Evaluating the effectiveness of image recognition systems for automatic detection of malicious files based on image metadata
Abstract
The relevance of the study was determined by the increasing threat of covert distribution of malicious software through the metadata of digital images, which complicated the detection using standard methods. The aim of the work was to develop a new approach to detecting malicious files through the analysis of image metadata using artificial intelligence methods. To achieve this, a detailed analysis of the main metadata standards was carried out, and vulnerable fields capable of hiding malicious code and being ignored by traditional security methods were identified. The results of the theoretical study showed that the most informative characteristics for threat detection were metadata features such as timestamps, geolocation coordinates, and device data. It was also established that non-standard values in the fields, such as abnormal timestamps or suspicious code markers, could serve as indicators of malicious activity. A comparison of traditional threat detection methods was conducted, which revealed the low effectiveness when working with metadata, as these methods were mainly focused on identifying malicious elements in the visual part of the file rather than on analysing the accompanying structure. The developed conceptual model, oriented towards the specified characteristics, demonstrated significant potential for effectively detecting anomalies and hidden malicious code in metadata. This approach made it possible to reduce the number of false positives, as it focused not only on detecting obvious deviations but also on subtler changes in the structural layer of images. The conclusions confirmed that the analysis of accompanying information was an important tool for detecting new forms of threats. The practical significance of the study lay in the possibility of using the proposed concept as a basis for the development of specialised systems for monitoring and preventing cyber incidents
Keywords
steganography; malware; digital images; machine learning; metadata anomalies
References
- Ahmadi, C., Chen, J.L., & Lin, Y.T. (2024). Securing AI models against backdoor attacks: A novel approach using image steganography. Journal of Internet Technology, 25(3), 465-475. doi: 10.53106/160792642024052503012.
- Bas, P., Filler, T., & Pevný, T. (2011). Break our steganographic system – the BOSS contest. In Proceedings of the 13th international conference on information hiding (pp. 59-70). Berlin: Springer. doi: 10.1007/978-3-642-24178-9_5.
- Camera & Imaging Products Association. (2012). Exchangeable image file format for digital still cameras: Exif Version 2.3. Retrieved from https://www.cipa.jp/std/documents/e/DC-008-2012_E.pdf.
- Carneiro, D., Guimarães, M., Carvalho, M., & Novais, P. (2023). Using meta-learning to predict performance metrics in machine learning problems. Expert Systems, 40(1), article number e12900. doi: 10.1111/exsy.12900.
- Caviglione, L., & Mazurczyk, W. (2022). Never mind the malware, here’s the stegomalware. IEEE Security & Privacy, 20(5), 101-106. doi: 10.1109/MSEC.2022.3178205.
- Chaganti, R., Ravi, V., & Pham, T.D. (2022). Image-based malware representation approach with EfficientNet convolutional neural networks for effective malware classification. Journal of Information Security and Applications, 69, article number 103306. doi: 10.1016/j.jisa.2022.103306.
- El Abdelkhalki, J., Ahmed, M.B., & Abdelhakim, B.A. (2022). Image malware detection using deep learning. International Journal of Communication Networks and Information Security, 12(2). doi: 10.17762/ijcnis.v12i2.4600.
- El-Ghamry, A., Gaber, T., Mohammed, K.K., & Hassanien, A.E. (2023). Optimized and efficient image-based IoT malware detection method. Electronics, 12(3), article number 708. doi: 10.3390/electronics12030708.
- Fernando, Y., Darwis, D., Mehta, A.R., Wamiliana, W., & Wantoro, A. (2024). A new approach of steganography on image metadata. International Journal on Informatics Visualization, 8(2), 968-976. doi: 10.62527/joiv.8.2.2110.
- Galli, A., La Gatta, V., Moscato, V., Postiglione, M., & Sperlì, G. (2024). Explainability in AI-based behavioral malware detection systems. Computers & Security, 141, article number 103842. doi: 10.1016/j.cose.2024.103842.
- International Press Telecommunications Council. (2024). IPTC photo metadata standard 2024.1. Retrieved from https://www.iptc.org/std/photometadata/specification/IPTC-PhotoMetadata.
- Internet Security Threat Report. (2017). Retrieved from https://www.symantec.com/content/dam/symantec/ docs/reports/istr-22-2017-en.pdf.
- Iskanderani, A.I., Mehedi, I.M., Aljohani, A.J., Shorfuzzaman, M., Akther, F., Palaniswamy, T., Latif, S.A., & Latif, A. (2021). Artificial intelligence-based digital image steganalysis. Security and Communication Networks, 2021(1), article number 9923389. doi: 10.1155/2021/9923389.
- Ispahany, J., Islam, M.R., Islam, M.Z., & Khan, M.A. (2024). Ransomware detection using machine learning: A review, research limitations and future directions. IEEE Access, 12, 68785-68813. doi: 10.1109/ACCESS.2024.3397921.
- Jian, Y., Kuang, H., Ren, C., Ma, Z., & Wang, H. (2021). A novel framework for image-based malware detection with a deep neural network. Computers & Security, 109, article number 102400. doi: 10.1016/j.cose.2021.102400.
- Kashtalian, A., Lysenko, S., Savenko, O., Nicheporuk, A., Sochor, T., & Avsiyevych, V. (2024). Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024(1), 152-175. doi: 10.32620/reks.2024.1.13.
- Kiltz, S., Dittmann, J., Loewe, F., Heidecke, C., John, M., Mädel, J., & Preißler, F. (2024). Forensic image trace map for image-stego-malware analysis: Validation of the effectiveness with structured image sets. In Proceedings of the 2024 ACM workshop on information hiding and multimedia security (pp. 125-130). doi: 10.1145/3658664.3659659.
- Kobozieva, A., Bobok, I., & Kushnirenko, N. (2023). Steganalysis method for detecting LSB embedding in digital video, digital image sequence. In Information Control Systems and Technologies (pp. 78-90). Odesa: CEUR.
- Krasin, I., et al. (2017). OpenImages: A public dataset for large-scale multi-label and multi-class image classification.Retrieved from https://github.com/openimages/dataset.
- Kuznetsov, O., Frontoni, E., & Chernov, K. (2024a). Beyond traditional steganography: Enhancing security and performance with spread spectrum image steganography. Applied Intelligence, 54(7), 5253-5277. doi: 10.1007/ s10489-02405415-z.
- Kuznetsov, O., Frontoni, E., Chernov, K., Kuznetsova, K., Shevchuk, R., & Karpinski, M. (2024b). Enhancing steganography detection with AI: Fine-tuning a deep residual network for spread spectrum image steganography. Sensors, 24(23), article number 7815. doi: 10.3390/s24237815.
- Monika, A., & Eswari, R. (2023). An ensemble-based stegware detection system for information hiding malware attacks. Journal of Ambient Intelligence and Humanized Computing, 14(4), 4401-4417. doi: 10.1007/s12652-023-04559-z.
- Monteiro, J.P., Ramos, D., Carneiro, D., Duarte, F., Fernandes, J.M., & Novais, P. (2021). Meta-learning and the new challenges of machine learning. International Journal of Intelligent Systems, 36(11), 6240-6272. doi: 10.1002/int.22549.
- Newman, J., Lin, L., Chen, W., Reinders, S., Wang, Y., Wu, M., & Guan, Y. (2019). StegoAppDB: A steganography apps forensics image database. In Proceedings of the IS&T international symposium on electronic imaging: media watermarking, security, and forensics (pp. 536-1-536-12). Springfield: Society for Imaging Science and Technology. doi: 10.2352/ISSN.2470-1173.2019.5.MWSF-536.
- Płachta, M., Krzemień, M., Szczypiorski, K., & Janicki, A. (2022). Detection of image steganography using deep learning and ensemble classifiers. Electronics, 11(10), article number 1565. doi: 10.3390/electronics11101565.
- Puchalski, D., Caviglione, L., Kozik, R., Marzecki, A., Krawczyk, S., & Choraś, M. (2020). Stegomalware detection through structural analysis of media files. In Proceedings of the 15th international conference on availability, reliability and security (article number 73). New York: Association for Computing Machinery. doi: 10.1145/3407023.3409187.
- Roseline, S.A., Geetha, S., Kadry, S., & Nam, Y. (2020). Intelligent vision-based malware detection and classification using deep random forest paradigm. IEEE Access, 8, 206303-206324. doi: 10.1109/ACCESS.2020.3036491.
- Russo, M., Šrndić, N., & Laskov, P. (2021). Detection of illicit cryptomining using network metadata. EURASIP Journal on Information Security, 2021, article number 11. doi: 10.1186/s13635-021-00126-1.
- Salem, A.H., Azzam, S.M., Emam, O.E., & Abohany, A.A. (2024). Advancing cybersecurity: A comprehensive review of AI-driven detection techniques. Journal of Big Data, 11(1), article number 105. doi: 10.1186/s40537-024-00957-y.
- Sarker, I.H. (2023). Multi-aspects AI-based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview. Security and Privacy, 6(5), article number e295. doi: 10.1002/spy2.295.
- Sarker, I.H. (2024). AI-driven cybersecurity and threat intelligence: Cyber automation, intelligent decision-making and explainability. Cham: Springer. doi: 10.1007/978-3-031-54497-2.
- Setiadi, D.R., Ghosal, S.K., & Sahu, A.K. (2025). AI-powered steganography: Advances in image, linguistic, and 3D mesh data hiding – a survey. Journal of Future Artificial Intelligence and Technologies, 2(1). doi: 10.62411/ faith.3048-3719-76.
- Ullah, F., Srivastava, G., & Ullah, S. (2022). A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization. Journal of Cloud Computing, 11(1), article number 75. doi: 10.1186/s13677-022-00349-8.
- Vasan, D., Hammoudeh, M., & Alazab, M. (2024). Broad learning: A GPU-free image-based malware classification. Applied Soft Computing, 154, article number 111401. doi: 10.1016/j.asoc.2024.111401.
- Verma, V., Muttoo, S.K., & Singh, V.B. (2022). Detecting stegomalware: Malicious image steganography and its intrusion in windows. In Security, privacy and data analytics: Select proceedings of ISPDA 2021 (pp. 103-116). Singapore: Springer. doi: 10.1007/978-981-16-9089-1_9.
- Wang, F., & Tang, Y. (2024). Diverse intrusion and malware detection: AI-based and non-AI-based solutions. Journal of Cybersecurity and Privacy, 4(2), 382-387. doi: 10.3390/jcp4020019.
- Yadav, P., Menon, N., Ravi, V., Vishvanathan, S., & Pham, T.D. (2022). A two-stage deep learning framework for image-based android malware detection and variant classification. Computational Intelligence, 38(5), 1748-1771. doi: 10.1111/coin.12532.
- Zuppelli, M., Manco, G., Caviglione, L., & Guarascio, M. (2021). Sanitization of images containing stegomalware via machine learning approaches. In Proceedings of the Italian conference on cybersecurity (pp. 374-386). London: CEUR.