**5. Discussion**

The results obtained were compared to the results of similar studies. In article [37], the research was also carried out for the BOSS dataset using an alternative version of J-Uniward—an SUniward algorithm. The model was based on the Convolution-BatchNormalization Dense neural network scheme. The authors obtained AUC at the level of 97.9% for density 0.4 bpnzac. It was a similar result to our best model, which is much less computationally complex, due to the lack of a convolutional layer.

Articles [13,14] also conducted research on the BOSS dataset using the DCTR parameters and the Gabor filters on the J-Uniward algorithm, while using different decision models. They obtained a detection error, calculated based on false-alarm and missed-detection probabilities, as proposed in [37], of around 0.04–0.05 for DCTR, and the out-of-bag error for the Gabor filter was around 0.39, both assessed for density 0.4. Unfortunately, these results are difficult to compare with ours due to the different metrics used and the testing methodology.

During experimentation with various types of neural network layers, we noticed that adding a normalization layer significantly improved the effectiveness of a model. For example, for the nsF5 method, it improved the results by about 15–20% relative, while for the J-Uniward 0.4 case it made it possible to build a reasonable model. Without this layer, the network tended to classify all images into one class. It indicates that normalization layers in the Convolution-Dense-BatchNormalization model are indispensable, in contrast to convolution layers, the lack of which can be compensated for by, for example, choosing a different feature space.

The results achieved in our study for the three-layer and two-layer network configurations were quite similar for the Adam optimizer. This may indicate that enlarging the architecture of a neural network is pointless, as it can only have a negative impact on the computational efficiency of the neural model.

It is noteworthy that the BOSS dataset used in this study is comprised exclusively of grayscale images. Thus, only the luma channel was present in each JPEG file. However, the steganographic algorithms tested (nsF5, J-Uniward, and UERD) typically introduce changes only to DCT coefficient values of the luma channel. As such, non-grayscale (colored) images can easily be analyzed in the same way as the files from the BOSS dataset, with the chrominance channels being ignored in the detection process.

#### **6. Conclusions and Future Work**

In this article, we analyzed the effectiveness of detecting hidden content in JPEG images using either shallow, ensemble classifiers, or deep learning methods. We found that performance depended heavily on the steganographic method used and on the density of the embedded hidden data. While detecting the presence of content hidden with the nsF5 algorithm at the density 0.4 bpnzac is almost perfect, the detection of data hidden using J-Uniward at 0.1 bpnzac is hardly possible, regardless of the analysis method used.

One of the aims of our study was to find the best feature space for image steganalysis. DCTR and GFR parameters yielded the best results, while the feature space built on the PHARM parameters returned worse scores. Therefore, we recommend extracting either DCTR or GFR features when scanning JPEG files for security purposes, e.g., by antimalware software.

We also found that the performance of the best deep learning algorithm (with the network architecture: 250 × BN × 120 × BN × 50 and the Adam 1 × *e*<sup>−</sup><sup>4</sup> optimizer) was either similar or slightly inferior to that of the best ensemble classifier built on linear regression. Therefore, we claim that carefully selected ensemble classifiers could be a promising alternative to deep learning methods in the field of image steganalysis.

Future work could concentrate on searching for effective detection methods for rates of embedding hidden data lower than 0.4 bpnzac, bearing in mind malware or advanced persistent threats (APTs) exchanging lower amounts of data. Researchers should especially focus on steganalysis of algorithms such as J-Uniward, which turned out to be particularly difficult to detect. It would be also interesting to see an application of elaborated algorithms, e.g., in an intrusion detection system (IDS). A study on the impact of characteristics of the hidden data (random, text, script) on the detectability of a JPEG-based steganographic method would also be beneficial.

**Author Contributions:** Conceptualization, M.P., K.S. and A.J.; methodology, M.P., M.K. and A.J.; software, M.P. and M.K.; validation, M.P. and M.K.; investigation, M.P., M.K., K.S. and A.J.; data curation, M.P.; writing—original draft preparation, M.P., M.K. and A.J.; writing—review and editing, M.P., M.K., K.S. and A.J.; visualization, M.P.; supervision, A.J. and K.S.; project administration, A.J.; funding acquisition, A.J. and K.S. All authors have read and agreed to the published version of the manuscript.

**Funding:** The study has been supported by the SIMARGL Project—Secure Intelligent Methods for Advanced Recognition of malware and stegomalware, with the support of the European Commission and the Horizon 2020 Program, under Grant Agreement No. 833042.

**Data Availability Statement:** Image data are freely available at https://www.kaggle.com/datasets/ h2020simargl/jpeg-stegochecker-dataset (accessed on 10 May 2022).

**Conflicts of Interest:** The authors declare no conflict of interest.

**Acknowledgments:** The authors wish to thank the creators of the BOSS dataset: Tomáš Pevný, Tomáš Filler and Patrick Bas, for creating and publishing their data.
