Journal of Information Assurance and Security.
ISSN 1554-1010 Volume 10 (2015) pp. 080-088
c MIR Labs, www.mirlabs.net/jias/index.html
Integer DCT Convergence for JPEG-75 Forensics
for Images
Gamal Fahmy
Electrical Engineering Dept., Assiut University, Egypt
[email protected]
Abstract: Many forensic techniques recently tried to detect the
tampering and manipulation of JPEG compressed images that
became a critical problem in image authentication and origin
tracking. Some techniques indicated that a knowledgeable attacker can make it very hard to trace the image origin, while
others indicated that portions of the compressed image that has
been compressed at different quality factor quantization matrices are distinguishable if they are re-compressed at a higher
quality factor quantization matrix (with less quantization steps). In this paper we propose the idea of adopting Integer DCT
(ICT) as an implementation technique that can be utilized in
the detection of any hacking or tampering of JPEG/ICT compressed images. The proposed approach is based upon recent
literature ideas of recompressing JPEG image blocks and detecting if this block has been compressed/touched before or not.
We also propose an ICT implementation that has a onetime signature on processed coefficients or pixels and can be used as
a tool to detect if this block has been compressed before using
the proposed implementation or not. We finally propose to recompress images originally compressed with ICT but with a different quantization matrix as a different compression parameter to analysis and detect more forgeries. Illustrative examples on several processed images are presented with complexity
analysis.
Keywords: image forensics, JPEG edits, IDCT compression, image security
I. Introduction
The recent availability of photo editing software with the
wide spread use of digital imagery in different applications, has made it easier than ever to edit, manipulate and tamper
the content of digital images. While manipulating different
uncompressed image versions (i.e.bmp) can be easily none
traceable, due to the easy replacement of pixels, compressed
images with the widely used JPEG standard, [1] are harder to
edit and tamper, due to footprints left by JPEG compression.
Several researchers have tried to develop automatic forensic
algorithms to detect any tampering or manipulation of JPEG
images [2]. These techniques mainly rely on detecting distinctive features of the JPEG DCT coefficients (i.e. blocking
artifacts). Hence we can track back any original or tampering information [3]. It has been shown recently [4, 5, 6], that
a knowledgeable image attacker/hacker can restore original
pixels distribution and hide any edits he makes in original
JPEG images. Hence all forensic techniques will fail to detect any tampering of JPEG images. The main idea in [4, 5]
is to fill the empty slots in the DCT coefficient distribution
of the JPEG compressed images. This is done by introducing a dithering signal in the DCT domain that will match
the distribution of tampered images to the original one and
hide all traces of blocking artifacts. This dithering signal has
to be sufficient to fill in all gaps, but if it exceeded a certain limit it will add noisiness to the recompressed image.
Hence any artifact could be hidden without being detected
with different forensic techniques. In [7], a novel idea was
introduced which stated that compressed portions of an image that are not compressed at the same compression parameters (i.e. Quantization matrix) can be distinguishable if they
are recompressed at a third different compression parameter.
The compression parameter utilized in [7], was the quality
factor quantization matrix. In [8], a continuation of the idea
in [7], was presented were anti-forensic of a JPEG image can
be countered if the tampered/hacked image is compressed at
a different quality factor matrix that is higher in its values
than the original JPEG quantization matrix and indicates less
quantization steps. In [9], the authors were also able to estimate the original JPEG quantization matrix from the available questionable image, unlike [7], were this information
was assumed to be available. In [10], the same idea of recompression was utilized but with a different quantization matrix
size to detect forgery. In [11] a novel idea of testing the convergence of JPEG blocks after multiple transformations and
their inverse to detect if this block has been tampered before
or not, was introduced but it was only for JPEG-100 high
quality images.
In this paper we propose a novel anti-forensics methodology of compressing original images with an unconventional
type of DCT that is not completely orthogonal, and results
in a minor amount of distortion after inverse transformation.
This Nonorthgonal transformation is similar to the Integer
Cosine Transform (ICT), [12], that is generated from conventional DCT by replacing real numbers with integer ones.
This ICT introduces a minor amount of error that is affordable to most applications, but more importantly it spreads
this error in high frequency regions (edges) and makes any
MIR Labs, USA
81
Fahmy
further processing or recompression of this original image
easily detectable due to this unique feature of nonorthogonality. We note here that utilizing ICT for compression will
result in non optimal JPEG compressed image that are known
as JPEG-75 images, where conventionally and optimally DCT compressed images are known as JPEG-100 images due
to the quality matrix used in compression and the amount of
error it results in [1, 4, 5, 6].
We also propose an efficient implementation for ICT and
how it can be utilized in JPEG-75 forensics. Experiments on
a large set of database of images that has both original and
tampered images were conducted. Any further manipulations to images compressed with ICT were easily detectable with
false accept rate of less than 2% and a false reject rate up to
3%. We finally propose to decompose ICT compressed images with different Quantization Matrix (QM) sizes to redistribute any possible dithered noise that is typically injected
in tampering or hacking, to detect possible forgeries, similar
to [10] and [9]. Some parts and Preliminary results of this
paper has been presented before in [10], [13] and [14], and
this work aims at bringing different parts in one system.
Section 2 of this paper provides necessary background for
ICT, its structure, features and compression-distortion tradeoff. Section 3 proposes our novel methodology of utilizing
ICT in detecting forgery along with a theoretic justification
for its one time processing signature. Section 4 presents our
model to measure block convergence of ICT and how it can
be utilized for local tamper detection. In section 5, we decompose the ICT compressed images with different QM and
show how it can provide an additional tool to detect forgeries. Section 6 presents our simulation results on a large set
of images along with false accept and false reject response
to our ICT based proposed approach for detecting forgery in
JPEG images. Discussions are in section 7, followed by conclusions and references in section 8 and 9, respectively.
II. Background
ICT allows the basic vectors of processed data to be
nonorthogonal. This ICT achieves a balance between reconstruction error and the dyadic symmetry between ICT coefficients. This dyadic symmetry, [15], would make transform
coefficients have an average variance σr2 that is greater than
the variance of quantization error σq2 . Hence there is a minor
amount of reconstruction error after inverse transformation
that is greater than the quantization error that exists due to
this nonorthogonality. If we assume that the ICT is represented by a matrix T , and the inverse ICT is T T , hence the
expected reconstruction error Er is the difference between
T T T and the identity matrix I, where the reconstruction error for data with size N xN is
σr2 =
N −1 N −1
1 X X
M (k, j)R(j − k)
N2
j=0
(1)
k=0
where M = ErT Er and R(.) is the autocorrelation of input
image of size N xN . We note here that this T transformation
matrix that has nonorthogonal basis would magnify the reconstruction error if multiplied by another orthogonal matrix
B (post processing). The resulting image after reconstruction
for this post processing would be
Y = B T T T XT B
(2)
where X and Y are the input and output images. Hence the
reconstruction error for equation 2, EBr inherits this inequal2
2
ity EBr ≥ Er , also for the variance σBr
, σBr
≥ σr2 . This
last equation can also be written in the form Y = DT .X.D,
where D = T B and this corresponds to a nonorthgonal
transformation of input data and projection of it into a plane
that is more diverse and scattered in its basis, due to the past
two inequalities.
We note here that if this post processing matrix B is also
nonorthogonal similar to T , then the reconstruction error,
EBr , would be even greater. If this post processing of that
B matrix is repeated multiple times, there would be a significant amount of distortion that can be easily detected. We
also note that this nonorthogonal matrix T projects data into
basis ck . These basis can be mostly recovered by the inverse
matrix T T , but some of these basis are L2 normed due to the
rounding and nonorthogonality of T . If we assume that these
basis ck are further transformed m times by either orthogonal or nonorthogonal matrices, B or T (post processing like
matrix D), the resulting basis cm
k that data would be projected upon, would be further diverse and the amount of original
data samples that can be recovered is further reduced. Hence
the reconstruction error would significantly increase with a
large number of m and would also increase if we use more
nonorthogonal matrices T in further transformations.
III. ICT based detection of image forgery
In [11] the idea of transforming and inverse transforming input data multiple times was introduced. Convergence of output data to a saturated value was an indication if the source
block (input) was hacked or manipulated before or not. This
algorithm relied on the concept that multiple transformations and inverse transformations for the same data would keep
the quantization error saturate to zeros, and the variance of
2
would be closer to the variance of output dainput data σxr
2
. After m transformations and inverse transformations
ta σyr
2
2
for a high number
would be equal to σyr
(processings) σxr
of m. In other words for input data x that is transformed
and then inverse transformed t times, it would be xt and the
following equation would apply
xt+1 = tr([IDCT ([DCT (xt )])]), t ≥ 0
(3)
where [.] denotes rounding and tr(.) truncates to the value
range. It has been shown in [11] that x0 or xt for low t values would imply that the input data x has not been touched
before, but for a large value of t, xt+1 would tend to be equal
to xt , as the quantization error would be negligible (or actually zero). This analysis was given for orthogonal transforms
in [11] and it has been shown that the term stability would
imply that xt is equal to xt+1 .
It is our belief in this paper that this divergence would be even
greater if utilized with a nonorthogonal transform. Moreover with a nonorthogonal transform the difference between
x0 (that would imply authenticity and no tampering) and x1
(which indicates a possibility of a one-time tampering) would
be significant and even greater than the case for orthogonal
Integer DCT Convergence for JPEG-75 Forensics for Images
82
transforms, equation 3. Also σx2t+1 is ≥ σx2t which is ≥ σx2t−1
.......until we reach σx20 which is the variance of the authenticated originally compressed data.
In this part we will mathematically analyzes the ICT matrix
decomposition and verify its one time signature on processed
input data samples. The ICT matrix, B is typically generated
from rounding the conventional DCT matrix A to integer values. This rounding happens when matrix A is truncated and
normalized to endless values, hence the normalization factor
of ICT can be itself a unique signature.


g g
g
g
g
g
g
g
a b
c
d −d −c −b −a


 e f −f −e −e −f f
e 


 b −d −a −c
c
a
d −b 
 (4)
A=
 g −g −g
g
g
−g −g g 


 c −a d
b
−b −d a −c 


f −e e −f −f
e −e f 
d −c
b
−a a
−b
c −d
Moreover we here study and compare the Eigen analysis of
an image originally compressed with a nonorthogonal matrix then manipulated for a m or n values as in equation 6.
We note here that we kept m and n values low, ≤ 2 to indicate minor hacking or tampering and to see if it is distinctive
enough from the originally compressed image (m, n = 0).
Fig.2 shows the distribution of the Eigen values of the cameraman image after being processed through equation 6, for
different t, n and m values. It can be easily noticed from
Fig.2, that the Eigen values distribution is unique for the one
time processed image (m, n = 0). Due to the well-known
feature of Eigen values that measure energy concentration,
Fig.2 shows the unique energy distribution for the originally
compressed image with no hacking or tampering.
where a = 0.4904, b = 0.4157, c = 0.2778, d = 0.0975,
e = 0.4619, f = 0.1913 and g = 0.3536.
 .35
0.49
0.46
0.41
0.35
0.27
0.19
0.09

B=

.35
0.41
0.19
−0.09
−0.35
−0.49
−0.46
−0.27
.35
0.27
−0.19
−0.49
−0.35
0.09
0.46
0.41
.35
0.09
−0.46
−0.27
0.35
0.41
−0.19
−0.49
.35
0.09
−0.46
0.27
0.35
−0.41
−0.19
0.49
.35
−0.27
−0.19
0.49
−0.35
−0.09
0.46
−0.41
.35
−0.41
0.19
0.09
−0.35
0.49
−0.46
0.27

.35
−0.49
0.46
−0.41
0.35
−0.27
0.19
−0.09



(5)
If we assume data is one time processed through a nonorthogonal transformation B, then tampered several times by either
a similar nonorthogonal transform or an orthogonal one A,
the resulting output data, Y would be equal to:
Y = (B T .B)t .(AT .A)m .(B T .B)n .X
(6)
where the powers m and n indicates how many times the processed originally compressed image is tampered by either A
or B, respectively. t takes a value of 0, or 1 to indicate if
the image is first originally compressed with a nonorthogonal one, B or not. If the image is originally compressed
with a conventional orthogonal transform, A, then for any
further tampering or hacking by a similar orthogonal transform, forgery would be harder to detect. With our proposed
nonorthogonal transformation B, any further tampering can
be easily detected as in Fig.1. Fig.1 shows the histogram
of equation 6 for different values of m and n for t equals 0
or 1. It is obvious from Fig.1, that if an image is originally compressed with a nonorthogonal transform then hacked
with different orthogonal or nonorthogonal matrices(dotted
lines), it can be easily identified from a conventionally compressed image (solid line in the figure). The higher is the m
or n values, the more saturated is the output values from the
first processed image were m and n equals zeros. The more
orthogonal transforms are used post the originally utilized
nonorthgonal transform, the more distinctive is the originally compressed image from any post version. This proposed
transformation represents a onetime signature that can only
be removed if the hacker knows the original nonorthogonal
matrix originally adopted in compression which is not likely
to happen, especially that the utilized ICT can have a random normalization factor as shown before in equation 5,6.
IV. Block Convergence of JPEG-75 Images
In [11], block convergence was measured for JPEG compressed images with quality factor (quantization table QT)
100, each block was denoted stable if xt is equal to xt+1 , as
in equation 3. We mean here by block convergence the convergence path of block values after repeated rounding from
transformations and inverse transformations, as in equation
3. Different experimentations were conducted for different
DCT implementations and the authors were able to measure
the stability of all blocks (and also determine the value of t)
in a large image database. The authors concluded that the
distribution of the number of iteration until blocks are stable is mostly independent of the image content. This has
been validated for different DCT implementations. Later on
in [11], the authors gave a scenario for how this could be
used in JPEG forensics. They assume if the forensic scientist knows the DCT implementation adopted in original compression, for QT-100 they can estimate the number of times
each block has been compressed or touched before. Local
tampering can then be detected for an image portion if it has
a different distribution of stable blocks than the rest of the
image.
In this section we plan to apply the same block convergence
technique and utilize it in countering JPEG anti-forensics but
for JPEG-compressed images with QT less than 100 (e.g.
75). We note here that JPEG-75 images have a lower quality than JPEG-100, as there is more quantization error energy
in it. This is due to the fact that the QT is not just zeros
and ones, but it has many fractions. We propose to utilize
this block convergence for JPEG-75 images that are originally compressed with ICT. It is our belief that utilizing ICT
with JPEG -100 images for carbon dating scenarios would
not be helpful as there is already a reconstruction error that
is accumulated. This will make image blocks converge after a large value of t for all attacked and non-attacked blocks
and there will be no distinction between them in tampering
detection (the block would converge to be stable after a large
value of t, equation 3), typically between 22 and 26 as in
our conducted experiments. In [11], they reported similar results for JPEG-100 with fast DCT implementation. However
with JPEG-75 images, there is already an amount of distortion introduced due to the quantization error. It is our belief
that this quantization error introduces noise that counters the
reconstruction noise that results from multiple transformations and inverse transformations (post compressions). This
83
Fahmy
Figure. 1: Histogram of image according to equation 6
is due to the fact that reconstruction noise is L2 normed after
inverse transformation and is projected into a perpendicular
direction to the quantization noise (or at least different direction), chapter 9 in [16]. ICT block convergence will become
stable only if the reconstruction error is less than the quantization error energy. This quantization error energy is much
bigger in the case of JPEG-75 (than JPEG-100), as the error is bigger and the quantization table contains values other
than zeros and ones (which is the case for JPEG-100). This
makes block convergence faster and the value of t much smaller and it will be possible to make a distinction between
hacked and untouched blocks. This is because hacked blocks
will have added noise which makes their stable t value different. If we assume a forensic expert want to examine an
ICT compressed image, he would measure the value of t in
equation 3, for which this ICT originally compressed image
would converge at. We mean by converge the value were
the block would become stable at. In Fig.3, we show the
histogram of no. of blocks against values of t at which the
image would converge for different DCT implementations,
ICT and regular orthogonal DCT for JPEG-100 images. It
can be easily noticed that both transformations would converge after a large value of t for different images. Next we
apply the same methodology but for lower quality images,
JPEG-75 images that have more quantization noise due to
the values of QT as shown before. Fig.4 shows the same histogram values of Fig.3 but for JPEG-75 images. It can be
noticed that there is a significant difference between the stable t values for both implementations. As a key observation
for us, ICT would not be useful in tampering detection as
mentioned before with JPEG-100 as the reconstruction error
would be accumulated and would hide any tampering noise.
Hence the value of t for stable blocks would not be different
for tampered or non-tampered image portions.
V. Detectable tampering with smaller QM
We here propose to recompress the original JPEG image
through a DCT quantization matrix of smaller size and more
detailed basis, 4x4 size if the original is 8x8 size. This lower dimension matrix would project the extra energy through
Figure. 2: Distribution of Eigen values of Cameraman Image
several middle and corner cosine frequencies and makes it
impossible to eliminate. Hence a considerable amount of visual distortion would still exist in the modified image and can
be detected.
We note here that the projection of the extra dithering energy, [4, 5], into different DCT basis will spread any extra/unadjusted values to data samples across the whole image, which makes it impossible to track. Our main contribution here lies in recompressing the tampered image with
a more local detailed and smaller size, quantization matrix,
4x4. This smaller dimension matrix, will L2 norm the extra energy into different middle frequency basis, accodring
to the well known DCT formula [17]. Hence, this dithering
signal energy will no longer be limited with the quantized
bins and its neighboring bins in the same size quantization
matrix, but it will be spread into neighboring frequencies.
These neighboring frequencies are typically spread all over
the whole modified JPEG image, and it would be almost impossible to eliminate. Hence, a significant amount of distortion in the recompressed image that is spread all over the
tampered image is inevitable. Due to the additive nature of
the L2 norm in DCT transformation, it is only possible to
calculate the distortion for the whole image, not on a regionregion or subband-subband basis. Hence, the MSE difference
Integer DCT Convergence for JPEG-75 Forensics for Images
84
the dithered signal depended mainly on two factors, the quality factor that was used in the initial JPEG 8x8 compression,
and the amount of dithering energy that was added.
Table 1: Performance of the detection of tampered images
Q and noise
Non orth.
error ICT
Orth.
error DCT
Q=30 0.2db
Q=50 0.2db
Q=90 0.2db
Q=30 0.3db
Q=50 0.3db
99.1%
98.5%
98.3%
99.6%
98.9%
2.9%
3.2%
3.7%
1.8%
1.9%
98.5%
98.1%
97.6%
98.8%
98.1%
3.1%
3.6%
3.9%
2.3%
2.7%
VI. Experimental Results
Figure. 3: Distribution of Eigen values of Cameraman
JPEG-100
Figure. 4: Distribution of Eigen values of Cameraman
JPEG-75
for the original JPEG image and the recompressed one at a
smaller size quantization matrix is the only avenue to investigate any tampering or manipulation. In case of no hacking,
there still exit an inevitable amount of minor distortion due
to the L2 norm projection into different DCT basis. However, when a dithering energy signal is added a significant
noticeable distortion is added and spread over the image that
makes hacking/tampering clear enough to be noticed. We
note here that in our proposed technique due to the high frequency energy nature of the dithering energy that is packed
near edges and high frequencies, more distortion is visible in
the recompressed image at higher frequency regions (edges).
This makes our proposed technique more suitable for detecting any manipulation in high frequency regions (which are
always the attacked regions). We carried out a large scale of
testing of the proposed algorithm on 160 outdoor natural images, all of size 256 x256 pixels, luminance component only,
and all were originally compressed with the JPEG standard
with the well known 8x8 quantization matrix. 45 of the examined images were hacked/manipulated, by having part of
it modified with a dithering Gaussian noise signal added according to the technique in [4, 5]. All these images were later
recompressed with the 4x4 DCT matrix [1]. This detection of
We tested our proposed ICT based compression algorithm
on a data base of 1024 images of the well-known Vistex image database [18], that represents several images of different
frequencies and orientations. In our first experimental part,
images were compressed with regular conventional DCT matrix, then they were hacked back to the DCT domain using
the dithering signal that injects noise across different high
frequencies and guarantees that this injected noise is within
bound and less than the quantization error ∆2 /2 as in [4, 5].
In the second experimental part images were also compressed with the same compression factor (Quality factor=75) using the proposed ICT based JPEG compression
technique and then they were hacked and tampered in a similar way to the first part with several compression ratios and
with different hacking matrices. We note here that in the
second part the ICT matrix originally utilized for compression was blind; hence hacking attempts were done using
several orthogonal or nonorthogonal matrices. Table 1 lists
the recall and error values for hacking/manipulation detection of images using our proposed technique (for adopting
nonorthogonal transformation in JPEG compression) and the
conventional DCT orthogonal transformation for three different quality factors and different injected noise. Fig.5 shows
the histogram of DCT coefficients of the Cameraman image
before noise dithering, after dithering using [4, 5] were regular orthogonal transformation is used for original compression, and after dithering were nonorthogonal transformation
is adopted. It can be noticed that hacking or tampering using the noise dithering signal [4, 5] can be easily detected
with a different hacking transformation. Fig.6 shows a tampered image where an object was hacked and dithered with
noise and Fig.7 shows that tampered image after IDCT projection with blocks with inconsistent distribution filled with
black blocks. Fig.8 shows the receiver operating characteristics curve (ROC) for 160 images with both orthogonal (case
a dotted line) and nonorthogonal (case b solid line) used
for initial compression, were hacking and tampering is performed using an orthogonal back transformation.
In our next experiment we assume a forensic expert would
test a suspectable image that is originally compressed using
ICT to determine if it has been tampered of not. He would
apply equation 3, and mark stable blocks in the tested image.
As this image is already degraded with lower quality (JPEG75), most blocks would be stable after a short t value even in
the presence of reconstruction noise; t would equal 5 or 6 at
85
Fahmy
the most. However if there is a local image portion that has
been tampered, there would be inconsistency in the distribution of stable blocks in this tampered image portion, and this
would be an indication of local tampering or hackings. Fig.9
shows an original image (with low quality JPEG-75) and a
tampered version (Fig.10) as well as the distribution of stable
blocks in the image(Fig.11). ICT has been used for original
compression for this image, and then has also been utilized
for post compression, equation 3, to determine the stable t
values. Stable blocks for this image are determined for t value ≥ 4. It can be easily noticed that the hacked portion of the
image has inconsistency in the distribution of stable blocks. Table 2 shows average values of t for several images for
which blocks will become stable for ICT and regular DCT
for JPEG-75.
Table 2: Stable t values for ICT and DCT for JPEG-75
t value
Cameraman
Lina
Indoor
Outdoor
ICT
99.1%
98.5%
98.3%
99.6%
Table 3: Performance of the detection of tampered images
Rec.4x4
98.1%
97.5%
97.3%
98.6%
96.9%
error4x4
2.2%
2.2%
2.4%
1.2%
1.4%
Rec.8x8
97.5%
97.1%
96.6%
96.8%
97.1%
Table 4: Distortion Error for Nonorthogonal matrix values
a
0.49
0.62
0.35
0.18
DCT
3.1%
3.2%
3.7%
1.8%
With respect to section 5, table 3 lists the recall and error
values for hacking/manipulation detection of images using
our technique (sizes 4x4 and 8x8) for three different quality
factors and different dithering signal noises. It can be easily noticed the difference in error and recall values details
between the 4x4 and 8x8 QM.
Q and noise
Q=30 0.2db
Q=50 0.2db
Q=90 0.2db
Q=30 0.3db
Q=50 0.3db
hacking or tampering. After several transformation the values of the JPEG compressed image saturates to fixed values
due to the noise removal that is usually less than the quantization error ∆2 /2. With respect to compression/reconstruction
error, table 4 shows distortion errors for different nonorthogonal matrix values, which proves the insignificant error when
adopting it for compression.
With respect to utilizing a smaller size quantization matrix,
(according to section 5, the previous work in [4, 5, 7, 9, 19]),
the performance of any tampering detection deteriorates with
a quality matrix that is very high. As this will make the
quantization almost lossless, like manipulating a never compressed image, hence detecting the tampering is almost impossible.
error8x8
2.6%
3.3%
3.6%
2.3%
3.3%
VII. Discussion
We note here that JPEG-75 images in countering antiforensics represent a more practical scenario of detecting local tampering. This is because image hackers tends to down
grade the quality of the image after it has been edited, so
they can hide editing traces. It is also our belief that ICT
can be best suitable for these JPEG-75 images in tampering detection. We note here that our proposed block convergence measurement for low quality images, JPEG-75, originally compressed with ICT can be useful in media industries
that utilize ICT in compression due to its efficient implementations. With our proposed approach, images produced by
such industries can be better identified if hacked or tampered
even if they have degraded quality with our proposed block
convergence methodology. We note here that our proposed
nonorthogonal transformation matrix, has been adopted during the past decade in hardware implementation for media
applications, due to the fact that this B matrix can be implemented without any multipliers but with only shifters and
adders. We also note that our proposed technique can detect
any hacking with even one inverse back transformation for
b
0.41
0.61
0.67
0.43
c
0.27
0.37
0.41
0.28
d
0.09
0.19
0.34
0.4
e
0.46
0.23
0.31
0.17
f
0.19
0.13
0.19
0.43
g
0.35
0.41
0.24
0.21
Er.%
7%
9%
12%
6%
VIII. Conclusions and Future Research
In this paper we presented our own approach of utilizing ICT in detecting local tampering with less quality images (not
optimal compression, like JPEG-75). We utilized the block
convergence methodology first introduced in [9], and adapted it to suit JPEG-75 images with our newly proposed ICT
in the countering anti-forensics area. We presented a novel
algorithm for the detection of tampered images. The proposed technique relies on compressing the original authenticated image with a nonorthogonal transformation, hence any
hacking by reverting it back to the DCT domain and inserting different values with a noise dithering signal to hide it can
be easily noticed, as this nonorthogonal technique represents
a onetime signature that can be hardly avoided. We also presented our own implementation approach for ICT (Integer
Cosine Transform) and it can efficiently implemented. We
finally projected data samples into more localized DCT basis that have a stronger analysis capability and can detect any
hacking or manipulation more accurately. Illustrative graphs
of the proposed idea as well as comparisons with other recent literature techniques are presented. Future work would
include studying a theory for the distribution of stable blocks with image content, as well as investigating the cases of
color images. We also consider the issue of studying more
local features such as spatial frequency magnitude and phase
in forgery detection. This work is supported in part by the
Alexander von Humboldt foundation in Germany. We acknowledge the support and comments of Dr Rolf Wurtz at
Universitat Bochum, Germany.
Acknowledgments
This work is supported in part by the Alexander von Humboldt foundation, Germany. We acknowledge the support
and comments of Rolf Wurtz at Universitat Bochum, Germany.
Integer DCT Convergence for JPEG-75 Forensics for Images
References
[1] T. Lane, “Independent jpeg group software codec,” .
[2] Z. Fan and R.L. de Queiroz, “Identification of bitmap
compression history: Jpeg detection and quantizer estimation,” Image Processing, IEEE Transactions on, vol.
12, no. 2, pp. 230–235, 2003.
[3] A.J. Fridrich, B.D. Soukal, and A.J. Lukáš, “Detection
of copy-move forgery in digital images,” in in Proceedings of Digital Forensic Research Workshop. Citeseer,
2003.
[4] M.C. Stamm, S.K. Tjoa, W.S. Lin, and K.J.R. Liu,
“Anti-forensics of jpeg compression,” in Acoustics
Speech and Signal Processing (ICASSP), 2010 IEEE
International Conference on. IEEE, 2010, pp. 1694–
1697.
86
[14] Gamal Fahmy, “Nonorthogonal dct block convergence
for jpeg-75 forensics,” in ISSPIT 2014, International Symposium on Signal Processing and Information
Technology; Proceedings of. ISSPIT, 2014.
[15] Mohamed Nasr Haggag, Mohamed El-Sharkawy, and
Gamal Fahmy, “Efficient fast multiplication-free integer transformation for the 2-d dct h. 265 standard,” in
Image Processing (ICIP), 2010 17th IEEE International Conference on. IEEE, 2010, pp. 3769–3772.
[16] S. Mallat, A wavelet tour of signal processing: the sparse way, Access Online via Elsevier, 2010.
[17] S.H. Jung, S.K. Mitra, and D. Mukherjee, “Subband
dct: Definition, analysis, and applications,” Circuits
and Systems for Video Technology, IEEE Transactions
on, vol. 6, no. 3, pp. 273–286, 1996.
[5] M.C. Stamm, S.K. Tjoa, W.S. Lin, and K.J.R. Liu,
“Undetectable image tampering through jpeg compression anti-forensics,” in Image Processing (ICIP), 2010
17th IEEE International Conference on. IEEE, 2010,
pp. 2109–2112.
[18] T. Chang and C.C.J. Kuo, “Texture analysis and classification with tree-structured wavelet transform,” Image
Processing, IEEE Transactions on, vol. 2, no. 4, pp.
429–441, 1993.
[6] Zhung-Han Wu, Matthew C Stamm, and KJ Liu, “Antiforensics of median filtering,” in Acoustics, Speech and
Signal Processing (ICASSP), 2013 IEEE International
Conference on. IEEE, 2013, pp. 3043–3047.
[19] VALENZISE G., TAGLIASACCHI M., and TUBARO
S., “Detectability-quality trade-off in jpeg counterforensics,” in IEEE Int. Conf. on Image Processing,
ICIP, 2014.
[7] H. Farid, “Exposing digital forgeries from jpeg ghosts,”
Information Forensics and Security, IEEE Transactions
on, vol. 4, no. 1, pp. 154–160, 2009.
Author Biography
[8] G. Valenzise, M. Tagliasacchi, and S. Tubaro, “The
cost of jpeg compression anti-forensics,” in Acoustics, Speech and Signal Processing (ICASSP), 2011 IEEE
International Conference on. IEEE, 2011, pp. 1884–
1887.
Gamal Fahmy
[9] G. Valenzise, V. Nobile, M. Tagliasacchi, and
S. Tubaro, “Countering jpeg antiforensics,” in IEEE
Int. Conf. on Image Processing, ICIP, 2011.
[10] Gamal Fahmy, “Detectable tampering of jpeg antiforensics,” in WIAR’2012; National Workshop on Information Assurance Research; Proceedings of. VDE,
2012, pp. 1–4.
[11] ShiYue Lai and Rainer Bhme, “Block convergence in
repeated transform coding: Jpeg-100 forensics, carbon
dating, and tamper detection.,” in Proceedings of the
IEEE International Conference on Acoustics, Speech
and Signal Processing, ICASSP 2013, Vancouver, BC,
Canada, 2013, pp. 3028–3032, IEEE.
[12] Jie Dong, King Ngi Ngan, Chi-Keung Fong, and WaiKuen Cham, “2-d order-16 integer transforms for hd
video coding,” Circuits and Systems for Video Technology, IEEE Transactions on, vol. 19, no. 10, pp. 1462–
1474, 2009.
[13] Gamal Fahmy, “Nonorthogonal dct implementation for
jpeg forensics,” in The 14th International Conference
on Hybrid Intelligence, Kuwait, dec. 2014. IEEE, 2014.
Gamal Fahmy was born in Leeds, U.K. in 1973. He received
the B.Sc. and M.Sc. degrees from Assiut University, Assiut, Egypt, in 1996 and 1998, respectively, and the Ph.D.
degree in electrical engineering from Arizona State University, Tempe, USA in 2003. From 2003 to 2005, he was a
Research Assistant Professor with West Virginia University,Morgantown, where he worked on several identification
and recognition projects in collaboration with different federal agencies in the United States, such as the Federal Bureau
of Investigation, the National Institute of Justice, Transportation Security Administration, and the Department of Homeland Security. He won the Egypt National State award in Engineering Sciences 2012-2013. His research interests include
image super-resolution, perceptual image compression, human vision, biometrics (IRIS recognition and 3-D face recognition), and image forenscis. Dr. Fahmy is currently an
87
Fahmy
alexander von Humboldt research fellow at Bochum Universitat, Germany, he is also with the Electrical Engineering Department, Assiut University, Egypt.
(a) Before dithering
(b) After Non Orth. dithering
(c) After Orth. dithering
Figure. 5: Histogram of DCT values before and after noise dithering
Integer DCT Convergence for JPEG-75 Forensics for Images
88
Figure. 6: Hacked image with noise dithering
Figure. 9: Distribution of Stable blocks of Ship Image
Figure. 7: Hacked image with black boxes on suspectable
IDCT blocks
Figure. 8: Receiver Operating Characteristics curve (ROC)
Figure. 10: Distribution of Stable blocks of Ship Image
Figure. 11: Distribution of Stable blocks of Ship Image