Mobile QR Code

1. (School of IT Information & Control Engineering IT Convergence & Communication Engineering, Kunsan National University / Korea hwang@kunsan.ac.kr])
2. (School of Electronics Engineering, Chosun University / Gwangju 61452, Korea khrhee@Chosun.ac.kr )

Copy-Move forensics, Forgery image, Feature matching, SIFT feature

## 1. Introduction

Digital images are a major means of communication medium containing large amounts of information on modern social media. Images can easily represent the world of our lives. They can be transmitted and distributed using storage devices (USB memory, DAS, NAS, SAN, External HDD, etc.) or communication facilities (Wired/Wireless internet, Mobile and Space, etc.). Still, the trust in images not obtained from safe sources has emerged as an image forensics problem. Media manipulation can be easily done by anyone using media editing tools (Premiere, Final Cut Pro and After Effects, etc.). However, malicious media editing and distribution cause infringement of personal data.

A Copy-Move tampering method selects a part of an image and copies it to another area within the same image. Such modulation is a method widely used in the field of image forensics. If there are offensive means (Tampering, Manipulation, and Modulation), defensive means must be developed (Detection, Classification, and Decision). So, the Copy-Move forgery detection (CMFD) method is being developed day by day [1].

There are two main methods for detecting Copy-Move: 1) a forgery image to be tested is divided into blocks and features are extracted from each block. If blocks divided into n${\times}$n pixel square types have similar characteristics, these blocks are regarded as a Copy-Move area. However, since all blocks must be compared and computed, the computational cost is high, and other geometric transformations cannot be processed. On the other hand, using the SLIC (Simple Linear Iterative Clustering) method proposed by [2], the 2D superpixel of the image is calculated and divided into irregular shapes rather than a regular square segment of the former. This method groups pixels into regions with similar values. Using this region for image processing operations such as segmentation can make the operation less complex, and 2) similar regions can be found based on key points (KP) of pixels without segmenting the image [3]. This method is also difficult to manage smooth locales such as weak textures.

In detecting a Copy-Move, SIFT (Scale-Invariant Feature Transform) [4] is the most basic method used. SIFT is a method that extracts features that are invariant to the size and rotation of an image. The basic principle is that by extracting the SIFT features from two different images and then matching the most similar features, it can find the corresponding parts in the two images. In other words, the method can find and match the same object in the image with the same content, although the size and rotation of the two images are different.

##### Fig. 1. Match the blue road sign in the two images using SIFT features.

However, since SIFT process identical features in pairs, unrelated pixels can be matched in pairs because they have similar features. These 'Bad key point' incorrectly indicates the pixels of the copy and the move area in CFMD.

The CMFD method has been improved to compensate for these shortcomings by combining various image processing techniques [5-7]. Representative technologies to be applied include corner component detection [8] and texture processing [9] within an image. However, there is a problem with JIT (Just In Time) in the age of social media. An increase in computing cost and the processing time to determine Copy-Move due to an increase in the dimension of a feature vector extracted for CMFD.

In this paper, a new SIFT-based CMFD scheme using only a feature set of SIFT is implemented in the definition that under the patches have the same SIFT-based feature set if the same patches exist in the Copy-Move forgery image.

The contribution of the proposed scheme can be summarized as follows.

·Low-dimensional structure because the features are not extracted as fusion type, only SIFT based.

·The computational cost for feature extraction is low.

·Possibility detection and decision have rapid time.

·Low computing costs and fast detection facilitate JIT processing online.

The rest of this paper is organized as follows. The following section describes SIFT method. In Section 3, the proposed scheme for CMFD is implemented, and Section 4 presents the experimental results, the performance evaluation, and the discussion of the results effect. Lastly, Section 5 concludes.

## 2. SIFT Features

The SIFT is a method [4] that extracts features from (a) and (b) of the two images in Fig. 1 [13], finds pixels with similar features, connects them with lines as shown in (c), and finds pixels with identical features.

However, there are cases where 'Bad key point' appears, as shown in (c), due to the connection of similar features in the two images.

The extraction process of SIFT features set proceeds as follows.

1. Create a "Scale-space: 4 Octave steps".

2. Difference of Gaussian (DoG) operation.

3. Finding Key points.

4. Remove Bad Key points: satisfy Scale invariance.

5. Assign directions to Key points: satisfy rotation invariance and assigns fingerprints (Gradient direction and magnitude, Dependance of rotation and brightness).

6. Finally extracting SIFT Features.

## 3. The Proposed Scheme

For a new Copy-Move Forgery image Detection (CMFD) implementation, we work to precise group the pixels within each Copy-Move forgery area.

By removing the incorrect key points from the features shown in Fig. 1(c), we want to accurately group the pixels in each Copy-Move area. For this purpose, the proposed scheme eliminates unnecessary key points for Copy-Move area detection by refining the SIFT features extracted in Section 2, Step 6.

Fig. 2 shows the flow diagram of the proposed CMFD scheme. Each block shows how the example is processed.

▪ The flow of each functional block and operation of the proposed scheme in Fig. 2 follows.

▪ [SIFT-based Feature Extraction]

Step 1. The basic SIFT features extracted block by [4] as a preprocessing of the forgery image. The first image of block ➊ is a forgery image, and the second image is marked (red *) with key point pixels with SIFT features. This key point is assigned with the characteristics in Section 2, step 5; the descriptor with a rotation-invariant direction and a transformed line (cyan) presented in the third image. The pixels having similar descriptors are connected to each other (red line: called 'KP' means 'key point') in the fourth image.

[SIFT Feature Refinement]

Step 2. In the block ➋, among the descriptors of the 4th image in the block ➊, the histogram is used to select the most similar 'KP'. (Example of in Figure: it finds the connection length of key points of similar descriptors. In a histogram with the number of bins of 1000, then 51 pairs of similar 'KPs' are extracted.)

Step 3. Find the deviation slopes from the block ➋. (Example of in Figure: among the 51 similar descriptors, 48 pairs of similar descriptors in the similar direction are defined within the deviation slope in the histogram where the connection line in the range is 0 to 2pi and the number of 20 bins.)

Step 4. Drop off the deviation slopes of 'KP', then grouping the majority 'KP' in the block ➌.

Step 5. For the CMFD, finally 'KP' with the slope is refined.

Step 6. From the block ➍, make a block of 16${\times}$16 pixels (Expansion size to represent the defined one point SIFT feature pixel visually) around the coordinates of both ends of the KP, and generate a ground truth (GT) image with the ball-type dilation image in the block ➏. However, the GT image includes only a line element.

Step 7. As with the operation of Step 6, the block ➎ operates in the same way in the block ➐. Moreover, the GT image includes a line length and slope elements.

Step 8. GT image ➐ is derived with the SIFT-based feature refinement, better than ➏, and the Copy-Move area is detected as ➑ by cross operation with the forgery image ➊ under the forgery test image.

## 4. Performance Evaluation

The MATLAB 2021a tool was used as simulation software on a PC environment (64 bit Win10 Pro, AMD Ryzen9 3950X$^{\mathrm{Ⓡ}}$ 16-Core CPU @3.5GHz, 128GB DDR4 memory, and NVIDIA 2080Ti Double graphic boards). For evaluating the performance of the proposed CMFD scheme, all Copy-Move 160 forgery images are executed in the GRIP data set [10], which also provides together a binary ground truth (GT) of the copy and move areas in the forgery image.

First, as a preliminary step of the performance evaluation of the proposed CMFD scheme, 'TP\_C02\_039\_copy.png (Image shaking phenomenon)' in the GRIP forgery image is used under the experiment.

In the proposed scheme: Step 2, for grouping with similar 'KP', twenty histograms were prepared with 100-step increments with the number of bins ranging from 100 to 2,000 as shown in Fig. 3 (1st and 2nd row). Also, each histogram presents the number of 'KP's with a similar length, and kurtosis, respectively. Subsequently, the SIFT with the grouping 'KP's, the slope of the 'KP's belonging to the largest bin ranges from |0~π| to obtain a histogram bin 20 which presented in 3rd and 4th row corresponds to each of 1st and 2nd row. In Fig. 3, the number of 'KP's (1st and 2nd row) is reduced by refining to (3rd and 4th row). In this histogram, the lines belonging to the largest bin are refined with similar slopes among the lines of a similar length selected in 1st and 2nd-row histogram correspondence each histogram, respectively.

Table 1 shows the reduced number of refined 'KP's from (1st and 2nd row) to (3rd and 4th row) with a histogram corresponding to each in Fig. 4.

For comparing the performance of GT images, the GT of the test forgery image is shown in Fig. 6(a). Twenty GT images considering only the line lengths of the 1st and 2nd rows in Fig. 5 are averaged, and the GT image is shown in (b). Next, the GT image of the proposed scheme is generated as shown in (c) with the average of twenty GT images of the 3rd and 4th in the same way.

From the test forgery image, original (Ori.) GT, the SIFT-based features, and the proposed CMFD scheme's features are compared as shown in Table 2. The pixel areas of each GT are calculated (Ori.: 45,274, the SIFT based: 46,620, and The proposed: 42,554), respectively.

##### Table 1 Reduced Number of 'KP's Refinement in Fig. 4.
 Consider: Line length only Cosider: Line length + Slop both Colm. No. 1st → 3rd row Colm. No. 2nd → 4th row 1 67 → 57 1 46 → 45 2 52 → 48 2 45 → 45 3 51 → 48 3 45 → 45 4 48 → 46 4 45 → 45 5 48 → 46 5 45 → 45 6 47 → 46 6 45 → 45 7 47 → 46 7 45 → 45 8 46 → 45 8 45 → 45 9 46 → 45 9 45 → 45 10 45 → 45 10 45 → 45
##### Fig. 4. Proposed key point (KP) according to SIFT-based (1st and 2nd row) and refinment (3rd and 4th row).

The detect ratios with Ori. GT is calculated (the SIFT based: 1.03, and The proposed: 0.94) individually. Also, against Ori. GT, the matching ratio of 'KP's in Copy-Move areas are calculated as 0.8562. Table 2 shows the execution results of the proposed CMFD scheme under the test forgery image: TP\_C02\_039\_copy.png in GRIP.

##### Table 2 Experiment Results under Test Forgery Image (Test image No.: TP\_C02\_039\_copy.png in GRIP).
 Evaluation Items SIFT-based [4] Proposed CMFD Scheme Num. of Key points (KPs) 1,297 45 Ground Truth (GT) Area: Pixel 46,620 42,554 Ratio of Ground Truth Area vs. Ori. GT Area (45,274): Pixel 1.0297 0.9399 Ratio of Matching Feature vs. Ori_GT 0.8562 0.8562 Execution Time 15sec. 3mim. 4sec.

In Table 2, when the area of Ori-GT was set to '1', the proposed scheme detected 94% of the Copy-Move area, but it was confirmed that the SIFT-based features exceeded '1'.

Figs. 6(a) and (c) are crossing over and becomes Fig. 7(a). The (White + Green) area is Ori. GT and (White + Red) area is the proposed GT so, the white area is defined as the final Cut-Paste area, which draws with the red line on the forgery image (c). Fig. 7 shows the detection procedure of the proposed scheme.

Some forgery images are to be re-transformed because a malicious try to hide a trace forensic detection. Re-transforms with several cases: (a) Lossy format JPEG, (b) Blurred, (c) Shaking, and (d) Haze in Fig. 8. The left column is a re-transformed forgery image, and the middle column is Ori. GT, and the right column are the proposed GT's Copy-Move detection area.

##### Fig. 9. Copy-Move detection compared with [10] and [4].

The proposed CMFD scheme applied to the non-GRIP forgery image of the previous work [10-12], as shown in Figs. 9 and 10, respectively.

Table 3 shows the execution results, and the evaluation items show the average value of all 160 Copy-Move Forgery images in the GRIP forgery image data set. Among all 160 forgery images, four images can not extract the feature set: non - Key point because there are almost no texture components. The evaluation item's values are averaged with 160 images.

As mentioned in Table 2 and explained in Fig. 7(a), it was confirmed that when (Ratio of Ground Truth Area vs. Ori\_GT Area) approaches '1', this result is an 'Excellent' grade for CMFD utility without exceeding '1'.

##### Table 3 Average Experimental Results. All 160 Forgery Images in GRIP Dataset.
 Evaluation Items SIFT-based [4] Proposed CMFD Scheme Ave. Num. of Key points 2,889 61 Ave. Ground Truth Area 46,620 42,554 Ave. The ratio of Ground Truth Area vs. Ori_GT Area (33,495 Pixels) 1.363 0.9781 Ave. The ratio of Matching Feature vs. Ori_GT 55.9% 86.2% Num. of images with non-Extracted Key point 4 4 Ave. execution time per one image 3min. 20sec. Total Elapsed time 8hr. 7min.

## 5. Conclusion

In this paper, we extracted SIFT-based features of the image, found pixels with similar key points among them, obtained the line's length and slope between the found pixels, and found the line's length and slope. Lines with similar lengths and slopes were selected and grouped, and the largest group was defined as a feature set with pixel information in the Copy-Move area.

We implemented a new CMFD scheme using our feature sets. Each feature set extracted for the proposed CMFD has coordinates of pixels belonging to the copy-move area, respectively. The proposed CMFD scheme is a passive forensic tool requiring no prior information on the forgery image under forensic detection. Also, the proposed CMFD scheme detected the Copy-Move region well in Lossy format JPEG, Blurred, Shaking, and Haze images. In particular, the detection rate of GT was very close to '1', which was an excellent grade.

Thus, the proposed scheme can be beneficial in many areas of image forensics.

### ACKNOWLEDGMENTS

This research is supported by NRF 2021R1A2C1003406 (National Research Foundation of Korea)

Also, the authors would like to thank the leading researchers in this study field, the hidden reviewers whose meaningful comments, and the official working of Journal Coordinator and Editor, IEIE Transactions on Smart Processing and Computing. With the treatments, this paper could be written thoughtfully.

### REFERENCES

1
Hansda R., Nayak R., Balabantaray B. K., March 2021, Copy-Move Image Forgery detection via Combined Pseudo-Zernike Moment Invariant, 3rd Int'l Conf. on Energy, Power and Environment: Towards Clean Energy Technologies, added to IEEE Xplore
2
Achanta R., Appu Shaji , Smith K., Lucchi A., Fua P., Susstrunk S., May 2012, SLIC Superpixels Compared to State-of-the-art Superpixel Methods., IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 34, No. 11, pp. 2274-2282
3
Pan X., Lyu S., 2010., Region Duplication Detection Using Image Feature Matching, IEEE Trans. on Information Forensics And Security, Vol. 5, No. 4
4
Lowe D. G., 2004, Distinctive image features from scaleinvariant keypoints, Int'l Jour. of Computer Vision, Vol. 60, No. 2, pp. 91-110
5
Wang C., Zhang Z., Li Q., Zhou X., Nov. 2019, An Image Copy-Move Forgery Detection Method Based on SURF and PCET, IEEE Access, Vol. 7, pp. 170032-170047
6
Christlein V., Riess C., Jordan J., Riess C., Angelopoulou E., 2012, An Evaluation of Popular Copy-Move Forgery Detection Approaches, IEEE Trans. on Information Forensics and Security, Vol. 7, No. 6, pp. 1841-1854
7
Vega E. A. A., Fernández E. G., Orozco A. L. S., Villalba L. J. G., Jan. 2020, Passive Image Forgery Detection Based on the Demosaicing Algorithm and JPEG Compression, IEEE Access, Vol. 8, pp. 11815-11823
8
Harris C. G., Stephens M., 1988, A Combined Corner and Edge Detector, Alvey Vision Conf, pp. 147-151
9
Rhee K. H., June. 2020, Detection of Spliced Image Forensics Using Texture Analysis of Median Filter Residual, IEEE Access, Vol. 8, pp. 103374-103384
10
Mahdian B., Saic S., Sept. 2007, Detection of copy\textendash{}move forgery using a method based on blur moment invariants, Elsevier, Forensic science Int'l, Vol. 171, pp. 180-189
11
Available June 2021., CoMoFoD - Image Database for Copy-Move Forgery Detection, https://www.vcl.fer.hr/comofod
12
Meena K. B., Tyagi V., 2019, A copy-move image forgery detection technique based on gaussian- hermite moments, Multimedia Tools and Applications, Vol. 78, No. 23, pp. 33 505-33 526
13
Available June 2021., https://bskyvision.com/21

## Author

##### Jae Jung HWANG

Jae Jung HWANG is Professor of School of IT Information & Control Engineering IT Convergence & Communication Engineering Major, Kunsan national University, Kunsan, South Korea.

##### Kang Hyeon RHEE

Kang Hyeon RHEE (Life Member, IEIE) received the B.S. and M.S. degrees in electronics engineering from Chosun University, Gwangju, Korea, in 1977 and 1981, respectively, and the Ph.D. degree in electronics engineering from Ajou University, Suwon, Korea, in 1991. He is an Emeritus Professor with the School of Electronics Engineering, Chosun University, Gwangju, Korea. His current research interest includes multimedia fingerprinting/forensics. He was the recipient of awards, such as the Haedong Prize from the Haedong Science and Culture Juridical Foundation, South Korea, in 2002 and 2009.