Detecting Tic-Tac-Stego: Anomaly Detection for Steganalysis in Games
Project Members
Philip C. Ritchey, Vernon J. Rego
Philip C. Ritchey, Vernon J. Rego
Abstract
Motivated by the identification of potential areas in the broader field of information security where the study of human behavior can be used to enhance and improve information security, we investigated methods for detecting information hiding in games. This work builds on previous work which presented Tic-Tac-Stego, a general methodology for hiding information in games. The focus of this work is to understand and experiment with three steganalysis techniques for detecting steganography in games: rules-based, feature-based, and probabilistic model-based detectors. Under the assumption that the adversary is unable to predict the play style of the stego-agent, we find that a feature-based steganalysis method performs the best at detecting usage of the covert channel, capable of achieving accuracy greater than 97% against all stego-agents tested. On the other hand, under the assumption that the adversary is able to predict the play style of the stego-agent, the rules-based method is more accurate and requires fewer games per example than the feature-based method. The probabilistic-based method is found to be overall less accurate than both the feature-based and rules-based methods.