watermarking, Seoul, Korea (2003) 4. Fridrich, J., Goljan, M., Soukal, D.: Perturbed quantization steganography with wet paper codes. In: Proceedings of ACM, Multimedia Workshop, Germany (2004) 5. Solanki, K., Sarkar, A., Manjunath, B.S.: YASS: yet another steganographic scheme that resists blind steganalysis. In: Proceedings of 9th International Workshop on Information Hiding, June (2007)

123

Secure steganography based on embedding capacity 6. Sajedi, H., Jamzad, M.: Adaptive Steganography Method Based on Contourlet Transform. In: Proceedings of 9th International Conference on Signal Processing, pp. 745748 (2008) 7. Chandramouli, R., Memon, N.D.: Steganography capacity: a steganalysis perspective. Proc. SPIE Secur. Watermarking Multimed. Contents 5020, 173177 (2003) 8. Fridrich, J., Pevny, T., Kodovsky, J.: Statistically Undetectable JPEG Steganography: Dead Ends, Challenges, and Opportunities. MM&Sec. ACM, Dallas (2007) 9. Cachin, C.: An information-theoretic model for steganography. In: Proceedings of 2nd International Workshop on Information Hiding. LNCS, vol. 1525, pp. 306318 (1998) 10. Moulin, P., Mihcak, M.K.: A framework for evaluating the data hiding capacity of image sources. IEEE Trans. Image Process. 11, 10291042 (2002) 11. Dong, Y., Han, K.: Boosting SVM classiers by ensemble. In: Proceedings of 14th International Conference of ACM on World Wide Web, pp. 10721073 (2005) 12. Ker, A.D.: A Batch steganography and pooled steganalysis. Proc. Inf. Hiding Workshop 4437, 265281 (2006) 13. Ker, A.D.: A capacity result for batch steganography. IEEE Signal Process. Let. 14(8), 525528 (2007) 14. Martin, A., Sapiro, G., Seroussi, G.: Is Image Steganography Natural? Technical Report, Information Theory Research Group, HP Laboratories Palo Alto (2004) 15. Kharrazi, M., Sencar, T.H., Memon, N.: Benchmarking steganographic and steganalysis, techniques. EI SPIE, San Jose (2005) 16. Avcibas, I., Kharrazi, M., Memon, N., Sankur, B.: Image steganalysis with binary similarity measures. EURASIP J. Appl. Signal Process. (2005) 17. Lyu, S., Farid, H.: Detecting hidden messages using higher-order statistics and support vector machines. In: Proceedings of 5th International Workshop on Information Hiding (2002) 18. Lyu, S., Farid, H.: Steganalysis using color wavelet statistics and one-class support vector machines. SPIE Symposium on Electronic Imaging, San Jose, CA (2004) 19. Fridrich, J.: Feature-based steganalysis for jpeg images and its implications for future design of steganographic schemes. In: Proceedings of 6th International Workshop on Information Hiding, Toronto (2004) 20. Dietterich, T.G.: Ensemble methods in machine learning. Multiple Classier Systems. LNCS, vol. 1857, pp. 115. Springer, Heidelberg (2001) 21. Freund, Y., Schapire, R.: A short introduction to boosting. J. Jpn. Soc. Artif. Intell. 14(5), 771780 (1999) 22. Qing, T., Jue, W.: A new fuzzy support vector machine based on the weighted margin. Neural Process. Lett. 20(3), 139150 (2004) 23. Zhang, L., Lin, F., Zhang, B.: Support vector machine learning for image retrieval. In: Proceedings of IEEE International Conference on Image Processing, pp. 721724 (2001)

445 24. Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2, 121167 (1998) 25. Meyer, D., Leisch, F., Hornik, K.: The support vector machine under test. Neurocomputing 55, 169186 (2003) 26. Pevny T., Fridrich J.: Merging Markov and DCT features for multi-class JPEG steganalysis. In: Proceedings of SPIE, San Jose, CA (2007) 27. Sarkar, A., Solanki, K., Manjunath, B.S.: Further study on YASS: steganography based on randomized embedding to resist blind steganalysis. In: Proceedings of SPIE Security, Steganography, and Watermarking of Multimedia Contents (2008) 28. Chen, C., Shi, Y.Q., Chen, W., Xuan, G.: Statistical moments based universal steganalysis using JPEG-2D array and 2-D characteristic function. In: Proceedings of ICIP, Atlanta, GA, USA, pp. 105108 (2006) 29. Xuan, G., Shi, Y.Q., Gao, J., Zou, D., Yang, C., Yang, C., Zhang, Z., Chai, P., Chen, C., Chen, W.: Steganalysis based on multiple features formed by statistical moments of wavelet characteristic functions. In: Proceedings of 7th International Workshop on Information Hiding (2005) 30. Kermani, Z.Z., Jamzad, M.: A robust steganography algorithm based on texture similarity using gabor lter. In: Proceedings of IEEE Intrnational Symposium on Signal processing and Information Technology, pp. 578582 (2005) 31. Sajedi, H., Jamzad, M.: Cover selection steganography method based on similarity of image blocks. In: Proceedings of IEEE 8th CIT Conference, Sydney, Australia (2008) 32. Kharrazi, M., Sencar, H., Memon, N.: Cover Selection for steganograpic embedding. In: Proceedings of ICIP, pp. 117121 (2006) 33. Watson, B.A.: DCT quantization matrices visually optimized for individual images, human vision. In: Visual Processing and Digital Display IV, Proceedings of SPIE, vol. 1913, pp. 202216 (2005) 34. Wang, Z., Bovik, A., Sheikh, H., Simoncelli, E.: Perceptual image quality assessment: from error visibility to structural similarity. IEEE Trans. Image Process. 13(4), 600612 (2004) 35. http://www.cs.washington.edu/research/imagedatabase 36. Chang, C.-C., Lin, C.-J.: Libsvm: a library for support vector machine. 2007. Software available at http://www.csie.ntu.edu.tw/ ~cjlin/libsvm 37. Cho, K., Jang, J., Hong, K.: Adaptive skin-color lter. Pattern Recognit. 34(5), 10671073 (2001) 38. Jamzad, M., Yaghmaee, F.: Achieving higher stability in watermarking according to image complexity. Sci. Iran. J. 13(4), 404412 (2006) 39. Haller, R.S.: Complexity of Real Images Evaluated by Densitometric Analysis and by Psychophysical Scaling. M.Sc. Thesis, University of Arizona (1970)

123