Open Access iconOpen Access

ARTICLE

crossmark

Novel Ransomware Hiding Model Using HEVC Steganography Approach

Iman Almomani1,2,*, Aala AlKhayer1, Walid El-Shafai1,3

1 Security Engineering Lab, Computer Science Department, Prince Sultan University, Riyadh, 11586, Saudi Arabia
2 Computer Science Department, King Abdullah II School for Information Technology, The University of Jordan, 11942, Jordan
3 Department of Electronics and Electrical Communications Engineering, Faculty of Electronic Engineering, Menoufia University, Menouf, 32952, Egypt

* Corresponding Author: Iman Almomani. Email: email

Computers, Materials & Continua 2022, 70(1), 1209-1228. https://doi.org/10.32604/cmc.2022.018631

Abstract

Ransomware is considered one of the most threatening cyberattacks. Existing solutions have focused mainly on discriminating ransomware by analyzing the apps themselves, but they have overlooked possible ways of hiding ransomware apps and making them difficult to be detected and then analyzed. Therefore, this paper proposes a novel ransomware hiding model by utilizing a block-based High-Efficiency Video Coding (HEVC) steganography approach. The main idea of the proposed steganography approach is the division of the secret ransomware data and cover HEVC frames into different blocks. After that, the Least Significant Bit (LSB) based Hamming Distance (HD) calculation is performed amongst the secret data’s divided blocks and cover frames. Finally, the secret data bits are hidden into the marked bits of the cover HEVC frame-blocks based on the calculated HD value. The main advantage of the suggested steganography approach is the minor impact on the cover HEVC frames after embedding the ransomware while preserving the histogram attributes of the cover video frame with a high imperceptibility. This is due to the utilization of an adaptive steganography cost function during the embedding process. The proposed ransomware hiding approach was heavily examined using subjective and objective tests and applying different HEVC streams with diverse resolutions and different secret ransomware apps of various sizes. The obtained results prove the efficiency of the proposed steganography approach by achieving high capacity and successful embedding process while ensuring the hidden ransomware’s undetectability within the video frames. For example, in terms of embedding quality, the proposed model achieved a high peak signal-to-noise ratio that reached 59.3 dB and a low mean-square-error of 0.07 for the examined HEVC streams. Also, out of 65 antivirus engines, no engine could detect the existence of the embedded ransomware app.

Keywords


Cite This Article

APA Style
Almomani, I., AlKhayer, A., El-Shafai, W. (2022). Novel ransomware hiding model using HEVC steganography approach. Computers, Materials & Continua, 70(1), 1209-1228. https://doi.org/10.32604/cmc.2022.018631
Vancouver Style
Almomani I, AlKhayer A, El-Shafai W. Novel ransomware hiding model using HEVC steganography approach. Comput Mater Contin. 2022;70(1):1209-1228 https://doi.org/10.32604/cmc.2022.018631
IEEE Style
I. Almomani, A. AlKhayer, and W. El-Shafai, “Novel Ransomware Hiding Model Using HEVC Steganography Approach,” Comput. Mater. Contin., vol. 70, no. 1, pp. 1209-1228, 2022. https://doi.org/10.32604/cmc.2022.018631

Citations




cc Copyright © 2022 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2738

    View

  • 1234

    Download

  • 0

    Like

Share Link