Steganalysis is to
steganography as
cryptanalysis is to
cryptography. It is either formal
analysis of a steganographic algorithm, or an attack on a piece of information thought to have been altered with
steganography. Unlike
cryptanalysis, where the goal is to
decipher an
encrypted message, the goals of steganalysis is
detecting,
extracting,
confusing or
disabling hidden information. Since
steganography considers the
detection or
corruption of a hidden message a defeat as well as actual
extraction, it can involve different goals depending on what the steganalysist wants as an end result.
In general, there are 5 cases steganalysis deals with, each needing a different strategy to address.
Stego-only attack
The attacker only has the stego-object.
Known cover attack
The attacker has the stego-object, as well as the original
cover.
Known message attack
The attacker has the original message as well as the stego-object.
Chosen stego attack
The attacker knows the
steganography algorithm as well at the stego-object.
Known stego attack
The attacker knows the
steganography algorithm as well as the stego-object and original cover. By far, this is the easiest case.
One general strategy is to determine the
threshold of human
imperceptibility in a
cover. Since
steganography hides information, it usually does it in a way that isn't
perceptible. This means that the steganalysist can restrict their efforts to areas of the cover than a human wouldn't notice a change in(most generally, the
noise in an image or a piece of audio). Another general strategy is looking at the
statistical distribution of the noise. Often, a cover which has been steganographically altered will have a different
distribution in the noise than one would expect in the cover. Obviously, if the attacker has a copy of the stego-object as well as the original cover, simply finding the differences between the two will tell you what area of the
cover has been altered and how.
Some of the terminology here is explained in steganography, so I did not re-explain it here. If you have any problems, you may want to read that first.