Nonparametric Steganalysis of QIM Steganography Using Approximate Entropy

418 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 2, APRIL 2012

Nonparametric Steganalysis of QIM SteganographyUsing Approximate Entropy

Hafiz Malik, Member, IEEE, K. P. Subbalakshmi, Senior Member, IEEE, and R. Chandramouli, Senior Member, IEEE

AbstractThis paper proposes an active steganalysis method forquantization index modulation (QIM)-based steganography. Theproposed nonparametric steganalysis method uses irregularity (orrandomness) in the test image to distinguish between the coverimage and the stego image. We have shown that plain quantization(quantization without message embedding) induces regularity inthe resulting quantized object, whereas message embedding usingQIM increases irregularity in the resulting QIM-stego. Approxi-mate entropy, an algorithmic entropy measure, is used to quan-tify irregularity in the test image. The QIM-stego image is thenanalyzed to estimate secret message length. To this end, the QIMcodebook is estimated from the QIM-stego image using first-orderstatistics of the image coefficients in the embedding domain. Theestimated codebook is then used to estimate secret message. Simu-lation results show that the proposed scheme can successfully esti-mate the hidden message from the QIM-stego with very low de-coding error probability. For a given cover object the decodingerror probability depends on embedding rate and decreases mono-tonically, approaching zero as the embedding rate approaches one.

Index TermsAlgorithmic entropy, approximate entropy,complexity, dither modulation, embedding rate, entropy, mes-sage recovery, quantization index modulation, steganalysis,steganography.

I. INTRODUCTION

S TEGANALYSIS refers to the act of analyzing a given mul-timedia data (e.g., images, video, audio, etc.) for the pres-ence of hidden messages, with limited or no access to informa-tion regarding the embedding algorithm used. Existing steganal-ysis techniques may be classified into passive or active steganal-ysis [1] depending on whether the aim of the steganalyst is todetect the presence/absence of the hidden message only or toextract the hidden message. Passive steganalysis typically dealswith detecting the presence or absence of the hidden messageand identifying the steganographic method used for embeddingthe hidden message. In contrast, the objectives of active ste-ganalysis include one or more of the following: 1) estimationof the embedded message length; 2) estimation of location(s)of the embedded message; 3) estimation of the message embed-ding key used (if any); 4) extraction of the hidden message; and5) estimation of parameters of the embedding algorithm.

Manuscript received November 30, 2010; revised July 22, 2011; acceptedJuly 23, 2011. Date of publication September 23, 2011; date of current versionMarch 08, 2012. The associate editor coordinating the review of this manuscriptand approving it for publication was Dr. Mauro Barni.H. Malik is with the Electrical and Computer Engineering Department, Uni-

versity of Michigan, Dearborn, MI 48128 USA (e-mail: [email protected]).K. P. Subbalakshmi and R. Chandramouli are with the Electrical and Com-

puter Engineering Department, Stevens Institute of Technology, Hoboken, NJ07030 USA (e-mail: [email protected], [email protected]).Digital Object Identifier 10.1109/TIFS.2011.2169058

Quantization-based data hiding schemes [2] are based onCostas seminal work [3] which gives the theoretical capacityof the Gaussian channel by modeling steganography as commu-nication with side information. The ideal Costa scheme (ICS)achieves the theoretical upper bound for the capacity of all datahiding schemes under additive white Gaussian noise attack.However, the ICS requires a random codebook of infinitelength which makes it impractical [4]. Practical realizations ofICS include quantization index modulation (QIM) [2], scalarCosta scheme (SCS), dither modulation (DM), and quantiza-tion projection (QP), [4]. QIM-based data hiding schemes arecommonly used for steganography due to their high embed-ding capacity and controlled embedding distortionrobustnesstradeoff.We now briefly discuss existing QIM steganalysis techniques

and set the context of our work. Guillon et al. [5] proposed aframework for steganalysis of SCS by modeling QIM steganog-raphy as an additive noise channel. Sullivan et al. [6] proposeda steganalysis scheme for QIM steganography using supervisedlearning. Detection performance of the scheme proposed in [6]is constrained by the limitations of learning-based steganal-ysis, that is, a separate classifier training is required for everynew steganographic algorithm, and the detection performancedepends on the selection of features used to train the classifier[7]. Work on nonlearning-based QIM steganalysis techniquesinclude [8] and [9]. The steganalysis scheme proposed in [8]is not applicable for stego image generated using DM-basedembedding, whereas the steganalysis scheme proposed in [9]cannot extract hidden messages and cannot detect randompartial embedding. The major contribution of this paper is toaddress limitations of existing parametric QIM steganalysisschemes. Specifically, we design a nonparametric steganalysismethod for the stego-only attack scenario, i.e., only the stegoobject is available for steganalysis.Passive QIM steganalysis has seen significant advances in re-

cent times [5], [6], [8][11]; active QIM steganalysis, on theother hand, is relatively underdeveloped. Few notable excep-tions include Yu and Wangs [12] and Wu et al.s [13] methodsto estimate secret message length estimation from QIM stegoby mathematically modeling QIM embedding distortion as afunction of embedding ratio (or secret message length) and useestimated model parameters for secret message length estima-tion. Similarly, Kim and Bae [14] and Lee et al. [15] have pro-posed an analytical approach using low level statistical features(mean and variance) for quantization step-size estimation fromQIM-stego audio signal subjected to scaling and additive whiteGaussian noise attacks. Pevny and Fridrich [11], [16] have alsoproposed a method to detect double JPEG compression and amaximum likelihood estimator of the primary quality factor.

1556-6013/$26.00 2011 IEEE

MALIK et al.: NONPARAMETRIC STEGANALYSIS OF QIM STEGANOGRAPHY USING APPROXIMATE ENTROPY 419

The proposed method uses support vector machine classifierswith feature vectors formed by histograms of low-frequencyDCT coefficients.This paper proposes a nonparametric steganalysis scheme for

QIM steganography using a measure of randomness (or irreg-ularity) to distinguish between the cover and the stego. First,we show that a sequence consisting of QIM-stego image co-efficients tends to exhibit a higher degree of irregularity (orrandomness) than a plain quantized image. This relative irreg-ularity in finite sequences can be used to distinguish betweenthe cover and the stego images. Information theory offers sev-eral measures of entropy such as Shannons entropy [17], Kol-mogorov-Sinai (KS) complexity [18], [19], Lempel-Ziv (LZ)complexity [20], approximate entropy [21][23], etc.However, the selection of a particular irregularity measure forthe test image depends on: 1) the characteristics of the under-lying sources generating the cover image; 2) the size of the testimage; and 3) the knowledge of the cover image statistics avail-able to the steganalyst. The proposed steganalysis scheme uses

to measure randomness in the test image. Justificationfor selecting over other randomness metrics [17][20]is given in Section III. Simulation results for both sequentialembedding and random embedding show that the proposed ste-ganalysis technique can distinguish between the cover and thestego images with low false positive rates, , and false nega-tive rates, . In particular, the false positives rates are below0.1 and the false negative rates are below 0.07 for DM-stego andbelow 0.12 and 0.002, respectively, for QIM-stego.Once the test image is identified as a QIM-stego image it is

analyzed further to estimate the secret message length. The pro-posed scheme uses first-order statistics to estimate quantizationstep-size which is then used to estimate secret message lengthand extract the hidden message. Performance of the proposedactive steganalysis is evaluated for various embedding rates,

(i.e., of the coefficients are modifiedduring message embedding process).In this paper, we assume gray-scale cover images of size

, where , and that the embed-ding is done in the DCT domain. Moreover, a stego-only attackscenario is assumed which means that the prior probabilities ofthe underlying source symbols are not known to the steganalyst.The rest of the paper is organized as follows. The require-

ments of QIM-steganalysis are discussed in Section II. Justifica-tion of using to capture randomness in the stego image isprovided in Section III. The outline of the proposed steganalysisscheme along with simulation results for QIM-stego and dithermodulation (DM)-stego detection are provided in Section IV.Details of the message estimation algorithm from the QIM-stego image are discussed in Section V. Concluding remarksand future directions are discussed in Section VI.

II. STEGANALYSIS OF QIM STEGANOGRAPHY

A key issue in QIM steganalysis is to distinguish between:1) quantized cover (quantized image obtained using plainquantization or without message embedding) and the QIM-stego, (stego image obtained using QIM);

2) cover and the DM-stego (stego obtained usingDM).

Fig. 1. Illustration of plain quantization (in upper panel) and binary QIM (inlower panel). Reconstruction grid points corresponding to O and X are usedto embed message symbols 0 and 1 respectively, in lower panel.

To design a parametric hypothesis test for stego detection,the probability mass functions of , , , and arerequired. Let , , , and denoteprobability mass function (pmf) of coefficients of the cover,quantized cover, QIM-stego, and DM-stego, respectively, in theDCT domain. We assume , the set of all real numbers.

A. Quantization, QIM-Steganography and DM-SteganographyIn the case of plain quantization, the quantizer output, say, is an integer multiple of the quantization step-size, ,

i.e., . The probability mass function of quantizeroutput is determined by the unquantized DCT coefficients, ,

, falling in the range, i.e.,

(1)

where is the number of coefficients in the range andwhere denotes the set of all positive integers.

In the case of QIM steganography, two identical quantizersare used to encode a binary message sequence, ,of length into the host data. Each quantizer is designed witha step-size and is offset (shifted) from the other by

. That is, , where anddenote quantizers used to embed message bit 0 and 1 re-spectively. The difference between plain quantization and mes-sage embedding using QIM is illustrated in Fig. 1.For QIM with equiprobable message bits,

, the probability of a given output, , can beexpressed as

(2)

where , , and.In case of dither modulation, two dither quantizers are used

to embed the message bits. A dither quantizer is obtained byadding (or subtracting) a dither value to the quantizer output,, where is uniformly distributed noise over .

Therefore, the quantizer output covers the entire range of thecover image, unlike in the case of QIM or plain quantization. In


this range, , where is the granularity of thedata. Data hiding based on DM can be expressed as

(3)

is generated using one and only one value of . Thetheory of subtractive dither (SD) quantization [24], [25] can beused to determine the probability density function pdfof . Let and quantiza-tion error . Let us also assume that randomvariables (rvs) , , and are mutually independent. We useSchuchmans condition [24], [25] to determine the pdf ofas follows.Theorem 1 [Schuchmans Condition]: In an SD quantizing

system with step-size , the total error is statistically indepen-dent of the system input for arbitrary input distributions if andonly if the characteristic function (cf) of the dither satisfiesthe condition

(4)

Furthermore, the total error will be uniformly distributed forarbitrary input distributions if and only if this condition holds.

Proof: Proof of this theorem can be found in [24] and [25].

As the dither vector, is uniformly distributed overfor DM-steganography, and the corresponding

is a function defined as

(5)

which satisfies Schuchmans condition, i.e.,, the resulting quantization error, , is uniformly

distributed over and statistically independent of. Now to determine , consider the following modelfor DM-steganography:

(6)

In this case, can be obtained by simply convolvingpdf of , , and , where is defined as

otherwise

so

(7)

(8)

where denotes convolution operation.Using the pmf (respectively, pdf) of the output of the QIM

(respectively, DM) quantizer, a likelihood ratio test (LRT) canbe set up for stego detection. The LRT can be expressed as

detect QIM-stego (9)

Fig. 2. Empirical pmfs (based on histogram) of DCT coefficients of cover(top-left) and quantized DCT coefficients of QIM-stego obtained with

(top-right and bottom row).

detect-stego (10)

where the decision threshold, , can be minimized usingNeyman-Pearson rule which maximizes the probability ofdetection, , for a given probability of false alarm, [26].Substituting and from (1) and (2) in (4)

(11)

Equation (11) shows that the likelihood statistic is a function ofthe cover pdf, , and under stego-only attack scenariois not available at the stego detector. Therefore, parametric de-tection based on Neyman-Pearson rule cannot be used to detectthe QIM-stego image.Similarly, to detect DM-stego, we obtain the likelihood ratio

by substituting from (8) in (10)

(12)

Equation (12) shows that the likelihood statistic is also afunction of the cover pdf, , therefore, parametric detectorcannot be used for DM-stego detection either. An importantobservation, however, can be made from (11) and (12) thatmessage embedding using QIM or DM introduces smoothnessin the pmf of the resulting stego image. To highlight this claim,we analyze the empirical pmfs (obtained using histograms) ofthe quantized cover and the QIM-stego images. The empiricalpmfs of DCT coefficients of the QIM-stego forare shown in Fig. 2. Shown in Fig. 3 is the comparison ofsmoothing effect due to plain quantization and QIM. Someof the experimental observations on the difference betweenthe QIM-stego and the quantized cover images based on theirempirical pmfs are summarized as follows.Firstly, we note that the quantization (with and without mes-

sage embedding) introduces smoothness in the pmf of the re-sulting quantized images. It can be observed from Fig. 2 thatas increases the smoothing effect in the pmf of the resultingQIM-stego also increases according to the (11). Secondly, the


Fig. 3. Empirical pmfs of quantized-cover (top row) and corresponding QIM-stego (bottom row).

quantizer step-size controls the amount of smoothness intro-duced in the pmf of the quantized image. Finally, quantizationwith message embedding (e.g., QIM) introduces more smooth-ness than plain quantization. It can be observed from Fig. 3 thatfor the same value of , the QIM introduces more smooth-ness than plain quantization. Moreover, for largemessage embedding using QIM splits the peak around zero inthe cover pmf into three peaks (e.g., peaks , , andaround , 0, and , respectively), which can be used to dis-tinguish between the quantized cover and the QIM-stego. How-ever, such visual attacks might not guarantee consistent resultsespecially when QIM-stego is generated using smaller quanti-zation step-size or the cover image has smoothly varying pmf.Relative smoothness in the pmf of the test image can be used todistinguish between the cover and the stego. Learning-based ste-ganalysis techniques have been proposed in the past [6] to dis-tinguish between the quantized-cover and the QIM-stego, but asnoted earlier, there are some inherent disadvantages with thesesteganalysis schemes.To address the limitations of learning-based steganalysis

schemes for QIM steganography, a nonparametric steganalysisscheme based on measure of randomness in the test image isproposed here. The proposed scheme exploits relative random-ness in the test image to distinguish between the cover and thestego images.Theorem 2: If is a quantized sequence obtained

using plain quantization (uniform quantization without messageembedding) then

(13)

where is Shannons entropy of rv .Proof: The proof of this theorem is given in [27].

It is interesting to note that Theorem 2 gives similar interpre-tation of a -bit quantization of a continuous random variable ,in terms of entropy as shown in [28, p. 229], which states thatentropy of an -bit quantization of can be approximated as

, where denotes differential entropy of a contin-uous random variable .Theorem 3: If is a quantized sequence

obtained using QIM (uniform quantization with message em-bedding) and is a quantized sequence obtained usingplain quantization (uniform quantization without message em-bedding) then

(14)

Proof: Let be a real valued random sequenceto be quantized with associated (pdf) . A uniform quantizer

is defined as partition , ,where is the number of equilength parti-

tions, and a reconstruction codebook defined as ,. Let be the plain quantizer output.

Similarly, let be the quantized sequence obtained by em-bedding a binary message (with

) independent of , using QIM quantizer withpartition length .Themutual information between the continuous random vari-

able and the corresponding discrete random sequenceobtained using plain quantization can be expressed in the

following two forms:

(15)(16)

where denotes Shannons entropy and the differential en-tropy. Since is a deterministic function of ,, hence self-information of the plain quantizer output can beexpressed as

(17)

Similarly, mutual information between continuous random vari-able and the corresponding discrete random sequence

obtained using QIM can be expressed in the fol-lowing two forms:

(18)(19)

In this case, is a not a deterministic function of ,therefore , hence self-information of theQIM quantizer output can be expressed as

(20)

Subtracting (17) from (20) we obtain

(21)

(22)

(23)

where (a) follows from the fact that, since is a deterministic function of ,and (b) from the fact that

(24)

(25)


Fig. 4. Illustration of quantization noise: quantized cover and quantizationnoise (left). QIM-stego and corresponding quantization noise (right).

where (c) follows from the fact thatand

.Since (differential entropy of discrete

r.v. can be considered ; see [28, Ch. 9, pp. 229]), and

This fact is illustrated in Fig. 4. It can be observed fromFig. 4 that the distortion due to message embedding using QIMis relatively more irregular (random) than the distortion dueto plain quantization (especially in low-texture regions). Thisimplies that coefficients of the quantized-cover image are rel-atively more predictable (regular) than the corresponding co-efficients in the QIM-stego image. The proposed steganalysisscheme uses relative irregularity in the test image to distin-guish between the cover, , and the stego, ,images.The proposed schemes uses to access randomness

in the test image. Section III provides motivation for usingto capture irregularity in the test image along with a

brief overview of other irregularity measures such as Shannonsentropy [17], Kolmogorov-Sinai (KS) complexity [18], [19],Lempel-Ziv (LZ) complexity [20], etc.

III. WHY APPROXIMATE ENTROPY?The proposed steganalysis scheme uses irregularity in the

test image to attack QIM steganography.1 Entropy measuringtools in the information theory literature such as Shannonsentropy [17], Kolmogorov-Sinai (KS) complexity [18], [19],Lempel-Ziv (LZ) complexity [20], approximate entropy

[21][23], etc., can be used to measure irregularity inthe test image. However, selection of a particular irregularity1For the rest of the paper, QIM-steganography means message embedding

using QIM or DM unless otherwise specified.

measure depends on: 1) the characteristics of the underlyingsources generating the cover image; 2) the size of the testimage; and 3) whether the cover image statistics is available tothe steganalyst or not. Therefore, entropy measures presentedin [17][23] cannot be used blindly to quantify the irregularityof the time series generated from the test image.For example, KS complexity is an algorithmic measure [18],

[19] which uses rate of information generation to classify deter-ministic dynamical systems. But the KS complexity methodsfail to quantify time series representing output of a stochasticor mixed processes [21], [22]. Moreover, the KS complexity isvery sensitive to a small amount of noise or outliers. These in-abilities of KS complexity to quantify irregularity in stochasticprocesses or noisy data can be attributed to its nonstatisticalframework used to calculate complexity in the time series.Therefore, the application of KS complexity to practical timeseries like the DCT coefficient of the test image will onlyevaluate noise not the properties of the underlying sources.In addition, KS complexity requires a large amount of data(theoretically infinite sequence) to converge [29]. Therefore,KS complexity cannot be used to quantify smaller sequences,generated using test images, based on their estimated KScomplexities.Shannon proposed entropy as a measure of randomness (or ir-

regularity [17]) in the output of a probabilistic source that gen-erates an infinite sequence of symbols. Entropy characterizesthe irregularity of a given source by the probabilities of sym-bols and blocks of symbols. Shannons probabilistic entropy[17] requires prior probabilities of the underlying source sym-bols or block of symbols to estimate irregularity in a given se-quence. However, it cannot be used in our case, as we assumea stego-only attack scenario where probabilities of the symbolsand block of symbols are not available to the steganalyst.Pincus proposed an algorithmic entropy method, known as

approximate entropy (ApEn) in [21][23], to measure irregu-larity (or complexity) in the finite sequences when prior prob-abilities of symbols and blocks of symbols are not known. The

makes no prior assumption on the sequence of sym-bols or the source generating it. The is motivated byShannons information-theoretic entropy of a Markov processrather than by the conditional complexity of algorithmic infor-mation theory [21][23]. The is very useful in discrimi-nating finite sequences based on their relative irregularity. The

is a statistical tool designed to quantify irregularity in thetime series [21][23]. Mathematically, is a natural infor-mation theoretical parameter, i.e., the rate of entropy, for an ap-proximating Markov chain to a process [22], [30]. Theprovides both noise filtering and artifacts suppression capabil-ities through suitable filtering threshold selection [22]. In ad-dition, despite algorithmic similarities, the is not an ap-proximate value of the KS entropy [18], [19] rather it is a familyof statistics parameterized by the filtering threshold and em-bedding dimension [21], [22], [31]. The salient features of the

make it an attractive candidate to access irregularity inthe real-world practical finite or periodic sequences.1) is an algorithmic entropy measure.2) Its robustness to noise as long as noise is below a specifiedfiltering threshold.


3) It is applicable to short sequences, for example, it ispossible to estimate regularity with good confidence levelusing only a few hundred points.

4) A change in the estimated corresponds to change inthe complexity of the underlying process.

5) allows a direct computable alternative to severelynoncomputable approaches like KS complexity.

The proposed steganalysis scheme uses to estimate irreg-ularity in the test image. An algorithm to calculate froma finite-length sequence and its mathematical interpretation arediscussed next.

A. Approximate Entropy EstimationApproximate entropy is a regularity statistic that quantifies

irregularity or fluctuations in a time series, , where is thenumber of observations of the time series. The reflectsthe likelihood that blocks of length that are close together re-main close together for blocks augmented by one position in thefollowing observations. A time series containing many repeti-tive patterns (e.g., a regular sequence) exhibits a relatively small

value, whereas a time series consisting of less predictablepatterns (or a more irregular sequence) exhibits highervalue. A detailed description of the algorithm for computing

and its statistical properties can be found in [21][23],[32] and [33] and references therein.Definition of : Consider a time-series sequence, consisting of measurements equally spaced

in time, i.e., . For a fixed-positive in-teger and a positive real number , consider em-bedding vectors in , where

. Let us define the correlationmeasure for every ,

(26)where is the norm between vectors and ,which can be expressed as

(27)

Here the quantity is a fraction of patterns of length thatresemble the pattern of the same length that begins at index .In other words, measures the regularity (or frequency)of patterns similar to a given pattern of window length and atolerance .The approximate entropy of a sequence

with parameters , , and is defined as

(28)

where

(29)

and

(30)

Fig. 5. Finite-length sequence generation from test image.

where , ,, denotes average over , and is

conditional probability.The measures the logarithmic frequency

with which blocks of length that are close together remainclose together for blocks augmented by one position. A smallervalue of implies regularity in the time series, that is,similar patterns are highly predictable from additional similarmeasurements. Whereas, a large value of indicatesthat the underlying time series is highly irregular. For a givenapplication should be considered as a family ofstatistics and for time series comparisons a fixed set of valuesof and should be used.

IV. STEGANALYSIS USING

We used a measure of irregularity in the test image to decideif the given image is stego or not. Irregularity in the test imageis measured in terms of estimated from the test image.To calculate from the test image ( , , , or )using the algorithm outlined in Section III-A,the test image must be transformed into finite sequences. Tothis end, the test image is segmented into nonoverlappingblocks of 8 8 pixels, and the two-dimensional (2-D) DCT foreach block is calculated. Each block in the DCT domain is thenconverted into a one-dimensional (1-D) vector using zigzagordering (commonly used during baseline JPEG compression[34]). The 1-D vectors consisting of DCT coefficients are usedto generate 64 sequences, , , each of length. Here where denote the largestinteger not exceeding . Shown in Fig. 5 is the illustrationof the finite-length sequence generation process from the testimage.The resulting finite sequences are then analyzed to estimate

randomness in the test image. To estimate randomness (or irreg-ularity) in the test image, finite sequences consisting of ac co-efficients, that is, , , are analyzed using (28)which generates a 63-dimensional vector of estimates,i.e.,

(31)

The ApEn vector, , represents the randomness in the testimage and is used to distinguish between the cover and the stegoimage.


Fig. 6. Plots of estimated from , , and in DCT domain.

A. Steganalysis of QIM-Stego

To investigate the effect of QIM-based message embeddingon the irregularity of the resulting QIM-stego image, the

is calculated from , and . To thisend, two quantized images (e.g., and ) were generatedfrom an uncompressed cover image of size 256 256 usinga set of uniform quantizers with and . Toobtain quantized images, the image number 47 of the imagedatabase downloaded from [35] was used. The cover imagewas resized to 256 256 and converted to gray-scale beforequantization. To embed a binary message into the gray-scalecover image using QIM, the cover image was segmented intononoverlapping blocks of 8 8 pixels each and each block wastransformed using 2-D DCT followed by message embeddingusing binary QIM. Similarly, the corresponding quantized coverimage was obtained. The quantized cover and the QIM-stegoimages were then transformed into 64 1-D sequences. The

was estimated from the sequences consisting of accoefficients (in the DCT domain) of , and , withnoise filtering parameters and . Shown inFig. 6 are the plots of the estimated from , , and

in DCT domain. In Fig. 6 the horizontal axis representsthe sequence number (ac coefficients number) and the verticalaxis represents the estimated (or level of randomness ineach sequence).The following observations can be made from Fig. 6.1) The estimated from remains approximately con-stant for all unquantized image sequences which impliesthat all unquantized images exhibit approximately samelevel of randomness.

2) In general, the estimated from and de-creases from low to high frequency. Here, low and highfrequency correspond to sequence number 1 to 32 and se-quence number 32 to 63, respectively.

3) For both quantized-images, i.e., and , the esti-mated decreases more sharply in the low frequencyregion than in the high frequency region.

4) The estimated from exhibits lower gradientin both frequency regions than the estimated from.

5) Let and denote gradient of the estimatedin low and high frequency regions, respectively,

and change in the gradient of the estimated .Then is given by

(32)

Fig. 7. Schematic diagram of proposed steganalysis scheme to distinguish be-tween quantized cover and the QIM-stego.

It can be observed that the value of for the quantizedcover is well below 50% (36% to be exact) and is wellabove 50% (85% to be exact) for the QIM-stego.

6) For the QIM-stego, estimated is approximately con-stant for high frequency region.

7) The estimated from the QIM-stego is higher thanthe estimated from the quantized cover in high fre-quency coefficients which implies that in high frequencycoefficients the QIM-stego is relatively more irregular thanthe corresponding quantized cover. This highervalue in the QIM-stego compared to the correspondingquantized cover can be attributed to the randomness in theembedded message .

These observations indicate that variation in the gradient of theestimated from low to high frequency regions along withthe value in the high frequency coefficients can be used todistinguish between the quantized cover and the QIM-stego im-ages. The proposed steganalysis scheme however uses relativechange in the gradient from low to high frequency regionsto detect QIM-stego image. Shown in Fig. 7 is the schematicdiagram of the proposed steganalysis scheme to detect QIM-steganography.

B. Experimental Results for QIM-StegoDetection performance of the proposed steganalysis scheme

to detect QIM steganography was tested for the following mes-sage embedding strategies.1) Sequential Embedding (SE): In this case, for each DCTblock, the same set of ac coefficients is selected for mes-sage embedding. In addition, for sequential embedding weconsidered the following two cases:a) all frequency embedding (AFE), where the message

is embedded into all ac coefficients of 8 8 blocksin DCT domain using QIM;

b) mid-frequency embedding (MFE), where the messageis embedded into ac coefficient number 5 to 32 of

zigzag scanned 8 8 blocks in the DCT domain. TheMFE is commonly used to introduce lower embed-ding distortion at the cost of embedding capacity butwithout compromising robustness of the embeddedmessage.

2) Random Embedding (RE): In this case, a set of ac co-efficients is selected randomly from each block (in DCTdomain) for message embedding. For random embed-ding, embedding rates areconsidered.

1) Sequential Embedding: Detection performance of theproposed steganalysis scheme for QIM steganography is eval-uated in terms of false rates, that is, false positive ratesand false negative rates . The uncompressed color imagedatabase (UCID) [35] was used to evaluate performance of theproposed steganalysis scheme for QIM-stego detection. This


TABLE ISTEGO DETECTION PERFORMANCE: SEQUENTIAL EMBEDDING

image database [35] contains 1338 uncompressed color im-ages, results presented here are based on resized (to 256 256pixels) and gray-scale versions of the first thousand imagesof the database [35]. Two-thousand QIM-stego images (1000QIM-stego images using AFE and 1000 QIM-stego imagesusing MFE) were obtained by sequentially embedding 2000random messages into first 1000 images of the database usingQIM with . Similarly, 1000 quantized-images wereobtained by quantizing these 1000 images with . Theresulting 3000 quantized images (1000 QIM-stego using AFE,1000 QIM-stego using MFE, and 1000 quantized cover) wereanalyzed using proposed steganalysis scheme. Shown in Table Iis detection performance the proposed steganalysis scheme,these simulation results are generated with decision threshold

and noise filtering parameters , ,and . It is important to mention that simulation resultsfor MFE listed in the Table I are generated by using abruptchanges in the estimated from the test image at theinterfaces of message carrying coefficients, i.e., finite sequence5 and finite sequence 32 for QIM-stego detection.It can be observed that Table I that the proposed non-

parametric steganalysis scheme can successfully distinguishbetween the quantized cover and the QIM-stego images withrelatively low false rates, e.g., , . In ad-dition, MFE embedding is relatively less secure (here securityof an embedding algorithm is measured in terms of detectionrate) that the AFE embedding, though MFE embedding intro-duces less distortion than AFE case. This is mainly because thedetector for MFE is using different detection criterion and isexploiting prior knowledge about embedding algorithm.2) Random Embedding: Effectiveness of the proposed

scheme for random embedding is evaluated using first200 images of the UCID [35]. One-thousand QIM-stegoimages were obtained by embedding 200 random mes-sages using binary QIM with and embedding rate

. The QIM-stego images were gen-erated by randomly selecting ac coefficients of the inputimage for message embedding and the remainingcoefficients were quantized using plain quantizer (withoutmessage embedding) with . Similarly, 200 quantizedimages were obtained by quantizing selected 200 gray-scaleimages using plain quantizer with . The resulting 1200quantized images (1000 QIM-stego using RE, 200 quantizedcover using plain quantizer) were analyzed using proposedscheme. Shown in Table II is the detection performance theproposed steganalysis scheme for various embedding rates.The simulation results shown in Table II are generated withdecision threshold ,(here denotes variance of estimated

TABLE IIQIM-STEGO DETECTION PERFORMANCE: RANDOM EMBEDDING

Fig. 8. Plots of estimated from and in DCT domain.

from sequence number 32 to 63) and parameters ,, and .

It can be observed from Table II that false negative ratesimprove gradually as embedding rate increases. In addition,in the case of RE, lower embedding rate is relatively more se-cure than the higher embedding rate. It is also worth mentioningthat for embedding rate , random embedding is more se-cure than sequential embedding; consider, for example, MFEand in the case of random embeddingthe false nega-tive rate in the case of RE is much higher than MFE. This ismainly because the QIM-stego detector does not exploit anyknowledge about the embedding algorithm or characterizationof test image which the stego detector does exploit in the caseof mid-frequency embedding.

C. Steganalysis of DM-Stego

To detect DM-stego based on irregularity in the test image,the is calculated from the finite sequences ob-tained from and . The DM-stego was generated by seg-menting the cover image into nonoverlapping blocks, each of8 8 pixels, in DCT domain followed by message embeddingusing binary dither modulation (DM) [2], [4]. The DM-stegoimage was obtained by embedding a binary message with

and a dither vector . Shown in Fig. 8are the plots of the estimated from the gray-scale ver-sion of image number 47 of the database [35] and the corre-sponding with parameters, , ,and .It can be observed from Fig. 8 that message embedding

using DM reduces variance of the estimated , that is,. We have observed through

simulation results that reduction in the variance of the esti-mated from the DM-stego is a function of both thecover image characteristics and the quantization step-size usedfor message embedding. Therefore, variance of the estimated

from the test image cannot be used to distinguishbetween the cover and the DM-stego, since we consider ablind steganalysis scheme where the steganalyzer has no prior


Fig. 9. Plots of normalized estimated from , , and.

information about the host image or stego parameters. In addi-tion, we have also observed that DM steganography actuallyincreases variance of the DM-stego coefficients. To amplifythe difference between the estimated and ,we normalized the estimated vector by its variance, i.e.,

.The normalized , vector still cannot be used

for a blind DM-stego detection, as only one vector isavailable to the steganalyst to determine whether the test imageis a cove or a DM-stego. To resolve this issue, we proposed touse a calibration method based on reprocessing the test image.The proposed calibration method generates the calibrated image(say -stego) by embedding an arbitrary message intothe test image using binary DM with an arbitrary dither vectorand an arbitrary step-size, . It has been observed that the

estimated vectors from the -stego and the testimage are very close in 63-dimensional space if the test image isa DM-stego image and are far apart otherwise. To illustrate thisclaim, we estimated vectors from , , and .Shown in Fig. 9 are the plots of the estimated vectorsfrom , , and .It can be observed from Fig. 9 that the estimated vec-

tors from the -stego and the DM-stego are very close, andthe estimated vectors from the cover and the DM-stegoare far apart. A simple binary hypothesis test based on the dis-tance between the estimated vectors estimated from thetest image and -stego can be used to detect DM-stego.The proposed calibration-based steganalysis method to detect

DM-stego is summarized as follows.1) The test image is reprocessed to obtained -stego byembedding an arbitrary message, , into the test imageusing DM with arbitrary parameters and .

2) The vectors are estimated from both the test imageand the -stego.

3) The Euclidian distance between the estimatedvectors from the test image and the -stego, definedas

(33)

is then used to distinguish between the cover and theDM-stego. Here, and denote

Fig. 10. Schematic diagram of proposed steganalysis scheme to distinguishbetween cover and DM-stego.

estimated vectors estimated from the test imageand the -stego image, respectively.

Shown in Fig. 10 is the schematic diagram of the proposedsteganalysis scheme to distinguish between the cover and theDM-stego.

D. Experimental Results for DM-Stego

Detection performance of the proposed scheme for DMsteganography is also tested for sequential as well as randomembedding.1) Sequential Embedding: Detection performance of the pro-

posed DM steganalysis scheme is also evaluated using the samedatabase [35]. Two-thousand DM-stego images were obtainedby sequentially embedding 2000 random messages into gray-scale and resized versions of the first 1000 images of the data-base [35] using binary DM with and an independentand uniformly distributed dither vectors . The proposed ste-ganalysis scheme was then applied to the resulting 3000 test im-ages (2000DM-stego images and 1000 cover images in the DCTdomain). During the detection process, each test image wascalibrated to generate -stego by embedding an indepen-dent message using randomly selected quantization step-size

, and an independent dither vector into all accoefficients. The vectors were estimated from each testimage and its corresponding -stego image usingfiltering parameters, and . Shown in Table Iis the detection performance of the proposed scheme in termsof false rates. Simulation results listed in Table I are generatedusing a quantization step-size and decision threshold

. And, in case of mid-frequency embedding (MFE),abrupt jump around interfaces of modified coefficients, i.e., fi-nite sequence 5 and finite sequence 32 was used forDM-stego detection.It can be observed in Table I that the proposed nonparametric

steganalysis scheme can successfully distinguish between thequantized-cover and the DM-stego images with relatively lowfalse rates, e.g., , , andMFE embedding isrelatively less secure than the AFE embedding. This is mainlybecause the detector for MFE is using different detection cri-terion and is exploiting prior knowledge about the embeddingalgorithm, that is, the message embedding region.2) Random Embedding: To evaluate performance of the pro-

posed steganalysis scheme for random embedding, the first 200


TABLE IIIDM-STEGO DETECTION PERFORMANCE: RANDOM EMBEDDING

images of the (UCID) [35] was used. One thousand DM-stegoimages were obtained by embedding 200 random messages intogray-scale and resized versions of the cover images using DMmethod discussed in Section II with and independentand uniformly distributed dither vectors . Here, DM-stegoimages were generated by randomly selecting ac coeffi-cients of the input image for message embedding and the re-maining coefficients remained unaltered. During thedetection process, each test image was used to generate thecorresponding -stego image by embedding an indepen-dent message using randomly selected quantization step-size , and an independent dither vector .The vectors were estimated from each test image andthe -stego image using noise filtering parame-ters, and . The proposed steganalysisscheme was tested for 1200 test images (1000 DM-stego and200 cover images). Shown in Table III is the detection perfor-mance the proposed steganalysis scheme for various embed-ding rates, i.e., . Simulation resultsshown in Table III are based on quantization step-sizeand decision threshold .It can be observed from Table III that detection performance

in terms of false negative rates improves gradually as em-bedding rate increases. In addition, in the case of random em-bedding, smaller message embedding is relatively more securethan the larger message embedding. It is also worth mentioningthat for embedding rate , random embedding is more se-cure than sequential embedding.

E. Discussion

Experimental results listed in Table I show that the proposednonparametric steganalysis scheme can successfully distinguishbetween the quantized-cover (respectively, cover) and the QIM-stego (respectively, DM-stego) images with relatively low falserates. It has been observed that for sequential embedding casethe mid-frequency embedding (MFE) is relatively less securethan the all-frequency embedding (AFE). This is an interestingobservation, as a stego image obtained using MFE carries ap-proximately one-half of the message embedded into the stegoimage obtained using the AFE and MFE introduces less embed-ding distortion than the AFE. This observation contradicts thegeneral notion about the security of the secret message, that is,for a given data hiding scheme, a smaller payload and/or lowerembedding distortion provides better security than a larger pay-load and/or higher embedding distortion.The explanation of this effect is as follows. In the case of

MFE, detector exploits additional knowledge about embeddingalgorithm and characterization of the test image (in terms of

Fig. 11. Plots of estimated from cover, quantize cover, and QIM-stegoobtained using MFE.

) which contributes towards superior detection perfor-mance. More specifically, in the case of MFE, only mid-fre-quency coefficients are modified during the message embeddingprocess, therefore, coefficients of the resulting stego image canbe classified into two classes, say C1 and C2. Let coefficientswhich are modified during message embedding process, e.g., fi-nite sequence number 5 to 32 , belong to class C1 andthe remaining sequences belong to class C2. Here, sequencesbelonging to class C1 exhibit a higher level of randomness thanthe sequences from class C2. The change in the randomnesslevel from to and to was used to dis-tinguish between the cover and the stego. This observation isillustrated in Fig. 11.It can be observed from Fig. 11 that there is an abrupt change

in the estimated from to . Therefore, in thecase of MFE, an abrupt change in the estimated irregularity inthe sequences from C1 and C2 contributes to better detection inthe case of MFE than AFE. In contrast, when AFE is used thereis no abrupt change in the estimated vector, althoughthere is still enough distinction between the estimatedfrom the and the to distinguish between the stego andcover images.Experimental results for random embedding listed in

Tables II and III indicate that false negative rates for QIMas well as DM improve gradually as embedding rate increases.In addition, in case of random embedding, lower embeddingyields better security (measured in terms of detection rate)than larger embedding and embedding rate . Moreover,random embedding is more secure than sequential embedding,consider, for example, MFE and in the case of randomembedding, RE is much higher than then MFE. Detectorperformance degradation for RE can be attributed to the factthat the detector does not exploit any knowledge about theembedding algorithm during stego detection process.

V. MESSAGE RECOVERY

This section will provide details of the proposed active ste-ganalysis framework. This proposed active steganalysis frame-work is applicable to QIM-stego images only. Once the testimage is identified as a QIM-stego, the next step is to estimatethe hidden message , the secret key , and the hidden mes-sage length , from the QIM-stego. The proposed messagerecovery process consists of two stages: 1) codebook estima-tion stage and 2) message decoding stage.


Fig. 12. Schematic diagram of proposed message recovery scheme.

The proposed codebook estimation stage uses the first-orderstatistics of the QIM-stego image (in terms of quantization step-size ). The estimated codebook is then used to decode thehidden message from the QIM-stego. It is important to mentionthat the detection performance of the message recovery from theQIM-stego directly depends on the accuracy of the estimated .The proposed message recovery method assumes that the

QIM-stego is obtained by embedding a plain text rather than anencrypted message (or cipher text) using binary QIM in DCTdomain. Moreover, no permutation is applied to the selectedimage coefficients during the message embedding process. Letthe embedding rate represent the fraction of imagecoefficients used during message embedding. As binary QIMencodes one bit of information in each processed coefficient,therefore, a gray-scale image of size can carry upto bits of information at an em-bedding rate of 1 bit per pixel (bpp) (assuming dc coefficientsare not modified during message embedding process). Shownin Fig. 12 is the schematic diagram of the proposed messagerecovery scheme. The next few sections outline details of theproposed message recovery algorithm.

A. Codebook Estimation

To estimate codebook (i.e., quantization step-size, ) fromthe QIM-stego, a sequence is generated by segmenting theQIM-stego into 8 8 nonoverlapping blocks and transformingthem into the DCT domain. The sequence , consisting of accoefficients in the DCT domain is then analyzed to estimate theunderlying quantization step size. Salient steps of the proposedestimation algorithm are outlined as follows.Step 1) A sorted sequence is obtained from

by sorting in ascending order, i.e.,, .

Step 2) The first difference of the sorted sequence iscalculated as ,.

Step 3) The following observations can be made on .a) A run of consecutive zeros in indicate thesame quantization binwhere denotes the total number of bins in, i.e., .

b) The number of quantization bins gives dis-tinct reconstruction grid points, i.e., let

, , where , ,and , here denote a set ofpositive integers.

c) The number of coefficients in each bin givesbin count of the corresponding quantiza-tion bin, that is

where is the indicator function.d) The first difference of the sequence consistingof quantization bin candidates, , yields in-teger multiples of i.e.,

, , where .Step 4) A sequence consisting of candidate values of ,

is obtained from and by sorting themin ascending order and removing repeated entries(if any), i.e., ,where , and

, .Step 5) A score vector based on the weighted sum of

multiplicity count and bin count of the corre-sponding entries of is calculated

(34)

where weighting coefficients and are positivereal numbers such that . Here, multi-plicity count , bin count , values of th entryin the are defined as:a) multiplicity count, , gives the number ofentries in that are integer multiples of

, , and is cal-culated as

(35)

where is defined as

b) bin count gives the number of coefficientsin that are integer multiples of .

Step 6) Entry corresponding to the highest weighted sumscore in is selected as an estimate of the quan-tization step-size . For example, if representsindex of the entry in with maximum count, i.e.,

, then an estimate of is given as.

B. Experimental Results for Estimation

To test effectiveness of the proposed estimation algorithm,we applied the proposed algorithm to 4032 QIM-stego imagesof size 256 256 pixels each. These QIM-stego images wereobtained by embedding 438 random messages in the first 64images of the UCID [35] using binary QIM with quantizationstep-size in the DCT domain. Average and standard


TABLE IVESTIMATED STEP-SIZE AT DIFFERENT

deviation (std) of the estimated codebook, , for different em-bedding rates along with true used are listed in the Table IV.Estimated listed in Table IV were obtained using weightingcoefficients and .It can be observed from Table IV that the proposed estima-

tion algorithm has successfully estimated from QIM-stegoimages carrying messages of different lengths. Simulation re-sults listed in Table IV also reveal that the proposed schemeis insensitive to the quantization step-size . Moreover, it hasalso been observed through simulations that the proposedestimation algorithm occasionally fails to estimate accuratefrom the QIM-stego images of sizeobtained with bpp. However, it is observed throughextensive simulations that the proposed algorithm always esti-mates accurately, when applied to QIM-stego images of size

, with embedding rates as low as 0.05bpp. This would indicate that in order to estimate accurately,the QIM-stego should carry at least quantized coefficients.We have observed that the value of the constant depends onthe cover image texture. We noted that for the image databasedownloaded from [35] was 6000 coefficients.

C. Message Decoding

The estimated quantization step-size is then used to esti-mate the hidden message , the embedding key , and themessage length . The hidden message length can be esti-mated by simply calculating the number of stego coefficientswhich are integer multiples of . The hidden message length

can be calculated as

(36)

Similarly, indices of the stego coefficients corresponding to in-teger multiples of give an estimate of the .Given that the steganalyzer has given no a priori knowledge

about the cover image and the hidden message, determiningwhich quantizer was actually used to encode message symbol 1(respectively, 0) can only be resolved by using a trial and error

Fig. 13. Average decoding bit error rate as a function of embedding rate .

approach. There is an uncertainty in deciding whether recon-struction grid points corresponding to odd multiples of wereused to encode message symbols 0 . To resolve this uncer-tainty, the proposed scheme decodes two messages one for eachquantizer selection possibility. Let the first decoded message,say , correspond to that obtained by decoding reconstruc-tion grid points corresponding to odd multiples of as messagesymbol 0, and the second decoded message for 1. Here,one of the extracted messages, say , will have a decoding biterror rate as , whereas, for the second decodedmessage, i.e., , as . A meaningful decodedmessage is declared as the correct choice.

D. Experimental Results for Message Recovery

The proposed message recovery procedure was tested for 600QIM-stego images each of 256 256 pixels. These QIM-stegoimages were obtained by embedding 600 random messages intofirst ten images of the UCID database [35] using binary QIMwith data embedding rates and step-size .The average decoding bit error rate along with its first-standarddeviation spread in the estimated message from these 600 QIM-stego images is plotted in Fig. 13.It has been observed experimentally that the average de-

coding bit error rate depends on the cover image statisticsand the embedding rate .It has been observed through extensive simulations that for a

given embedding rate and , the QIM-stego im-ages obtained from low-texture images exhibit higher thanthe QIM-stego images obtained from rich-texture cover images.The higher decoding error in the low-texture QIM-stego imagescan be attributed to what we call the natural binning to zero, thatis, unquantized DCT coefficients are naturally rounded to zero.This is mainly due to the fact that low-texture images exhibita relatively large number of ac coefficients with value close tozero. These naturally quantized coefficients contribute to the de-coding bit error as the decoder falsely identifies such quantizedcoefficients as message carriers. In addition, simulation resultsto investigate detection performance as a function of embeddingrate revealed that natural binning to zero induced decoding errorapproaches 0 as approaches 1.We have shown in [27] that in general decoding bit error prob-

ability decreases as message embedding rate increases. Thisis because increasing the number of message carrying coeffi-cients will simultaneously reduce the number of coefficients


Fig. 14. Left panel is the Girl image, a low-texture image, and right panel is the Spring image, a rich-texture image.

TABLE VDECODING ERROR DUE TO NATURAL BINNING TO ZERO

susceptible to natural binning to zero, hence lower decodingerror. Moreover, we have also observed that the decoding biterror probability depends on the stego image texture, that is,low-texture image exhibits higher decoding bit-error rate thanthe rich-texture stego image. More specifically, plain (or lowactivity) regions in the stego image are the major source of de-coding bit error.Finally, to investigate the effect of image statistics on the

decoding error due to natural binning to zero in the esti-mated message two images were used, the Girl image (alow-texture image) and Spring image (a rich-texture image).Shown in Table V is the decoding error rates for the theseimages. These results are generated with the embedding rate

and message embedding parameter .Error rate in the estimated message listed in Table V shows

that Girl-stego exhibits higher decoding error compared toSpring-stego for all embedding rates. These simulation resultsindicate that it is easier to steganalyze QIM-stego images thatuse either one or all of the following: 1) large block sizes; 2)high embedding rate; or 3) schemes that do not include zero asone of the quantization grid points for message embedding.

VI. CONCLUSIONThis paper presents a novel nonparametric steganalysis

scheme to detect QIM-based data hiding. The proposed schemeuses normalized irregularity in the test image, as measuredby the approximate entropy, to distinguish between the quan-tized-cover and the QIM-stego images. Experimental resultsshow that the proposed scheme can successfully distinguishbetween the cover and the stego image with low false rates

and (in case of QIM embedding). For

active steganalysis, the QIM-stego image is analyzed furtherto estimate message embedding codebook in terms of quan-tization step-size which is then used to recover the location,length, and the actual hidden message. Simulation results foractive steganalysis show that the proposed method is capableof detecting and decoding the embedded message with verylow decoding error probability .

REFERENCES[1] R. Chandramouli, A mathematical framework for active steganal-

ysis, ACM Multimedia Syst., vol. 9, no. 3, pp. 303311, Sep. 2003.[2] B. Chen and G. Wornell, Quantization index modulation: A class of

provably good methods for digital watermarking and information em-bedding, IEEE Trans. Inform. Theory, vol. 47, no. 4, May 2001.

[3] M. Costa, Writing on dirty paper, IEEE Trans. Inform. Theory, vol.29, no. 3, pp. 439441, May 1983.

[4] J. Eggers and B. Girod, Informed Watermarking. New York: Kluwer,2002.

[5] P. Guillon, T. Furon, and P. Duhamel, Applied public-key steganog-raphy, in Proc. IS&T/SPIE, 2002, pp. 3849.

[6] K. Sullivan, Z. Bi, U. Madhow, S. Chandrasekaran, and B. Manjunath,Steganalysis of quantization index modulation data hiding, in IEEEInt. Conf. Image Processing (ICIP), 2004, vol. 2, pp. 11651168.

[7] R. Chandramouli and K. Subbalakshmi, Current trends in steganal-ysis: A critical survey, in IEEE Int. Conf. Control, Automation,Robotics Vision (ICARCV), Dec. 2004, vol. 2, pp. 964967.

[8] H. Malik, K. Subbalakshmi, and R. Chandramouli, Nonparametricsteganalysis of qim-based data hiding using kernel density estimation,in ACM, 9th Workshop Multimedia Security (MM & Sec 2007), Dallas,TX, Sep. 2007.

[9] H. Malik, K. Subbalakshmi, and R. Chandramouli, Nonparametricsteganalysis of QIM data hiding using approximate entropy, in Se-curity, Steganography, and Watermarking of Multimedia Content X.San Jose, CA: IS&T/SPIE, 2008, vol. 6819.

[10] P.-F. Luis, C.-A. Pedro, and P.-G. Fernando, Detection in quantiza-tion-based watermarking: Performance and security issues, in Secu-rity, Steganography, and Watermarking of Multimedia Contents VII,E. J. Delp, III and P. W. Wong, Eds. San Jose, CA: , 2005, vol. 5681,pp. 721733.

[11] T. Pevny and J. Fridrich, Detection of double-compression in jpeg im-ages for applications in steganography, IEEE Trans. Inform. ForensicsSecurity, vol. 3, no. 2, pp. 247258, Apr. 2008.

[12] X.-Y. Yu and A. Wang, Detection of quantization data hiding, inProc. Int. Conf. Multimedia Information Networking Security (MINES09), Dec. 2009, pp. 4547.

[13] Q. Wu, W. Li, and X. Y. Yu, Revisit steganalysis on QIM-based datahiding, in Fifth Int. Conf. Intelligent Information Hiding MultimediaSignal Processing (IIH-MSP09), 2009, pp. 929932.

[14] S. Kim and K. Bae, Estimation of quantization step size againstamplitude modification attack in scalar quantization-based audio wa-termarking, in IEEE Int. Conf. Acoustics, Speech Signal Processing(ICASSP06), May 2006, vol. V, pp. 389392.


[15] T. K. K. Lee, D. S. Kim, and K. Ae Moon, Em estimation of scalefactor for quantization-based audio watermarking, Digital Water-marking, vol. 2939, pp. 316327, 2004.

[16] T. Pevny and J. Fridrich, Estimation of primary quantization ma-trix for steganalysis of double-compressed JPEG images, in Proc.SPIE, Electronic Imaging, Security, Forensics, Steganography, Water-marking of Multimedia Contents X, 2008.

[17] C. Shannon, A mathematical theory of communication, ell SystemTech. J., vol. 27, pp. 379423, 1948.

[18] A. Kolmogorov, A new metric invariant of transitive automorphismsof Lebesgue spaces, Dokl. Akad. Nauk, vol. SSSR119, no. 5, pp.861864, 1958.

[19] Y. Sinai, On the concept of entropy for a dynamical system, Dokl.Akad. Nauk, vol. SSSR124, pp. 768771, 1959.

[20] A. Lempel and J. Ziv, On the complexity of finite sequences, IEEETrans. Inform. Theory, vol. 22, no. 1, pp. 7581, Jan. 1976.

[21] S. Pincus, Approximate entropy as a measure of system complexity,in Proc. Nat. Acad. Sci. USA, Mar. 1991, vol. 88, pp. 22972301.

[22] S. Pincus andA. Goldberger, Physiological time-series analysis:Whatdoes regularity quantify?, Amer. J. Physiol. (Heart Circ. Physiol.),vol. 266, no. 4 Pt 2.

[23] S. Pincus, Approximate entropy as a complexity measure, CHAOS,vol. 5, no. 1, pp. 110117, 1995.

[24] L. Schuchman, Dither signals and their effect on quantization noise,IEEE Trans. Commun. Technol., vol. COM-12, no. 12, pp. 162165,Dec. 1964.

[25] R. A. Wannamaker, The mathematical theory of dithered quantiza-tion, Ph.D., Dept. AppliedMathematics, Univ. ofWaterloo,Waterloo,ON, Canada, 1997.

[26] H. Poor, An Introduction to Signal Detection and Estimation, 2nd ed.Berlin, Germany: Springer-Verlag, 1994.

[27] M. Hafiz, Steganalysis of Qim Steganography Using Approximate En-tropy. Dearborn, MI: Univ. Michigan, 2011.

[28] T. Covet and J. Thomas, Elements of Information Theory. New York:Wiley-Interscience, 1991.

[29] D. Ornstien and B. Weiss, How sampling reveals a process, Ann.Prob., vol. 18, pp. 905930, 1990.

[30] S. Pincus, Approximating Markov chains, in Proc. Nat. Acad. Sci.USA, 1992, vol. 89, pp. 44324436.

[31] S. Pincus and R. Kalman, Not all (possibly) random sequencesare created equal, in Proc. Nat. Acad. Sci. USA, 1997, vol. 94, pp.35133518.

[32] S. Pincus and W. Huang, Approximate entropy: Statistical propertiesand applications, Communications in Statistics: Theory and Methods,vol. 21, no. 11, pp. 30613077, 1992.

[33] S. Pincus and B. Singer, Randomness and degree of irregularity, inProc. Nat. Acad. Sci. USA, 1996, vol. 93, pp. 20832088.

[34] K. Sayood, Introduction to Data Compression, 2nd ed. Berlin, Ger-many: Morgan Kaufmann, 2000.

[35] Ucid: An uncompressed colour image database [Online]. Available:http://www-users.aston.ac.uk/schaefeg/datasets/UCID/ucid.html

Hafiz Malik (M04) is an Assistant Professor inthe Electrical and Computer Engineering (ECE)Department, University of Michigan, Dearborn. Hisresearch in multimedia forensics and security, wire-less sensor networks, steganography/steganalysis,and biometric security is funded by the NationalAcademies and other agencies. He has publishedmore than 35 papers in leading journals, conference,and workshops.Dr. Malik is on the Review Board of IEEE Tech-

nical Committee on Multimedia Communications(MMTC). He organized Special Track on Doctoral Dissertation in Multimedia,in the 6th IEEE International Symposium on Multimedia (ISM) 2006. He isserving as secretary of IEEE SEM, Chapter III since 2009 and is also servingon several technical program committees including the IEEE AVSS, ICME,ICIP, MINES, ISPA, CCNC, and ICC.

K. P. Subbalakshmi (SM08) She is an Asso-ciate Professor in the Department of Electricaland Computer Engineering (ECE), Stevens Insti-tute of Technology, Hoboken, NJ. She is also theCo-founder of inStream Media, LLC, a companythat commercializes her research in psycho-lin-guistic text mining and social network forensics. Shewas a Visiting Researcher at the Institut Nationalde Recherche en Informatiqueet en Automatique(INRIA), Institut de recherche en informatique etsystmesalatoires (IRISA), Rennes, France, in

2007. Her research areas are in cognitive radio network security as well asinformation security and forensics.Dr. Subbalakshmi served as the Chair of the Security Special Interest Group

in the Multimedia Technical Committee, IEEE COMSOC from 2005 to 2010.She was the Co-Chair of the Symposium on Selected Areas of Communications,IEEE International Conference on Communications, 2009. She was a KeynoteSpeaker at the SMi International Software Defined Radio, June 2011. She hasgiven tutorials on security issues at the IEEE Conference on Communications,South Africa, 2010, and the IEEE Sarnoff Symposium, 2009. She is the Vice-Chair of the North America region of the IEEE COMSOC Technical Committeeon Cognitive Networks.

R. Chandramouli (SM03) is the Thomas HattrickChair Professor of Information Systems in theDepartment of Electrical and Computer Engineering(ECE), Stevens Institute of Technology, Hoboken,NJ, and Co-Founder of inStream Media, LLC. Hisresearch spans the areas of wireless networking andsecurity, and social media security, forensics andanalysis.Dr. Chandramouli was an Invited Member of the

White House Communications Roundtable to giveinput on the National Wireless Initiative, Founding

Chair of the IEEE COMSOC Technical Committee on Cognitive Networks(TCCN), TCCNs representative to the IEEE COMSOC Standards Board,Editor of the IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS(JSAC)Cognitive Radio Series, Editor of the Advances in MultimediaJournal, Associate Editor of the IEEE TRANSACTIONS ON CIRCUITS ANDSYSTEMS FOR VIDEO TECHNOLOGY, and is on the International AdvisoryBoards of several international conferences. He is the recipient of an IEEEGLOBECOM 2008 Best Paper Award, IEEE CCNC 2006 Best Student PaperAward, NSF CAREER Award, and IEEE Richard E. Merwin Scholarship.His group has been developing and demonstrating a cognitive radio networkprototype for dynamic spectrum access called SpiderRadio. inStream Media,LLC, a company that he co-founded commercializes his research on advancedstatistical psycho-linguistic and information theoretic analytics for socialnetwork security and forensics.

Nonparametric Steganalysis of QIM Steganography Using Approximate Entropy

Documents

Transcript of Nonparametric Steganalysis of QIM Steganography Using Approximate Entropy