StegaScanMail is a deep learning Python-based tool designed for steganalysis on images in received emails. It utilizes a convolutional neural network (CNN) to classify both greyscale and RGB images, specifically targeting images encoded with the least significant bit (LSB) technique. This tool is particularly useful for detecting malicious code embedded in images, a common tactic used by cyber attackers due to its simplicity and effectiveness in avoiding detection.
The training and testing of StegaScanMail were performed using the Stego-Images-Dataset, which contains 44,000 PNG images embedded with malicious code. The PNG format is frequently used in emails for logos and web graphics, making it a prime target for cyberattacks.
- Deep Learning-Based Steganalysis: Utilizes a CNN to detect steganographic content in images.
- Supports Greyscale and RGB Images: Capable of analyzing both types of images.
- Focus on PNG Format: Trained primarily on PNG images encoded with the LSB technique.
- Cloud Deployment: Can be deployed as a Docker container in the cloud.
- Open Source: Developed as part of a master's thesis and made available for public use.
This project was developed by Radu-Cristian Basarabă as part of a master's thesis.
- Python 3.11 or 3.12
- Docker
- Azure CLI (for cloud deployment)
git clone https://github.com/yourusername/CNN-Steganalysis.git
cd CNN-Steganalysis
Create a virtual environment and install the required packages:
python -m venv venv
source venv/bin/activate
pip install -r [requirements.txt]Alternatively, use pipenv:
pipenv installTo train the model, run the following command:
python [ModelTraining+metrics.py]To run the application locally:
python [metricsCNN.py]docker build -t stegascanner .docker run -d -p 5000:5000 stegascanner-
Login to Azure
az login
-
Create a Resource Group
az group create --name StegaScanMailGroup --location eastus
-
Create an Azure Container Registry
az acr create --resource-group StegaScanMailGroup --name StegaScanMailRegistry --sku Basic
-
Build and Push Docker Image to ACR
az acr build --registry StegaScanMailRegistry --image stegascanner . -
Create an Azure Container Instance
az container create --resource-group StegaScanMailGroup --name StegaScanMailInstance --image StegaScanMa
-
Get the Public IP Address
az container show --resource-group StegaScanMailGroup --name StegaScanMailInstance --query ipAddress.ip
Access the application at the provided IP address.
CNN-Steganalysis
├── src
│ ├── Dataset.py
│ ├── EmailProcessor.py
│ ├── Fine-tuned CNN.py
│ ├── validate_model.py
│ ├── ImagePreprocessor.py
│ ├── metricsClass.py
│ ├── ResNet50.py
│ ├── Statistical Methods + SVM.py
│ ├── SteganalysisModelLoad.py
│ └── VGG166.py
├── data
│ ├── stego_images_dataset
│ │ ├── train
│ │ ├── validation
│ │ └── test
│ ├── bossbase (optional)
│ └── alaska (optional)
├── models
│ └── best_modelCNN.keras
├── results
│ ├── Model1.txt
│ ├── Model2.txt
│ └── Model3.txt
├── [requirements.txt]
└── [README.md]git clone https://github.com/yourusername/CNN-Steganalysis.git
cd CNN-SteganalysisCreate a virtual environment and install the required packages:
python -m venv venv
source venv/bin/activate
pip install -r [requirements.txt]To run the application locally:
python [metricsCNN.py]Follow the steps in the Azure Cloud Deployment section above.
This project is licensed under the MIT License - see the LICENSE file for details.
For any questions or inquiries, please contact Radu-Cristian Basarabă at [r.basaraba@student.utwente.nl].
This project is made open source for educational purposes and as part of a master's thesis.