SEEK (Steganalytic vidEo-rEsearch frameworK)
Lead Research Organisation:
University of Kent
Department Name: Sch of Computing
Abstract
The proposed research project aims to discover whether videos uploaded and exchanged by terrorists and sympathizers contain hidden data, and to recover any such data if this was the case for gathering intelligence on their plans and operations.
For that, we will create a high performance and scalable video steganalysis tool called SEEK (Steganalytic vidEo rEsearch frameworK).
The tool will be at the core of a system capable of locating, collecting, analyzing, and sanitizing videos shared on the Internet by terrorists or their affiliates.
While primarily aimed at helping counter terrorism and law enforcement, with a primary objective of significantly enhancing UK security, the outcomes of the SEEK proposal will also benefit a number of other disciplines and activities.
We will contribute to the UK digital economy by improving the security of companies in general and video hosting or sharing sites in particular.
For instance, some of SEEKs outputs will directly help companies eliminate any hidden data in any video, and detect and stop data loss when video steganography is used by cyber criminals to exfiltrate stolen data stealthily, which is becoming an increasingly common practice.
SEEK also has some potential as a business venture expanding as steganalysis as a service (including analysis of other media), which could create jobs and bring unique technological expertise in the UK.
For that, we will create a high performance and scalable video steganalysis tool called SEEK (Steganalytic vidEo rEsearch frameworK).
The tool will be at the core of a system capable of locating, collecting, analyzing, and sanitizing videos shared on the Internet by terrorists or their affiliates.
While primarily aimed at helping counter terrorism and law enforcement, with a primary objective of significantly enhancing UK security, the outcomes of the SEEK proposal will also benefit a number of other disciplines and activities.
We will contribute to the UK digital economy by improving the security of companies in general and video hosting or sharing sites in particular.
For instance, some of SEEKs outputs will directly help companies eliminate any hidden data in any video, and detect and stop data loss when video steganography is used by cyber criminals to exfiltrate stolen data stealthily, which is becoming an increasingly common practice.
SEEK also has some potential as a business venture expanding as steganalysis as a service (including analysis of other media), which could create jobs and bring unique technological expertise in the UK.
Planned Impact
The results of the project will allow video providers (such as Youtube, Twitter, Facebook, etc.) to ensure their services are not being abused by terrorists or other criminals to communicate secretly. The recent case of the Hammertoss malware (that uses image steganography over Twitter) is a worrying example of what could be a trend in the future. Additionally, some of the outcomes of the project will decisively help organizations to detect video steganography in their networks, which is becoming one of the most threatening vectors for exfiltrating stolen data after a security breach. This could have a major impact on organisations dealing with large databases of private data, but also on their millions of customers. We will make sure that online video service providers and private organisations will have knowledge and access to the project results.
We will investigate the commercial exploitation of the research outcomes of the project, and study the possibility of creating a start-up company to offer consultancy. This will contribute to the creation of jobs and expertise. We plan the Public Sector and the Wider Public to benefit directly from an increased security level, thanks to our freely available, well documented, easy-to-use outputs. This approach would also suit most SMEs. But we also envisage large companies willing to have a more customized solution, closer to their specific needs and policies, and with particular targets regarding accuracy and throughput.
Law enforcement in general and counter-terrorist units in particular will benefit from our outputs. They will for the first time be able to detect terrorist and other cybercriminals communications using video steganography. This could also be valuable in the fight against paedophiles, which constitute the oldest well-known group of criminals employing steganography. Our findings could help to discover communication channels, forums, websites, accounts and users that have previously stayed under the radar.
We have prepared a set of activities aimed to maximize the impact in the general public. Our activities are focused on two goals: making science accessible to the general public and increasing societal awareness and interest in the area, attracting talent towards future careers in cybersecurity.
The proposed project will also stimulate academic research in steganalysis and build much needed expertise in the UK. We will additionally attract academic interest by developing a BOSS (Break Our Steganographic System) challenge. The challenge will take part as a side activity run in parallel with a security related conference. %Some related disciplines will clearly benefit from our developments, notably computer forensics and privacy.
This project will decisively contribute to the initial stages of a future UK hub on steganography and steganalysis in many ways, not least by creating expertise in the area, gaining both national and international visibility and recognition for our research groups and field, and by attracting talent to the area by means of the Lounge (see Pathways to Impact document). We will push forward the state of the art on the disciplines we will cover quite significantly, based on our novel computer forensics-based approach to steganalysis, and our strong focus on analysing real, practical tools -- the popular ones which have thousands of users, not limiting ourselves (though covering them as well) to purely academic or theoretical developments.
We will investigate the commercial exploitation of the research outcomes of the project, and study the possibility of creating a start-up company to offer consultancy. This will contribute to the creation of jobs and expertise. We plan the Public Sector and the Wider Public to benefit directly from an increased security level, thanks to our freely available, well documented, easy-to-use outputs. This approach would also suit most SMEs. But we also envisage large companies willing to have a more customized solution, closer to their specific needs and policies, and with particular targets regarding accuracy and throughput.
Law enforcement in general and counter-terrorist units in particular will benefit from our outputs. They will for the first time be able to detect terrorist and other cybercriminals communications using video steganography. This could also be valuable in the fight against paedophiles, which constitute the oldest well-known group of criminals employing steganography. Our findings could help to discover communication channels, forums, websites, accounts and users that have previously stayed under the radar.
We have prepared a set of activities aimed to maximize the impact in the general public. Our activities are focused on two goals: making science accessible to the general public and increasing societal awareness and interest in the area, attracting talent towards future careers in cybersecurity.
The proposed project will also stimulate academic research in steganalysis and build much needed expertise in the UK. We will additionally attract academic interest by developing a BOSS (Break Our Steganographic System) challenge. The challenge will take part as a side activity run in parallel with a security related conference. %Some related disciplines will clearly benefit from our developments, notably computer forensics and privacy.
This project will decisively contribute to the initial stages of a future UK hub on steganography and steganalysis in many ways, not least by creating expertise in the area, gaining both national and international visibility and recognition for our research groups and field, and by attracting talent to the area by means of the Lounge (see Pathways to Impact document). We will push forward the state of the art on the disciplines we will cover quite significantly, based on our novel computer forensics-based approach to steganalysis, and our strong focus on analysing real, practical tools -- the popular ones which have thousands of users, not limiting ourselves (though covering them as well) to purely academic or theoretical developments.
People |
ORCID iD |
| Julio Hernandez-Castro (Principal Investigator) |
Publications
Cervantes A
(2018)
System steganalysis with automatic fingerprint extraction.
in PloS one
Sloan T
(2018)
Dismantling OpenPuff PDF steganography
in Digital Investigation
| Description | We have significantly advanced the state of the art in video steganalysis, developing a collection of techniques that have been combined into a tool that can efficiently and accurately detect the use of video steganography by some of the most widely used applications currently available. Apart from the practical component of this finding, we have pushed forward the current state of the art by revealing (and exploiting) many of the current shortcomings of video steganography tools, in the hope they will improve their game and implement more secure techniques in the future. We also concluded that the current usage of video steganography over the internet is very limited, but unfortunately prevalent in criminal and terrorists groups and hence will continue being an interesting research area for the foreseeable future. |
| Exploitation Route | Video steganography tools will likely move towards the use of more sophisticated and secure mechanisms, and this in turn will create a new challenges for forensic practitioners and law enforcement, so new research will be needed in the area. |
| Sectors | Creative Economy,Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy |
| URL | https://github.com/UoK424/RAMSES_StegAware |
| Description | Some of the tools developed in this project have been presented and extensively demonstrated to different Law Enforcement authorities both national (Met Police) and international (EUROPOL). They have been offered tutorials and 1:1 sessions, and as a result of this they have incorporated them to their forensic toolset, using it , automatically, on a daily basis as part of their evidence analysis process. The tools were optimised in order to meet Law Enforcement strict set of requirements, which consisted basically on great speed not to innecesary delay the evidence analysis phase of their investigations, and a low number of false positives, which could lead to wasting police time. These requirements were quite different from what users need in other contexts, so we fine-tuned the tools to maximise their appeal to Law Enforcement and thus facilitate their adoption. We don't know whether they have led to successful operations and criminal convictions yet, because the LEAs we've been in contact with are not keen on disseminating this information. But we can say is that for sure this has improved the LEAs knowledge and level of alert towards steganographic contents, and this will for sure lead to catching criminals that otherwise will stay under the radar. In addition, we have liaised as well with intelligence agencies that are acutely aware of the risk that the use of steganography by terrorist pose to the realm. We can not disclose too many details about this exchange, except for the fact that they have been fruitful. The work in this project has led to some of the PIs been involved in EU Projects such as SIMARGL (https://simargl.eu/) as a member of the Advisory Board, and RAMSES. Also, it has helped to being invited to the consortium and the proposal write-up of two other EU projects that were recently awarded. These are HEROES (2021-2024) and LAZARUS (2022-2025), bringing in total in excess of €1.154mk (or ~£967k) of EU funding to the UK. These resources have been employed largely in hiring postdoctoral research assistants, thus creating high-quality, well remmunerated employment. |
| Sector | Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy |
| Impact Types | Economic,Policy & public services |
| Description | Our tool is now widely used in Europol |
| Geographic Reach | Europe |
| Policy Influence Type | Influenced training of practitioners or researchers |
| Impact | Our tools are now commonly used by Europol and other law enforcement agencies across Europe (including the Met) and we believe this will lead to more findings, more intelligence gathered and more convictions, thus putting dangerous criminals off the streets. |
| Description | EU H2020 RAMSES |
| Amount | € 4,000,000 (EUR) |
| Funding ID | 700326 |
| Organisation | European Commission |
| Sector | Public |
| Country | European Union (EU) |
| Start | 09/2016 |
| End | 08/2019 |
| Description | HEROES |
| Amount | € 4,999,500 (EUR) |
| Funding ID | 101021801 |
| Organisation | European Commission H2020 |
| Sector | Public |
| Country | Belgium |
| Start | 12/2021 |
| End | 11/2024 |
| Description | Project LAZARUS, under scheme HORIZON-CL3-2021-CS-01 |
| Amount | € 3,647,438 (EUR) |
| Organisation | European Commission |
| Sector | Public |
| Country | European Union (EU) |
| Start | 09/2022 |
| End | 08/2025 |
| Description | Collaboration with Prof Wojciech Mazurczyk |
| Organisation | University of Warsaw |
| Country | Poland |
| Sector | Academic/University |
| PI Contribution | Prof. Wojciech Mazurczyk is with Warsaw University of Technology (Poland) & FernUniversitaet in Hagen (Germany) Thanks to this project, and its associated outputs (publications) he got in contact with me and my group at Kent. As a result he invited me as a keynote speaker at a workshop he organised (CUING 2019) and he came for an invited talk this year (January 2020). We have started collaboration in an EU H2020 funded project (he is the scientific lead, I am now a member of the advisory board) called Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware (SIMARGL) (2019-2022). We are additionally joining forces in the steganalysis of a new piece of malware. |
| Collaborator Contribution | He is adding expertise in network steganography, and our group is contributing with expertise in image and video steganography and steganalysis. |
| Impact | None yet, but working on it. |
| Start Year | 2019 |
| Description | Collaboration with Prof. Constantinos Patsakis |
| Organisation | University of Piraeus |
| Country | Greece |
| Sector | Academic/University |
| PI Contribution | We have added to this collaboration our unique expertise in steganography and steganalysis, which is not common and lately seems to be in high demand |
| Collaborator Contribution | They bring an extensive expertise in network and computer forensics |
| Impact | Intercepting hail hydra: Real-time detection of algorithmically generated domains F Casino, N Lykousas, I Homoliak, C Patsakis, J Hernandez-Castro Journal of Network and Computer Applications 190, 103135, 2021 |
| Start Year | 2018 |
| Description | Collaboration with UC3M |
| Organisation | Charles III University of Madrid |
| Country | Spain |
| Sector | Academic/University |
| PI Contribution | We provided expertise and interesting open questions in steganography and steganalysis, and in particular those relevant to this project. We helped re-formulate some of them as machine learning problems, suitable to be solved with their tools and techniques. |
| Collaborator Contribution | They bring expertise in machine learning and artificial intelligence in general, and expertise in tools and techniques able to efficiently solve problems in this area. Thanks to this collaboration, we produced a paper with an automatic tool capable of quite general and powerful signature-based steganalysis. |
| Impact | The work reflected in the publication below would have been impossible without this collaboration System steganalysis with automatic fingerprint extraction A Cervantes, T Sloan, J Hernandez-Castro, P Isasi PloS one 13 (4), e0195737 |
| Start Year | 2016 |
| Title | Stegaware tool |
| Description | It is the most complete and up to date tool to detect the use of steganography on video contents. |
| Type Of Technology | Software |
| Year Produced | 2019 |
| Open Source License? | Yes |
| Impact | It's in use by Europol and the Met Police |
| URL | https://github.com/UoK424/RAMSES_StegAware |