An Ensemble-based Stegware Detection System for Information Hiding Malware Attacks

Abstract

Abstract Recently, attackers are obfuscating the parts of malware attack code using steganography to carry malicious JavaScript and even to deliver cryptominers. Stegware is one of the types among information hiding malware attacks that uses steganography to conceal their presence from any modern malware detection system. In this paper, a stegware detection system is proposed to find the presence of hidden payloads from input images and to verify whether the hidden payload is the subject of stegware attack. The proposed system consists of four phases to detect the stegware: Hidden Payload Detection; Hidden Payload Extraction; Classification and Malicious percentage calculation. In Hidden Payload Detection phase, Ant Colony Optimization algorithm is used to find the optimal subset of features to detect obfuscation. In Hidden Payload Extraction phase, stego repository images are decoded to extract the items that are stegnographically hidden inside the input. Finally, a two-stage ensemble classifier is used in classification phase to process the extracted payloads: binary classifier is used to find whether extracted payload is benign or malignant file; fuzzy C-means clustering algorithm is used to find the percentage of malicious activity. The proposed system is experimentally tested for real dataset and compared with existing models. The experimental results show that the proposed stegware detection system detects the stegnographically hidden attacks and finds the percentage of malicious activity than other models.