10. svd based universal spatial domain image steganalysis


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

10. svd based universal spatial domain image steganalysis

  1. 1. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 5, NO. 2, JUNE 2010 349Correspondence SVD-Based Universal Spatial Domain Image Steganalysis from the pixel information [4], while the latter ones attack on the DCT coefficients [6]. Gokhan Gul and Fatih Kurugollu In this paper, we propose a novel steganalyzer which derives the features from the spatial domain and performs detection without re- gard to which domain the secret message is embedded. The proposed Abstract—This paper is concerned with the universal (blind) image method models linear dependencies of image rows/columns using sin-steganalysis problem and introduces a novel method to detect especially gular value decomposition (SVD) and employs content independencyspatial domain steganographic methods. The proposed steganalyzer via Wiener filtering [7]. The contributions of this paper over our pre-models linear dependencies of image rows/columns in local neighborhoodsusing singular value decomposition transform and employs content inde- vious work [8] are summarized as follows:pendency provided by a Wiener filtering process. Experimental results 1) New features are derived from content independency process.show that the novel method has superior performance when compared 2) Rate independent comparative experiments are provided.with its counterparts in terms of spatial domain steganography. Exper- 3) Steganalysis issue for the perturbation quantization (PQ) methodiments also demonstrate the reasonable ability of the method to detect is presented by taking singular value-based steganalysis (SVBS),discrete cosine transform-based steganography as well as the perturbationquantization method. which is the most successful steganalyzer for PQ, as a benchmark algorithm [2]. Index Terms—Classification, singular value decomposition (SVD), ste- In the experiments, we consider three publicly available spatial do- main (LSB, LSB6, and Steghide) and five DCT domain (F5, Outguess,ganalysis, Wiener filtering. JP Hide&Seek, MB1, and MB2) steganography algorithms as well as I. INTRODUCTION the perturbed quantization (PQ) method. The LSB algorithm, which is one of the most simple and widely used methods in steganography, sub- Steganography is the clandestine communication over public chan- stitutes the least significant bits of the pseudorandomly chosen covernels. The ultimate goal of steganography is to conceal the presence image pixels with the binary message bits. LSB6, on the other hand,of communication by embedding secret messages into innocuous dig- increments or decrements the value of the chosen pixels according toital media in a way that is statistically undetectable. In this context, a random variable with uniform distribution on f01; +1g if the LSBssteganography is considered secure if there is no attack that can deter- of these pixels are not the same with the corresponding message bitsmine the existence of the secret message with a success rate better than [9]. Another variety of this paradigm is Steghide algorithm which ex-a random guess [1]. On the contrary, steganalysis is the art of discov- changes the pixel values rather than changing their LSBs to preserveering the very presence of hidden data in cover objects. Steganalysis the first-order statistics [10]. In F5 algorithm, the absolute values ofcan be broadly classified into two groups: algorithm specific (targeted) nonzero ac DCT coefficients are changed using a matrix embeddingmethods [2] and universal (blind) methods [3], [4]. Algorithm specific strategy to minimize the embedding distortion [11]. The Outguess al-steganalysis assumes that the steganographic method is known by the gorithm tries to preserve the DCT histogram with a two-pass strategy.attacker. The attacker takes advantage of this prior knowledge to design In the first pass, the message bits are embedded into the randomly se-methods to reveal the existence of the hidden data. The shortcoming lected LSBs of DCT coefficients excluding those whose values are 0, 1,of this type of steganalysis is that their satisfactory performance is re- or 01. In the second pass, an adjustment process on DCT coefficientsstricted to a specific steganography. Universal steganalysis methods is carried out so that the DCT coefficient histograms of cover and stegoaim to overcome this problem. Instead of using any a priori informa- images are the same [12]. JP Hide&Seek embeds a content which istion, they take into account all available steganography methods to de- encrypted using the Blowfish algorithm as a pseudorandom numbervise a single steganalysis framework. It is supposed that a blind ste- generator into DCT coefficients [13]. MB1 and MB2 are model-basedganalysis method can detect any steganography if sufficient numbers methods which try to model and to preserve the statistical properties ofof cover and stego images have been taken into account during the de- DCT coefficients during the embedding process [14]. Finally, the PQsign process [5]. algorithm, which is the state-of-the-art steganographic method, embeds All universal steganalysis methods assume that data-hiding destroys the message bits in the JPEG compression stage by perturbing the quan-the underlined statistics of natural images. Therefore, a common char- tization steps [15].acterization should be possible if the features incorporated to the classi- We compare the proposed method with four other state-of-the-artfication process are sensitive to the embedding noise and insensitive to universal (blind) steganalysis methods; Farid’s method (Farid), Binarythe image content. Universal steganalysis schemes can be divided into Similarity Measures (BSM), Wavelet Absolute Moments (WAM), andtwo categories: spatial domain and discrete cosine transform (DCT) Xuan et al. Farid uses the first four moments of the wavelet coeffi-domain. The methods belonging to the former one extract the features cients over N subbands and three orientations as well as of the norms of the optimal linear predictor residuals [3]. BSM takes into account Manuscript received July 20, 2009; revised October 21, 2009; accepted De- two LSB planes and calculates several binary similarity features re-cember 19, 2009. Date of publication February 17, 2010; date of current version lated to the correlation between these bit planes as well as the binaryMay 14, 2010. The associate editor coordinating the review of this manuscript texture characteristic within the bit planes [4]. WAM uses higher orderand approving it for publication was Dr. Mark (Hong-Yuan) Liao. The authors are with the School of Electronics, Electrical Engineering and absolute moments of the noise residual to calculate the features becauseComputer Science, Queen’s University, Belfast, U.K. (e-mail: gokhangul@hot- the noise residual increases the features’ sensitivity to embedding [9].mail.com; f.kurugollu@qub.ac.uk). Finally, Xuan et al. uses an image co-occurrence matrix to derive the Color versions of one or more of the figures in this paper are available online features which are clustered using class-wise nonprincipal componentsat http://ieeexplore.ieee.org. analysis (CNPCA) [16]. Digital Object Identifier 10.1109/TIFS.2010.2041826 1556-6013/$26.00 © 2010 IEEE
  2. 2. 350 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 5, NO. 2, JUNE 2010 The rest of the paper is organized as follows. SVD and the proposed Step 2: For each particular W , calculate the singular value vectorfeatures are explained in Section II. The image sets used in the experi- Sv of each subblock jments, the embedding processes related to the steganographic methods,and the experimental results are presented in Section III. Finally, theconclusions are drawn in Section IV. SVD(Subblockj ) 0 Svj = [1j ; 2j ; . . . ; Wj ]: ! (3) Step 3: Calculate the natural logarithm of the inverse power of each II. STEGANALYZER DESIGN singular value and add the singular values up with respect to the related subblock jA. Singular Value Decomposition W SVD is an essential matrix factorization method which is widely SvBj = 0 log ij 1 ; j = 1; 2; . . . ; TW ij 6= 0used in signal processing. It decomposes a matrix A 2 m2n into (4) i=1the product of two orthonormal matrices U 2 m2m , V 2 n2n anda diagonal matrix S 2 m2n as follows: where TW is the total number of subblocks sizes of W 2W . A = USV T : Step 4: Sum the final results obtained in Step 3 and normalize them (1) with the number of total subblocks TThe diagonal elements of matrix S are non-negative and are sorted indecreasing order 1 2 1 1 1 min(m;n) , where m and n are the FW = T1 SvBj ; W = 3; . . . ; 27: (5) W j=1dimensions of A. These sorted elements produce a vector named as“singular value vector:” Using this algorithm, we obtain 25 dimensional (25D) features for each image. Sv = Diag(S): (2) One of the crucial obstacles for an efficient steganalysis is the image content. To alleviate this obstacle, we drew an analogy between the de- tection problem for steganalysis and the classical dc signal detection inB. Feature Extraction additive white Gaussian noise (AWGN) channel [17, p. 67, Example The proposed method attacks steganographic content using the fea- 3.2]. According to the latter one, an increase in the noise variance re-tures derived from singular values. Let us assume a full rank matrix. sults in a decrease in the detection performance. For image steganal-If any two rows or columns of this matrix are modified so that they ysis, assuming that the embedding noise is the dc value which is aimedbecome linearly dependent, it can be observed that the lowest singular to be detected and AWGN as the image content, an increase in the dy-value vanishes. If this process is repeated using the next row or column, namic range corresponds to an increase in the variance of AWGN. Ac-the second lowest singular value becomes zero. This observation comes cordingly, any attempt to decrease the dynamic range can improve theup with two main ideas which are the pillars of the proposed method. detection performance. In respect of this analogy, we need to expectFirst, the reaction to the changes on the matrix content starts from the the pixel values of bitmap images to be in the interval of [0 f ], wherelowest singular value. Second, the lower valued singular values’ close- f 255 before the data embedding. This is obviously not possible.ness to zero indicates a group of vector’s closeness to the linear de- However, it is possible to estimate the cover image with a certain pre-pendency. This observation can be used to model the soft relationship cision. The difference image between the image under considerationbetween the image rows and columns which will be disturbed by the and the estimated image can be viewed as an estimation of the em-embedding process. bedding noise. This estimation provides diverse information from the Due to the aforementioned unequal effect of embedding noise on the original data. Therefore, we resort to extract other 25 features from thesingular values, it is necessary to adopt a function which can intensify difference image yielding 50 features in total. To estimate the originalthe lower valued singular values for a powerful steganalysis and can at- image, we use Wiener filtering with a 3 2 3 window. In Section III-B,tenuate the higher valued ones to normalize the different energy levels we justify the use of this filtering and we show that the merged 50 fea-of different images. For this purpose, a function comprising the loga- tures (WFLogSv) are superior to both 25D LogSv features [8] and 25D 0rithm of the inverse power of singular values log(x 1 ) is devised to Wiener filtering process features (WF). These 50 features are used inderive features for the steganalysis. Since spatial domain represents a the classification process to make a decision on the image under test,strong dependency between the pixels in the local neighborhoods the whether it is cover or stego.features are extracted from the subblocks representing the locality inthe spatial domain rather than the whole image. It is obvious that when III. EXPERIMENTAL RESULTSthe block size increases the number of examined blocks decreases. Thisresults in decreasing the dependencies which are considered. To alle- A. Image Setviate this problem, the subblocks are overlapped proportionally to the Greenspun’s image database consisting of 1800 natural color im-block size in order to be able to take into account the correlations within ages with the quality factor equals to 100 is used in the experimentsand among subblocks. Consequently, the feature extraction algorithm [18]. These images are converted to grayscale and black borders around them are then cropped resulting in images of size 480 2 480 pixels. Weis described as follows. Step 1: Divide image I , into subblocks of size W 2 W , where W = 3; 4; . . . ; 27 according to the following overlapping rules: never compressed the images since it is harder to detect spatial-domain steganography in raw images than the preprocessed ones [9]. All im- If W 8; no overlapping ages in the data set are embedded with relative payloads of 0.4, 0.2, If 8 W 13; 50% over lapping 0.1, and 0.05 bit per pixel (bpp) for spatial domain steganographic al- If W 13; 75% overlapping: gorithms or 0.4, 0.2, 0.1, and 0.05 bit per nonzero DCT coefficient (bpc) for DCT domain ones in order to obtain the stego image set. Note that The methodology used in this overlapping strategy is ex- due to the limited capacity of the Outguess algorithm [8], the maximum plained with experiments in Section III-B. embedding rate is considered instead of 0.4 bpc.
  3. 3. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 5, NO. 2, JUNE 2010 351 TABLE I TABLE II DETECTION PERFORMANCES OF VARIOUS OVERLAPPING STRATEGIES DETECTION PERFORMANCES OF LogSv, WF AND WFLogSv For the PQ method, 1000 images from the last experiment of [2] arecombined with the Greenspun’s image set. There are 2603 images inthis combined set since PQ was not able to embed 0.4 bpc to 197 imagesin the Greenspun’s set. Only a 0.4-bpc rate is considered for PQ due toits very poor detectibility for lower embedding rates [15]. JPEG qualityQ( ) factor is determined by the steganographic algorithms as 75 and C. Spatial Domain Steganalysis80 for Outguess and F5 methods, respectively. For these two methods, Besides the proposed approach, we have implemented the CNPCAthe same JPEG quality factor used to compress the stego images is classifier as well as the high-dimensional features of Xuan et al. [16]exploited to get the cover images. For PQ, because of the nature of the and BSM [4]. The source code of Farid’s steganalysis method [3] ismethod, recompressed images are used as cover images via doubling obtained from the Internet [19] while that of WAM is provided by its Qthe first quantization matrix ( 1 = 85) [2]. authors [9]. For a fair comparison, each steganalyzer is associated with a classifier which provides the best performance on average. Three clas-B. The Overlapping Rule and the Content Independency Process sifiers are considered: Support Vector Machine (SVM), Fisher Linear The design of the proportionally increasing overlapping rule relies Discriminator (FLD), and CNPCA. FLD for WAM and Farid, CNPCAon the trade-off between the accuracy of the steganalyzer and the time for Xuan and SVM for BSM, SVBS and WFLogSv have been chosennecessary to extract the features. The greater the number of overlap- empirically according to the best detection performance for the relatedpings, the higher the amount of collected statistics is. However, after staganalysis method, except for Xuan. Due to high feature dimension-exceeding a number of overlappings, in terms of detection performance ality CNPCA is adopted inevitably for the Xuan method. CNPCA andwe do not gain much. Therefore, our strategy was to achieve an ac- R C SVM have some free parameters, and ( , ), respectively. Optimumceptable detection performance within a considerable time slot. Ran- parameters for the steganalyzers are determined before the steganal-domly chosen 800 images from the Greenspun image set and the corre- ysis depending on solely the steganographic method by the use of asponding 0.05 rate embedded LSB images are used in the experiments. grid search algorithm having a step size of one for CNPCA and twoThe detection rates are calculated as the average of the maximum ac- with five fold cross validation for SVM. Pair of parameters ( C; ) arecuracy over 100 random trainings and tests using an SVM classifier found as (217 2017 ), (215 21 ), and (215 203 ) for WFLogSv, BSM, ; ; ;with optimum parameters (see Section III-C for details). We compared and SVBS, respectively, for all steganographic methods. The param-the detection performance of the proposed overlapping algorithm to no R eter found for Xuan is = 523.overlapping, 50% and 75% overlappings. The detection performance Using the optimum parameters, the classifiers are trained by the ran-of 25D LogSv features for various training and testing sets and for the domly chosen 1200 cover and the corresponding 1200 stego imagesconsidered overlapping rules are listed in Table I. It is clear that using (300 images from each embedding rate) in the training phase. The restthis strategy we only reduce the computational time; the performance of images are used in the testing phase. These images intersect neitherloss compared to 75% overlapping is negligable. within nor among the training and testing sets (as it is true in all exper- The design parameter of a Wiener filter is the window size. Due to the iments). Note that in [8] the classifiers are trained only with the imagesstochastic nature of the distribution of the natural images, it is not pos- of a particular embedding rate according to Kerckhoffs’ principle (em-sible to provide a good window size by means of detection performance bedding rate is assumed to be known by the steganalyzer) whereas herewith theoretical analyses. Besides, ideally, an infinite number of window we consider all embedding rates for the construction of the training set.sizes limits the number of practical experiments. We tested the window Because in the steganalysis community this principle has been foundsizes 2 2 2, 3 2 3, 4 2 4, and 5 2 5 with the same experimental setup. unrealistic by asserting that in a realistic scenario the embedding rateOut of 800 images, 500 images are used for training and the rest of the may not be known [20]. Moreover, except for PQ, the experimentsimages for testing. With 25D features from the Wiener filtering process, are iterated 100 times for all steganograpic methods in order to pro-we obtained detection performances; 86.7%, 87.1%, 86.6%, and 88.0% vide reliable results. For PQ, we iterated the training and the testingfor 2 2 2, 3 2 3, 4 2 4, and 5 2 5 window sizes, respectively. In case we phases for 10 times. The detection performances of the state-of-the-artconsider 50D features (25D LogSv and 25D Wiener filtering features), steganalyzers are determined by averaging the maximum accuracy ofwe obtained 91.3%, 91.8%, 88.6%, and 89.3% detection performances : the classifiers, which is given as 1 0 0 5 2 (false alarm percentage +for 2 2 2, 3 2 3, 4 2 4, and 5 2 5 window sizes, respectively. Since the miss percentage), over all iterations. From Tables III–V, we give thefinal detection performance is of our interest, we decided for a Wiener fil- detection performances of steganalyzers performing on spatial domaintering with a 3 2 3 window. In the next experiment, we investigated the steganography. It can be easily observed that the proposed method out-performance improvement with additional 3 2 3 Wiener filtering fea- performs the prior arts for all spatial domain steganographic methodstures for all considered steganography algorithms. The detection per- with a significant margin. Notice that for very low embedding rates thisformance of the proposed 50D WFLogSv features, 25D LogSv features divergence is more significant.[8], and 25D Wiener filtering features are given in Table II. It can easilybe seen that WFLogSv leads to at least about 1% and at most about 7% D. DCT Domain Steganalysisperformance gain for all steganography algorithms. This clearly indi- In order to detect DCT domain steganography, there exist quite pow-cates one of the main contributions of this paper. erful DCT-based steganalysis algorithms, for example [6] and [16].
  4. 4. 352 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 5, NO. 2, JUNE 2010 TABLE III TABLE VI DETECTION PERFORMANCES FOR LSB DETECTION PERFORMANCES FOR F5 TABLE IV TABLE VII DETECTION PERFORMANCES FOR LSB 6 DETECTION PERFORMANCES FOR JP HIDESEEK TABLE V TABLE VIII DETECTION PERFORMANCES FOR STEGHIDE DETECTION PERFORMANCES FOR OUTGUESS TABLE IXHowever, until recently, the performance of spatial domain steganal- DETECTION PERFORMANCES FOR MB1ysis algorithms to detect DCT domain steganography has not yet beeninvestigated. This kind of steganalytic attack can especially be usefulif the secret information is embedded in the DCT domain and the stegoimage is advertised as a bitmap image by adopting some error correc-tion codes and decompressing the image to the spatial domain. Actu-ally a similar scenario has been introduced recently [21] in the YASSmethod. YASS embeds information in the spatial domain but the stegoimage is advertised in the DCT domain (as a JPEG image) by em-ploying some error correcting codes. Our scenario considered in theDCT tests is the reverse version of the one provided in YASS. TABLE X Therefore, at one hand, DCT domain steganalysis algorithms should DETECTION PERFORMANCES FOR MB2have a good reason to attack bitmap images since it is always assumedthat if the image is represented in a particular domain, the embeddingshould have been performed on this domain as well [6], [16]. On theother hand, DCT domain steganalysis algorithms can experience se-vere performance degradation due to the masking of decompressionon the embedding noise. Another reason for attacking DCT domainsteganography using spatial domain steganalysis is that, although de-tection can intuitively be estimated to be poor due to the decompres-sion, spatial domain features are likely to provide diverse informationfrom the DCT-based ones which is useful for some fusion schemes.From Tables VI–X, the detection performances of the state-of-the-art of the steganalysis methods over all DCT stegonagraphic methods, thespatial domain steganalysis methods on F5, JP HideSeek, Outguess, proposed method (WFLogSV) is the second best after WAM.MB1, and MB2 steganography methods are tabulated. The proposedmethod shows reasonable performance in the DCT domain. It is the E. Steganalysis of PQsecond best for JP HideSeek, MB1, and MB2 and the third best forF5 and Outguess on average. It is also the second best for F5 and Out- For the sake of completeness, we have investigated the potential ofguess for the lowest embedding rate (0.05). If we rank the performances the steganalyzers on PQ steganography. As a benchmark, we adopt the
  5. 5. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 5, NO. 2, JUNE 2010 353 [3] S. Lyu and H. Farid, “Detecting hidden messages using higher-order statistics and support vector machines,” in Lecture Notes in Computer Science. New York: Springer-Verlag, 2002, vol. 2578, pp. 340–354. [4] I. Avcibas, M. Kharrazi, N. Memon, and B. Sankur, “Image ste- ganalysis with binary similarity measures,” EURASIP J. Appl. Signal Process., vol. 17, pp. 2749–2757, 2005. [5] J. Fridrich, “Steganalysis,” in Multimedia Security technologies for Digital Rights Management, W. Zeng, H. Yu, and C. Y. Lin, Eds. New York: Academic, 2006. [6] T. Pevny and J. Fridrich, “Merging marcov and DCT features for multi- class JPEG steganalysis,” in SPIE 2007 Security Steganography and Watermarking of Multimedia Contents IX, San Jose, CA, Jan. 2007. [7] I. Avcibas, “Audio steganalysis with content-independent distortion measures,” IEEE Signal Process. Lett., vol. 13, no. 2, pp. 92–95, Feb. 2006. [8] G. Gul and F. Kurugollu, “A novel universal steganalyser design: Logsv,” in IEEE Int. Conf. Image Processing (ICIP 2009), Cairo, Egypt, 2009. [9] M. Goljan, J. Fridrich, and T. Holotyak, “New blind steganalysis and its implications,” Proc. SPIE Security, Steganography, and Watermarking of Multimedia Contents VIII, vol. 6072, pp. 607 201–1, 2006. [10] S. Hetzl and P. Mutzel, “A graph-theoretic approach to steganography,” Lecture Notes in Computer Science, vol. 3677, pp. 119–128, 2005. Fig. 1. ROC curves of universal steganalysis schemes and SVBS. [11] Software [Online]. Available: http://wwwrn.inf.tu-dresden.de/~west- feld/f5.html. [12] Software [Online]. Available: http://www.outguess.org/. [13] Software [Online]. Available: http://linux01.gwdg.de/~alatham/stego.SVBS steganalyzer with type-I features using the aferomentioned sub- html.block scheme resulting in 350 features [2]. Two thousand randomly [14] Software [Online]. Available: http://www.philsallee.com/mb- steg/index.html.chosen images from the combined image set are used for the training [15] J. Fridrich, M. Goljan, and D. Soukal, “Perturbed quantizationand the rest for the testing. In Fig. 1, receiver operating characteristic steganography with wet paper codes,” in Proc. ACM Multimedia and(ROC) curves of steganalyzers averaged over all ten random tests for Security Workshop, Magdeburg, Germany, Sep. 20–21, 2004, pp.0.4 bpc are depicted. Area under the curve (AUC) values of the stegan- 4–15.alyzers are calculated as 0.68, 0.71, 0.62, 0.56, 0.57, and 0.76 for the [16] G. Xuan et al., “Steganalysis using high-dimensional features derived from co-occurrence matrix and class-wise non-principal componentsproposed method, Xuan, WAM, Farid, BSM, and SVBS, respectively. analysis (CNPCA),” in Int. Workshop on Digital Watermarking, Korea,Please note that SVBS is a targeted steganalyzer for PQ and its perfor- Nov. 8–10, 2006.mance is given here for a comparison. It can be seen that the proposed [17] S. M. Kay, Fundamentals of Statistical Signal Processing: Detectionmethod is the second best universal method after Xuan et al. while the Theory. Englewood Cliffs: Prentice-Hall, 1998. [18] Image set [Online]. Available: http://philip.greenspun.com.other steganalyzers provide poor detection performance. [19] Software [Online]. Available: http://www.cs.dartmouth.edu/farid/re- search/steg.m. [20] L. Marvel, B. Henz, and C. Boncelet, “A performance study of IV. CONCLUSION 6 1 steganalysis employing a realistic operating scenario,” in IEEE In this paper a novel spatial domain steganalysis method was pro- Military Communications Conf. (MILCOM 2007), Orlando, FL, 2007, pp. 1–7.posed. Its performance on detecting spatial domain and DCT domain [21] K. Solanki, A. Sarkar, and B. S. Manjunath, “YASS: Yet anothersteganographic methods as well as PQ algorithm were investigated. The steganographic scheme that resists blind steganalysis,” in 9th Int.results were compared with well-known spatial domain universal ste- Workshop on Information Hiding, Saint Malo, France, Jun. 2007.ganalyzers including WAM, Farid, BSM, and Xuan. The experimentsreveal that the proposed algorithm is superior to the prior arts for allspatial domain steganographic algorithms. It shows reasonable perfor-mance for DCT domain methods (ranked as the second best stegana-lyzer according to overall rankings). The poor performance of the spa-tial domain steganalyzers on the DCT domain can be related to the ef-fect of decompression on the embedding noise. However, the featuresextracted from the spatial domain can be used to increase the accuracyof DCT-based steganalyzers. We also conclude that PQ can be detectedrelatively accurately for the 0.4 embedding rate. The best performanceis obtained by Xuan’s method and the proposed algorithm is ranked asthe second best one. REFERENCES [1] R. Chandramouli, M. Kharrazi, and N. Memon, “Image steganography and steganalysis: Concepts and practice,” in Proc. 2nd Int. Workshop on Digital Watermarking (LNCS 2939), Seoul, Korea, Oct./Nov. 2004, pp. 35–49. [2] G. Gul, A. E. Dirik, and I. Avcibas, “Steganalytic features for JPEG compression based perturbed quantization,” IEEE Signal Process. Lett., vol. 14, no. 3, pp. 205–208, Mar. 2007.