My publications focus mainly on image steganography, steganalysis, cover source mismatch and practical detection scenarios.
2026
On the Effectiveness of Side-Informed Steganography in Diffusion-Generated Images
Daniel Lerch-Hostalot and David Megías
Proceedings of the 21st International Conference on Availability, Reliability and Security (ARES '26). To appear, August 2026.
Abstract
Recent advances in text-to-image diffusion models have led to the widespread use of AI-generated imagery, raising new questions regarding their suitability as steganographic carriers. While most prior work has focused on embedding information directly in the latent space of generative models, considerably less attention has been paid to spatial-domain embedding in the final synthesized images. In this work, we investigate the effectiveness of side-informed spatial-domain steganography in images generated by diffusion models. We show that the quantization and rounding operations inherent to the image synthesis pipeline provide valuable side information that can be exploited by modern cost-based embedding schemes. Through extensive experiments using HILL and UNIWARD and evaluating detectability with state-of-the-art steganalysis networks, including SRNet, a dedicated steganalysis architecture, and EfficientNet-B0 as a general-purpose CNN baseline, we demonstrate that payloads of up to 0.10 bits per pixel remain consistent with chance-level detection under the evaluated protocol. Our results show that incorporating quantization residuals as side information substantially reduces detectability. In particular, at 0.10 bpp, side-informed HILL and UNIWARD achieve near chance-level performance against both SRNet and EfficientNet-B0 under the evaluated same-source supervised steganalysis setting.
2025
Calyptography: Secure Secret Storage Inspired by Cryptography and Steganography
Daniel Lerch-Hostalot, Jordi Puiggalí and David Megias
Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15996, pp. 290-308. Springer, Cham. 2025.
DOI
Abstract
This paper introduces calyptography, a novel method for secure secret storage that combines principles from steganography and cryptography without altering the carrier media. Unlike traditional cryptographic systems, which rely solely on passphrases or keys, or steganographic systems, which embed data into a cover medium, calyptography links a secret to an unmodified image via a robust perceptual hash. The proposed system derives encryption and decryption keys from both a user passphrase and the perceptual features of a reference image, allowing secure storage while resisting typical image transformations such as compression, filtering, or rescaling. A detailed method based on DCT-based image hashing and randomized patch extraction is presented, alongside error correction techniques that preserve key robustness without reducing entropy. Experimental results show the method’s high robustness against common image manipulations compared to traditional perceptual hashing schemes, making calyptography a promising alternative for secure and user-friendly secret management.
2024
Single-image steganalysis in real-world scenarios based on classifier inconsistency detection
Daniel Lerch-Hostalot and David Megias
Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES '24). July 2024.
DOIPDF
Abstract
This paper presents an improved method for estimating the accuracy of a model based on images intended for prediction, enhancing the standard Detection of Classifier Inconsistencies (DCI) method. The conventional DCI method typically requires a large enough set of images from the same source to provide accurate estimations, which limits its practicality. Our enhanced approach overcomes this limitation by generating a set of images from a single original image, thereby enabling the application of the standard DCI method without requiring more than one target image. This method ensures that the generated images maintain the statistical properties of the original, preserving any embedded steganographic messages, through the use of non-destructive image manipulations such as flips, rotations, and shifts. Experimental results demonstrate that our method produces results comparable to those of the traditional DCI method, effectively estimating model accuracy with as few as 32 generated images. The robustness of our approach is also confirmed in challenging scenarios involving cover source mismatch (CSM), making it a viable solution for real-world applications.
Aletheia: an open-source toolbox for steganalysis
Daniel Lerch-Hostalot and David Megias
Journal of Open Source Software, 9(93), 5982. January 2024.
DOIPDFCode
Abstract
Steganalysis is the practice of detecting the presence of hidden information within digital media, such as images, audio, or video. It involves analyzing the media for signs of steganography, which is a set of techniques used to conceal information within the carrier file. Steganalysis techniques can include statistical analysis, visual inspection, and machine learning algorithms to uncover hidden data. The goal of steganalysis is to determine whether a file contains covert information and potentially identify the steganographic method used.
Steganalysis has become increasingly important in the face of rising spying and stegomalware threats, particularly in the context of data exfiltration. In this scenario, malicious actors leverage steganographic techniques to conceal sensitive data within innocent-looking files, evading traditional security measures. By detecting and analyzing such covert communication channels, steganalysis helps to identify and prevent data exfiltration attempts, safeguarding critical information and preventing it from falling into the wrong hands.
In recent years, there has been a significant growth in the interest of researchers towards the field of steganalysis. The application of deep learning (Boroumand et al., 2019; Yousfi et al., 2020) in steganalysis has opened up new avenues for research, leading to improved detection rates and enhanced accuracy. As the field continues to evolve, experts are actively exploring novel architectures and training methodologies to further refine the performance of deep learning-based steganalysis.
2023
Real-world actor-based image steganalysis via classifier inconsistency detection
Daniel Lerch-Hostalot and David Megias
Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). August 2023.
DOIPDF
Abstract
In this paper, we propose a robust method for detecting guilty actors in image steganography while effectively addressing the Cover Source Mismatch (CSM) problem, which arises when classifying images from one source using a classifier trained on images from another source. Designed for an actor-based scenario, our method combines the use of Detection of Classifier Inconsistencies (DCI) prediction with EfficientNet neural networks for feature extraction, and a Gradient Boosting Machine for the final classification. The proposed approach successfully determines whether an actor is innocent or guilty, or if they should be discarded due to excessive CSM. We show that the method remains reliable even in scenarios with high CSM, consistently achieving accuracy above 80% and outperforming the baseline method. This novel approach contributes to the field of steganalysis by offering a practical and efficient solution for handling CSM and detecting guilty actors in real-world applications.
2022
Subsequent embedding in targeted image steganalysis: Theoretical framework and practical applications
David Megias and Daniel Lerch-Hostalot
IEEE Transactions on Dependable and Secure Computing. February 2022.
DOIPDF
Abstract
Steganalysis is a collection of techniques used to detect whether secret information is embedded in a carrier using steganography. Most of the existing steganalytic methods are based on machine learning, which requires training a classifier with “laboratory” data. However, applying machine-learning classification to a new data source is challenging, since there is typically a mismatch between the training and the testing sets. In addition, other sources of uncertainty affect the steganlytic process, including the mismatch between the targeted and the actual steganographic algorithms, unknown parameters –such as the message length– and having a mixture of several algorithms and parameters, which would constitute a realistic scenario. This article presents subsequent embedding as a valuable strategy that can be incorporated into modern steganalysis. Although this solution has been applied in previous works, a theoretical basis for this strategy was missing. Here, we cover this research gap by introducing the “directionality” property of features concerning data embedding. Once a consistent theoretical framework sustains this strategy, new practical applications are also described and tested against standard steganography, moving steganalysis closer to real-world conditions.
2019
Detection of Classifier Inconsistencies in Image Steganalysis
Daniel Lerch-Hostalot and David Megias
Proceedings of the ACM Workshop on Information Hiding and Multimedia Security. July 2019.
DOIPDFSlides
Abstract
In this paper, a methodology to detect inconsistencies in classification-based image steganalysis is presented. The proposed approach uses two classifiers: the usual one, trained with a set formed by cover and stego images, and a second classifier trained with the set obtained after embedding additional random messages into the original training set. When the decisions of these two classifiers are not consistent, we know that the prediction is not reliable. The number of inconsistencies in the predictions of a testing set may indicate that the classifier is not performing correctly in the testing scenario. This occurs, for example, in case of cover source mismatch, or when we are trying to detect a steganographic method that the classifier is not capable of modelling accurately. We also show how the number of inconsistencies can be used to predict the reliability of the classifier (classification errors).
2018
Diagnóstico de CSM en estegoanálisis
Daniel Lerch-Hostalot y David Megias
Reunión Española de Criptografía y Seguridad XV. October 2018.
PDFSlides
Resumen
En este artículo se presenta una metodología para detectar el problema de Cover Source Mismatch (CSM) en estegoanálisis en imágenes. El método propuesto determina si un clasificador ha sido entrenado con un conjunto de datos incompleto y si no es apropiado para clasificar una imagen concreta. En este caso, la técnica desarrollada detecta que estamos intentando clasificar una muestra no alineada y elige no clasificarla. En el artículo se muestra que esta metodología permite incrementar considerablemente la precisión del clasificador a cambio de no clasificar ciertas muestras. Este método permite aplicar estegoanálisis en escenarios reales donde aparece el problema del CSM. Además, se presenta un procedimiento simple para completar el conjunto de entrenamiento proporcionando nuevas imágenes para completar las regiones del espacio no cubiertas por los datos de entrenamiento iniciales.
2016
Manifold alignment approach to cover source mismatch in steganalysis
Daniel Lerch-Hostalot and David Megias
Reunión Española de Criptografía y Seguridad XIV. October 2016.
PDFSlidesCode
Abstract
Cover source mismatch (CSM) is an important open problem in steganalysis. This problem, known as domain adaptation in the field of machine learning, deals with the decrease in the classification accuracy when a classifier is moved from the laboratory into the real world. In this paper, we present an approach to CSM based on domain adaptation using manifold alignment algorithms. In this novel approach, we use manifold alignment to find a latent space where the two datasets (the one used for training and the one used for testing) have a common representation. We show that manifold alignment can significantly increase the accuracy of the classifier in cross-domain classification.
Unsupervised steganalysis based on artificial training sets
Daniel Lerch-Hostalot
UOC Research Week 2016. 18 April 2016.
Slides
Abstract
In this paper, an unsupervised steganalysis method that combines artificial training sets and supervised classification is proposed. We provide a formal framework for unsupervised classification of stego and cover images in the typical situation of targeted steganalysis (i.e., for a known algorithm and approximate embedding bit rate). We also present a complete set of experiments using (1) eight different image databases, (2) image features based on Rich Models, and (3) three different embedding algorithms: Least Significant Bit (LSB) matching, Highly undetectable steganography (HUGO) and Wavelet Obtained Weights (WOW). We show that the experimental results outperform previous methods based on Rich Models in the majority of the tested cases. At the same time, the proposed approach bypasses the problem of Cover Source Mismatch – when the embedding algorithm and bit rate are known – since it removes the need of a training database when we have a large enough testing set. Furthermore, we provide a generic proof of the proposed framework in the machine learning context. Hence, the results of this paper could be extended to other classification problems similar to steganalysis.
Unsupervised steganalysis based on artificial training sets
Daniel Lerch-Hostalot and David Megias
Engineering Applications of Artificial Intelligence. April 2016.
DOIPDFCode
Abstract
In this paper, an unsupervised steganalysis method that combines artificial training sets and supervised classification is proposed. We provide a formal framework for unsupervised classification of stego and cover images in the typical situation of targeted steganalysis (i.e., for a known algorithm and approximate embedding bit rate). We also present a complete set of experiments using (1) eight different image databases, (2) image features based on Rich Models, and (3) three different embedding algorithms: Least Significant Bit (LSB) matching, Highly undetectable steganography (HUGO) and Wavelet Obtained Weights (WOW). We show that the experimental results outperform previous methods based on Rich Models in the majority of the tested cases. At the same time, the proposed approach bypasses the problem of Cover Source Mismatch – when the embedding algorithm and bit rate are known – since it removes the need of a training database when we have a large enough testing set. Furthermore, we provide a generic proof of the proposed framework in the machine learning context. Hence, the results of this paper could be extended to other classification problems similar to steganalysis.
2014
Esteganografía en zonas ruidosas de la imagen
Daniel Lerch-Hostalot y David Megias
Reunión Española de Criptografía y Seguridad XIII. September 2014.
PDFSlides
Resumen
La mayor parte del estegoanálisis en el estado del arte se basa en el uso de técnicas de machine learning, es decir, en entrenar clasificadores para que sean capaces de diferenciar una imagen portadora de una imagen con mensaje oculto. Las investigaciones realizadas en este campo muestran que las zonas de la imagen más difíciles de modelar y, en consecuencia, aquellas en las cuales es más difícil detectar un mensaje incrustado, son las zonas ruidosas. Estas corresponden a líneas y texturas. En este artículo presentamos un nuevo método de esteganografía que permite ocultar información en dichas zonas, dificultando así su detección. La efectividad del método se ha comprobado usando dos bases de datos de imágenes diferentes y dos estegoanalizadores recientes. Los experimentos demuestran que el algoritmo propuesto mejora significativamente la indetectabilidad estadística.
2013
LSB Matching Steganalysis Based on Patterns of Pixel Differences and Random Embedding
Daniel Lerch-Hostalot and David Megias
Computers & Security. February 2013.
DOIPDFCode
Abstract
This paper presents a novel method for detection of LSB matching steganography in grayscale images. This method is based on the analysis of the differences between neighboring pixels before and after random data embedding. In natural images, there is a strong correlation between adjacent pixels. This correlation is disturbed by LSB matching generating new types of correlations. The presented method generates patterns from these correlations and analyzes their variation when random data are hidden. The experiments performed for two different image databases show that the method yields better classification accuracy compared to prior art for both LSB matching and HUGO steganography. In addition, although the method is designed for the spatial domain, some experiments show its applicability also for detecting JPEG steganography.
2012
Steganalytic Methods for the Detection of Histogram Shifting Data Hiding Schemes
Daniel Lerch-Hostalot y David Megias
Reunión Española de Criptología y Seguridad XII. September 2012.
PDFSlides
Abstract
In this paper, several steganalytic techniques designed to detect the existence of hidden messages using histogram shifting schemes are presented. Firstly, three techniques to identify specific histogram shifting data hiding schemes, based on detectable visible alterations on the histogram or abnormal statistical distributions, are suggested. Afterwards, a general technique capable of detecting all the analyzed histogram shifting data hiding methods is suggested. This technique is based on the effect of histogram shifting methods on the “volatility” of the histogram of the difference image. The different behavior of volatility whenever new data are hidden makes it possible to identify stego and cover images.
2011
Steganalytic methods for the detection of histogram shifting data-hiding schemes
Daniel Lerch-Hostalot
Master Thesis, UOC. June 2011.
PDF
Abstract
In this paper, several steganalytic techniques designed to detect the existence of hidden messages using histogram shifting schemes are presented. Firstly, three techniques to identify specific histogram shifting data hiding schemes, based on detectable visible alterations on the histogram or abnormal statistical distributions, are suggested. Afterwards, a general technique capable of detecting all the analyzed histogram shifting data hiding methods is suggested. This technique is based on the effect of histogram shifting methods on the “volatility” of the histogram of the difference image. The different behavior of volatility whenever new data are hidden makes it possible to identify stego and cover images.