Effective method of steganalysis of executable files based on Huffman code

Methods of data hiding in executable files (programs) are considered. Steganalysis of method which uses blank spaces in executable files is carried out. It is shown experimentally that the hidden data are detected with high confidence.

Portable Executable

1. Hamilton J., Danicic S. An Evaluation of Static Java Bytecode Watermarking // ICCSA'10 "The World Congress on Engineering and Computer Science". San Francisco. 2010.

2. Нечта И.В., Фионов А.Н. Цифровые водяные знаки в программах на СС++ // Материалы XI международной научно-практической конференции "Информационная безопасность" Таганрог: Изд. ТТИ ЮФУ. 2010. Ч. 3. С. 108-113.

3. Davidson R., Myhrvold N. Method and system for generating and auditing a signature for a computer program // US Patent 5559884. 1996.

4. El-Khalil R., Keromytis A. Hydan: hiding information in program binaries // VI International Conference "Information and Communications Security". Berlin: Springer. 2004. V. 3269. P. 187-199.

5. Blascol J., Hernandez-Castol J. Steganalysis of Hydan // IFIP Advances in Information and Communication Technology. 2009. V. 297/2009, P. 132-142.

6. Hattanda K., Ichikawa S. The Evaluation of Davidson's Digital Signature Scheme // I EICE transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2004. V. E87-A. №.1. P. 224-225.

7. Naji A., Teddy S. Algorithms to Watermark Software Through Register Allocation // Lecture Notes in Computer Science, 2006. V. 3919/2006, P. 180-191.

8. Нечта И.В. Стеганография в файлах формата Portable Executable // Вестник СибГУТИ. 2009. №1. С. 85-89.

9. Naji A., Teddy S. New Approach of Hidden Data in the portable Executable File without Change the Size of Carrier File Using Statistical Technique // International Journal of Computer Science and Network Security. 2009. V. 9. № 7. P. 218-224.

10. Zaidan A., Zaidan B., Jalab H. A. A New System for Hiding Data within (Unused Area Two + Image Page) of Portable Executable File using Statistical Technique and Advance Encryption Standard // International Journal of Computer Science and Network Security. 2010. V. 2. № 2.

11. Shin D., Kim Y., Byun K., Lee S. Data Hiding in Windows Executable Files // Australian Digital Forensics Conference. 2008. P. 51.

12. Pietrek M. Peering Inside the PE: A Tour of the Win32 Portable Executable File Format // URL: http://msdn.microsoft.com/enus/magazine/cc301805.aspx (дата обращения: 01.11.2010).

13. Ryabko B., Monarev V. Using information theory approach to randomness testing // Journal of Statistical Planning and Inference. 2005. V. 133, №1. P. 95-110.

14. Ryabko B., Monarev V. Experimental investigation of forecasting methods based on data compression algorithms // Problems of Information Transmission. 2005. V. 41, № 1. P. 65-69.

15. Ryabko B., Astola J. Universal codes as a basis for time series testing // Statistical Methodology. 2006. V. 3. P. 375-397.

16. Ryabko B., Astola J. Universal codes as a basis for nonparametric testing of serial independence for time series // Journal of Statistical Planning and Inference. 2006. V. 136, № 12. P. 4119-4128.

17. Ryabko B. Compression-based methods for nonparametric density estimation, on-line prediction, regression and classification for time series // 2008 IEEE Information Theory Workshop. Porto, Portugal. 2008.