CN114553811B - High-capacity behavior steganography method based on timestamp modulation and carrier selection - Google Patents

High-capacity behavior steganography method based on timestamp modulation and carrier selection Download PDF

Info

Publication number
CN114553811B
CN114553811B CN202210015282.7A CN202210015282A CN114553811B CN 114553811 B CN114553811 B CN 114553811B CN 202210015282 A CN202210015282 A CN 202210015282A CN 114553811 B CN114553811 B CN 114553811B
Authority
CN
China
Prior art keywords
mapping
keywords
blog
secret
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210015282.7A
Other languages
Chinese (zh)
Other versions
CN114553811A (en
Inventor
张明亮
罗向阳
李震宇
张佩
张祎
李�浩
杨春芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202210015282.7A priority Critical patent/CN114553811B/en
Publication of CN114553811A publication Critical patent/CN114553811A/en
Application granted granted Critical
Publication of CN114553811B publication Critical patent/CN114553811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/06Message adaptation to terminal or network requirements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of communication, and discloses a high-capacity behavior steganography method based on timestamp modulation and carrier selection, which comprises the following steps: when secret information is transmitted, the secret information is mapped into a group of high-frequency keywords and grouped, keyword blogs containing the grouping are searched in a social network platform, the position of the keywords in the blogs is modulated according to time stamps of the behaviors, finally behaviors are generated according to the time stamps capable of determining the positions of the keywords in the blogs, the keyword blogs are released to a social network, and therefore hidden communication is achieved. The secret information in the method is carried by the blog, the mapped keyword position is determined by the timestamp, the blog content is not modified, and the naturality of the blog is ensured; the timestamp is mapped to a keyword and behavior steganography is promoted from the bit level to the word level.

Description

High-capacity behavior steganography method based on timestamp modulation and carrier selection
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a high-capacity behavior steganography method based on time stamp modulation and carrier selection.
Background
Steganography is a communication technique that communicates secret data over a public channel without being perceived by a third party. Social networks become an ideal carrier for steganography due to the characteristics of wide distribution of users in regions, abundant use scenes, huge data volume and the like. The method allows the sender and the receiver not to establish a point-to-point channel to realize hidden communication, the communication behavior is difficult to draw special attention of a third party, and the concealment of the communication and the safety of the two parties are ensured. Therefore, research on the steganography method aiming at the social network has important theoretical significance and practical value, and draws extensive attention of the students in the field.
Carriers based on social network steganography methods are images, text, audio, video, behavior, etc. Depending on the principle of embedding, steganography can be categorized into carrier selection, carrier modification and carrier synthesis. Based on social network carrier selection steganography including image selection, text selection steganography, and carrier selection steganography of video, etc. The embedding principle is to design corresponding attribute values according to the attributes of the carrier, and when secret information is sent, the secret information is used as driving force to search the carrier conforming to the secret information through the constructed carrier database. The method is characterized in that carrier data are not modified, the attack of steganalysis can be effectively resisted, but the embedding capacity is low, and the method still has the current challenges. The carrier modification steganography based on the social network is divided into image modification steganography, text modification steganography, audio modification steganography and video modification steganography. They take advantage of the masking properties of the human eye or ear and the redundancy properties of the digital carrier by slightly modifying the social network carrier to embed secret information into the carrier. The method has the characteristics of higher embedding capacity, good robustness and detection resistance of part of the methods, but new threats can be faced by modifying steganography along with the development of machine learning. The carrier generation steganography based on social networks is divided into image generation steganography [ document 1: yue Yin, hanzhou Wu, and xinpen zhang. Neural visual social comment on image-text content Technical Review,38 (1): 100-111,2021 ] and text generation type steganography [ document 2: zhongliang Yang, xiaoqing Guo, ziming Chen, yongteng Huang, and Yujin Zhang. Rnnstega: linguistic steganography based on recurrent neural networks IEEE Transactions on Information Forensics and Security,14 (5): 1280-1295,2018.], audio-generating steganography, and the like. Early generation methods fit the statistical features, but the content is not common sense and is easily recognized due to the limitations of algorithms and computational power. With the development of the artificial neural network and the improvement of calculation power, the generated carrier density multimedia statistical characteristics and contents are more natural, and the quality of the carrier density multimedia statistical characteristics and contents are remarkably improved. However, recently Yang et al pointed out that the better the quality of the generated steganographic text, the more hidden is not necessarily [ document 3: zhongliang Yang, siyu Zhang, yuting Hu, zhiwen Hu, and Yongseng Huang Vae-stega: linguistic steganography based on variational auto-encoder.IEEE Transactions on Information Forensics and Security,16:880-895,2020 ], which raises concerns for some expert scholars.
In recent years, social networks have evolved at a high rate. The learner realized that social networks not only had huge amounts of multimedia data, but also had rich behaviors such as praise, forwarding, posting, commenting and sharing, and began to attempt to realize covert communication using social behaviors. Nechta [ document 4: ivan Nechta.Steganographic in association networks.In Proceedings of the 2017Siberian Symposium on Data Science and Engineering,pages 33-35,2017 et al propose a method of covert communication by adding friends' behavior. Wu et al [ document 5: hanzhou Wu, wei Wang, jin Dong, and Hongxia Wang. New graph-theoretic approach to social steganograph, in Proceedings of the 2019IS&T International Symposium on Electronic Imaging:Media Watermarking,Security,and Forensics,pages 539-1-539-6,2019.] [ document 6: hanzhou Wu, limen Zhou, junchen Li, and Xinpeng Zhang. Security graph steganography over social networks via interaction remapping. In Proceedings of the 6th International Conference on Artificial Intelligence and Security,pages 303-312,2020 ] covert communications on a social network by building a graph structure. The method does not modify the content of the carrier, has higher robustness and higher concealment, but the embedding capacity still needs to be improved.
Disclosure of Invention
Aiming at the problem that the current social network steganography method has a certain limitation in terms of embedded capacity, the invention provides a high-capacity behavior steganography method based on timestamp modulation and carrier selection.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a high capacity behavioral steganography method based on timestamp modulation and carrier selection, comprising:
when secret information is transmitted, the secret information is mapped into a group of high-frequency keywords and grouped, keyword blogs containing the grouping are searched in a social network platform, the position of the keywords in the blogs is modulated according to time stamps of the behaviors, finally behaviors are generated according to the time stamps capable of determining the positions of the keywords in the blogs, the keyword blogs are released to a social network, and therefore hidden communication is achieved.
Further, the method comprises the steps of:
step1: firstly, generating a self-built word frequency table by combining secret words and a public word frequency table, then constructing a mapping relation table by the self-built word frequency table and the public high-frequency table, and finally, converting the words in secret information, namely the mapping relation table after secret key scrambling, into mapping keywords, and forming a mapping keyword table by each mapping keyword;
step2: automatically interacting with a social network, measuring whether time delay exists in behaviors within a period of time, and obtaining the maximum behavior time delay;
step3: according to the initial keyword quantity set in each blog, a group of words is taken out from a mapping keyword list to be used as a mapping group, and the blog containing the mapping group is dynamically searched in a social network to be used as a mapping blog; if the mapping blogs containing the mapping groups cannot be found, shortening the number of the initial keywords, and continuing to search; if the mapping key words are searched, the links of the blog are saved, the next group of mapping groups are taken out from the mapping key word list according to the initial key word number to continue searching until all the mapping key words in the mapping key word list are searched;
step4: when hiding the positions of the mapping keywords through the time stamps, a sender firstly extracts the positions of all the mapping keywords from all the mapping groups to form a mapping position sequence, and converts the mapping position sequence into a position binary character string; then, dividing the position binary character string according to the length of the loading binary according to the time stamp of the common blog and the time stamp of the loading behavior; finally, modulating a time stamp sequence, namely a carrier time stamp sequence, according to the segmented binary character strings; the common blog text refers to a blog text which can be searched on a social network, and the timestamp of the blog text is already existing and is not influenced by the action time delay any more;
step5: the sender account interacts with the mapping blog and the common blog at the time corresponding to the secret-carrying timestamp, generates secret-carrying behavior, and issues secret information to the social network;
step6: according to the mapping relation table and account information shared by the senders, the receivers extract interaction behavior data in a period of time from the corresponding accounts of the social network;
step7: when the time stamp information is extracted through the interactive behavior data, the secret key and the identification field are used for identifying the secret-carrying time stamp;
step8: determining the position of the keyword in the mapping blog according to the encryption time stamp, and converting the mapping keyword at the corresponding position into a secret keyword by using a mapping relation table;
step9: and combining the secret keywords in sequence to obtain secret information.
Further, the construction process of the mapping relation table is as follows:
firstly, initializing a counter with value of 0 to obtain word frequency table T formed from common secret key words f The secret key words are in the public word frequency table T w Index in (a)Position and combine the keyword with T w The key words corresponding to the index positions are added into the mapping relation table M as a group of relations r In (a) and (b); repeating the above steps can complete the addition of common secret key words to M r Each time the counter is incremented by 1; next, obtain the position T w But not at T f Keywords in (1), the keywords are combined with T w The key words of the position of the counter are added to M as a group of relations r Is a kind of medium.
Further, the step3 includes:
first from the mapping keyword table T m Middle fetch l i Mapping keywords; then, searching the social network for the content of the l i Mapping blogs of the mapping keywords; if not, subtracting 1 from the number of keywords searched in the previous round to continue searching; if a blog is found, the number of keywords is set to l i Continuing searching until all mapping keywords are hidden in the found mapping blogs; if the actual number of keywords in a mapped blog l r When=0, the search fails.
Further, the time stamp of the encryption behavior can load a binary length l t The method is obtained by the following formula:
l v =(10 b -1)/(d max +1) (2)
Figure GDA0004144214910000041
where b represents the last b digitally encoded location information of the timestamp, d max Represents the maximum behavior delay in a period of time, l v Representing the amount of information that can actually be used to encode.
Further, the timestamp of the ordinary blog can load a binary length l o The method is obtained by the following formula:
Figure GDA0004144214910000042
wherein t is c A time stamp indicating when the sender is about to send the secret information; t is t s Time stamp representing a blog of a social network, when t s Is the earliest timestamp of this social network, l o Take the maximum value.
Compared with the prior art, the invention has the beneficial effects that:
aiming at the problem that the current behavior steganography has a certain limitation in the aspect of embedding capacity, the invention provides a high-capacity behavior steganography method based on timestamp modulation and carrier selection. When extracting the secret information, the receiver extracts the secret information by using the shared secret key and the social network account number. The secret information of the method is carried by the blog, the mapped keyword position is determined by the timestamp, the content of the blog is not modified, and the naturalness of the blog is ensured; the time stamp is mapped to the keyword, so that the embedding capacity is greatly improved. Through actual measurement of the mainstream social network platform, compared with the typical behavior steganography method of the existing social network, the embedding capacity is improved by 29.23-51.47 times, and compared with the generated text steganography, the embedding capacity is improved by 16.26-23.94%. In addition, the invention uses the self-adaptive search mapping blocks Wen Suanfa to ensure the success rate of secret information transmission.
Drawings
FIG. 1 is a basic flow diagram of a high capacity behavioral steganography method based on timestamp modulation and carrier selection in accordance with an embodiment of the present invention;
FIG. 2 is a schematic diagram of generating a sequence of encrypted timestamps according to an embodiment of the present invention;
FIG. 3 is a diagram of examples of blogs retrieved by an embodiment of the present invention;
FIG. 4 is a graph showing the results of a robustness analysis experiment according to an embodiment of the present invention;
FIG. 5 shows the results of an embedded capacity analysis experiment according to an embodiment of the present invention;
FIG. 6 is a diagram of the number of bits carried by each packet in transmitting a complete secret message in accordance with an embodiment of the present invention;
FIG. 7 is a graph showing the number of actions that result from the methods of transmitting the same bits according to the embodiments of the present invention;
FIG. 8 shows a parameter l according to an embodiment of the present invention i Is selected from the experimental results.
Detailed Description
The invention is further illustrated by the following description of specific embodiments in conjunction with the accompanying drawings:
in order to realize high-capacity information hiding of social network behaviors and ensure naturalness of behaviors and behavior carried contents, a hidden communication method combining time attributes of behaviors with carrier selection, namely a high-capacity behavior steganography method based on timestamp modulation and carrier selection is adopted. According to the method, secret information is converted into high-frequency mapping keywords, keyword blogs meeting the conditions are adaptively searched in a social network, the positions of the keywords in the blogs are dynamically pointed by using behavior attributes according to behavior time delay, and then the embedding capacity of behavior steganography is greatly improved.
When secret information is transmitted, the secret information is mapped into a group of high-frequency keywords and grouped, keyword blogs containing the group are searched in a social network platform, the position of the keywords in the blogs is modulated according to time stamps of the behaviors, finally behaviors are generated according to the time stamps capable of determining the positions of the keywords in the blogs, the keyword blogs are issued to a social network, and therefore hidden communication is achieved.
Specifically, a high-capacity behavior steganography method based on timestamp modulation and carrier selection has 9 steps, as shown in fig. 1, step 1-5 belongs to an embedding process, and Step 6-9 belongs to an extraction process:
step1: secret information is mapped. The purpose of this step is to map the words in the secret information to a set of mapping keywords. Firstly, a table named as a self-built word frequency table is generated by combining common secret words and public word frequency tables. And then, a table named as a mapping relation table is constructed by combining the self-built word frequency table with the disclosed high-frequency table. Words in the secret information are called secret keywords. And finally, converting the mapping relation table obtained by scrambling the secret key by the secret key to generate a mapping key, wherein a table formed by the mapping key is called a mapping key table.
Step2: the behavioral delay is measured. The purpose of measuring the behavior delay is to solve the effect of the delay of the social network behavior on the behavior time stamp. And automatically interacting with the social network, measuring whether the behavior has time delay within a period of time, and obtaining the maximum behavior time delay.
Step3: and adaptively searching the mapped blog. The purpose of this step is to find a set of blogs that can cover all secrets. A set of words, called a mapping group, is extracted from the mapping keyword table according to the initial keyword number set in each blog. A blog containing the mapped groupings is dynamically retrieved in the social network, the blog being referred to as a mapped blog. If the mapping blogs containing the mapping groups cannot be found, the number of the initial keywords is shortened, and the retrieval is continued. If the mapping key words are searched, the links of the blog are saved, the next group of mapping groups are taken out from the mapping key word list according to the initial key word number to continue searching until the mapping key words in the mapping key word list are searched completely.
Step4: a sequence of encrypted timestamps is generated. The purpose of generating the encrypted time stamp sequence is to hide the location of the mapping key in the mapping blog in the time stamp. A blog on a social network that can be retrieved, whose timestamp already exists, is no longer affected by the behavioral delay, is called a normal blog. In order to hide the mapping keyword position, the interaction behavior generated by the sender and the mapping blog and the common blog at a specific time stamp is called encryption-carrying behavior. The location of the mapping keyword in the mapping blog is commonly specified by the timestamp of the general blog and the timestamp of the encryption behavior, and the schematic diagram is shown in fig. 2. In fig. 2, a color font (i.e., t 1 ,t 2 ,t 4 ,t 5 ,t 7 ,t 8 Etc.) time stamps representing the encryption behavior, black fontsTime stamp (i.e. t) representing a normal blog 3 ,t 6 ,t 9 Etc.). When hiding the mapping keyword position through the time stamp, the sender firstly extracts the positions of all mapping keywords from all mapping groups to form a mapping position sequence, and converts the mapping position sequence into a position binary character string. Secondly, the position binary character string is segmented according to the length of the load binary according to the time stamp of the common blog and the time stamp of the encryption behavior. Finally, the time stamp sequence is modulated according to the split binary string, which is called the carrier time stamp sequence. There are two types of timestamps in the encrypted timestamp sequence, one is the timestamp of the ordinary blog, which is already present in the social network, and one is the timestamp of the encrypted behavior, which has not yet occurred.
Step5: and generating a secret carrying behavior. The purpose of generating the encryption behavior is to publish secret information to the social network. And the sender account interacts with the mapping blog and the common blog at the time corresponding to the secret-carrying timestamp, generates secret-carrying behavior and issues secret information to the social network.
The following is a step of extracting secret information:
step6: and extracting interactive behavior data. The purpose of extracting interactive behavior data is to extract data from accounts shared by senders, in preparation for extracting secret keywords. According to the information such as the mapping relation table and the account number shared by the sender, the receiver extracts interaction behavior data in a period of time from the account number corresponding to the social network, wherein the data comprises behaviors such as posted blogs, forwarded blogs, comments, praise and the like.
Step7: the time stamp is extracted. The purpose of extracting the time stamp is to obtain the keyword location. When the time stamp information is extracted through the interactive behavior data, the encryption time stamp is identified according to the secret key and the identification field.
Step8: secret keywords are extracted. And determining the positions of the keywords in the mapped keyword blogs according to the secret loading time stamps, and converting the mapped keywords in the corresponding positions into secret keywords by using a mapping relation table. This Step is the reverse of Step 4.
Step9: and merging the secret information packets. And combining the secret keywords in sequence to obtain secret information.
The method mainly comprises 3 key steps of: mapping secret information, adaptively retrieving mapped blogs, and generating a sequence of encrypted timestamps, the details of the key steps will be described in turn.
(1) Mapping secret information
In delivering secret information, two problems arise if the secret key is carried directly with the blog. First, secret keywords are not necessarily common words, and even the public word frequency list does not contain some remote secret keywords, which can cause abnormality if the secret keywords are directly appeared in the blog. Second, very popular keywords may not be easily retrieved with a low probability of occurring in the social network. For this reason, we will take two measures to solve both problems. On the one hand, the common secret key words are combined with the public word frequency table to construct a self-built word frequency table, namely the self-built word frequency table comprises the secret key words and the public word frequency table. On the other hand, a mapping relation is constructed between the self-built word frequency table and the public word frequency table, and the principle is that common secret keywords are mapped to high-frequency words in the public word frequency table, and the high-frequency words in the public word frequency table are mapped to the high-frequency words in the public word frequency table. Thus, the secret key word does not directly appear in the blog, and the first problem is solved; the secret key words are mapped into high-frequency words and are easy to search in the social network, and the second problem is solved.
Secret key table T to be transmitted by sender s Through the scrambled mapping relation table M v Is converted into a mapping keyword table T m The process of (1) can be formalized as:
T m =M v (T s ,k,M r ) (1)
in formula 1, k represents a key, and Mr represents a mapping relation table.
Self-built word frequency table T consisting of common secret keywords f And a public word frequency table T w Constitution, M r The construction process of (1) is shown in algorithm 1.
Algorithm 1 mapping relation table generation algorithm
Figure GDA0004144214910000081
The input to algorithm 1 is the public word frequency table T w Word frequency table T composed of secret key words f The output is a mapping relation table M r . The algorithm first initializes a counter with a value of 0 to obtain T f Medium secret key at T w Index position in (c) and associating the keyword with T w The key words corresponding to the index positions are added into the mapping relation table M as a group of relations r Is a kind of medium. Repeating the above steps can complete the addition of common secret key words to M r In (2), the counter is incremented by 1 every time it is added. Next, obtain the position T w But not at T f Keywords in (1), the keywords are combined with T w The key words of the position of the counter are added to M as a group of relations r . It can be found by algorithm 1 that a small number of low frequencies in the self-built word frequency table are ignored.
(2) Self-adaptive retrieval mapping blog
When searching mapping grouping on social network, the set initial keyword quantity l i . The actual number of keywords/in a mapped document can be adaptively determined using algorithm 2 r
Algorithm 2 adaptive search mapping blogs Wen Suanfa
Figure GDA0004144214910000091
Algorithm 2 first from the mapping keyword table T m Middle fetch l i The mapping key. Then, find the content in the social network i Mapping blogs of the mapping keywords. If not, subtracting 1 from the number of keywords searched in the previous round to continue searching. If a blog is found, the number of keywords is set to l i Searching is continued until all mapping keywords are hidden in the found mapping blogs. If l r When=0, it is not found yet, this indicates that the search fails, and this situation hardly occurs. When the step can not find the content of the same content in the social network i When mapping the blogs, the actual number l of the mapping keywords in the blogs r <l i
Notably, l i The setting of (c) affects the retrieval efficiency. When l i When the setting is too large, the setting contains l at the same time i A blog that maps keywords may not be retrievable in a social network, which may result in a continuously decreasing number of keywords, which may consume time once per decrease.
(3) Generating a sequence of encrypted time stamps
In this embodiment, the time stamp of the general blog and the time stamp of the interactive behavior are used to hide the location of the mapping keyword. This step focuses mainly on 3 issues related to time stamping. First, factors that affect that secret information in a timestamp cannot be extracted correctly. Second, the amount of information that the timestamp can carry. Third, the secret information is converted into a time stamp.
First, we consider the first problem. Such situations often occur in life: when we visit a website, it may take a short waiting time to be able to see the content of the page. In fact, when a social network posts a blog, it may be necessary to wait for a while, even if the period of time is very short, before the blog can be seen by other users. This is the time delay of the behaviour, which may result in that the secret information cannot be embedded correctly in the timestamp of the behaviour. For example, a sender may want to pass a decimal number 2, beginning to hide information at time stamp 1635150139. Then a blog that commented on a certain user can send out 2 at 1635150141. However, the behavior of the comment is only recorded by the social network at time stamp 1635150142 because the series of requests is delayed. Subtracting 1635150142 from 1635150139 yields 3 when receiving the extracted secret information. At this time, the secret information from which the error was extracted is received. To solve this problem, the sender needs to measure the maximum behavioral delay d of the social network over a period of time before sending the secret information max . When transmitting the secret information, converting the secret information into decimal and multiplying by d max +1 can prevent the secret data from being erroneous. The detailed analysis can see the subsequent robustness analysis section.
Next we give a formula for the number of bits that different kinds of time stamps can carry. Timestamp usage of an interaction behavior t The calculation formula of the bit coding keyword position is as follows
Figure GDA0004144214910000101
Represent a downward rounding):
l v =(10 b -1)/(d max +1) (2)
Figure GDA0004144214910000102
b in equation 2 represents the last b digitally encoded location information, d, of the timestamp max Represents the maximum behavior delay in a period of time, l v Representing the amount of information that can actually be used to encode.
In addition, timestamp t of ordinary blog o Is determined to be capable of carrying a bit length of l o The calculation formula is as follows:
Figure GDA0004144214910000103
t c time stamp, t, representing when the sender is about to send secret information s Time stamp representing a blog of a social network, when t s Is the earliest timestamp of the social network, t o Take the maximum value. For Twitter, when t s When the time stamp is the time stamp of the first blog of the Twitter platform, l o The maximum value can be taken. The time stamp of interaction between sender-controlled account and mapped blog is t m The time with ordinary Bo Wen Jiaohu is recorded as t b . The existing time stamp of the common blog is t o . If it corresponds to FIG. 2, t m ,t b ,t o May be t respectively 1 ,t 2 ,t 3
Thus, the sender can communicate secret information by interacting with a mapped blog and a generic blog on the social network, both of which can be used to encode the number of bits/mapping the keyword location s The method comprises the following steps:
Figure GDA0004144214910000111
algorithm 3-load secret timestamp generation algorithm
Figure GDA0004144214910000112
Finally, a secret time stamp generation algorithm is presented, as shown in algorithm 3, where the input parameters S p Representing a mapping packet, S t Representing the generated time stamp sequence, n represents the number of accounts of the sender. The algorithm is based on the given t c ,t s And calculating the information quantity which can be hidden by different types of time stamps, and finally generating a secret-carrying time stamp sequence.
The purpose of algorithm 3 is to generate a series of encrypted time stamps from the secret information. Firstly, initializing parameters set by a user are obtained, and the size of secret information carried by the behavior generated by the user and a common blog time stamp is calculated. Next, the location of the secret mapping key in the retrieved mapping blogs is obtained. Then, the decimal position information is converted into binary data and spliced into a binary string. And finally, carrying out operation on the binary character string and the time stamp according to the rule to obtain a decimal sequence.
For a better understanding of the present invention, the embedding and extraction process of secret information will be briefly described using an example. Assuming that the secret information transferred is "This is a secret message", "their mapping keywords are" can "," a "," good "," not "," search "and", "respectively, which constitute one mapping packet. t is t c =1633017600,t s =1577808000, b=3, d=2. This means that the starting calculation timestamp is 1577808000, the current timestamp is 1633017600, and the last 3 bits of the timestamp of the sender's generated behavior are used to hide the keyword location information. Calculated from equations 2,3,4,5, l o =25,l t =8,l s =41. The mapped blogs containing the mapped groupings are searched on the social network, one of the results is shown in fig. 3. The locations of the mapping keywords in the blog are 9, 19, 27, 13, 22, 30, respectively.
The positions are converted to binary and divided into 3 groups, each group having a length of 8, 25,8, respectively, which are then converted to decimal. t is t m =t c +37*(d max +1)=1633017711,t o =t m -7183027=1625835084,t b =t m +192*(d max +1) = 1633018687. The calculation process and data are shown in table 1. Therefore, when secret information is sent, the sender forwards the carried compact blog text at the left side of the figure 3 at 2021-10-01-00:01:51, so that the keywords can be sent out, and interacts with the blog text at the right side of the figure 3 at 2021-10-01-00:09:36, so that the positions of the keywords can be sent out. Corresponding to fig. 2, t m Corresponding to t 1 ,t b Corresponding to t 2 ,t o Corresponding to t 3 . The inverse process of the transmission in the extraction of the secret information is not described here in detail.
Table 1 calculation procedure when secret information is transmitted
Figure GDA0004144214910000121
The robustness and embedding capacity of the method of the invention are analyzed:
the embedding capacity and the robustness are important indexes for measuring the performance of the steganography method. The embedded capacity refers to the number of bits carried by each action, and the robustness refers to the characteristic that the encrypted data can still be successfully communicated under the attack of an attacker or a channel. The present embodiment will analyze the performance of the proposed method from both of these aspects.
(a) Robustness (robustness)
In addition to using text to hide mapping keywords, the invention also uses a timestamp to hide the position of the keywords. In general, text data can exist stably on a social network, and text contents other than blank characters are not modified. The factor threatening robustness of the present method comes from the timestamp, as it requires that the expected behavior be performed at the same time as the social network records, and in practice it is difficult to meet this condition. The action delay here refers to the sum of the time of transmission, server processing, storage and response of a certain action after being sent out. For example, when Weibo issues a blog containing an image, a sender issues a blog at 2021-10-01-00:00:00, the sending request is processed by a server, and the issuing time displayed on the platform is 2021-10-01-00:00:01, then there is a 1 second behavior delay.
In fig. 4, (a) is the execution situation of the behavior of Weibo, twitter and Facebook within a certain period, the solid line represents the time of executing a certain behavior, the dotted line represents the expected time of executing a certain behavior, and it can be found that the actual time does not coincide with the expected time in most cases, which indicates that the behavior delay is present in most cases. In FIG. 4 (b) is obtained by subtracting the actual time from the expected time, which indicates the maximum delay d in this period max =2。
If the action delay occurs during the transmission of the secret information, the position of the key word is deviated, so that the secret information cannot be extracted correctly. In order to solve the problem, the present embodiment uses a time redundancy control mechanism to test the behavior delay in a period of time to obtain the maximum value d in the period of time max The method comprises the steps of carrying out a first treatment on the surface of the Second, multiply the transferred data by d max +1 is resistant to the effects of delay. For example, the sender delivers secret data 47, d max =2, current timestamp t c = 1635150139, then some action can be performed until the time stamp is 1635150141. Even if the action is delayed by 2 seconds, the time of execution is recorded as 1635150143 by the social network, and the extractor divides the timestamp by 3 to take the value downwards, the resulting value is still 47. Therefore, the robustness of the method on the text content and the time stamp can be ensured.
(b) Embedded capacity
The size of the embedded capacity is influenced by various factors, and the embedded capacity is matched with the post b bit of the time stamp, namely the common Bowen time stamp l o Maximum behavioral delay d max And the like. There are two problems to be solved in this section, the first being what the appropriate value or range of values of the respective variables are. For b, if b is less than or equal to 2, frequent operation is caused, and abnormal behavior is caused; if b is too large, more information can be encoded but too much time is consumed. In addition, in order to enable l o The maximum value is taken as far as possible, the method is suitable for the mainstream social network, such as Facebook, twitter and Weibo, and the like, which have a large number of users and blog data in 2011, so that the starting time can be set to 2011-01-00:00:00, and the corresponding timestamp is t s = 1293811200. Assuming that the current time is 2021-10-01-00:00:00, then t c = 1633017600, according to equation 4, l o =28. From the robustness analysis, d max Should be greater than or equal to 2.
Table 2 embedding capacity at different time delays
d max l v log 2 l v l t l s l i
0 999.00 9.96 9 46 7
1 499.50 8.96 8 44 7
2 333.33 8.38 8 44 7
3 249.75 7.96 7 42 7
4 199.80 7.64 7 42 7
5 166.50 7.38 7 42 7
6 142.71 7.16 7 42 7
7 124.88 6.96 6 40 6
Table 2 shows the differences d max When l v 、log 2 l v
Figure GDA0004144214910000141
And l s Corresponding value, which indicates when d max =1/2$(d max =1 or d max When=2), l s The values of (2) are the same; when d max When=3/4/5/6, l s The same applies. Time delay d max When the same, l s The same means that the number of bits transferred is the same.
Another problem is that several bits can represent one location. To answer this question, we first crawl 10,731,668 pieces of blogging data from Twitter, select 300,000 pieces of blogging data and divide them into 3 groups of 100,000 pieces each; then, word segmentation is carried out on each blog, and the number of words in the blog is counted; finally, counting the occurrence frequency of the keywords in each group of the blogs, and the corresponding experimental results are shown in fig. 5. FIG. 5 shows that the vast majority of the blogging word numbers x ε [1,60 ]]From 2 6 As is known by =64, using 6 bits can represent 0-63 for a total of 64 positions, which can satisfy the requirement of indexing positions in the blog. Accordingly, table 2 finallyOne column gives l i Is a value of (2).
The remainder being distributed in [61,67 ]]. X is the number of keywords in the blog, p i Is the probability of the number of keywords being i, which is expected to be E (X) as shown by the following formula:
Figure GDA0004144214910000151
the result calculated by equation 6 is noted in fig. 5. By calculating the average value of 3 experiments, the average number of words carried by each blog is 22.67, and the average embedding capacity can be calculated by the value. Assuming that each word contains on average
Figure GDA0004144214910000152
One letter, then the average embedded capacity is +.>
Figure GDA0004144214910000153
The actual embedding capacity depends on the secret information transferred, and the experimental data can be seen in the subsequent embedding capacity comparison experiment.
To verify the effect of the invention, the following experiments were performed:
in this section, we designed several sets of experiments to evaluate the performance of the proposed method in terms of embedding capacity and number of behaviors and for the initial keyword number l i Experiments and evaluations were performed.
In the experiment, we use independent claim as secret information and Kaggle word frequency library as public word frequency library.
10,731,668 pieces of blog data are crawled on a Twitter by utilizing Twaint, and fields such as a user name, blog, creation time and the like are included in the data. Twin is a crawler tool on Github, which can accurately acquire information such as blogs, comments, attentives and the like through keywords in a specified time period, and we use the crawler tool as a tool for searching blogs towards a social network. FIG. 4 illustrates d max Should be greater than or equal to 2. Thus, the experiment is at d max Performed below =2.
(a) Embedded capacity comparative experiment
Taking into account behavioral latency d in social networks max Mapping the number l of initial keywords carried by blog i The embedding capacity is affected, a set of comparison experiments of keyword quantity change are designed, and the influence of a single variable on the embedding capacity is tested, and the result is shown in fig. 6. Next, we selected a set of parameters to compare with the existing behavior steganography work to verify the performance of the embedded capacity of the method, the data of which are shown in table 3. Finally, we propose a method that compares with the generated text steganography method in terms of embedding capacity.
In the experiment corresponding to fig. 6, the secret information is divided into a plurality of groups of mapping packets to be transmitted through the algorithm 2, and the transmission bit quantity of each carried ciphertext carrying the secret information is shown in fig. 6, from which we can observe that the information quantity carried by the packets in the secret information transmission process can reach the maximum value, the minimum value and the average value.
When l i When=7, each group carries 164.95 bits on average, the highest energy carries 328.00 bits of data, and the lowest energy carries 40.00 bits of data; when l i When=9, the maximum value and average value increase, 352.00 bits and 167.23 bits, respectively. FIG. 6 shows l i In a certain range, with l i The amount of information carried by the packet is gradually increased.
To verify the performance of the embedded capacity of the method, we have implemented the behavior steganography methods of documents 4,5 and 6 and compared with our method. At l i When=7, the independent statement is taken as secret information, 317 times of transmission are required by using the method, the average value is calculated once every 50 times to obtain the corresponding embedding capacity, and the corresponding experimental data are shown in table 3. When n=7, the 101 st to 150 th mapped blogs are transmitted, the average embedding capacities of documents 4,5 and 6 and our method are 2.32,2.55,1.82, 92.08 bits, respectively. As the number of sender time controlled accounts increases by $ n $ there is a trend towards a decrease in the embedding capacity of the compared method, which is caused by the increase in the number of actions, whereas the change in $ n has no effect on our proposed method. According to the experimental result, dividing the maximum value of the embedding capacity of the method by the comparisonThe minimum value of the method is obtained as the maximum multiple of the embedded capacity improvement, and the minimum value of the embedded capacity of the method is divided by the maximum value of the comparison method to obtain the minimum multiple of the embedded capacity improvement. Table 3 shows that the performance of the method in embedding capacity is higher than that of the method compared with the method, and the embedding capacity is improved by 29.23-51.47 times.
Table 3 d max =2,l i Embedding capacity (bit) of the behavior steganography method compared when=7
Figure GDA0004144214910000161
We also compared to the generative text steganography method. The embedded capacity of text-generated steganography is the number of bits carried by each word. For this purpose, according to the embedding capacity analysis, each blog contains 22.67 words on average, so that the corresponding embedding capacity of the method under different parameters can be obtained. Document 1 indicates that when document 2 carries 4 bits per word, the probability of being recognized reaches 0.8, for which we have conducted a comparative experiment below 4bpw, and the experimental results are shown in table 4.
Table 4 vs. embedding capacity for generating steganography (bit)
Figure GDA0004144214910000171
When document 2 proposes a method of carrying 3 bits per word, each blog may carry 68.01 bits. For our method, at d max =2,l i When=7, 83.60 bits can be transmitted each time. With l i The embedding capacity is improved, but the retrieval efficiency is reduced; when d max As this increases, the embedding capacity decreases. When document 2 proposes a method where each word carries 4 bits, the embedding capacity would exceed our method, but it is known with a probability of up to 0.8, whereas our method uses natural text, without this risk. Document 2 is safer when carrying 3 bits per word, and each blog can carry 68.01 bits, which improves 16.26% -23.94% compared with the corresponding blog. Thus, two groups ofThe comparison experiment shows that the method has more superiority in embedding capacity.
(b) Behavior quantity comparison experiment
Frequent and massive operations of the same user on the social network may cause abnormal behaviors, so that the fewer the number of behaviors generated by transmitting a piece of secret information, the better. For this, we designed a set of comparison experiments, sending information of the same length to test the performance of the compared method in terms of number of behaviors.
In fig. 7 (a), when 16-bit information is transmitted, the number of behaviors that the documents 4,5,6 and the method proposed by the present invention need to produce are 10, 13, and 2, respectively. It is noted that the number of actions of the compared method fluctuates with the information transmitted. Specific experimental data can be provided in fig. 7 (a), and we can observe the trend of the number of behaviors of each method with the increase of the number of transmitted bits through fig. 7 (b). In fig. 7 (b), it is shown that the number of actions of the method is lower than that of the compared method as the number of transfer bits increases.
(c) Parameter l i Selection of (3)
When secret information is sent, the initial keyword number of keywords in the mapping blog is l i When comprising l i When the blogs of the individual keywords are not searched, the mapping keyword sequence is shortened, and then the appropriate blogs are continuously searched. Considering that repeated searching can affect the transmission efficiency, we designed a set of transmission success rate comparison experiments to guide the sender to set a proper l i The hidden communication is realized in an efficient way, the corresponding experimental result is shown in figure 8, and the actual keyword quantity l in the mapping blog r Values less than 3% are not indicated in the figure.
The different colors in FIG. 8 represent different l r The proportion of each color represents the actual number of mapping keywords in the mapping blogs as l r Probability of being successfully transmitted. When l i When=7, l r The success rate of the transmission for 4 is 29.02%, when l i At 7, the probability of successful transmission of the mapped blog containing less than 6 keywords is 87%, and the probability of successful transmission of 7 keywords13%; when l r When=4, the mapped blogs are more easily retrieved. At the same time, for different l i Different from each other r The success rates of the additions are all equal to 100%, which means that secret information can always be successfully transmitted.
In summary, aiming at the problem that the current behavior steganography has a certain limitation in terms of embedded capacity, the invention provides a high-capacity behavior steganography method based on timestamp modulation and carrier selection. When extracting the secret information, the receiver extracts the secret information by using the shared secret key and the social network account number. The secret information of the method is carried by the blog, the mapped keyword position is determined by the timestamp, the content of the blog is not modified, and the naturalness of the blog is ensured; the time stamp is mapped to the keyword, so that the embedding capacity is greatly improved. Through actual measurement of a mainstream social network platform, compared with the existing typical behavior steganography methods (4, 5 and 6) of the social network, the embedding capacity is improved by 29.23-51.47 times, and compared with the generated text steganography (2), the embedding capacity is improved by 16.26-23.94%. In addition, the invention uses the self-adaptive search mapping blocks Wen Suanfa to ensure the success rate of secret information transmission.
The foregoing is merely illustrative of the preferred embodiments of this invention, and it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of this invention, and it is intended to cover such modifications and changes as fall within the true scope of the invention.

Claims (3)

1. A high capacity behavioral steganography method based on timestamp modulation and carrier selection, comprising:
when secret information is transmitted, firstly, the secret information is mapped into a group of high-frequency keywords and grouped, then keyword blogs containing the grouping are searched in a social network platform, then, according to the time stamp of the position modulation behavior of the keywords in the blogs, finally, according to the time stamp capable of determining the positions of the keywords in the blogs, behaviors are generated, and the keyword blogs are released to a social network, so that hidden communication is realized;
the method specifically comprises the following steps:
step1: firstly, generating a self-built word frequency table by combining secret words and a public word frequency table, then constructing a mapping relation table by the self-built word frequency table and the public high-frequency table, and finally, converting the words in secret information, namely the mapping relation table after secret key scrambling, into mapping keywords, and forming a mapping keyword table by each mapping keyword;
step2: automatically interacting with a social network, measuring whether time delay exists in behaviors within a period of time, and obtaining the maximum behavior time delay;
step3: according to the initial keyword quantity set in each blog, a group of words is taken out from a mapping keyword list to be used as a mapping group, and the blog containing the mapping group is dynamically searched in a social network to be used as a mapping blog; if the mapping blogs containing the mapping groups cannot be found, shortening the number of the initial keywords, and continuing to search; if the mapping key words are searched, the links of the blog are saved, the next group of mapping groups are taken out from the mapping key word list according to the initial key word number to continue searching until all the mapping key words in the mapping key word list are searched;
step4: when hiding the positions of the mapping keywords through the time stamps, a sender firstly extracts the positions of all the mapping keywords from all the mapping groups to form a mapping position sequence, and converts the mapping position sequence into a position binary character string; then, dividing the position binary character string according to the length of the loading binary according to the time stamp of the common blog and the time stamp of the loading behavior; finally, modulating a time stamp sequence, namely a carrier time stamp sequence, according to the segmented binary character strings; the common blog text refers to a blog text which can be searched on a social network, and the timestamp of the blog text is already existing and is not influenced by the action time delay any more;
step5: the sender account interacts with the mapping blog and the common blog at the time corresponding to the secret-carrying timestamp, generates secret-carrying behavior, and issues secret information to the social network;
step6: according to the mapping relation table and account information shared by the senders, the receivers extract interaction behavior data in a period of time from the corresponding accounts of the social network;
step7: when the time stamp information is extracted through the interactive behavior data, the secret key and the identification field are used for identifying the secret-carrying time stamp;
step8: determining the position of the keyword in the mapping blog according to the encryption time stamp, and converting the mapping keyword at the corresponding position into a secret keyword by using a mapping relation table;
step9: sequentially combining the secret keywords to obtain secret information;
the construction process of the mapping relation table is as follows:
firstly, initializing a counter with value of 0 to obtain word frequency table T formed from common secret key words f The secret key words are in the public word frequency table T w Index position in (c) and associating the keyword with T w The key words corresponding to the index positions are added into the mapping relation table M as a group of relations r In (a) and (b); repeating the above steps can complete the addition of common secret key words to M r Each time the counter is incremented by 1; next, obtain the position T w But not at T f Keywords in (1), the keywords are combined with T w The key words of the position of the counter are added to M as a group of relations r In (a) and (b);
the step3 comprises the following steps:
first from the mapping keyword table T m Middle fetch l i Mapping keywords; then, searching the social network for the content of the l i Mapping blogs of the mapping keywords; if not, subtracting 1 from the number of keywords searched in the previous round to continue searching; if a blog is found, the number of keywords is set to l i Continuing searching until all mapping keywords are hidden in the found mapping blogs; if a map isActual number of keywords in jet r When=0, the search fails.
2. The high capacity behavioural steganography method based on timestamp modulation and carrier selection as claimed in claim 1, wherein the timestamp of the encryption behaviour can carry a binary length i t The method is obtained by the following formula:
l v =(10 b -1)/(d max +1) (2)
Figure FDA0004144214900000021
where b represents the last b digitally encoded location information of the timestamp, d max Represents the maximum behavior delay in a period of time, l v Representing the amount of information that can actually be used to encode.
3. The high-capacity behavioral steganography method based on timestamp modulation and carrier selection of claim 1, wherein the timestamp of the ordinary blog is capable of loading a binary length l o The method is obtained by the following formula:
Figure FDA0004144214900000031
wherein t is c A time stamp indicating when the sender is about to send the secret information; t is t s Time stamp representing a blog of a social network, when t s Is the earliest timestamp of this social network, l o Take the maximum value.
CN202210015282.7A 2022-01-07 2022-01-07 High-capacity behavior steganography method based on timestamp modulation and carrier selection Active CN114553811B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210015282.7A CN114553811B (en) 2022-01-07 2022-01-07 High-capacity behavior steganography method based on timestamp modulation and carrier selection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210015282.7A CN114553811B (en) 2022-01-07 2022-01-07 High-capacity behavior steganography method based on timestamp modulation and carrier selection

Publications (2)

Publication Number Publication Date
CN114553811A CN114553811A (en) 2022-05-27
CN114553811B true CN114553811B (en) 2023-04-28

Family

ID=81669173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210015282.7A Active CN114553811B (en) 2022-01-07 2022-01-07 High-capacity behavior steganography method based on timestamp modulation and carrier selection

Country Status (1)

Country Link
CN (1) CN114553811B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201420052D0 (en) * 2014-11-11 2014-12-24 Univ Surrey Hiding information in a digital environment
CN110188200A (en) * 2019-05-27 2019-08-30 哈尔滨工程大学 A kind of depth microblog emotional analysis method using social context feature
CN110392050A (en) * 2019-07-18 2019-10-29 北京理工大学 A kind of construction method of the Use of Covert Storage Channels based on timestamp
CN111327786A (en) * 2020-02-26 2020-06-23 中国科学技术大学 Robust steganography method based on social network platform
CN112052471A (en) * 2020-09-17 2020-12-08 青岛大学 Information hiding method based on social network space
CN113051916A (en) * 2021-04-23 2021-06-29 东南大学 Interactive microblog text emotion mining method based on emotion offset perception in social network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020522808A (en) * 2017-05-30 2020-07-30 サイエンプティブ テクノロジーズ インコーポレイテッド Real-time detection of malware and steganography in kernel mode and protection from malware and steganography

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201420052D0 (en) * 2014-11-11 2014-12-24 Univ Surrey Hiding information in a digital environment
CN110188200A (en) * 2019-05-27 2019-08-30 哈尔滨工程大学 A kind of depth microblog emotional analysis method using social context feature
CN110392050A (en) * 2019-07-18 2019-10-29 北京理工大学 A kind of construction method of the Use of Covert Storage Channels based on timestamp
CN111327786A (en) * 2020-02-26 2020-06-23 中国科学技术大学 Robust steganography method based on social network platform
CN112052471A (en) * 2020-09-17 2020-12-08 青岛大学 Information hiding method based on social network space
CN113051916A (en) * 2021-04-23 2021-06-29 东南大学 Interactive microblog text emotion mining method based on emotion offset perception in social network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Hanlin Liu;Jingju Liu;Xuehu Yan. Social Network Behavior-Oriented Audio Steganography Scheme.《2018 Eighth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC)》.2018,全文. *
Xiangyang Luo;Daoshun Wang;Ping Wang;Fenlin Liu.Secret Key Estimation for Image Sequential Steganograph in Transform Domain.《IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference》.2007,全文. *
娄嘉鹏;张萌;付鹏;张开.一种基于TCP协议的网络隐蔽传输方案设计.信息网络安全.2016,(01),全文. *

Also Published As

Publication number Publication date
CN114553811A (en) 2022-05-27

Similar Documents

Publication Publication Date Title
Sala et al. Sharing graphs using differentially private graph models
Xiang et al. Linguistic steganalysis using the features derived from synonym frequency
CN108768986A (en) A kind of encryption traffic classification method and server, computer readable storage medium
EP3614645B1 (en) Embedded dga representations for botnet analysis
Hu et al. Loan default analysis with multiplex graph learning
Gkoulalas-Divanis et al. Modern privacy-preserving record linkage techniques: An overview
CN111797409B (en) Carrier-free information hiding method for big data Chinese text
CN103164698A (en) Method and device of generating fingerprint database and method and device of fingerprint matching of text to be tested
CN103995804A (en) Cross-media topic detection method and device based on multimodal information fusion and graph clustering
CN113779355B (en) Network rumor tracing evidence obtaining method and system based on blockchain
Geng et al. A novel hybrid clustering algorithm for topic detection on Chinese microblogging
CN111027081B (en) Text carrierless information hiding method based on feature mapping
CN114553811B (en) High-capacity behavior steganography method based on timestamp modulation and carrier selection
CN111629027B (en) Method for storing and processing trusted file based on blockchain
CN112348041B (en) Log classification and log classification training method and device, equipment and storage medium
Wang et al. Intent mining: A social and semantic enhanced topic model for operation-friendly digital marketing
Liu et al. To deliver more information in coverless information hiding
Wang et al. A privacy-preserving cross-media retrieval on encrypted data in cloud computing
Peng et al. Federated meta embedding concept stock recommendation
Guan et al. A novel coverless text steganographic algorithm based on polynomial encryption
Xiong Data Service Outsourcing and privacy protection in Mobile internet
Wu et al. Improving deep learning based password guessing models using pre-processing
Zhang et al. Federated model decomposition with private vocabulary for text classification
Wu et al. Text coverless information hiding method based on hybrid tags
KR20210024748A (en) Malware documents detection device and method using generative adversarial networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant