16 Neighboring Joint Density-Based JPEG Steganalysis QINGZHONG LIU, Sam Houston State University ANDREW H. SUNG and MENGYU QIAO, New Mexico Tech The threat posed by hackers, spies, terrorists, and criminals, etc. using steganography for stealthy communi- cations and other illegal purposes is a serious concern of cyber security. Several steganographic systems that have been developed and made readily available utilize JPEG images as carriers. Due to the popularity of JPEG images on the Internet, effective steganalysis techniques are called for to counter the threat of JPEG steganography. In this article, we propose a new approach based on feature mining on the discrete cosine transform (DCT) domain and machine learning for steganalysis of JPEG images. First, neighboring joint density features on both intra-block and inter-block are extracted from the DCT coefficient array and the absolute array, respectively; then a support vector machine (SVM) is applied to the features for detection. An evolving neural-fuzzy inference system is employed to predict the hiding amount in JPEG steganograms. We also adopt a feature selection method of support vector machine recursive feature elimination to reduce the number of features. Experimental results show that, in detecting several JPEG-based steganographic systems, our method prominently outperforms the well-known Markov-process based approach. Categories and Subject Descriptors: I 5.2 [Pattern Recognition]: Design Methodology—Feature evaluation and selection; I.4.9 [Image Processing and Computer Vision]: Applications; K.6.m [Miscellaneous]: Security General Terms: Algorithms, Design Additional Key Words and Phrases: JPEG, steganography, steganalysis, neighboring joint density, SVM, SVMRFE, nuero-fuzzy, classification ACM Reference Format: Liu, Q., Sung, A. H., and Qiao, M. 2011. Neighboring joint density-based JPEG steganalysis. ACM Trans. Intell. Syst. Technol. 2, 2, Article 16 (February 2011), 16 pages. DOI = 10.1145/1899412.1899420 http://doi.acm.org/10.1145/1899412.1899420 1. INTRODUCTION Steganography is the secret embedding of information into digital objects such as images, audios, videos, documents, network packets, etc. The innocuous digital media or files are called carriers or covers, the covers embedded with hidden data are called steganograms. As there is little or no perceptible difference between the cover and the steganogram, the potential of exploiting steganography for covert dissemination of malicious software, mobile code, illegal material or protected information is great. The support for this study from the Institute for Complex Additive Systems Analysis, a division of New Mexico Tech, is greatly appreciated. Q. Liu is also grateful to the Computer Science Department and the Center of Digital Forensics, and to the College of Arts and Sciences, of the Sam Houston State University for their support. Authors’ addresses: Q. Liu, Department of Computer Science, Sam Houston State University, Huntsville, TX 77341; email: liu@shsu.edu; A. H. Sung, Department of Computer Science and the Institute for Complex Additive Systems, New Mexico Tech, Socorro, NM 87801; email: sung@cs.nmt.edu; M. Qiao, Department of Computer Science, New Mexico Tech, Socorro, NM 87801; email: myuqiao@cs.nmt.edu. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept., ACM, Inc., 2 Penn Plaza, Suite 701, New York, NY 10121-0701 USA, fax +1 (212) 869-0481, or permissions@acm.org. c  2011 ACM 2157-6904/2011/02-ART16 $10.00 DOI 10.1145/1899412.1899420 http://doi.acm.org/10.1145/1899412.1899420 ACM Transactions on Intelligent Systems and Technology, Vol. 2, No. 2, Article 16, Publication date: February 2011.