We report below some useful references to approaches in the literature that are used for the detection of forgeries in images. The techniques reported provide a good amount of information that can be effectively exploited and combined to detect forgeries in the development and testing datasets of the challenge. The demo codes provided, as well as any source code of referenced methods available online, can be used by the teams as starting points for the design of their algorithm.
Photo-Response Non-Uniformity (PRNU)
In the image acquisition process, the final image is affected (among other sources of noise) by a subtle systematic distortion related to the specific sensor used. In natural images, this is mainly due to the PRNU (Photo-Response Non-Uniformity), which is caused by the different sensitivity of pixels to light and can be efficiently estimated starting from a set of images taken by the same sensor.
Being it present and approximately stable in every image the sensor takes, the PRNU pattern can be considered as a camera-specific fingerprint and represents the most used tool for the source camera identification task. In fact, once the PRNU pattern of a camera is estimated, one can extract the noise pattern from a generic image and compute the correlation with the reference PRNU pattern. If such images was taken by the specific camera the correlation is high, otherwise it is generally very low.
Below we report an example for the case of two cameras, where only 5 images per camera are used to estimate the PRNU pattern. When considering two fresh images and estimating their noise patterns, they are correlated to the corresponding source camera. The Matlab code can be downloaded here and is based on the algorithm published by the Digital Data Embedding Laboratory at SUNY Binghamton, available here.
In addition to source camera identification, the PRNU pattern is also a powerful tool for the localization of image manipulations. In fact, when a region of an image is replaced with content from elsewhere or undergoes strong processing, it will not exhibit the PRNU pattern of the source camera. A typical approach is to partition the image in smaller blocks and process them separately, by computing the correlation with the corresponding area of the PRNU pattern. This yields a map of correlation values, each one related to a single block, that can be simply thresholded to determine the final tampering map or processed by means of more sophisticated strategies. Recent approaches to this problem can be found in
- L. Gaborini, P. Bestagini, S. Milani, M. Tagliasacchi, S. Tubaro, “Multi-clue image tampering localization”, IEEE Workshop on Information Forensics and Security (WIFS), 2014.
- G. Chierchia, G. Poggi, C. Sansone and L. Verdoliva, “A Bayesian-MRF approach for PRNU-based image forgery detection”, IEEE Transactions on Image Forensics and Security (TIFS), 2014.
- P. Korus, J. Huang, “Multi-scale analysis strategies in PRNU-based tampering localization”, IEEE Transactions on Information Forensics and Security (TIFS), 2017.
Except for few cases, the forged images in the development and testing set have been created starting from original images that were taken with 4 different cameras for which we have also released 100 original images, particularly suited for the estimation of the PRNU pattern. The non-forged part of each image will be then correlated with one of these PRNU patterns, thus potentially enabling a PRNU-based forgery localization.
JPEG is the most used compression standard for digital images. The compression scheme is lossy, i.e., part of the information contained in the image is discarded when compression is applied. On one hand, this can destroy or strongly compromise signal traces present in the uncompressed image, thus reducing the chances to exploit camera-based fingerprints like the PRNU. On the other hand, the JPEG algorithm leaves other kind of traces that can also be used in the forensic analysis.
The core of the JPEG compression scheme is the quantization of the 8×8-block DCT coefficients, which is also the main source of detectable traces in the resulting image. In fact, their statistical analysis allows us to identify whether an image in an uncompressed format (like .tif) is actually never compressed or underwent a compression before being saved in the final format. Moreover, it is possible to determine whether a JPEG image underwent a previous JPEG compression before the very last one, i.e., it is double compressed.
Previous compression in uncompressed format images
When a natural image is truly never compressed, the histogram of its DCT coefficient at a generic AC frequency is smooth and resembles, as shown below (left). However, if the image has been previously JPEG compressed and then resaved in an uncompressed format, such an histogram will exhibit a different behaviour due to the fact that the coefficients have been quantized (right).
Starting from such histograms, statistical features can be computed and used to take a decision on the analyzed image. In the previous example, we report for instance the log-L_0 value, a quantity expressing the likelihood that the analyzed image is truly never compressed, as proposed in C. Pasquini, G. Boato, F. Pèrez-Gonzàlez, “Statistical detection of JPEG traces in digital images in uncompressed formats”, IEEE Transactions on Information Forensics and Security (TIFS), 2017. Such value is clearly higher for the left case (no compression) and lower for the right case (previous compression). Matlab code is available here.
Just like the PRNU correlation, such an analysis can be performed block-wise to obtain a map and identify inconsistencies between forged and non-forged regions. In fact, if the background image used in the creation of the forgery is originally JPEG compressed and a region is replaced or modified, saving the final image in uncompressed format will cause the presence of JPEG traces in the background that are absent in the forged region.
Previous compression in JPEG images
In the same situation as before, the forged image can be further compressed, so to obtain a JPEG file. In this case, the background results as double compressed, while the forged region exhibit only the traces of the very last compression.
This can be again detected and exposed by analyzing the quantized DCT coefficients stored in the JPEG file. Approaches in these direction are
- T. Bianchi, A. De Rosa, A. Piva, “Improved DCT Coefficient Analysis for Forgery Localization in JPEG Images”, Proceedings of ICASSP 2011, Prague, Czech Republic, May 2011, pp. 2444-2447.
- T. Bianchi, A. Piva, “Image Forgery Localization via Block-Grained Analysis of JPEG Artifacts”, IEEE Transactions on Information Forensics and Security (TIFS), 2012.
Recently, researchers have been trying to develop algorithms able to detect image forgeries in a blind fashion, i.e., without any knowledge on the source camera or the processing applied. For further information, we point the reader to:
- D. Cozzolino and L. Verdoliva, “Single-image splicing localization through autoencoder-based anomaly detection”, IEEE Workshop on Information Forensics and Security, 2016.
- D. Cozzolino, G. Poggi and L. Verdoliva, “Splicebuster: a new blind image splicing detector”, IEEE Workshop on Information Forensics and Security, 2015.