STEGANALYSIS IN RESIZED IMAGES

Jan Kodovsk Jessica Fridrich

Binghamton UniversityECE DepartmentBinghamton, NY

ABSTRACT

It is well known that the security of a given steganographicalgorithm strongly depends on the statistical properties ofthe cover source. In this paper, we study how downsam-pling affects steganographic security. The secure payload nolonger scales according to the square-root law because resiz-ing changes the statistical properties of the cover source. Wedemonstrate this experimentally for various types of resizingalgorithms and their settings and thoroughly interpret the re-sults. Modeling digital images as Markov chains allows us tocompute the Fisher information rate for the simplest resizingalgorithm with the box kernel and derive the proper scaling ofthe secure payload with resizing. The theory fits experimentaldata, which indicates the existence of a new scaling law ex-pressing the length of secure payload when the cover lengthis not modified by adding or removing pixels but, instead,by subsampling. Since both steganography and steganalysisis today commonly evaluated through controlled experimentson resized images (e.g., the BOSSbase), the effect of resizingon security is of utmost importance to practitioners.

Index TermsSteganalysis, resized images, interpolationalgorithm, steganographic security

1. INTRODUCTION

Statistical properties of cover source strongly affect stegano-graphic security. For instance, the Square-Root Law(SRL) [1] states that a constant level of statistical detectabil-ity is obtained when the message length grows proportion-ally to the square root of the number of pixels in the im-age. This law manifests when pixels from the same sourceare added/removed, e.g., by stitching together images to ob-tain a panorama or by cropping. When the number of pixelsis changed by resizing, the statistical properties of the source

The work on this paper was supported by Air Force Office of Scien-tific Research under the research grant number FA9950-12-1-0124. The U.S.Government is authorized to reproduce and distribute reprints for Govern-mental purposes notwithstanding any copyright notation there on. The viewsand conclusions contained herein are those of the authors and should not beinterpreted as necessarily representing the official policies, either expressedor implied of AFOSR or the U.S. Government.

change and the SRL no longer holds in its standard form. Theinvestigation of this phenomenon is the subject of this paper.

This research direction is highly relevant to practitionerssince the established method for benchmarking steganogra-phy as well as steganalysis is routinely done on resized im-ages. In fact, todays most commonly used data set is theBOSSbase database [2] whose images were resized from theirnative resolution.

In the next section, we start with a simple motivational ex-periment that shows how much the statistical detectability ofthe HUGO algorithm [3] depends on the resizing kernel usedto downsample the original full-resolution images formingthe BOSSbase. To better isolate the effects of resampling,in Section 3 we work with a homogeneous source and showexperimentally that resizing algorithms and their settings sub-stantially change the security when measured empirically us-ing detectors implemented as binary classifiers. In Section 4,we provide a theoretical analysis of the observed results forthe nearest neighbor resizing by adopting a Markov chainmodel for the cover source. For this type of cover sourceand resizing algorithm, there exists a closed-form expressionfor the steganographic Fisher information rate, which allowsus to determine the size of the secure payload that leads tothe same level of statistical detectability. The paper is con-cluded in Section 5 where we discuss future directions andextensions of this work.

2. MOTIVATIONAL EXPERIMENT

The BOSSbase image data set has been introduced to thesteganographic community during the BOSS competition [2].The newest BOSSbase version 1.01 consists of 10,000 im-ages obtained from full-resolution RAW images (comingfrom eight different cameras) by first demosaicking themusing UFRaw (http://ufraw.sourceforge.net/),converting to 8-bit grayscale, resizing so that the smaller sideis 512 pixels, and finally central-cropping to 512 512 pix-els. All operations were carried out using the ImageMag-icks convert command-line tool. The parameters of theUFRaws demosaicking algorithm are not important for thepurpose of this paper they were fixed for all experiments tothe same values as in the script used in the BOSS competition.

2857978-1-4799-0356-6/13/$31.00 2013 IEEE ICASSP 2013

0 0.1 0.2 0.3 0.40

0.10

0.20

0.30

0.40

0.50

Relative payload (bpp)

TestingerrorPE

Box

Lanczos

Triangle

Cubic

Fig. 1. Median testing error PE for HUGO on BOSSbaseimages created with four different interpolation kernels.

Statistical detectability will be measured empirically usingthe minimal total detection error under equal priors, PE =minPFA(PFA + PMD)/2, where PFA and PMD are the false-alarm and missed-detection rates, computed from the testingset when implementing the classifier using the ensemble [4].We denote by PE the median testing error over ten randomsplits of the database into two halves.

In this section, we represent images using the 12,753-dimensional spatial rich model SRMQ1 [5]. Figure 1 showsPE for HUGO (implemented with = = 1 and the thresh-old T = 255) for four different versions of the BOSSbase.Everything else being equal, the individual scenarios differonly in a single parameter of the converts image resiz-ing algorithm the interpolation kernel. The four choiceswere: box, Lanczos [6] (default), triangle, and cubic. Thedifferences are rather striking. For example, at the relativepayload 0.2 bpp (bits per pixel), the detection error droppedfrom 0.27 with the default Lanczos kernel to an almost perfectdetectability (error 0.02) with bicubic interpolation. Appar-ently, the BOSS competition outcome (and HUGOs security)would be viewed in a completely different light depending onthe BOSS organizers choice of the interpolation algorithm.

3. FURTHER INVESTIGATION

3.1. Notation and preliminaries

Representing a two-dimensional scene (the reality) by afunction f : R2 R, a digital image X registered by theimaging sensor can be defined as a (quantized) sampled por-tion of f :

X(x, y) = Q (C,(x, y) f(x, y)) , (1)where Q is a scalar quantizer and C,(x, y) denotes a dis-crete sampling function,

C,(x, y) =

M1k=0

N1l=0

(xx0k)(yy0 l), (2)

Fig. 2. The box, triangle, and cubic interpolation kernels.

with the parameter vector = (x0, y0,M,N) and (x) de-fined as (0) = 1 and (x) = 0 x 6= 0. Note that X isnon-zero only at M N equally-spaced locations of a rect-angular portion of the real scene f uniquely defined by .

The actual process of image resizing is executed by meansof a linear interpolation filter with a convolution kernel :R2 R satisfying (x, y)dxdy = 1. Formally, resizingX by a factor of k, one obtains:

X(k)(x, y) = Q(C/k,(k)(x, y) (X )(x, y)

), (3)

where the convolution (X )(x, y) serves as an approxima-tion of the reality f(x, y). We allow the new parameter vec-tor (k) = (x(k)0 , y

(k)0 , bM/kc , bN/kc) to have a different

starting point of the grid (x(k)0 , y(k)0 ) than the original image

X, i.e., the first pixel of the resized image does not have tocoincide with the first pixel of the original image. Not onlydoes this correspond to the specific implementations in com-mon image-processing tools, but also, as will be shown, theposition of the point (x(k)0 , y

(k)0 ) plays a crucial role in ste-

ganalysis.For simplicity, in the rest of the paper we assume thatM =

N , x(k)0 = y(k)0 for all k, and (x, y) = (x)(y). The

variable k will exclusively denote the resizing factor.

3.2. Image database and the resizing algorithm

Since the BOSSbase is a collection of images from eight dif-ferent cameras, its images have been resized by different fac-tors, which makes it unsuitable for isolating the subtle effectsof interpolation. Thus, for our study, we collected 3, 000DNG images from a single camera (Leica M9) in the na-tive resolution of 3, 472 5, 216 pixels, demosaicked themusing UFRaw (with the setup used during the BOSS competi-tion), and converted to 8-bit grayscale. The resulting databaseof 3, 000 never compressed (and not resized) images is themother database for all our subsequent experiments.

For image resizing, we used the Matlab functionimresize with the nearest neighbor (box), bilinear (trian-gle), and bicubic (cubic [7]) interpolation kernels b, t, c,respectively (see Figure 2).

To resample an image by factor k, we apply the interpo-lation formula (3) and then crop the resulting image X(k) tothe central 512 512 region. The cropping was included toeliminate the effects of the SRL on images of different sizeswhile keeping the statistical properties of pixels. By default,the value of the point (x(k)0 , y

(k)0 ), i.e., the location of the first

2858

1 1.5 2 2.5 3 3.5 4 4.5 50

0.050.100.150.200.250.300.350.400.450.50

Resize factor k

TestingerrorPE

b box

c cubic

t triangle

Fig. 3. Steganalysis of LSBM in images resized by differentinterpolation kernels.

pixel of the resized image, is calculated as

x(k)0 = y

(k)0 = (k + 1)/2, (4)

which corresponds to centering the sampling points of X(k)

within the frame of the original imageX.

3.3. Steganography and steganalysis

For illustrative purposes, we attack LSB matching (LSBM).The stego images were created by changing the relative por-tion of pixels (the change rate) by either increasing or de-creasing their values by 1, equiprobably.

To speed up the experiments, we did not use a rich model torepresent the images and, instead, opted for a more compactfeature space that is adequate for the purposes of revealing theeffects of resampling on security. The features are constructedfrom a four-dimensional co-occurrence matrix formed by fourhorizontally and vertically neighboring rounded noise residu-als obtained by convolving the image with the kernel

K =

0.25 +0.5 0.25+0.5 0 +0.50.25 +0.5 0.25

, (5)originally introduced in [8]. Utilizing the sign and directionalsymmetries of natural images [9], the co-occurrence dimen-sionality is reduced to 169.

3.4. Results and interpretation

Figure 3 shows the steganalysis results of LSBM at a fixedchange rate achieved for a range of downsampling factors k [1, 5] and the interpolation kernels shown in Figure 2. Notethat this could be achieved by calling the Matlabs functionimresize with kernels box, triangle, and cubic, andturning the antialiasing off. We remind that after resizing, allimages were always cropped to the central 512 512 regionto eliminate the effects of the SRL.

The testing error generally grows with increasing k, whichis to be expected since downsampling decreases the depen-dencies among pixels. The differences between kernels aresolely due to different (linear) pixel combinations created dur-ing the process of interpolation, which results in qualitativelydifferent dependencies among pixels. These are eventuallydisturbed by embedding and detected by steganalysis. One ofthe main messages of this article is that even a small change inthe interpolation kernel can significantly change the outcomeof steganalysis.

The progress of the errors in Figure 3 is far frommonotonous in k, which is especially apparent for the trian-gle kernel t, where the sudden drops and increases some-times exceed 5% of the error value. There are two reasonsfor such rapid changes the distance between two pixels atthe resolution k and the position of the first pixel in the re-sized image, (x(k)0 , y

(k)0 ). For k = 2, for example, equa-

tion (4) yields x(k)0 = y(k)0 = 1.5, and the pixel difference

is 2. Thus, every pixel of the resized image is exactly in themiddle between two pixels of the original image; the trianglekernel averages both neighboring pixels. This can be seen asa simple denoising operator that increases local correlationsamong pixels and thus makes steganalysis easier. Similar ar-guments could be applied for the case k = 4. The initialdrop at k 1.1 (for c and t) is again caused by the in-creased strength of dependencies among neighboring pixels this time due to the fact that the pixel grids at both scales aremisaligned and most pixels from the original resolution con-tribute to two neighboring pixels of the resized image. Notethat this is not the case for the box kernel, a simple nearestneighbor interpolator, hence the missing initial drop.

Lastly, note the identical performance of all three kernelsat odd factors k = 3, 5 (and trivially also at k = 1). Inthese cases, the pixel locations of the resized image alwayscoincide with certain pixels from the original grid, and sinceall three kernels vanish at integer values, they are essentiallyidentical. Furthermore, for the triangle kernel, this means asudden decrease in neighboring pixel correlations (comparedto the close, non-integer values of k) and thus a sudden dropin steganalysis performance (increased error).

The presented qualitative interpretation of Figure 3 pro-vides insight into the inner workings of the image interpo-lation and the importance of its individual components forsteganalysis (e.g., the alignment of the resized grid). In thenext section, we approach the problem from a theoretical per-spective that points to an intriguing new scaling law.

4. SCALINGW.R.T. IMAGE RESOLUTION

4.1. Image model

In this section we study the effects of image resizing on ste-ganalysis analytically. To this end, we restrict ourselves to thesimplest box kernel and assume that pixels in rows/columns

2859

of images are first-order Markov chains (MCs) over the spaceof grayscales and are thus fully characterized by a transitionprobability matrix (TPM) A = (aij). Following [10], weadopt the exponential cover model,

aij = 1/Zi exp((|i j|/)) , (6)

whose parameters can be estimated from a large number ofimages. The parameters and were estimated using themethod of moments [11] from the Leica M9 database.

Resizing images by a factor k 1, k R, changes theTPM A Ak, where the matrix power is defined in a gen-eral sense and can be evaluated via eigenvalue decomposi-tion for non-integer k. This allows us to study the scalingeffects of image resizing on steganographic security solelybased on the statistical properties of the original cover source(non-resized images).

4.2. Scaling factor (k)

It is well-known that the leading term of the KL divergencebetween cover and stego objects is quadratic in the changerate :

D(k;) =1

2n2I(k), (7)

where n is the cover size and I(k) is the steganographicFisher information (FI) rate for the resize factor k. For a fixedcover source described by its TPM and a fixed steganographicalgorithm (LSBM in our case), the authors of [10] derived aclosed-form expression for I(k) (see Thm. 2 in [10]), fromwhich one can obtain D(k;) at different resolutions (as afunction ofAk).

To obtain a constant level of statistical detectability (KLdivergence D) after resizing by factor k, the change rate needs to be scaled by (k): D(1;) = D(k;(k)). Sincewe always central-crop the image after resizing to the samesize n (and thus eliminate the effect of the SRL) it is easy tosee that (k) =

I(1)/I(k). In Figure 4 (left), we show the

computed values of the parameter (k) for a range of scal-ing factors k [1, 3]. These theoretically obtained resultswere verified in the following manner. For a fixed changerate , we first steganalyzed LSBM using the feature vectordescribed in Sec. 3.3, obtaining thus the median testing errorPE(1, ). Next, according to the theory, the same error rate,PE(k, (k)), should be obtained after resizing the image bythe factor k and modifying the change rate to (k), pro-vided the images at both resolutions are cropped to the samedimensions (otherwise, another change rate adjustment dueto the SRL would be needed). In Figure 4 (right), we showthe results for several values of for k = 2. Despite thesimplicity of the cover model (6) and the fact that we use amachine-learning based detector, an excellent match betweentheory and practice is observed. We plan to include more ex-perimental results in a journal version of this paper.

1 1.5 2 2.5 31

5

10

15

Resize factor k

(k

)

.2 .3 .4 .5

.2

.3

.4

.5

PE(2, (2))

k = 2

PE(1,

)

Fig. 4. Left: Derived scaling factor (k) =I(1)/I(k);

Right: testing error PE(2, (2)) on images resized by factork = 2 embedded with change rate (2) vs. PE(1, ) fornon-resized images (k = 1) embedded with change rate forthe following range of values of = {0.01, 0.02, . . . , 0.11}((2) 4.53). See the text for more details.

5. CONCLUSIONS AND RELATION TO PRIOR ART

To the best knowledge of the authors the role of the image re-sizing algorithm and its influence on steganography and ste-ganalysis has not been studied so far. This paper is the firststep in this direction, and it reveals a surprising sensitivity ofsteganalysis to the choice of the interpolation kernel, as wellas the exact position of the first pixel of the resized image,which affects the alignment of both pixel grids and conse-quently the strength of the correlations among individual pix-els.

Resizing an image is a very different operation from crop-ping or concatenating images because the statistical proper-ties of pixels change. Thus, the standard scaling of securepayload as stated by the square root law is no longer valid.To obtain a better understanding of this phenomenon, we the-oretically analyzed the simplest resizing algorithm with thebox kernel (the nearest neighbor interpolation). Adoptinga Markov chain model for image pixels, we were able tocompute the steganographic Fisher information rate, whichallowed us to derive the scaling of the secure payload thatshould lead to constant statistical detectability under resizing.

Studying the impacts of image resizing on statisticalproperties of pixels is significant for practitioners becausesteganography and steganalysis are nowadays commonlybenchmarked on image sets obtained by resizing full-resolution images (e.g., the BOSSbase).

The authors are preparing an expanded journal version ofthis article that will include the study of the effects of resiz-ing with antialiasing as well as a more detailed study of thescaling law.

2860

6. REFERENCES

[1] T. Filler, A. D. Ker, and J. Fridrich, The Square RootLaw of steganographic capacity for Markov covers,in Proceedings SPIE, Electronic Imaging, Security andForensics of Multimedia XI, N. D. Memon, E. J. Delp,P. W. Wong, and J. Dittmann, Eds., San Jose, CA, Jan-uary 1821, 2009, vol. 7254, pp. 08 108 11.

[2] P. Bas, T. Filler, and T. Pevn, Break our stegano-graphic system the ins and outs of organizing BOSS,in Information Hiding, 13th International Workshop,T. Filler, T. Pevn, A. Ker, and S. Craver, Eds., Prague,Czech Republic, May 1820, 2011, vol. 6958 of LectureNotes in Computer Science, pp. 5970.

[3] T. Pevn, T. Filler, and P. Bas, Using high-dimensionalimage models to perform highly undetectable steganog-raphy, in Information Hiding, 12th International Work-shop, R. Bhme and R. Safavi-Naini, Eds., Calgary,Canada, June 2830, 2010, vol. 6387 of Lecture Notesin Computer Science, pp. 161177, Springer-Verlag,New York.

[4] J. Kodovsk, J. Fridrich, and V. Holub, Ensemble clas-sifiers for steganalysis of digital media, IEEE Transac-tions on Information Forensics and Security, vol. 7, no.2, pp. 432444, April 2012.

[5] J. Fridrich and J. Kodovsk, Rich models for steganal-ysis of digital images, IEEE Transactions on Informa-tion Forensics and Security, vol. 7, no. 3, pp. 868882,June 2012.

[6] A. S. Glasser, Graphics Gems, Morgan Kaufman, 1990.

[7] R. G. Keys, Cubic convolution interpolation for digi-tal image processing, IEEE Transactions on Acoustics,Speech, and Signal Processing, vol. ASSP-29, no. 6, pp.11531160, December 1981.

[8] A. D. Ker and R. Bhme, Revisiting weighted stego-image steganalysis, in Proceedings SPIE, ElectronicImaging, Security, Forensics, Steganography, and Wa-termarking of Multimedia Contents X, E. J. Delp, P. W.Wong, J. Dittmann, and N. D. Memon, Eds., San Jose,CA, January 2731, 2008, vol. 6819, pp. 5 15 17.

[9] J. Fridrich and J. Kodovsk, Steganalysis of LSB re-placement using parity-aware features, in InformationHiding, 14th International Workshop, Berkeley, CA,May 1518, 2012, Lecture Notes in Computer Science,To appear.

[10] T. Filler and J. Fridrich, Fisher information determinescapacity of -secure steganography, in InformationHiding, 11th International Workshop, S. Katzenbeisser

and A.-R. Sadeghi, Eds., Darmstadt, Germany, June 710, 2009, vol. 5806 of Lecture Notes in Computer Sci-ence, pp. 3147, Springer-Verlag, New York.

[11] S. Meignen and H. Meignen, On the modeling of DCTand subband image data for compression, IEEE Trans-actions on Image Processing, vol. 4, no. 2, pp. 186193,February 1995.

2861