Image forgery detection based on SIFT and k-means++ (PDF ...

21 downloads 17070 Views 1MB Size Report
watermarking and digital signature require pre-embedded. information in the image. Whereas ... move forgery detection methods which are the block-based and.
Image Forgery Detection based on SIFT and k-means++ Elif Baykal, Beste Ustubioglu, Guzin Ulutas Department of Computer Engineering Karadeniz Technical University Trabzon, Turkey [email protected], [email protected], [email protected] the keypoint-based methods. Fridrich et al. [1] proposed the first method in the literature which uses Discrete Cosine Transform (DCT). Instead applying this method on whole image, Fridrich et al. divided image into overlapping blocks and apply their feature extraction technique to each block to obtain DCT coefficients and sort them lexicographically to detect forged regions. This method has higher detection results in comparison with exhaustive search,. On the other hand, Popescu and Farid [2] firstly offered to use Principal Component Analysis (PCA) method after DCT for reducing the feature size. Similarly, Li et al. [3] transformed the image into frequency domain based on Discrete Wavelet Transform (DWT) for reducing number of blocks. Then, they applied Singular Value Decomposition (SVD) to low frequency bands for extracting features from the blocks and calculated similarity of them. Luo et al. [4] extracted average block color features and intensity ratio and computed their similarity to determine possible forged regions. Bayram et al. [5] attempted to solve the rotation attack on image and proposed to use block based Fourier Mellin Transform (FMT). According to their results, this method works well only on small degree of rotations.

Abstract—Copy move attack, a special type of image forgery, is performed by copying a part of the image and pasting anywhere else in the same image. Besides block-based methods, keypointbased methods like Scale Invariant Feature Transform (SIFT) are improved for detection of copy move attacks. In this method, firstly image keypoints are extracted and a 128 dimensional feature vector named as SIFT descriptor is generated for each keypoint. Then, these keypoints are matched using Euclidean distance among their descriptors. Although this method is good at detection of copy move attacks, it has drawback. Computational complexity is huge and increases with the size of the image. To overcome this drawback, we propose to use k-means++ method for clustering the SIFT descriptors. Thus, each keypoint is matched with keypoints only in its cluster instead of all other keypoints. This proposed hybrid method allows us to decrease the time complexity of the SIFT method considerably. Keywords—Copy move attack; Image forgery; Scale Invariant Feature Transform (SIFT); k-means; k-means++.

I. INTRODUCTION Advanced technology for image editing like Photoshop and 3D Max makes easier to create forgeries via manipulating the content of the digital images. Because verifying the authenticity and wholeness of images have becoming difficult day by day, improving new techniques is becoming a major issue in a variety of areas, especially digital forensics, medical imaging, journalism, criminal investigations. Different approaches have been proposed to detect image forgery and they are mainly categorized into two domains: The first one is Active and the second one is Passive methods. Active methods including watermarking and digital signature require pre-embedded information in the image. Whereas, passive methods don’t require any information before and use available features of images. Because of these reasons, passive methods have attracted more interest by researchers recently.

(a)

Fig. 1. (a) Original image (b) Example of copy move attack

Alternatively, keypoint based methods have explored for identifying forged regions. These methods are robust to geometrical operations such as rotation and scaling. Firstly, Huang et al. [6] suggested using the SIFT method for extracting keypoints and 128 dimensional keypoint descriptors. These keypoints are matched by comparing their descriptors. Finally, Huang et al. defined matched keypoints as forged region in the image. Amerini et al. [7] also utilized from SIFT to estimate the geometric transformation on the forged regions like in [6]. Pan and Lyu [8] offered to estimate the affine transformation between the forged regions using the matched SIFT keypoints. Hashmi et al. [9] suggested a new hybrid method which combines Dyadic Wavelet Transform (DyWT) with SIFT.

In this paper we analyzed a copy move attack. Fig. 1 is given to show how copy move attack is realized. Fig. 1(b) represents the example of copy move attack which is created by using the original image in Fig. 1(a). In this example, attack is created by copying a part of the original image and pasting anywhere else in the same image to hide some information [1]. Up to now, researchers have been developed different copy move forgery detection methods which are the block-based and

978-1-5090-1288-6/16/$31.00 ©2016 IEEE

(b)

474

TSP 2016

Besides having good accuracy results, it also has robustness to scale, rotation and noise addition attacks. Bi et al. [10] proposed a Multi-Level Descriptor (MLDD) extraction method and Hierarchical Feature Matching method to detect copy move forgery attacks. They obtain better detection results and their method has robustness to various attacks as in [10] and also JPEG and down-sampling attacks. Because of the fact that SIFT keypoints are robust to several geometric transformations, these methods are good at rotation attack. On the other hand, these methods have the disadvantage of computational complexity. Because, they compare all descriptors with the others one by one. And this complexity will increase with image size.

For this reason, we propose to use k-means++ clustering algorithm for clustering the keypoints based on their descriptors. Thanks to this algorithm, each keypoints are matched with keypoints only in its cluster rather than all other keypoints. A. Scale Invariant Feature Transform (SIFT) SIFT is an algorithm that transforms an image data into local feature vectors. These features have robustness to geometric transformations like translation, scaling and rotation [11]. This algorithm consists of the four stages as below. •

Scale-space Extrema Detection

In this paper, a new forgery detection method is proposed for reducing time complexity of SIFT using k-means++ clustering method. In proposed method, SIFT keypoints are clustered based on their descriptors. Then, each keypoints are matched with keypoints only in its cluster instead of all other keypoints. The proposed method can detect copy move attack very fastly without decreasing the number of matched keypoints in other words accuracy of matching.

Let , be an image, detection of the scale-space extrema is generated by repeatedly smoothing an image by convolving it with a Gaussian , , at different scales as shown by (1) and sub-sampling its resolution and finally a pyramid is obtained.

The rest of the paper organized as follows. In section 2 proposed method based on SIFT and k-means++ is explained. In section 3, the results of the method are presented. Finally section 4 concludes the paper.

For extraction of keypoints, an approximate computation of Laplacian of Gaussian (LoG) is used. This is also named as Difference of Gaussian (DoG) and implemented as below.

II.

, ,

, ,

, ,

PROPOSED METHOD

A block diagram of the proposed method is given in Fig. 2. Firstly, SIFT is used to extract keypoints from the image and then, 128 dimensional feature descriptor is generated from each keypoint. Therefore, matching among these keypoints performed by calculating similarity between their descriptors for the task of determining possible forgery. This matching procedure has one drawback: its computational complexity is very high.



, ,

,

(1)

, ,

(2)

For each pixel, it is determined that the pixel is local extrema or not. Briefly, if the pixel has the lowest or the highest value than all its 8 neighbors and 9 neighbors at one scale higher and lower than it is considered as a keypoint. •

Keypoint Localization

Low contrast or edge keypoints is needed to eliminate. To do this Taylor expansion of DoG and Hessian detector is used respectively. •

Orientation Assignment

So as to create rotation invariant keypoint, this method assigns to each keypoint an orientation. Let , , be an image sample at scale , the gradient magnitude , and orientation  , are calculated by the (3) and (4). 1 ,

, , •

1,

,

1

,

,

1

, ,

,

(3) (4)

Generation of Keypoint Descriptor

The final step is to produce feature descriptor for each keypoint. In order to achieve this, orientation and magnitude are computed in 16 × 16 neighborhoods at keypoints. It is then split into 4 × 4 blocks and for each block 8 bin histogram is generated. Finally, these 16 histograms are combined and produced a 128 dimensional keypoint descriptor. Fig. 2. A block diagram of the proposed method

475

Second test shown in Fig. 5 is implemented to point out the results of the proposed approach when the 30° rotation attack is applied on the image. Fig. 5(a) represents the original image and it is corrupted by the mask created by GIMP as in Fig. 5(b) and finally forged image shown in Fig. 5(c) is created. The distinct results of the detection method for four clusters and also combined four clusters are given in Fig. 6. The matched keypoints for Cluster 1, Cluster 2, Cluster 3 and Cluster 4 are 4, 39, 40 and 29 respectively. The total matched keypoint is 112.

B. k-means++ k-means++ is an algorithm proposed by David Arthur and Sergei Vassilvitski [12], in which initialize the center of the clusters for the k-means clustering algorithm. Let represents the distance which is calculated between a data point and its closest center. The algorithm consists of the following steps. 1. Select one center 2. Compute

at random from the data points .

for each data point.

3. Select one new center from the ⁄∑  . probability

, using a weighted

4. Repeat 2-3 until k centers have been selected.

(a)

5. Continue the algorithm with the standard k-means.

(b)

(c)

Fig. 5. (a) Original image (b) Mask of the forgery (c) Forged image

In spite of the fact that steps (2-3) takes extra time, the kmeans step (5) converges very fastly after this contribution and thus the algorithm reduces the computation time significantly. III.

EXPERIMENTAL RESULTS

Experiments are done on totally 45 images of size 200 × 200 pixels, 512 × 512 pixels and 1024 × 768 pixels that are chosen from the Google search and Comofod database [13,14]. The GIMP program is used to create the forged images. And, the method is implemented in Matlab 2015a on a Laptop equipped with Intel Core i7 CPU and 8GB RAM.

Cluster 1

The proposed approach is firstly tested on images which corrupted by simple attack. Fig. 3(a) represents the original image and it is corrupted by the mask created by GIMP as in Fig. 3(b) and finally forged image shown in Fig. 3(c) is created. The distinct results of the detection method for four clusters and also combined four clusters are given in Fig. 4. The matched keypoints for Cluster 1, Cluster 2, Cluster 3 and Cluster 4 are 6, 26, 12 and 30 respectively. The total matched keypoint is 74.

(a)

(b)

Cluster 2

Cluster 3

Cluster 4

Cluster1+Cluster2+Cluster3+Cluster4 Fig. 6. Results of the proposed method

Final test shown in Fig. 7 is also tested to point out the results of the proposed approach. In this test, the multiple copy move attack is applied. Fig. 7(a) represents the original image. Forged image shown in Fig. 7(c) is created by the mask created by GIMP as in Fig. 7(b). The distinct results of the detection method for seven clusters and also combined seven clusters are given in Fig. 8. The matched keypoints for Cluster 1, Cluster 2, Cluster 3 and Cluster 4, Cluster 5, Cluster 6 and Cluster 7 are 17, 32, 29, 27, 6, 10 and 26 respectively. The total matched keypoint is 147.

(c)

Fig. 3. (a) Original image (b) Mask of the forgery (c) Forged image

(a) Cluster 1

Cluster 2

Cluster 3

(b)

(c)

Fig. 7. (a) Original image (b) Mask of the forgery (c) Forged image

Cluster 4

The results given in Fig. 4, Fig 6. and Fig. 8 respectively designate that the proposed method detects the forgeries considerably when the simple, rotation and multiple attacks are applied on the images. Also the number of the matching doesn’t decrease when the clustering algorithm applies on the SIFT descriptors.

Cluster1+Cluster2+Cluster3+Cluster4 (d) Fig. 4. Results of the proposed method

476

TABLE I. # of Clusters

TIME COMPLEXITY COMPARISON (EXECUTION TIME IN SECONDS)

2

3

4

5

6

7

8

9

10

200x200

0.1346

0.1330

0.1130

0.1248

0.1372

0.1622

0.1311

0.1277

0.1321

512x512

1.0761

0.8596

0.7836

0.7616

0.6733

0.5917

0.6078

0.6107

0.6132

1024x768

12.5789

8.4383

6.4271

5.4759

4.7015

4.0117

3.5132

3.0799

3.5172

Image size

IV. CONCLUSION

Cluster 1

Cluster 2

Cluster 3

The keypoint based matching methods are commonly used by researchers for detection of copy move attack. While number of keypoints are increasing, the computational requirements will increase in these methods so less execution time will be required. In this work, we used k-means++ method for clustering SIFT keypoints to reduce time complexity of [7]. Experimental results show that the proposed method reduces execution time of [7] considerably with same accuracy ratios. Our work detects also rotation and multiple copy move attack as in [7].

Cluster 4

REFERENCES [1] Cluster 5

Cluster 6

Cluster 7

All Clusters

[2]

Fig. 8. Results of the proposed method [3]

In the experiments, to get the accurate results the program was ran 20 times and taken the average of the execution times. Also, the number of clusters was determined according to the execution time of the proposed method for each image size. As the number of clusters is varied from 2 to 10 as seen from Table 1, the number of clusters that gives minimum execution time is selected as the best and underlined in the table. Consequently, best cluster is determined as 4, 7 and 9 for image size of 200 × 200 pixels, 512 × 512 pixels and 1024 × 768 respectively.

[4]

[5]

[6]

The proposed method is compared to SIFT [7] method in the literature to show the superiority in terms of execution time. Table 2 indicates that using the k-means++ with SIFT reduces execution time. Table 2 also lists execution times (s) of proposed method and [7] for various test image sizes. Execution time increases as the size of test image is increased. Execution time for proposed method with an image of size 1024 × 768 is approximately 3.07 seconds whereas [7] performs for the same image in 28.68 seconds. Table 2 clearly indicates time efficiency of the proposed method while the size of the doctored image is increasing. TABLE II.

[7]

[8]

[9]

[10]

EXECUTION TIME (S) FOR SEVERAL OF SIZE IMAGE

Image size

SIFT [7]

Proposed

200x200

0.3444

0.1130

512x512

2.5958

0.5917

1024x768

28.6889

3.0799

[11]

[12] [13] [14]

477

J. Fridrich, “Detection of copy-move forgery in digital images”, Digital Forensic Research Workshop, Cleveland, OH, 2003, pp. 19–23. A. C. Popescu, H. Farid, “Exposing digital forgeries by detecting duplicated image regions”, Tech. Rep. TR2004-515. Q. T. D. S. S. Li, G. Wu, “A sorted neighborhood approach for detecting duplicated regions in image forgeries based on DWT and SVD”, ICME, 2007. W. Luo, J. Huang, G. Qui, “Robust detection of region-duplication forgery in digital images”, Proceedings of ICPR–IAPR International Conference on Pattern Recognition, vol. 4, 2006, pp. 746–749. S. Bayram, H. Sencar, N. Memon, “An efficient and robust method for detecting copy-move forgery”, IEEE International Conference on Acoustics, Speech and Signal Processing, 2009, pp. H. Huang, W. Guo, and Y. Zhang, “Detection of copy-move forgery in digital images using SIFT algorithm,” in Proc. IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application, Wuhan, China, 2008. I. Amerini, L. Ballan, R. Caldelli, A. Del Bimbo, G. Serra, ‘‘A sift based forensic method for copy move attack detection and transformation recovery’’, IEEE Trans on Information Forensics and Security,6 (3), 2011, pp. 1099-1110. X. Pan, S. Lyu, “Detecting image region duplication using SIFT features”, in: Proceedings of ICASSP–IEEE International Conference on Acoustics, Speech, and Signal Processing, Dallas, TX, USA, 2010, pp. 1706–1709. M. F. Hashmi, V. Anand, A. G. Keskar, “Copy-move Image Forgery Detection Using an Efficient and Robust Method Combining Undecimated Wavelet Transform and Scale Invariant Feature Transform”, vol.9, 2014, pp.84-91. Xiuli Bi, Chi-Man Pun, Xiao-Chen Yuan, “Multi-Level Dense Descriptor and Hierarchical Feature Matching for Copy–Move Forgery Detection”, Information Sciences, vol.345, 2016, pp.226-242. D.G. Lowe, "Object recognition from local scale-invariant features," Computer Vision, 1999. The Proceedings of the Seventh IEEE International Conference on , vol.2, 1999, no., pp.1150,1157. D. Arthur, S. Vassilvitskii, “k-means++:the advantages of careful seeding”,in:Proceedings of the 18th SODA, 2007, pp.1027-1035. CoMoFoD database, available at: http://www.vcl.fer.hr/comofod. Google Image Search: http://images.google.com/.