
Mainstream image steganography approaches struggle to evade increasingly accurate steganalyzers, while many security-enhancement techniques require white-box access to the steganographic encoder, hindering deployment in black-box settings. We address this gap with a framework that achieves strong security and high image quality without access to encoder internals. Our method Black-box Steganography via Transferable Adversarial Attack (BS-ADV) adds small, transferable adversarial perturbations to stego images using gradients from a chosen steganalysis model, yet remains independent of the steganographic encoder. Building on this idea, we instantiate two variants: FGSM-adv, which applies a single-step Fast Gradient Sign Method to inject fixed-sign perturbations, and PGD-adv, which performs multi-step Projected Gradient Descent to enhance the robustness and security of the resulting adversarial stego images. Experiments on public BOSSBase 1.01 (Break Our Steganographic System Base v1.01) and BOWS (Break Our Watermarking System 2) datasets show that BS-ADV substantially outperforms baseline approaches against both feature-based and convolutional neural network (CNN)-based steganalyzers. Beyond conventional algorithms, we further validate BS-ADV with DeepSteganography, HiNet, and CRoSS (diffusion model makes controllable, robust and secure image steganography), a coverless steganography scheme built on Stable Diffusion, demonstrating broad generality and adaptability. Overall, BS-ADV improves the security and robust-ness of image steganography while preserving image quality and reliable payload recovery, making it well suited for practical black-box deployment.
image steganography; image adversarial; generative adversarial networks; diffusion models; steganography analysis