A Framework of Camera Source Identification ...

IEEE TRANSACTIONS ON CYBERNETICS

1

A Framework of Camera Source Identification Bayesian Game Hui Zeng, Jingxian Liu, Jingjing Yu, Xiangui Kang, Senior Member, IEEE, Yun Qing Shi, and Z. Jane Wang

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Abstract—Image forensics with the presence of an adversary, such as the interplay between the sensor-based camera source identification (CSI) and the fingerprint-copy attack, has attracted increasing attention recently. In this paper, we propose a framework of CSI game with both complete information and incomplete information. A noise level-based counter anti-forensic method is presented to detect the potential fingerprint-copy attack, and unlike the state-of-the-art countermeasure of the triangle test, it does not need to collect the candidate image set. With the existence of countermeasure, a rational forger needs to balance the tradeoff between synthesizing source identification information and leaving new detectable evidence of raising the noise level of a forged image. The mixed-strategy other than the sequential-move assumption is adopted to solve the games. The Bayesian game is introduced to address the information asymmetry in practice. The Nash equilibrium of both the complete information game and Bayesian game are theoretically analyzed, and the expected Nash equilibrium payoff of a Bayesian game is obtained. Nash equilibrium receiver operating characteristic curves are adopted to evaluate the detection performance. Simulation results show that the information asymmetry can remarkably affect the final detection performance. To our knowledge, this paper is the first attempt in analyzing a Bayesian forensic game with practical information asymmetry. Index Terms—Anti-forensics, Bayesian game, camera source identification (CSI), complete information game, counter antiforensics, forensics, game theory.

I. I NTRODUCTION

29

32 33

AQ2

ITH the advances of image processing techniques [1], [32], manipulating image content becomes easier, and image forensics, which aims to identify the originality or authenticity of an image based on some

W

IEE

30 31

intrinsic characteristics, has drawn much attention in the last decade [2]. While existing forensics techniques are successful in detecting various image manipulations, some farsighted forgers with advanced knowledge of image processing can also adopt so called anti-forensics to trick forensics by removing or forging the characteristics upon which forensics is based [3]. The development of anti-forensics urges researchers to evaluate the robustness of forensics in the adversary environment, and furthermore, to find more convincing forensic techniques. Sensor-based camera source identification (CSI) was first proposed in [4] and [5]. Noise residue of an image was extracted from the wavelet domain and the photo response nonuniformity (PRNU) factor of a camera was estimated using a maximum likelihood approach. A series of post-processing is performed to suppress artifacts from PRNU. Since then, several works have been proposed to improve the performance of this sensor-based CSI method [6]–[9]. In [6], peak to correlation energy was proposed to suppress the impact of periodic noise. Enhancing models were proposed to eliminate the interference from image details in [7]. A camera reference phase sensor pattern noise was proposed to further attenuate the interference from image details and the camera signal processing [8]. PRNU was binary quantized to improve the computational efficiency while maintaining an acceptable matching accuracy, which make the PRNU-based matching methods more practical in a large database [9]. In this paper, we refer these CSI methods as the source test. In [10], an anti-forensic method known as fingerprint-copy attack was proposed to trick the CSI methods. A forger steals some images from a victim and estimates a fake fingerprint K using these stolen images. Then the forger copies K to another image with illegal content and frames the victim as the person who took the illegal image. This attack raises a concern that innocent people could be framed and criminals could claim their innocence. To defeat the fingerprint-copy attack, Lukas et al. [4], Chen et al. [5], and Goljan [6] proposed a countermeasure, which is called the triangle test [11]. The basic idea behind the triangle test is that there is a shared non-PRNU component between the extracted noise of a stolen image and that of a forged image. In the triangle test, it is assumed that all N stolen images are included in the Nc candidate images collected by the investigator. The experimental results in [11] have shown that it is quite reliable in detecting the fingerprint-copy attack when the investigator could collect the stolen images accurately, i.e., N/Nc is large enough.

of

2

ro

1

EP

AQ1

Manuscript received October 12, 2015; revised February 19, 2016; accepted April 14, 2016. This work was supported in part by the NSFC under Grant 61379155, Grant U1536204, Grant 61502547, and Grant 61332012, in part by the National Science Foundation of Guangdong Province under Grant s2013020012788, and in part by the Natural Sciences and Engineering Council of Canada. A portion of this paper was presented at the International Workshop on Digital-forensics and Watermarking 2013, Auckland, New Zealand, and won Best Student Paper Award. This paper was recommended by Associate Editor Y. Xiang. H. Zeng, J. Liu, J. Yu, and X. Kang are with the Guangdong Key Laboratory of Information Security, School of Data and Computer Science, Sun Yat-sen University, Guangzhou 510006, China (e-mail: [email protected]). Y. Q. Shi is with Department of Electrical and Computer Engineering, New Jersey Institute of Technology, Newark, NJ, USA (e-mail: [email protected]). Z. J. Wang is with Department of Electrical and Computer Engineering, University of British Colombia, Vancouver, BC, Canada (e-mail: [email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TCYB.2016.2557802

c 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. 2168-2267  See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80