Image detection method and device, electronic device, storage medium and program product
By analyzing the metadata and compression information of the image header file, and combining machine learning models and fingerprint matching technology, the problem of insufficient accuracy and efficiency of traditional image tampering detection methods in high-quality tampered images is solved, and more efficient tampering detection is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- TENCENT TECH SHANGHAI
- Filing Date
- 2024-12-20
- Publication Date
- 2026-06-23
AI Technical Summary
Existing image tampering detection methods rely on computer vision technology, which makes it difficult to effectively detect high-quality tampered images and has low processing efficiency, especially when faced with complex tampering methods, where accuracy and efficiency are insufficient.
By analyzing the metadata and compression information in the image header file, it can determine whether the image has been tampered with. Using machine learning models and fingerprint matching technology, feature data is generated for image classification, breaking the limitations of traditional methods.
It improves the accuracy and efficiency of image tampering detection, reduces the consumption of processing resources, effectively identifies high-quality tampered images, and enhances the accuracy and speed of detection.
Smart Images

Figure CN122265690A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of digital image processing technology, specifically to an image detection method and apparatus, electronic equipment, computer-readable storage medium, and computer program product. Background Technology
[0002] With the development of digital image processing technology, image tampering techniques are also constantly improving, and tampered images are becoming increasingly similar to the real ones, making image tampering detection increasingly difficult. Traditional image tampering detection methods mainly rely on computer vision technology, which analyzes image content to identify traces of tampering, but these methods have certain limitations when faced with increasingly complex tampering techniques. Summary of the Invention
[0003] To address the aforementioned technical problems, embodiments of this application provide an image detection method, an image detection device, an electronic device, a computer-readable storage medium, and a computer program product. Embodiments of this application propose a tampering detection scheme based on image header files. By analyzing the header data contained in the image header file, it determines whether the image has been tampered with. This method, which introduces detection methods beyond the image content, effectively improves the accuracy and efficiency of image tampering detection.
[0004] One aspect of this application provides an image detection method, the method comprising: extracting header data from the header file of an image; selecting target data adapted to the classification strategy used for image classification processing of the image from the header data, and generating feature data to be classified based on the target data; performing the image classification processing based on the feature data to be classified to obtain an image classification result; the image classification result being used to characterize whether the image has been tampered with.
[0005] In another aspect of this application, an image detection apparatus is provided, comprising: an extraction module configured to extract header data from the header file of an image; a preprocessing module configured to preprocess the header data to obtain feature data to be classified; and a classification module configured to perform image classification processing based on the feature data to be classified to obtain an image classification result; wherein the image classification result is used to characterize whether the image has been tampered with.
[0006] In another exemplary embodiment, the apparatus further includes a tracing module configured to perform the following process: if the image classification result indicates that the image has not been tampered with, a feature vector is obtained based on the header file data encoding; the feature vector is matched with image features in a feature database; the image features contained in the feature database are obtained based on unique identifiers left by different devices in the image header file; and the source device of the image is determined based on the matching results between the feature vector and each image feature in the feature database.
[0007] In another exemplary embodiment, the apparatus further includes an anomaly detection module configured to perform the following process: detecting whether the header data contains abnormal data; if abnormal data is detected in the header data, determining that the image has been tampered with; if abnormal data is not detected in the header data, performing a step of preprocessing the header data to obtain feature data to be classified.
[0008] In another exemplary embodiment, the anomaly detection module is further configured to perform the following process: obtain data information containing the header data that describes the content of the image itself; verify whether the data information is consistent with the content of the image; if consistent, determine that the header data does not contain abnormal data; if inconsistent, determine that the header data contains abnormal data.
[0009] In another exemplary embodiment, the anomaly detection module is further configured to perform the following process: verifying whether the metadata contained in the header file data satisfies the original image features; if it satisfies, then determining that the header file data does not contain abnormal data; if it does not satisfy, then determining that the header file data contains abnormal data.
[0010] In another exemplary embodiment, the anomaly detection module is further configured to perform the following process: judging the image format based on the header data; if it is determined that the image has undergone a format change, then it is determined that the header data contains abnormal data; if it is determined that the image has not undergone a format change, then it is determined that the header data does not contain abnormal data.
[0011] In another exemplary embodiment, the step of selecting target data adapted to the classification strategy used for image classification processing of the image from the header file data, and generating feature data to be classified based on the target data, includes: if the classification strategy indicates that a machine learning model is used for image classification, then image metadata is extracted from the header file data, and target image attributes are generated based on the image metadata, so as to use the target image attributes as the feature data to be classified; if the classification strategy indicates that image classification is performed by fingerprint matching, then image compressed data is extracted from the header file data, and an encoded fingerprint is generated based on the image compressed data, so as to use the encoded fingerprint as the feature data to be classified.
[0012] In another exemplary embodiment, the image classification processing based on the feature data to be classified to obtain an image classification result includes: if the classification strategy characterization uses a machine learning model for image classification, then the target image attributes are input into the trained machine learning model to obtain the image classification result output by the machine learning model; if the classification strategy characterization performs image classification through fingerprint matching, then the encoded fingerprint is matched with fingerprint information in a fingerprint database corresponding to known attributes to determine the image classification result based on the obtained matching result and the known attributes.
[0013] Another aspect of this application provides an electronic device, including: one or more processors; and a memory for storing one or more computer programs, which, when executed by the one or more processors, cause the electronic device to implement the image detection method as described above.
[0014] Another aspect of this application provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor of an electronic device, causes the electronic device to perform the image detection method as described above.
[0015] Another aspect of this application provides a computer program product, including a computer program that, when executed by a processor of an electronic device, implements the image detection method described above.
[0016] This application proposes a tampering detection scheme based on image header files. By analyzing the header data contained in the image header file, it determines whether the image has been tampered with. This tampering detection scheme, which introduces information beyond the image content, can overcome the limitations of computer vision technology in dealing with increasingly complex tampering methods, thus effectively improving the accuracy of image tampering detection. Moreover, computer vision technology typically consumes a lot of processing resources. Compared to using computer vision technology for image tampering detection, the embodiments of this application can reduce the consumption of processing resources to a certain extent, thereby correspondingly improving the efficiency of image tampering detection.
[0017] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this application. Attached Figure Description
[0018] Figure 1 This is a schematic diagram of the implementation environment involved in this application;
[0019] Figure 2 This is a flowchart illustrating an exemplary embodiment of the image detection method of this application;
[0020] Figure 3 A schematic diagram illustrating the process of image classification based on image-coded fingerprint pairs is shown.
[0021] Figure 4 This is a flowchart illustrating an image detection method as shown in another exemplary embodiment of this application;
[0022] Figure 5 This diagram illustrates an exemplary image tracing process.
[0023] Figure 6 This is a flowchart illustrating an image detection method in yet another exemplary embodiment of this application;
[0024] Figure 7 The flowchart illustrates the process of detecting whether the header data of an image contains abnormal data.
[0025] Figure 8 This is a block diagram illustrating an image detection apparatus according to an exemplary embodiment of this application;
[0026] Figure 9 A schematic diagram of the structure of a computer system suitable for implementing the electronic device of the present application is shown. Detailed Implementation
[0027] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.
[0028] The block diagrams shown in the accompanying drawings are merely functional entities and do not necessarily correspond to physically independent entities. That is, these functional entities can be implemented in software, in one or more hardware modules or integrated circuits, or in different network and / or processor devices and / or microcontroller devices.
[0029] The flowcharts shown in the accompanying drawings are merely illustrative and do not necessarily include all content and operations / steps, nor do they necessarily have to be performed in the described order. For example, some operations / steps can be broken down, while others can be combined or partially combined; therefore, the actual execution order may change depending on the specific circumstances.
[0030] In this application, "multiple" refers to two or more. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A alone, A and B simultaneously, or B alone. The character " / " generally indicates that the preceding and following related objects have an "or" relationship.
[0031] The terms "first," "second," "third," and "fourth," etc., used in the specification, claims, and accompanying drawings of this application are used to distinguish different objects, not to describe a specific order. The terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or apparatus that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or apparatuses.
[0032] In this application embodiment, the terms "module" or "unit" refer to a computer program or part of a computer program that has a predetermined function and works with other related parts to achieve a predetermined goal, and can be implemented wholly or partially using software, hardware (such as processing circuitry or memory), or a combination thereof. Similarly, a processor (or multiple processors or memory) can be used to implement one or more modules or units. Furthermore, each module or unit can be part of an overall module or unit that includes the functionality of that module or unit.
[0033] As mentioned earlier, traditional image tampering detection methods primarily rely on computer vision technology to identify tampering traces by analyzing image content. These methods typically include image preprocessing (such as noise removal and color adjustment), feature extraction (such as edge features, texture features, and color histograms), anomaly detection (such as detecting unnatural edges, inconsistent textures, or color anomalies), and pattern recognition (using machine learning or deep learning algorithms, such as convolutional neural networks and support vector machines for classification). It is evident that image tampering detection methods relying on computer vision technology are generally computationally complex, slow in processing speed, and difficult to operate efficiently in real-time scenarios.
[0034] Moreover, with the continuous advancement of image editing technology, the quality of tampered images is getting higher and higher. Image tampering detection methods that rely on computer vision technology perform poorly when faced with high-quality tampered images, making it difficult to detect subtle traces of tampering, resulting in a decrease in detection accuracy.
[0035] Furthermore, with the development of the Internet and multimedia technologies, the amount of image data has exploded. Image tampering detection methods that rely on computer vision technology are insufficient in terms of processing efficiency and scalability when faced with such a massive amount of data.
[0036] Therefore, it can be concluded that image tampering detection methods relying on computer vision technology have certain limitations when facing increasingly complex tampering techniques.
[0037] To address this technical problem, the inventors of this application uniquely conceived of an image header file containing rich metadata information, such as the capturing device, timestamp, modification history, and image compression information. This information can be used to verify the consistency and integrity of the image. Therefore, embodiments of this application propose a tampering detection scheme based on image header files. By analyzing the header data contained in the image header file, it determines whether the image has been tampered with. This tampering detection scheme, which introduces information beyond the image content, can overcome the limitations of computer vision technology in the face of increasingly complex tampering methods, thus effectively improving the accuracy of image tampering detection. Moreover, computer vision technology typically consumes significant processing resources. Compared to using computer vision technology for image tampering detection, embodiments of this application reduce the consumption of processing resources, thereby correspondingly improving the efficiency of image tampering detection.
[0038] The image header file-based tampering detection scheme proposed in this application will be described in detail below.
[0039] Please see Figure 1 , Figure 1This is a schematic diagram of the implementation environment involved in this application. Specifically, the implementation environment is an image tampering detection system, including a terminal 110 and a server 120, which communicate with each other via wired or wireless means.
[0040] Terminal 110 is used to acquire an image to be tampered with. This embodiment does not limit the specific method by which terminal 110 acquires the image to be tampered with. For example, the image to be tampered with can be captured by a camera deployed on terminal 110, or it can be selected from a photo album.
[0041] Terminal 110 can upload the image to be tampered with to server 120, so that server 120 can detect whether the image has been tampered with. Server 120 returns the detected image classification result to terminal 110, so that the user can obtain the result of whether the image has been tampered with through terminal 110.
[0042] For example, server 120 extracts header data from the image header file, preprocesses the header data to obtain feature data to be classified, and then performs image classification processing based on the feature data to obtain an image classification result indicating whether the image has been tampered with. Thus, server 120 determines whether an image has been tampered with by analyzing the header data contained in the image header file. This method of introducing detection methods beyond image content effectively improves the accuracy and efficiency of image tampering detection.
[0043] It should be noted that terminal 110 can be a smartphone, tablet, laptop, computer, smart home appliance, smart terminal, or other similar device, and there are no restrictions on its use. Server 220 can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services, and there are no restrictions on its use either.
[0044] It should also be noted that, Figure 1 The implementation environment shown can be adapted to various application scenarios requiring image authenticity verification, based on actual application needs. For example, in scenarios involving the management and verification of important documents such as ID cards and passports, the image can be an image of the ID card or passport; in financial business scenarios such as bank account opening and loan applications, the image can be an ID card, business license, credit report, etc.; in e-commerce, online payment, and social media scenarios, the image can be a biometric image such as a face image, palm print image, or iris image. In these application scenarios, the image tampering detection scheme proposed in this application embodiment detects whether an image has been tampered with, effectively preventing identity fraud, document forgery, and other problems, ensuring social security, and is of great significance for improving image security and reliability.
[0045] Please see Figure 2 , Figure 2 This is a flowchart illustrating an exemplary embodiment of the image detection method of this application. This method can be applied to... Figure 1 The implementation environment shown can be executed by server 120, terminal 110, or both terminal 110 and server 120. Of course, this method can also be applied to other implementation environments and executed by terminals or servers in other implementation environments, or by both terminals and servers in other implementation environments. This embodiment does not impose any limitations on this.
[0046] like Figure 2 As shown, in an exemplary embodiment, the image detection method includes steps S210-S230, which are described in detail below:
[0047] S210, extract header data from the image header file.
[0048] First, it should be noted that the image header, also known as the file header, is a component of the image file. It contains various characteristic parameters and metadata of the image, which can be used to identify byte sequences, identify the format of the image file, and provide image metadata such as resolution and color depth. This information is crucial for the display and processing of the image. Offsets or pointers in the file header can also be used to locate image data.
[0049] For example, an image header may include at least one of the following: file type, creator information, creation time, version number, file size, and other metadata. The file type identifies the image file format, such as JPEG (Joint Photographic Experts Group), BMP (Bitmap), PNG (Portable Network Graphics), etc., identified by a specific byte sequence; for example, the first two bytes of a BMP file header are typically "BM". Creator information contains information about the software or hardware used to create the image file. Creation time refers to the creation or last modification time of the image file. Version number indicates the version information of the image file format. File size refers to the total size of the image file (including the header and image data). Other metadata may include image resolution, color depth, compression method, etc.
[0050] It should also be noted that header data can be extracted from the image header file using automated tools or scripts. This embodiment does not limit the specific method for extracting header data. For example, since the types of header data that each automated tool can extract may be limited, a script program can be used to control and enable at least one automated tool to extract the corresponding header data, thereby obtaining the header data required in this embodiment, thus ensuring the efficiency and completeness of header data extraction.
[0051] S220: Based on the classification strategy used for image classification processing, select target data that matches the classification strategy from the header file data, and generate feature data to be classified based on the target data.
[0052] This embodiment selects target data that matches the classification strategy from the header data and generates feature data to be classified based on the target data. The purpose is to simplify the feature dimensions to improve the efficiency and accuracy of image tampering detection.
[0053] It's important to understand that the classification strategy used in image classification processing represents the specific method of image classification. For example, a classification strategy can represent image classification using a machine learning model, or it can represent image classification using fingerprint matching. We will not limit the specific content of the classification strategy here.
[0054] In some embodiments, the classification strategy used for image classification is pre-defined, and therefore can be directly determined. For example, in applications requiring image authenticity verification, where high accuracy is typically required to identify whether an image has been tampered with, a classification strategy that uses a machine learning model to classify images better meets the application requirements; therefore, this strategy is chosen as the pre-defined classification strategy. Alternatively, if it is difficult to obtain a large-scale training dataset for training the machine learning model, a classification strategy that uses fingerprint matching to classify images is chosen as the pre-defined classification strategy.
[0055] In other embodiments, the classification strategy used for image classification can be adaptively determined from at least two classification strategies. For example, the classification strategy can be adaptively selected for image classification based on task requirements. For instance, a classification strategy that represents image classification using a machine learning model can be selected for tasks requiring high classification accuracy, while a classification strategy that represents image classification using fingerprint matching can be selected for tasks requiring high real-time performance.
[0056] In some other embodiments, at least two classification strategies can be preset, and corresponding feature data to be classified is generated for each classification strategy. Image classification processing is then performed using the corresponding generated feature data based on each classification strategy. The final image classification result can include the image classification result obtained by each classification strategy, or it can be determined by the image classification result obtained by each classification strategy.
[0057] The required feature data for image classification may differ depending on the classification strategy employed. Therefore, it is necessary to select target data from the header data that matches the specific classification strategy used for image classification, ensuring that the feature data generated based on the target data also matches the classification strategy. In some exemplary embodiments of this application, the header data includes image metadata. Image metadata may be one or more of the following: EXIF (Exchangeable Image File Format) information, timestamps, device information, resolution, color space, etc., without limitation. It is understood that EXIF information is automatically generated and embedded in the image file by the digital camera or smartphone when taking a photo, used to record various camera settings and shooting conditions at the time of photo capture.
[0058] When using a machine learning model for image classification, target image attributes can be generated based on image metadata, and these attributes can be used as feature data to be classified. Here, target image attributes refer to attributes related to image tampering detection; this embodiment does not impose restrictions on the extraction scheme for target image attributes.
[0059] For example, high-frequency tags can be selected from image metadata as target image attributes. For instance, high-frequency tags usually refer to attributes that appear frequently in the image header file and may be indicative of tampering detection, which may include basic information such as image format, resolution, and color space.
[0060] New image attributes can also be constructed based on image metadata and used as target image attributes. For example, the total number of pixels in an image can be counted, which can reflect the size and complexity of the image. The ratio of file size to number of pixels can also be counted, such as calculating the ratio between file size and number of pixels, which can reveal the compactness and possible compression of image data.
[0061] Alternatively, after selecting high-frequency labels and constructing new image attributes, correlation analysis, such as Pearson correlation coefficient analysis or Spearman correlation coefficient analysis, can be performed to filter out image attributes highly correlated with tampering detection. These filtered image attributes can then be used as target image attributes. For example, image attributes highly correlated with tampering detection may include image quality and JFIF (JPEG File Interchange Format) version.
[0062] In some exemplary embodiments of this application, the header data includes image compression data. Image compression data refers to data related to the image compression process, such as DQT (Discrete Quantization Tables), DHT (Define Huffman Table), YCbCr subsampling rate, etc. DQT is used to quantize image data, and DHT is used for Huffman coding. Different devices use different image compression data, forming unique compression fingerprints. Therefore, the image compression data extracted from the header data can be used for image tampering detection.
[0063] When image classification is performed using fingerprint matching as a classification strategy, an encoded fingerprint can be generated based on compressed image data, and this encoded fingerprint can be used as the feature data to be classified. For example, an encoded fingerprint can be obtained by performing a hash operation on the compressed image data. Encoded fingerprints are easy to compare and store.
[0064] In some exemplary embodiments, target image attributes can also be generated based on image compression data. For example, image quality can be determined based on DQT and DHT, and image quality can be used as one of the target image attributes.
[0065] S230, perform image classification processing based on the feature data to be classified in order to obtain the image classification result.
[0066] Since the feature data to be classified is adapted to the classification strategy used for image classification processing, this embodiment performs image classification processing based on the feature data to be classified, which allows the classification process to focus on more recognizable features, thereby improving the accuracy and speed of image tampering detection to a certain extent.
[0067] In some exemplary embodiments of this application, the feature data to be classified is the target image attribute. The target image attribute can be input into a trained machine learning model to obtain the image classification result output by the machine learning model. The image classification result is used to indicate whether the image has been tampered with. The machine learning model identifies whether the image has been tampered with by analyzing the patterns and regularities of the target image attributes.
[0068] For example, considering that the header data may contain a large number of null values, and that most of the data is high-dimensional and sparse one-hot encoded data, machine learning models such as decision trees, random forests, SVM (Support Vector Machine), and LightGBM (Light Gradient Boosting Machine) can be chosen. Among them, decision tree models have good robustness to handling missing values and can handle null values without requiring additional data processing. Random forest and LightGBM models can also handle missing values and also perform well for high-dimensional and sparse one-hot encoded data.
[0069] During the training process of machine learning models, cross-validation can be used to validate and optimize the model's performance, thereby improving the model's classification accuracy and generalization ability. Cross-validation is a method of evaluating model performance by dividing the training dataset into multiple distinct subsets. These subsets are used to train and validate the model, allowing for the evaluation of its generalization ability on unseen data.
[0070] In some exemplary embodiments of this application, the feature data to be classified is an coded fingerprint. The coded fingerprint can be matched with fingerprint information in a fingerprint database corresponding to known attributes to determine the image classification result based on the obtained matching result and the known attributes. The known attributes can indicate whether the image has been tampered with or not.
[0071] Since image compression data such as DQT, DHT, and YCbCr subsampling rates are unique across different image capture devices and image editing software, determining the image compression method, new DQT and DHT parameters are applied when an image is processed by image editing software, especially during re-encoding. This results in new DQT and DHT parameters and a corresponding new coded fingerprint. If the new coded fingerprint does not match the original fingerprint of the image, it indicates that the image has been tampered with. Based on this, this embodiment pre-creates a fingerprint database with known attributes, such as a fingerprint database of known real images or a fingerprint database of known tampered images. The coded fingerprint of the image to be detected is matched with the fingerprint information in the database to determine its similarity or difference, thereby determining whether the image has been tampered with based on the fingerprint matching result. For example, if the coded fingerprint of the image has a high similarity to the fingerprint information in the tampered image database, the image is identified as a tampered image; otherwise, it is an untampered image, i.e., a real image. Conversely, if the coded fingerprint of the image has a high similarity to the fingerprint information in the untampered image database, the image is identified as an untampered image; otherwise, it is a tampered image.
[0072] Figure 3This diagram illustrates the process of image classification based on image-coded fingerprint pairs. For example... Figure 3 As shown, image compression information from various device manufacturers is pre-obtained, and hash operations are performed on this information to obtain coded fingerprints corresponding to different manufacturers. These coded fingerprints are then used to construct a fingerprint database for real images. For the image to be detected, after extracting the header data, image compression data is further extracted from the header data, and the same hash operation is performed on the extracted image compression data to obtain the image's coded fingerprint. By matching the coded fingerprint of the image to be detected with the fingerprint information in the real image fingerprint database, it can be determined whether the image has been tampered with based on the matching results. For example, the matching process can be to calculate the similarity between fingerprints. If the matching degree reaches a preset matching degree threshold, it indicates that the fingerprints match, and the image has not been tampered with; if the matching degree does not reach the preset matching degree threshold, it indicates that the fingerprints do not match, and the image has been tampered with.
[0073] The matching degree between the coded fingerprint of the image and each fingerprint information in the fingerprint database can be calculated separately, and the image can be determined as to whether it has been tampered with based on the matching results. For example, if the fingerprint database is a database of real image fingerprints, and a matching result with a matching degree reaching a preset matching degree threshold can be obtained, then the conclusion is that the image has not been tampered with; otherwise, the conclusion is that the image has been tampered with.
[0074] The fingerprint database can also associate and store at least one coded fingerprint from different manufacturers with at least one image compression data of a real image. Based on the image compression data corresponding to the image to be detected, target fingerprints with the same image compression data are selected from the fingerprint database. Then, the matching degree between the coded fingerprint of the image and the target fingerprint is calculated, thereby saving processing resources to some extent. If the target fingerprint cannot be obtained from the fingerprint database, it means that the image does not match the known attributes corresponding to the fingerprint database, so the corresponding conclusion can still be obtained.
[0075] In some exemplary embodiments of this application, both machine learning model prediction and coded fingerprint matching can be used to obtain image classification results. For example, when the image classification results obtained by the two methods are consistent, indicating a very high accuracy in image classification, the conclusion of whether the image has been tampered with can be directly drawn based on this image classification result. If the image classification results obtained by the two methods are inconsistent, the conclusion of whether the image has been tampered with can be drawn based on the image classification result obtained by one of the methods, or further analysis can be performed, such as using computer vision to detect tampering of image content, to ensure the accuracy of image tampering detection.
[0076] Therefore, this embodiment determines whether an image has been tampered with by analyzing the header data contained in the image header file. This tampering detection scheme, which introduces information beyond the image content, can overcome the limitations of computer vision technology in the face of increasingly complex tampering methods, thus effectively improving the accuracy of image tampering detection. Moreover, computer vision technology typically consumes a lot of processing resources. Compared to using computer vision technology for image tampering detection, the embodiment of this application can reduce the consumption of processing resources to a certain extent, thereby improving the efficiency of image tampering detection accordingly.
[0077] Continue reading Figure 4 , Figure 4 This is a flowchart illustrating an image detection method as shown in another exemplary embodiment of this application. Figure 4 As shown, this image detection method in Figure 2 The illustrated embodiment also includes S410-S430, which are described in detail below:
[0078] S410, if the image classification result indicates that the image has not been tampered with, the feature vector is obtained based on the header file data encoding.
[0079] In this embodiment, if the image classification results indicate that the image has not been tampered with, further image source tracing analysis is performed to find the device source of the captured image through header file data, thereby providing more comprehensive and reliable image tampering detection results.
[0080] This embodiment focuses on the intrinsic properties of images, such as DQT, DHT, and camera settings, to access details that are not easily altered during image processing. Even if the image header file undergoes a series of edits, as long as recoding is not involved, it can retain its original state, becoming valuable data for identifying the image's history. Therefore, source tracing analysis not only avoids the risks associated with direct information tampering but also achieves accurate reconstruction of the image's generation environment, greatly enhancing the accuracy and robustness of source tracing analysis.
[0081] This embodiment obtains feature vectors based on header data encoding by extracting various metadata and parameters from the header data as header features, and then encoding the extracted header features into vector form for easier subsequent comparison and analysis. For example, the data used for vector encoding in the header data includes EXIF metadata and JFIF version information, and the vector encoding methods include, but are not limited to, one-hot encoding, embedding, etc.
[0082] S420, match the feature vector with the image features in the feature database; the image features in the feature database are obtained based on the unique identifiers left by different devices in the image header file.
[0083] In the feature database constructed in this embodiment, the image features are obtained based on the unique identifiers left by different devices in the image header files. The matching degree between the feature vector of the image to be detected and the image features in the feature database reflects the probability that the image originates from the corresponding device. Therefore, it is necessary to match the feature vector with the image features in the feature database. Various distance algorithms can be used to calculate the distance between the feature vector of the image and each image feature in the feature database to obtain the matching degree between the two feature vectors, such as the Hamming distance algorithm.
[0084] S430, based on the matching results between the feature vector and each image feature in the feature database, determine the source device of the image.
[0085] Based on the obtained matching results, this embodiment can determine the device corresponding to the highest matching degree as the source device of the image, or it can determine at least two devices with the highest matching degree as the source devices of the image, without limitation.
[0086] Figure 5 This diagram illustrates an exemplary image tracing process. (For example...) Figure 5 As shown, after extracting the image header data, the NAN, Little, and Big bytes corresponding to the EXIF metadata and JFIF version information are extracted as header features. Each header feature is encoded separately, and the encoded data is concatenated to obtain the image feature vector. Then, the image features of each device model are queried from the feature database, and the distance between the feature vector and the image features is calculated. The device model corresponding to the image feature with the smallest distance is then selected as the device model from which the image originated.
[0087] Therefore, this embodiment not only makes full use of the inherent properties of the image itself, but also leverages advanced computing methods to effectively improve the accuracy and efficiency of source tracing analysis, providing strong support for maintaining the authenticity and security of digital images.
[0088] Please continue reading. Figure 6 , Figure 6 This is a flowchart illustrating an image detection method in yet another exemplary embodiment of this application. The method is... Figure 2 Based on the illustrated embodiment, the following steps are further included:
[0089] S610, detects whether the header file data contains abnormal data;
[0090] S620, confirming that the image has been tampered with.
[0091] The abnormal data mentioned in this embodiment can be understood as data that indicates that the image may have been tampered with or abnormally processed. If abnormal data is detected in the file data, it is determined that the image has been tampered with. If no abnormal data is detected in the file data, it is determined that the image has not been tampered with, and the process jumps to S220 to further determine whether the image has been tampered with based on the image classification process. Therefore, this embodiment, based on the detection of abnormal data in the header file data, can quickly and effectively remove images that may have been tampered with or abnormally processed, and also makes the detection process more comprehensive and accurate.
[0092] In some exemplary embodiments of this application, the process of detecting whether the header file data contains abnormal data includes the following steps:
[0093] S611, Obtain the data information contained in the header file that describes the content of the image itself;
[0094] S612, verify whether the data information is consistent with the content of the image; if consistent, determine that the header file data does not contain abnormal data; if inconsistent, determine that the header file data contains abnormal data.
[0095] The above process focuses on detecting whether the header file data contradicts the image's own information. The header file data contains information describing the image's content, which may include at least one of time information, size information, and thumbnail information. Image tampering, especially cutting, pasting, or resaving, may cause these data to become misaligned with the image's content. Therefore, if these data match the image's content, it is determined that the header file data does not contain abnormal data; if they do not match, it is determined that the header file data contains abnormal data.
[0096] For example, check whether at least one of the time information, size information, and thumbnail information is consistent with the content of the image itself; if at least one of them is inconsistent, it is determined that the data information in the header file containing the description of the content of the image itself is inconsistent with the content of the image.
[0097] In some exemplary embodiments of this application, the process of detecting whether the header file data contains abnormal data includes the following steps:
[0098] S613, Verify whether the metadata contained in the header file data meets the original image characteristics;
[0099] S614 If satisfied, it is determined that the header file data does not contain abnormal data; if not satisfied, it is determined that the header file data contains abnormal data.
[0100] The above process delves into image metadata to determine whether it retains the inherent characteristics of the original image. For example, at least one of the following checks can be performed on the image based on its metadata: structural integrity verification and revision feature verification. If at least one check is inconsistent, the metadata is determined to not meet the original image characteristics. Structural integrity verification can include checking the integrity of EXIF information, especially data that is easily lost during editing, such as GPS (Global Positioning System) coordinates, aperture, and shutter speed. Missing or incomplete EXIF information often points to image tampering. Revision feature verification can include detecting software editing traces. For example, checking whether the "Software" field contains identifying words such as "Photoshop," "GIMP," or "Meitu," as these words suggest the image may have undergone post-processing. It can also check for special markings or annotations, such as "Photoshop Thumbnail," "User Comment," or "XMP" data, which are often remnants of editing software operations.
[0101] In some exemplary embodiments of this application, the process of detecting whether the header file data contains abnormal data includes the following steps:
[0102] S615, performs image format determination on the image based on header file data;
[0103] S616, If it is determined that the image has undergone a format change, then it is determined that the header file data contains abnormal data;
[0104] S617, if it is determined that the image has not undergone any format changes, then it is determined that the header file data does not contain any abnormal data.
[0105] The above process focuses on detecting elements that may change during image tampering or re-encoding, namely the image format. For example, at least one of the following data can be obtained from the header data: extended metadata, camera parameters, color configuration information, and image compression data; based on at least one of these data, it can be determined whether the image format has changed. Extended metadata includes, for example, XMP extended metadata. Since image tampering or the use of specific editing tools may cause changes or disappearance of XMP extended metadata or camera-specific parameters, checking the presence of XMP extended metadata or camera-specific parameters can determine whether the image has been tampered with. Color configuration information includes, for example, ICC (International Color Consortium) profiles. Image tampering can also easily lead to changes or loss of color space descriptions; therefore, checking ICC profiles can determine whether the image has been tampered with. Image compression data includes, for example, DQT and DHT. Evaluating whether the quantization table (DQT) and Huffman table (DHT) conform to the standard or manufacturer's presets, deviations in the DQT and DHT can also reflect that the image has undergone re-encoding or quality adjustments.
[0106] Please see Figure 7 , Figure 7 This diagram illustrates the process of detecting abnormal data in the header data of an image. In this process, the image to be detected is determined to be an original image based on three preset rules: whether the image's own information is contradictory, whether it meets the characteristics of the original image, and the image format. This allows for the rapid detection of potentially tampered images.
[0107] It should also be noted that, in some exemplary embodiments of this application, relevant thresholds, such as matching thresholds, can be dynamically adjusted during the image detection process based on different image types and tampering detection modes. That is, it is necessary to identify the image type or the specific tampering detection mode for the image to determine the corresponding image tampering precision, and then apply a threshold matching the determined image tampering precision to the image detection process. This makes the image detection process more flexible, adaptable to a wider range of situations, and improves the robustness of image detection.
[0108] For example, if the image type is identified as an ID document, a high degree of accuracy in image tampering detection is required. Therefore, when matching the image's feature vector with image features in the feature database, a larger matching threshold can be used. The device corresponding to the image feature in the feature database that highly matches the image's feature vector can be used as the source device for that image. If the image type is identified as a regular image, a standard matching threshold can be used.
[0109] For example, if the tamper detection mode is identified as high-precision tamper detection, then the accuracy of image tamper detection needs to be highly guaranteed. Therefore, when matching the image's feature vector with image features in the feature database, a larger matching degree threshold can be used. That is, the device corresponding to the image feature in the feature database that highly matches the image's feature vector is used as the source device for that image. If the tamper detection mode is identified as normal-precision tamper detection, then a conventional matching degree threshold can be used.
[0110] As can be seen from the above, the embodiments of this application using image header information for image tampering detection have multiple beneficial effects. First, this technology significantly improves the security and authenticity of digital images, especially given the continuous advancement of current image forgery generation techniques and the near imperceptibility of visual residue. This technology can accurately identify whether an image has been carefully concealed and tampered with. Second, relying on the header tampering detection scheme, it is also possible to trace the editing software or device model that may have been used. This function significantly enhances public trust in digital content.
[0111] Please see Figure 8 , Figure 8 This is a block diagram illustrating an image detection apparatus according to an exemplary embodiment of this application. The apparatus can be applied to… Figure 1 The implementation environment shown can be configured on server 120, terminal 110, or both terminal 110 and server 120. Of course, this method can also be applied to other implementation environments and configured on terminals or servers in other implementation environments, or configured together on terminals and servers in other implementation environments; this embodiment does not limit this.
[0112] like Figure 8 As shown, in an exemplary embodiment, the image detection device 800 includes: an extraction module 810, a preprocessing module 820, and a classification module 830.
[0113] The extraction module 810 is configured to extract header data from the header file of the image.
[0114] The preprocessing module 820 is configured to select target data that matches the classification strategy used for image classification processing from the header file data, and generate feature data to be classified based on the target data.
[0115] The classification module 830 is configured to perform image classification processing based on the feature data to be classified in order to obtain the image classification result; the image classification result is used to characterize whether the image has been tampered with.
[0116] In another exemplary embodiment, the image detection device 800 further includes a tracing module configured to perform the following process:
[0117] If the image classification result indicates that the image has not been tampered with, the feature vector is obtained based on the header file data encoding;
[0118] The feature vectors are matched with image features in the feature database; the image features in the feature database are obtained based on the unique identifiers left by different devices in the image header files.
[0119] Based on the matching results between the feature vector and each image feature in the feature database, the source device of the image is determined.
[0120] In another exemplary embodiment, the image detection device 800 further includes an anomaly detection module configured to perform the following process:
[0121] Check the header file data for any abnormal data;
[0122] If abnormal data is detected in the header file data, it is determined that the image has been tampered with;
[0123] If no abnormal data is detected in the header file data, the step of preprocessing the header file data to obtain the feature data to be classified is performed.
[0124] In another exemplary embodiment, the anomaly detection module is further configured to perform the following process:
[0125] Retrieve the data information contained in the header file that describes the content of the image itself;
[0126] Verify that the data information matches the content of the image; if they match, then the header file data does not contain any abnormal data; if they do not match, then the header file data contains any abnormal data.
[0127] In another exemplary embodiment, the anomaly detection module is further configured to perform the following process:
[0128] Verify whether the metadata contained in the header file data meets the original image features;
[0129] If the condition is met, it is determined that the header file data does not contain abnormal data; if the condition is not met, it is determined that the header file data contains abnormal data.
[0130] In another exemplary embodiment, the anomaly detection module is further configured to perform the following process:
[0131] Image format determination based on header file data;
[0132] If it is determined that the image format has changed, then it is determined that the header file data contains abnormal data;
[0133] If it is determined that the image has not undergone any format changes, then it is determined that the header file data does not contain any abnormal data.
[0134] In another exemplary embodiment, the preprocessing module 820 is further configured to:
[0135] If the classification strategy uses a machine learning model for image classification, then image metadata is extracted from the header file data, and target image attributes are generated based on the image metadata, so that the target image attributes are used as feature data to be classified.
[0136] If the classification strategy is to classify images by fingerprint matching, then the compressed image data is extracted from the header data, and an encoded fingerprint is generated based on the compressed image data. The encoded fingerprint is then used as the feature data to be classified.
[0137] In another exemplary embodiment, the classification module 830 is further configured as follows:
[0138] If the classification strategy is represented by a machine learning model for image classification, then the target image attributes are input into the trained machine learning model to obtain the image classification result output by the machine learning model.
[0139] If the classification strategy is to classify images by fingerprint matching, then the encoded fingerprint is matched with fingerprint information in a fingerprint database corresponding to known attributes, and the image classification result is determined based on the obtained matching result and the known attributes.
[0140] It should be noted that the apparatus and method provided in the above embodiments belong to the same concept, and the specific manner in which each module and unit performs its operation has been described in detail in the method embodiments, and will not be repeated here. In practical applications, the image detection apparatus or artificial intelligence-based video processing apparatus provided in the above embodiments can be assigned to different functional modules as needed, that is, the internal structure of the apparatus can be divided into different functional modules to complete all or part of the functions described above, and this is not a limitation here.
[0141] Embodiments of this application also provide an electronic device, including: one or more processors; and a memory for storing one or more computer programs, which, when executed by the one or more processors, cause the electronic device to implement the image detection methods provided in the various embodiments described above.
[0142] Figure 9A schematic diagram of a computer system suitable for implementing an electronic device according to embodiments of this application is shown. It should be noted that the electronic device can be... Figure 1 The terminal 90 or server 120 in the implementation environment shown can also be a terminal or server in other implementation environments; there are no restrictions here. It should also be noted that... Figure 9 The computer system 900 of the electronic device shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments of this application.
[0143] like Figure 9 As shown, the computer system 900 includes a Central Processing Unit (CPU) 901, which can perform various appropriate actions and processes based on a computer program stored in Read-Only Memory (ROM) 902 or a computer program loaded from storage portion 908 into Random Access Memory (RAM) 903, such as performing the methods described in the above embodiments. The RAM 903 also stores various computer programs and data required for system operation. The CPU 901, ROM 902, and RAM 903 are interconnected via a bus 904. An input / output (I / O) interface 905 is also connected to the bus 904.
[0144] The following components are connected to I / O interface 905: an input section 906 including a keyboard, mouse, etc.; an output section 907 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and speakers, etc.; a storage section 908 including a hard disk, etc.; and a communication section 909 including a network interface card such as a LAN (Local Area Network) card, modem, etc. The communication section 909 performs communication processing via a network such as the Internet. A drive 910 is also connected to I / O interface 905 as needed. Removable media 911, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., are installed on drive 910 as needed so that computer programs read from them can be installed into storage section 908 as needed.
[0145] Specifically, according to embodiments of this application, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of this application include a computer program product comprising a computer program carried on a computer-readable medium, the computer program including a computer program for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication section 909, and / or installed from removable medium 911. When the computer program is executed by central processing unit (CPU) 901, it performs various functions defined in the system of this application.
[0146] It should be noted that the computer-readable medium shown in the embodiments of this application can be a computer-readable signal medium, a computer-readable storage medium, or any combination of the two. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), flash memory, optical fiber, portable compact disc read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the above. The computer program contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to: wireless, wired, etc., or any suitable combination of the above.
[0147] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. Each block in a flowchart or block diagram may represent a module, segment, or portion of code, which contains one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0148] The units described in the embodiments of this application can be implemented in software or hardware, and the described units can also be located in a processor. The names of these units do not necessarily limit the specific unit itself.
[0149] Another aspect of this application provides a computer-readable storage medium storing a computer program that, when executed by a processor of an electronic device, implements the image detection method as described above. This computer-readable storage medium may be included in the electronic device described in the above embodiments, or it may exist independently and not assembled into the electronic device.
[0150] Another aspect of this application provides a computer program product comprising a computer program stored in a computer-readable storage medium. A processor of an electronic device reads the computer program from the computer-readable storage medium and executes the computer program, causing the electronic device to perform the image detection methods provided in the various embodiments described above.
[0151] The above description is merely a preferred exemplary embodiment of this application and is not intended to limit the implementation of this application. Those skilled in the art can easily make corresponding modifications or alterations based on the main concept and spirit of this application. Therefore, the scope of protection of this application should be determined by the scope of protection claimed in the claims.
[0152] It is understood that in the specific implementation of this application, data such as images, header data, and metadata are involved. When the above embodiments of this application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions.
Claims
1. An image detection method characterized by, The method includes: Extract header data from the image header file; Based on the classification strategy used to classify the image, target data that matches the classification strategy is selected from the header data, and feature data to be classified is generated based on the target data. The image classification process is performed based on the feature data to be classified to obtain the image classification result; the image classification result is used to characterize whether the image has been tampered with.
2. The method of claim 1, wherein, The method further includes: If the image classification result indicates that the image has not been tampered with, a feature vector is obtained based on the header file data encoding; The feature vector is matched with image features in the feature database; the image features in the feature database are obtained based on unique identifiers left by different devices in the image header file. Based on the matching results between the feature vector and each image feature in the feature database, the source device of the image is determined.
3. The method according to claim 1 or 2, characterized in that, The method further includes: Detect whether the header file data contains abnormal data; If abnormal data is detected in the header file data, it is determined that the image has been tampered with; If no abnormal data is detected in the header file data, then the step of preprocessing the header file data to obtain the feature data to be classified is performed.
4. The method according to claim 3, characterized in that, The detection of whether the header file data contains abnormal data includes: Obtain the data information contained in the header file that describes the content of the image itself; Verify whether the data information is consistent with the content of the image; if they are consistent, it is determined that the header file data does not contain abnormal data; if they are inconsistent, it is determined that the header file data contains abnormal data.
5. The method according to claim 4, characterized in that, The data information used to describe the content of the image itself includes at least one of time information, size information, and thumbnail information; Verifying whether the data information matches the content of the image includes: Verify that at least one of the time information, the size information, and the thumbnail information is consistent with the content of the image itself; If at least one item is inconsistent, then the data information is determined to be inconsistent with the content of the image.
6. The method according to claim 3, characterized in that, The detection of whether the header file data contains abnormal data includes: Verify whether the metadata contained in the header file data satisfies the original image features; If the condition is met, it is determined that the header file data does not contain abnormal data; if the condition is not met, it is determined that the header file data contains abnormal data.
7. The method according to claim 6, characterized in that, Verifying whether the metadata contained in the header file data satisfies the original image features includes: Based on the metadata, perform at least one of the following checks on the image: structural integrity check and revision feature check; If at least one verification is inconsistent, the metadata is determined not to meet the original image features.
8. The method according to claim 3, characterized in that, The detection of whether the header file data contains abnormal data includes: The image format is determined based on the header file data; If it is determined that the image has undergone a format change, then it is determined that the header file data contains abnormal data; If it is determined that the image has not undergone any format changes, then it is determined that the header file data does not contain any abnormal data.
9. The method according to claim 8, characterized in that, The format of the image is determined based on the header data, including: Obtain at least one of the following data from the header file data: extended metadata, camera parameters, color configuration information, and image compression data; Determine whether the image has undergone a format change based on at least one of the data points.
10. The method according to any one of claims 1-9, characterized in that, The step of selecting target data that matches the classification strategy used for image classification processing from the header file data, and generating feature data to be classified based on the target data, includes: If the classification strategy characterizes image classification using a machine learning model, then image metadata is extracted from the header file data, and target image attributes are generated based on the image metadata, so that the target image attributes are used as the feature data to be classified. If the classification strategy characterizes image classification through fingerprint matching, then image compressed data is extracted from the header data, and an encoded fingerprint is generated based on the image compressed data, which is then used as the feature data to be classified.
11. The method according to claim 10, characterized in that, The image classification process based on the feature data to be classified, to obtain the image classification result, includes: If the classification strategy represents the use of a machine learning model for image classification, then the target image attributes are input into the trained machine learning model to obtain the image classification result output by the machine learning model. If the classification strategy characterizes image classification through fingerprint matching, then the encoded fingerprint is matched with fingerprint information in a fingerprint database corresponding to known attributes, so as to determine the image classification result based on the obtained matching result and the known attributes.
12. An image detection device, characterized in that, The device includes: The extraction module is configured to extract header data from the image header file; The preprocessing module is configured to select target data that matches the classification strategy used for image classification processing of the image from the header file data, and generate feature data to be classified based on the target data. The classification module is configured to perform image classification processing based on the feature data to be classified in order to obtain an image classification result; the image classification result is used to characterize whether the image has been tampered with.
13. An electronic device, characterized in that, include: One or more processors; A memory for storing one or more computer programs that, when executed by one or more processors, cause the electronic device to perform the method as described in any one of claims 1-11.
14. A computer-readable storage medium, characterized in that, It stores a computer program that, when executed by the processor of the electronic device, causes the electronic device to perform the method of any one of claims 1-11.
15. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by the processor of the electronic device, it implements the method as described in any one of claims 1-11.