Strategies for Countering Fake Information: new trends in multimedia authenticity verification and source identification Irene Amerini, PhD [email protected] Università degli Studi di Firenze, Italy Seminar @SOFWERX December 4 th , 2018
Strategies for Countering
Fake Information: new trends in multimedia authenticity verification and source identification
Irene Amerini, PhD
Università degli Studi di Firenze, Italy
Seminar @SOFWERX
December 4th
, 2018
• Media Integration and Communication Center (MICC)
– Università di Firenze degli Studi di Firenze, Italy
• MFS-Lab, CNIT Research Unit - Consorzio Nazionale Interuniversitario per le Telecomunicazioni, Firenze
• Team composed by 4 people
• Skills:
– Multimedia forensics & security
– Adversarial machine learning
– Image and video processing
– Digital watermarking
Research group
Collaborations:
– Scientific and Technology Pole of the Italian Presidency of the Council of Ministers
– Italian Postal Police (Firenze)
– JRC (Ispra - EU Commission research center)
– Forensic IT companies
– CNR
Academia collaborations (past & current):
– The University of Warwick, Warwick, UK
– Charles Sturt University, Wagga Wagga, NSW, Australia
– The University of Adelaide, Adelaide, Australia
– Binghamton University, Binghamton (NY), US
– Politecnico di Milano
– Università di Siena
– Università degli studi Roma Tre
– Università di Trento
– Friedrich-Alexander-Universität Erlangen, Germany
Forensics partnership
Research projects
• SECURE! - Prevent and manage emergency events and situations
related to public security
– funded by the POR CreO FESR 2007-2013 programme of the
Tuscany Region (Italy), from 2013-2015.
• Framework agreement between MICC, University of Florence and
Scientific and Technology Pole of the Italian Presidency of the
Council of Ministers
– research and development activities in the field of image
forensics, from 2014–present.
• SMARTVINO - Wine multimedia information through the use of
smart-tag
– funded by the PRAF 2012-2015-1.2.e programme of the
Tuscany Region (Italy), from 2015-2016.
• ESPRESS - Smartphone identification based on on-board sensors for
security applications
– co-funded by Fondazione Cassa di Risparmio di Firenze (Italy)
within the Scientific Research and Technological Innovation
framework, from 2017-2018.
Overview
• Weaponized information
• Image and Video Forensics
– Cases of study
• New trends
– Countering DeepFake
– Adversarial machine learning
• Objectives:
– To provide an insight within the scientific thematic
– To present some main techniques
– To introduce the principal threats and countermeasures
Weaponized information
The pervasiveness of new ICT
technologies has paved the way for
new aggressive behaviors and cyber-
violence.
• Many actions are perpetrated
online through social networks
or messaging applications.
– cyber-terrorism, psychological
harassment, violence instigation, cyber-
bullying, attacks to personal reputation,
pedopornograpy.
Fake news
phenomena on
social media
Fake news and fake images
Military/Propaganda
Image and Video Forensics
IVF: what is for?
• To assess origin and originality of an image orvideo.– Image and video forensic techniques gather
information on the history of images and videoscontents.
– Each manipulation leaves on the media peculiar tracesthat can be exploited to make an assessment on thecontent itself.
– Features extraction and classification.
Image/Video
Forensics
Source
Identification
Forgery
Detection
Cases of study
Weaponized information:
The syrian-soldier case
The syrian-soldier case: CADET
tool
Geometric
transformation
estimation
Correlation mask
and
segmentation
TIFS ’11 Amerini et Al
SPIC ‘13 Amerini et Al
The syrian-soldier case: CADET
tool
AFTER
BEFORE
Printed images
[FSI’15 Amerini et Al]
Presidenza del Consiglio dei Ministri
Polo Tecnologico-
FORimage demo – CADET tool
Deep Learning for image
authentication
• Research question: can a doctoredimage/video be revealed and localized withConvolutional Neural Networks?
CNN for Forgery Detection
• Possible input:
– Frequency CNN (pre-processing phase)
– Spatial-domain CNN (RGB patches)
– Multi-domain CNN (a combination of the two)
• Evaluated different models: CIFAR1D, CIFAR2D, VGG16,ResNet18, AlexNet
CO
NV
1
RELU
1
PO
OL 1
CO
NV
2
RELU
2
PO
OL 2
CO
NV
3
RELU
3
CO
NV
4
RELU
4
CO
NV
5
RELU
5
PO
OL 5
FC
6
RELU
6
FC
7
RELU
7
FC
8
Deep Neural Network
The image is doctored with high confidence[Amerini’17 WMF@CVPR]
Some results
Case of study - Source
Identification
• In general, source identification is the process to
link a multimedia content to a particular
acquisition device.
• Lastly, source identification also refers to
establish the social network of origin.
Objective
Motivations
• Analyzing images and videos by checking the personaldevices of a suspect (e.g. smartphone, PC, SD card,hard disk) or his FB profile could be useful to addressan investigation.
• It could be strategic to trace back the origin of acontent to the social network of provenance.
Social media profiling
• Uploading an image on a social network:– the process alters images
• Resize, re-compression
• New JPEG file structure
• Rename
• Meta-Data deletion/editing
– Each social network service (SNs) do different alterations withdifferent rules
• Without knowing the rules and without resortingat:✓ EXIF
✓ File size and name
✓ Image size
• Classify images according to the socialnetwork of provenance✓ By identifying the distinctive and permanent trace
“inevitably” imprinted in each digital content during theupload/download process by every specific social network.
Social Network Provenance:
based on image content
• Each image is described using a feature vector: the
histogram of DCT (low frequency) coefficients of
8x8 blocks
[Amerini et Al TIFS17, WIFS17, EUSIPCO18]
CNN architecture
RELU, DROPOUT
N
N
909x1
Conv
1D
3x1,
100
Conv
1D
3x1,
100
RELU RELU
907x100 453x100 451x100 225x100Max
Pooling
2x1
Max
Pooling
2x1
Output K classes
K
SOFTMAXFully Connected256
• Input vector
– Fixed size: 909 elements
– Training/Testing at NxN image patch
• Structure
– Two blocks: 1D Convolution + Max Pooling (basically to reduce size)
– ReLU is the activation (non-linear) function
– 3 fully connected layers (2 of size 256, the third of K size)
– Softmax
• Output
– K classes each with a final probability
Social media provenance: datasets
• Four different kinds of datasets
– UCID social
• 30000 images (1000 images x 10 QFs x 3 SNs)
• Upload/download on Flickr, Facebook and Twitter
• (1 camera) Minolta Dimage 5
– PUBLIC social
• 1000 uncontrolled images (different sizes, JPEG quality factors, contents) have been gathered
from Flickr, Facebook and Twitter.
• Open scenario
– IPLAB
• 1920 images belonging to 8 classes (240 for each class)
• different in sizes, JPEG quality factors and acquired at two diverse smartphone resolutions
• 5 social networks: Flickr, Facebook, Twitter, Instagram and Google+
• 2 instant messaging apps: WhatsApp and Telegram
• 1 set of unprocessed JPEG images (directly acquired by a camera)
• (4 cameras) Canon 650D, QUMOX SJ4000, Samsung Note3 Neo and Sony Powershot A2300
– VISION (subset)
• 21353 images for 3 classes (2135 for each class).
• Facebook and WhatsApp and 1 set of unprocessed JPEG images
• (10 cameras) Samsung Galaxy S3 mini, Huawei P9, LG D290, Apple iPhone5c, Apple iPhone6,
Lenovo P70A, Samsung GalaxyTab3, Apple Iphone4 and 2 models of Apple iPhone4s.
Social media provenance: some
results
• 5 social networks
• 2 instant messaging apps
• 1 no-processed
• 4 different smartphones
Average: 93%
Follow-up
• Extension of social networks classification
to track multiple image sharing on SNs.
[Amerini et Al submitted@ICASSP19]
New trends
Deep Fake phenomena
• Generation of convincing audio and video
of fake events (i.e. FaceTransfer, Face2Face,
DeepFake, Deep Video Portaits )
• Security issues?
Everybody dance now
StarGAN
[Kim et Al SIGGRAPH18]
Photorealistic Human Faces with
GAN
[ICLR2018 Karras et al]
Countering Deep Fake
• New research topic
– Frame-based methods
– Temporal correlation based methods (on-going)• FaceForensics dataset: Video Dataset for Forgery Detection in Human Faces generated with the F2F facial
reenactment algortithm altering facial expressions with the help of a reference actor.
[Rossler et Al arxiv 2018]
• Using temporal prediction estimation in videocoding– Differences in predicted frame errors:
• current frame - old frame moved by motion vector
– Energy on errors prediction to exploit differences indeepfake and original video
– Long Short Term Memory model to capture temporaldependencies among error prediction estimation
Countering Deep Fake
Error
prediction
Pre-processing to locate the face area
ORIGINALFAKE
Some results
ORIGINAL FAKEEnergy on error prediction
Orig -----
Fake -----
Orig -----
Fake -----
Adversarial machine learning:
misclassification
Machine
Learning
security!
Adversarial machine learning
• Security issues related to DNNs– Attacking machine learning with adversarial examples
• Used in many sensible applications (safety- or security-related)– content filtering (spam, porn, violence, terrorist propaganda images)– malware detection– autonomous car
[DARTS: Deceiving Autonomous Cars with Toxic Signs ver. 3, C. Sltawarin et Al, arxiv May 2018]
What about countermeasures
• Research question:• Is this a threat in real world scenarios?
• Strong countermeasures are still missing– building more tools for verifying machine learning
models [Goodfellow, Comm. of ACM, July 2018]
– Necessity to protect our models
Solutions:• Make more robust classifiers
– include adversarial images in the training phase(adversarial learning)
• Detect adversarial inputs [Carrara et Al MTAP 2018]
1. Examples of content that might be filtered
• Our approach successfully identifies adversarial images, assigning them low scores
43
Evaluation -
Good Detections
The cat and mouse game of
Cyber Security
Publications
• I. Amerini, L. Ballan, R. Caldelli, A. Del Bimbo, G. Serra. “A SIFT–based forensic method for copy-move attackdetection and transformation recovery”. IEEE Transactions on Information Forensics and Security, Sep 2011– Highly Cited Paper Web of Science (2017)
• I.Amerini, R.Ballan, R.Caldelli, A.Del Bimbo, L.Del Tongo, G.Serra, "Copy-move forgery detection andlocalization by means of robust clustering with J-Linkage”, Signal Processing: Image Communication, July 2013.– Highly Cited Research in Signal Processing: Image Communication awarded on December 2016.
• I. Amerini, R. Becarelli, R. Caldelli, A. Melani and M. Niccolai, "Smartphone Fingerprinting Combining Featuresof On-Board Sensors," in IEEE Transactions on Information Forensics and Security, Oct. 2017.
• A. Costanzo, I. Amerini, R. Caldelli, M. Barni, "Forensic Analysis of SIFT Keypoint Removal and Injection,"Information Forensics and Security, IEEE Transactions on, vol.9, no.9, pp.1450,1464, Sept. 2014.
• I.Amerini, T. Uricchio, L. Ballan, R. Caldelli, “Localization of JPEG double compression through multi-domainconvolutional neural networks”, Media Forensics Workshop at CVPR 2017, July Honolulu, Hawaii 2017.
• R. Caldelli, R. Becarelli and I. Amerini, "Image Origin Classification Based on Social Network Provenance," in IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1299-1308, June 2017.
• F. Carrara, F. Falchi, R. Caldelli, G. Amato, R. Becarelli, "Adversarial image detection in deep neural networks “, Multimedia Tools and Applications 2018.
• I. Amerini. C.-T. Li, R. Caldelli, "Social Network Identification through Image Classification with CNN," IEEEAccess2019 [in submission].
Best paper award eForensics 2009
Thanks a lot for your attention
Strategies for Countering
Fake Information: new trends in multimedia authenticity verification and source identification
Dr. Irene Amerini
Università degli Studi di Firenze, Italy
Seminar @SOFWERX
December 4th
, 2018