Shi Wenchang

Improving image copy-move forgery detection with particle swarm optimization techniques

Copy-Move Forgery (CMF) is one of the simple and effective operations to create forged digital images. Recently, techniques based on Scale Invariant Features Transform (SIFT) are widely used to detect CMF. Various approaches under the SIFT-based framework are the most acceptable ways to CMF detection due to their robust performance. However, for some CMF images, these approaches cannot produce satisfactory detection results. For instance, the number of the matched key-points may be too less to prove an image to be a CMF image or to generate an accurate result. Sometimes these approaches may even produce error results. According to our observations, one of the reasons is that detection results produced by the SIFT-based framework depend highly on parameters whose values are often determined with experiences. These values are only applicable to a few images, which limits their application. To solve the problem, a novel approach named as CMF Detection with Particle Swarm Optimization (CMFD-PSO) is proposed in this paper. CMFD-PSO integrates the Particle Swarm Optimization (PSO) algorithm into the SIFT-based framework. It utilizes the PSO algorithm to generate customized parameter values for images, which are used for CMF detection under the SIFT-based framework. Experimental results show that CMFD-PSO has good performance.

DCFI-Checker: Checking kernel dynamic control flow integrity with performance monitoring counter

It is a challenge to verify integrity of dynamic control flows due to their dynamic and volatile nature. To meet the challenge, existing solutions usually implant an “attachment” in each control transfer. However, the attachment introduces additional cost except performance penalty. For example, the attachment must be unique or restrictedly modified. In this paper, we propose a novel approach to detect integrity of dynamic control flows by counting executed branch instructions without involving any attachment. Our solution is based on the following observation. If a control flow is compromised, the number of executed branch instructions will be abnormally increased. The cause is that intruders usually hijack control flows for malicious execution which absolutely introduces additional branch instructions. Inspired by the above observation, in this paper, we devise a novel system named DCFI-Checker, which detect integrity corruption of dynamic control flows with the support of Performance Monitoring Counter (PMC). We have developed a proof-of-concept prototype system of DCFI-Checker on Linux fedora 5. Our experiments with existing kernel rootkits and buffer overflow attack show that DCFI-Checker is effective to detect compromised dynamic control transfer, and performance evaluations indicate that performance penalty induced by DCFI-Checker is acceptable.