## 1 Introduction

Steganography conceals the very existence of any secret information in terms of bits. It usually embeds secret data into any type of digital cover media, such as an image, video, audio, and so on. The manipulated image or video looks innocent, and the message cannot be detected with the human eye. On the other hand, exposing the existence of any hidden information in a cover image is what steganalysis does. Such steganalytic algorithms are able to estimate the probable existence of secret bits in different ways. If steganalysis detects the hidden information with a minimum probability of testing error, the steganographic scheme has been broken.

There are two factors that have to be considered in designing a modern steganographic scheme, namely embedding rate and undetectability, with a trade-off between them. The higher the embedding rate, the greater the detectability. Some approaches are more concerned about embedding capacity, with higher imperceptibility levels provided by greater peak signal-to-noise ratio (PSNR) values, but there are many that try to be more undetectable rather than having higher PSNR values. Least significant bit (LSB) replacement [1] embeds the information in the LSB of a pixel, independent of its value. The LSB is directly replaced by the secret bit. This adds some unwanted statistical artifacts, by which the existence of secret bits can be exposed. Such artifacts are paired with values in a histogram of the stego image made by the LSB replacement method. This makes detection easier for a chi-square attack [2]. LSB matching (LSBM) [3] applies minor changes after LSB replacement because it randomly increments or decrements the LSB of a pixel according to a pseudo-random number generator if the secret bit does not match the pixel's LSB. It is also called non-adaptive ±1 embedding. Unlike LSB replacement and LSBM, which deal with the pixel values independently (non-adaptively), LSBM revisited (LSBMR) [4] is another approach that modifies the LSBM algorithm in such a way that the choice of incrementing or decrementing the pixel value is no longer random. It performs the operation by using a pair of pixels as a unit. The first pixel value changes in such a way that the first secret bit is saved in its LSB and the second secret bit equals a function of the two modified pixel values. Both LSBM and LSBMR are undetectable with a chi-square attack because, statistically, the probability of change is the same as the increment/decrement performed, either randomly or by using a function. Although the asymmetry artifacts of LSB replacement are almost completely avoided, they can still be detectable using stronger steganalytic attacks. These LSB-based approaches do not consider the difference between the pixel and its neighbors. Edge adaptive image steganography [5] embeds secret bits based on the LSBMR method. It begins embedding from the edge regions as far as possible, while keeping other smooth areas as they are. The maximum embedding capacity of this approach is limited to 1 bpp while the visual quality and security of stego images are proving to be better than those of LSB-based and edge-based methods. Another approach is to use high-dimensional image models to perform highly undetectable stego (HUGO) [6]. The source code is available at Break Our Steganographic System (BOSS) website [7]. This method calculates distortions corresponding to modification of each pixel by ±1 and sets the stego image pixel value as the minimum of these numbers. The best embedding order starts from pixels with the high cost of embedding to the lowest, which is ascertained by an additive distortion function. The default parameters of the distortion function were σ = 1 and γ = 1, and the switch –T 90, which means that the distortion function was computed with threshold T = 90 used in the BOSS challenge [7]. Security of HUGO is evaluated by training support vector machine (SVM)-based steganalyzers utilizing second-order subtractive pixel adjacency model (SPAM) features [8]. A filter suppresses the stego image content and exposes the added noise in the stego image. Dependencies between neighboring pixels are modeled as a higher-order Markov chain. The resulting sample transition probability matrix is a vector feature that is a SPAM of covers. The second-order Markov chain results in a second-order SPAM including 686 features for a typical stego image. In this work, the undetectability level of the mentioned methods is benchmarked utilizing the second-order SPAM as input features to state-of-the-art ensemble classifiers [9]. They proved to have better performance compared with SVM-based steganalyzers in terms of both time and accuracy. The classifier has to be trained with a database of pictures to detect the information more accurately, so BOSS [7] version 1.01 was used to create sufficient stego images. The BOSS database consists of 10 000 8-bit grayscale images at 512 × 512 pixels. Kodovský *et al*. [10] use *T* = 255 in order to remove a weakness of HUGO with original threshold value *T* = 90 that makes the algorithm vulnerable to first-order attacks because of an artifact present in the histogram of pixel differences. Thus, they have compared the detection error for six different payloads (0.05, 0.1, 0.2, 0.3, 0.4, and 0.5 bpp) and two settings of HUGO when using the histogram features (dim 4), the SQUARE feature (338) [11], and a combination of both (SQUARE+ *h ^{x}*), which is equal to 342 features. HUGO embeds in those places of the cover image where it is hard to model, and that is why they are more secure and less detectable compared with ±1 embedding [11].

The current work embeds in the spatial domain because of the simplicity of the algorithmic nature and ease of mathematical analysis. Also, spatial-domain techniques can carry the largest messages (embedding rate) compared with transform domains, namely discrete cosine transform (DCT)-based embedding techniques and LSB-based approaches [12]. The reason is that transformation domain techniques can only embed in nonzero coefficients, whereas all pixels can be utilized in the spatial domain. Modern steganographic schemes are supposed to be undetectable, rather than stressing the PSNR value, so the current scheme also shows the undetectability level. The detectability level is shown by ensemble classifiers using SQUARE+ *h ^{x}* feature (dim 342) and second-order SPAM feature (dim 686). The algorithm uses LSBMR for embedding the secret bits; however, unlike LSBMR method, the target pixels are adaptively chosen based on a preprocessing phase. This paper is organized as follows. Section 2 describes the proposed method. The experimental results are compared and evaluated with respect to modern and classical steganographic schemes in Section 3. Finally, Section 4 highlights and discusses the conclusions, based on the results.