Peter A. Cooper

Shift recompression-based feature mining for detecting content-aware scaled forgery in JPEG images

Content-aware image resizing, also known as image retargeting, seam carving, content-aware scaling, is originally proposed to automatically remove the paths of least importance, known as seams, to reduce image size or insert seams to extend it, in order to display images without distortion on various media especially on mobile devices, such as smartphones and PDAs. Content-aware scaling also allows removing entire objects from photographs without observed clues, and hence it has been used to tamper images. Due to the ubiquity of JPEG images on various mobile devices, it is increasingly necessary to authenticate these JPEG images for legitimate purposes. To detect the content-aware-based forgery in JPEG images, in this paper, we merge shift-recompression-based characteristic features in spatial domain and shift-recompression-based neighboring joint density in DCT domain together; an ensemble classifier is used to discriminate forged JPEG images from intact JPEG images. We also transfer other popular JPEG-based steganalysis methods to detecting the forgery. Experimental results show that steganalysis methods are effective in detecting context-aware-based JPEG forgery and our method is superior to other compared detection methods.

Detection of JPEG double compression and identification of smartphone image source and post-capture manipulation

Digital multimedia forensics is an emerging field that has important applications in law enforcement and protection of public safety and national security. In digital imaging, JPEG is the most popular lossy compression standard and JPEG images are ubiquitous. Today’s digital techniques make it easy to tamper JPEG images without leaving any visible clues. Furthermore, most image tampering involves JPEG double compression, it heightens the need for accurate analysis of JPEG double compression in image forensics.In this paper, to improve the detection of JPEG double compression, we transplant the neighboring joint density features, which were designed for JPEG steganalysis, and merge the joint density features with marginal density features in DCT domain as the detector for learning classifiers. Experimental results indicate that the proposed method improves the detection performance. We also study the relationship among compression factor, image complexity, and detection accuracy, which has not been comprehensively analyzed before. The results show that a complete evaluation of the detection performance of different algorithms should necessarily include image complexity as well as the double compression quality factor.In addition to JPEG double compression, the identification of image capture source is an interesting topic in image forensics. Mobile handsets are widely used for spontaneous photo capture because they are typically carried by their users at all times. In the imaging device market, smartphone adoption is currently exploding and megapixel smartphones pose a threat to the traditional digital cameras. While smartphone images are widely disseminated, the manipulation of images is also easily performed with various photo editing tools. Accordingly, the authentication of smartphone images and the identification of post-capture manipulation are of significant interest in digital forensics. Following the success of our previous work in JPEG double compression detection, we conducted a study to identify smartphone source and post-capture manipulation by utilizing marginal density and neighboring joint density features together. Experimental results show that our method is highly promising for identifying both smartphone source and manipulations.Finally, our study also indicates that applying unsupervised clustering and supervised classification together leads to improvement in identifying smartphone sources and manipulations and thus provides a means to address the complexity issue of the intentional post-capture manipulation on smartphone images.

Identification of smartphone-image source and manipulation

As smartphones are being widely used in daily lives, the images captured by smartphones become ubiquitous and may be used for legal purposes. Accordingly, the authentication of smartphone images and the identification of post-capture manipulation are of significant interest in digital forensics. In this paper, we propose a method to determine the smartphone camera source of a particular image and operations that may have been performed on that image. We first take images using different smartphones and purposely manipulate the images, including different combinations of double JPEG compression, cropping, and rescaling. Then, we extract the marginal density in low frequency coordinates and neighboring joint density features on intra-block and inter-block as features. Finally, we employ a support vector machine to identify the smartphone source as well as to reveal the operations. Experimental results show that our method is very promising for identifying both smartphone source and manipulations. Our study also indicates that applying unsupervised clustering and supervised classification together (clustering first, followed by classification) leads to improvement in identifying smartphone sources and manipulations and thus provides a means to address the complexity issue of intentional manipulation.

Towards standards in digital forensics education

Digital Forensics is an emerging discipline within the computing sciences that exhibits both commonalities and uniquenesses with other computing disciplines. This paper seeks to delineate the domain space of Digital Forensics through an evaluation of the knowledge areas represented in existing Digital Forensics academic offerings and an assessment of the relative importance of those knowledge areas. The consequential outcomes for students emerging from a baccalaureate degree in Digital Forensics are explored, as are some of the grand questions for digital forensics research This paper calls for the development of a critical mass of researchers, academics and educators interested in Digital Forensics in order that coherent research agendas, curricula and pedagogical concerns can be addressed.

Speciation in the computing sciences: digital forensics as an emerging academic discipline

In evolutionary terms, speciation occurs when members of a species, pressured by the environment, diverge to the point where they are recognizable as separate species. This paper explores the concept as applied to Digital Forensics as a distinct academic discipline from other computing sciences. What are the pressures that have resulted in the emergence of Digital Forensics, how might the domain be defined and, what interdisciplinary connections does Digital Forensics have?This paper examines the domain content of Digital Forensics and its potential in the development of viable undergraduate and graduate degree programs to satisfy professional and scholarly demand.

An improved approach to detecting content-aware scaling-based tampering in JPEG images

Content-aware scaling is a method for image retargeting. It has been widely used in image manipulation including tampering. To improve the detection of the forgery in JPEG images, we propose to merge calibrated neighboring joint density and a rich models-based approach that was originally designed for steganalysis. A feature selection algorithm is utilized to reduce the feature dimensionality in the merged feature set. Experimental results show that the high-dimensional detector consisting of calibrated neighboring joint density and rich model features noticeably improves the detection accuracy; and the application of feature selection method to the high-dimensional detector can further improve the detection accuracy by using a much smaller and optimized feature set.

Security in Bluetooth Networks and Communications

This chapter is concerned with security management in Bluetooth communication. The chapter begins with description of the development of Bluetooth and its technical specifications. It continues with a discussion of the various network structures that can be developed through Bluetooth. A discussion of Bluetooth security goals leads to a description of the different security models available. We conclude with a discussion of the more prevalent attacks on Bluetooth security and the most widely used procedures for mitigating such attacks.

Teaching malware analysis: The design philosophy of a model curriculum

The field of malware analysis comprises the art and science of dissecting malicious software using diverse tools and techniques in an effort to comprehend their inner workings so as to mitigate the effects. Clearly, the study and analysis of these tools and techniques fall within the general purview of the broad disciplines of Digital Forensics, Information Assurance, Cyber Security and general principles of Computing Science. In this paper, we explore and discuss the current state of malware analysis courses as they are taught in academic institutions in the U.S. and the world. We contend that there are not very many malware analysis (or closely related) courses being offered in many universities across the U.S. Furthermore, there are several for-profit courses that are taught by online institutions that teach reverse engineering, malware analysis and related topics. Based on our research, we conclude that the domain of malware analysis has effectively been relegated from the academic realm to the domain of the practitioners skill set. It is this exploration that we are interesting in undertaking in this paper. We then proceed to analyze and review some popular textbooks and online training materials for their soundness and efficacy in teaching the subject to substantiate our above mentioned claims. Finally, we conclude by presenting a model curriculum for this subject based on sound pedagogical ideas and methods.

Modeling Multimedia Displays Using Action Based Temporal Logic

We present a metalanguage, named Alan that can be used to model dynamic multimedia displays, particularly those that display multimedia database query results. Alan is an action language that uses temporal logic to model non-Markovian systems. We show how it can be used for specifying the behavior of fairly complex dynamic multimedia display systems, modeling all graphical user interface elements on the display plus the effects of actions and of the passage of time on media such as video and audio.

Designing Internet instructional environments (poster)

In the last 15 years, there has a sea change in technology-based instructional environments. Early and simple environments such as Hypercard stacks have given way to richer interactive instructional environments where the learner is relatively free to explore at her own pace and to construct meaningful conceptual schema within the context of that environment.Transferring these new and rich environments to the Internet pose significant problems among which are security, interactive communication, data storage and bandwidth.The purpose of this poster session is to present an example of how an instructional environment can be delivered via the World Wide Web. The purpose is to identify strategies for the deliver of instructional materials and environments over the Internet. In doing so, the author hopes to open the door to discussion and to the development of well-defined tools for instructional application development.