Steganalysis of Hydan [chapter]

Jorge Blasco, Julio C. Hernandez-Castro, Juan M. E. Tapiador, Arturo Ribagorda, Miguel A. Orellana-Quiros
2009 IFIP Advances in Information and Communication Technology  
This is the accepted version of the paper. This version of the publication may differ from the final published version. Permanent repository link: Link to published version: http://dx. Abstract Hydan is a steganographic tool which can be used to hide any kind of information inside executable files. In this work, we present an efficient distinguisher for it: We have developed a system that is able to detect executable files with embedded information through
more » ... an. Our system uses statistical analysis of instruction set distribution to distinguish between files with no hidden information and files that have been modified with Hydan. We have tested our algorithm against a mix of clean and stego-executable files. The proposed distinguisher is able to tell apart these files with a 0 ratio of false positives and negatives, thus detecting all files with hidden information through Hydan.
doi:10.1007/978-3-642-01244-0_12 fatcat:n4iwx5fuljf2lj464xnnjvismq