Post on 16-Apr-2017
ICASSP 2010, Dallas, 16 March 2010
1
GEOMETRIC TAMPERING ESTIMATION BY MEANS OF
A SIFT-BASED FORENSIC ANALYSIS
Irene Amerini, Lamberto Ballan, Roberto Caldelli, Alberto Del Bimbo and Giuseppe Serra
MICC - Media Integration and Communication Center
University of Florence,
Florence, Italy
ICASSP 2010, Dallas, 16 March 2010
2
Summary• Image forensics: the copy-move attack• The SIFT technique• The proposed approach
– Matching– Clustering– Geometric transformation estimation
• Experimental results– Forgery detection– Transformation parameters estimation
• Conclusions
ICASSP 2010, Dallas, 16 March 2010
3
The copy-move attack
• One of the main purposes of Image Forensics is to basically assess the authenticity of an image.
• Different kinds of tampering can be performed by an attacker.
• Copy-Move attack: a feigned image is created by cloning an area of the image onto another zone to make a duplication or to cancel something awkward.
ICASSP 2010, Dallas, 16 March 2010
4
The copy-move attack
ICASSP 2010, Dallas, 16 March 2010
5
The copy-move attack
ICASSP 2010, Dallas, 16 March 2010
6
Copy-move & SIFT
TARGET: Forensic analysis should provide instruments
to detect such a cloning and to estimate which transformation has been performed.
• In object detection and recognition, techniques based on scene modeling through a collection of salient points are often used.
• SIFT (Scale Invariant Features Transform) are usually adopted for their high performances and low complexity.
ICASSP 2010, Dallas, 16 March 2010
7
SIFT• SIFT features are detected at different scales by using a scale space
representation implemented as an image pyramid.• The pyramid levels are obtained by Gaussian smoothing and image sub-
sampling while keypoints are selected as local extrema (min/max) in the scale space.
• Such keypoints are extracted by iteratively computing the difference between two nearby scales in the scale-space (Difference of Gaussians - DoG).
original image
L(x,y,σ) D(x,y,σ)
Gaussians DoG
Gaussian filteringGaussian filtering
G(x,y,σ)
grey-scale
I(x,y)
ICASSP 2010, Dallas, 16 March 2010
8
SIFT• Once such keypoints are detected, SIFT descriptors are computed at their
locations in both image plane and scale-space. Each SIFT descriptor O consists in a histogram of 128 elements, obtained from a 16x16 pixels area around the corresponding keypoint.
• The contribution of each pixel is obtained by calculating the image gradient magnitude and direction in scale-space and the histogram is computed as the local statistics of gradient directions (8 bins) in 4x4 sub-patches of the 16x16 area.
• Finally each keypoint has a SIFT descriptor associated with it .
O,,,, dyxT [2] Lowe. “Distinctive image features from scale-invariant keypoints” Int.’l Journal of Computer Vision, 2004
ICASSP 2010, Dallas, 16 March 2010
9
The proposed approachDue to their invariance SIFT features are well-suited to detect forgeries through a matching operation.
Suspected image I
Features extraction and
matching
Geometric transformation
estimation
Hierarchical clustering
H
ICASSP 2010, Dallas, 16 March 2010
10
Matching among keypoints• The keypoints X={x1,..,xN} are extracted with a SIFT descriptor associated
• A similarity vector S={d1,….., dN-1} which represents the sorted euclidean distance in the SIFT space is computed for each keypoint.
• Two keypoints are then matched if the ratio d1/d2 < T (pre-defined).
• All matched keypoints are held; isolated ones are discarded.
ICASSP 2010, Dallas, 16 March 2010
11
Hierarchical clustering (1/2)• Agglomerative Hierarchical Clustering, based on spatial locations of matched keypoints, is
adopted.• Hierarchical clustering can be represented as a tree structure.• It starts by assigning each keypoint to a cluster, then it computes all the reciprocal spatial
distances among clusters.• The two clusters with the minimum distance are merged.
Criterion: the shortest distance
among members belonging to the two
different clusters!
C1 C2 CN-1 CN……..
C1,2
C1,2,8
C1,2,8, …
CN-1,N
ICASSP 2010, Dallas, 16 March 2010
12
Hierarchical clustering (2/2)• Clustering is stopped by evaluating the inconsistency coefficient (IC)
with respect to a threshold; • IC takes basically into account the average distance among clusters
and does not allow to join clusters spatially too far at that level of hierarchy.
ICASSP 2010, Dallas, 16 March 2010
13
Geometric transformation estimation
• Clusters which do not contain a significant number of matched keypoints are eliminated.
• Remained clusters are considered and their keypoints are used to estimate matrix H (homography) which moves one cluster into another one.
• Estimation is performed through RANSAC (RANdom SAmple Consensus) algorithm which permits to improve results by reducing the disturbing effect of outliers.
ICASSP 2010, Dallas, 16 March 2010
14
Geometric transformation estimationA contains rotation and scale parameters which can be determined by a Single Value Decomposition (SVD).
H
10TtA
H
Translation parameters are determined
by using clusters’ centroids
Rotation and scale parameters
ICASSP 2010, Dallas, 16 March 2010
15
Experimental results: forgery detection
ICASSP 2010, Dallas, 16 March 2010
16
Experimental results: forgery detection
ICASSP 2010, Dallas, 16 March 2010
17
Experimental results: forgery detection
ICASSP 2010, Dallas, 16 March 2010
18
Experimental results: forgery detection
ICASSP 2010, Dallas, 16 March 2010
19
Experimental results: forgery detection
ICASSP 2010, Dallas, 16 March 2010
20
Experimental results: transformation estimation
Translation
tx tx^ ty ty^
304 304.02 80.5 81.01
θ θ^
0 0.040
Rotation (no rotation)
sx sx^ sy sy^
1 1.004 1 0.998
Scaling (no scaling)
ICASSP 2010, Dallas, 16 March 2010
21
Experimental results: transformation estimation
tx tx^ ty ty^
304 305.02 80.5 80.82
Translation
θ θ^
20 20.067
Rotation
sx sx^ sy sy^
1.4 1.404 1.2 1.198
Scaling
ICASSP 2010, Dallas, 16 March 2010
22
Experimental results: transformation estimation
ICASSP 2010, Dallas, 16 March 2010
23
Experimental results: multiple cloning
ICASSP 2010, Dallas, 16 March 2010
24
Conclusions• Copy-move attack is detected by means of a SIFT-based
algorithm.
• Geometric transformation parameters are estimated.
• Such a technique has to be improved in relation with the size and the texture of the cloned patch.
• It could be applied against splicing attack when a suspected source image set is available.