Authors: Mike Sieffert (Assured Information Security, Inc), Rodney Forbes (Assured Information Security, Inc), Charles Green (Assured Information Security, Inc), Leonard Popyack (Assured Information Security, Inc), Thomas Blake (Air Force Research Laboratory)



This paper will describe the design, development, and testing of a prototype computer network Steganography Intrusion Detection System (SIDS) architecture. The Air Force Research Laboratory (AFRL) recognized the need to have the ability to detect the presence of hidden data in perception-based objects (e.g., images) passed into and out of computer networks. With widespread use of commercial and freeware steganography tools, it is very likely that these techniques will be used against our networks eventually and we must be prepared for such an attack. The SIDS effort at AFRL developed the first intrusion detection system of its kind that demonstrates how hidden data can be discovered as it enters or leaves an enterprise network. While further research is required in steganalysis techniques, this paper will describe the framework that is a step towards steganography detection in web traffic. This paper will describe our method to reconstruct image data from HTTP web traffic, the plug-in interface for steganalysis algorithms, and the graphical user interface as well as provide test data from realistic network testing. Future work and needs will be presented.