IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO.

3, SEPTEMBER 2011 1099

A SIFT-Based Forensic Method for Copy–Move

Attack Detection and Transformation Recovery
Irene Amerini, Lamberto Ballan, Student Member, IEEE, Roberto Caldelli, Member, IEEE,
Alberto Del Bimbo, Member, IEEE, and Giuseppe Serra

Abstract—One of the principal problems in image forensics is

determining if a particular image is authentic or not. This can be
a crucial task when images are used as basic evidence to influence
judgment like, for example, in a court of law. To carry out such
forensic analysis, various technological instruments have been de-
veloped in the literature. In this paper, the problem of detecting if
an image has been forged is investigated; in particular, attention
has been paid to the case in which an area of an image is copied
and then pasted onto another zone to create a duplication or to
cancel something that was awkward. Generally, to adapt the image Fig. 1. Example of image tampering that appeared in press in July, 2008. The
patch to the new context a geometric transformation is needed. To feigned image (on the right) shows four Iranian missiles but only three of them
detect such modifications, a novel methodology based on scale in- are real; two different sections (encircled in red and purple, respectively) repli-
variant features transform (SIFT) is proposed. Such a method al- cate other image sections by applying a copy–move attack.
lows us to both understand if a copy–move attack has occurred
and, furthermore, to recover the geometric transformation used to
perform cloning. Extensive experimental results are presented to has been tampered with [6], [7] or which was the acquisition de-
confirm that the technique is able to precisely individuate the al- vice used [8], [9]. In particular, by focusing on the task of acqui-
tered area and, in addition, to estimate the geometric transforma- sition device identification, two main aspects must be studied:
tion parameters with high reliability. The method also deals with
multiple cloning. the first is to understand which kind of device generated a digital
image (e.g., a scanner, a digital camera, or a computer graphics
Index Terms—Authenticity verification, copy–move attack, dig- product) [10], [11], while the second is to determine which spe-
ital image forensics, geometric transformation recovery. cific camera or scanner (by recognizing model and brand) ac-
quired that specific content [8], [9].
The other main multimedia forensics topic is image tam-
I. INTRODUCTION pering detection [6], that is assessing the authenticity of a
digital image. Information integrity is fundamental in a trial,

D IGITAL crime, together with constantly emerging soft-

ware technologies, is growing at a rate that far surpasses
defensive measures. Sometimes a digital image or a video is
incontrovertible evidence of a crime or the proof of a malevo-
lent action. By looking at digital content as a digital clue, multi-
media forensics aims to introduce novel methodologies to sup-
port clue analysis and to provide an aid for making a decision
about a crime. Multimedia forensics [1]–[3] deals with devel-
oping technological instruments operating in the absence of wa-
termarks [4], [5] or signatures inserted in the image. In fact, dif-
ferent from digital watermarking, forensics means are defined as
“passive” because they can formulate an assessment on a digital
document by resorting only to the digital asset itself. These tech-
niques basically allow the user to determine if particular content
Manuscript received September 14, 2010; revised March 09, 2011; accepted
March 10, 2011. Date of publication March 17, 2011; date of current version
August 17, 2011. This work was supported in part by the EU ICT 3D-COFORM
Project (Contract FP7-231809). The associate editor coordinating the review of
this manuscript and approving it for publication was Dr. Wenjun Zeng.
The authors are with Media Integration and Communication Center,
University of Florence, 50134 Florence, Italy (e-mail:
but it is clear that the advent of digital pictures and relative ease
of digital image processing today makes this authenticity uncer-
tain. Two examples of this problem, that recently appeared in
newspapers and TV news, are given in Figs. 1 and 2. Modifying
a digital image to change the meaning of what is represented
in it can be crucial when used in a court of law where images
are presented as basic evidence to influence the judgement.
Furthermore, it is interesting, once established that something
has been manipulated, to understand exactly what happened: if
an object or a person has been covered, if a part of the image
has been cloned, if something has been copied from another
image, or if a combination of these processes has been carried
out. In particular, when an attacker creates his feigned image
by cloning an area of the image onto another zone (copy–move
attack), he is often obliged to apply a geometric transformation
to satisfactorily achieve his aim.
In this paper, this issue is investigated, and the proposed
method is able to individuate if copy–move tampering has
taken place and also to estimate the parameters of the trans-
formation used (i.e., horizontal and vertical translation, scaling

[email protected]; factors, rotation angle). On the basis of our preliminary work
[email protected]; [email protected]; [email protected]; serra@dsi. [12], a new methodology which satisfying these requirements
unifi.it).
Color versions of one or more of the figures in this paper are available online
is presented hereafter. Such a technique is based on the scale
at http://ieeexplore.ieee.org. invariant features transform (SIFT) [13], which are used to ro-
Digital Object Identifier 10.1109/TIFS.2011.2129512 bustly detect and describe clusters of points belonging to cloned

1556-6013/$26.00 © 2011 IEEE

1100 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
Fig. 2. A close look at this picture, appearing in press in 2007 (Fars News
Agency, Tehran), shows that many elements are cloned over and over. Also in
this case the cloned sections are encircled in different colors.
areas. After detection, these points are exploited to reconstruct
the parameters of the geometric transformation. The proposed
technique has also been tested against splicing attacks (i.e.,
when an image block is duplicated onto a different image). In
fact, in a context where the source image is available (e.g., the
forensic analyst has to check a suspect dataset which contains
both the source and the destination image), this methodology
can be still applied.
The rest of the paper is structured as follows: Section II
presents related works regarding copy–move forgery detection
and it reviews the SIFT technique. Moreover, the contribution
and the novelty of our approach respect to the state-of-the-art
is discussed. Section III presents the proposed method in its
three main stages, while experimental results on forgery de-
tection and on applied transformation parameters estimation
are presented in Section IV. Conclusions are finally drawn in
Section V.
II. SIFT FEATURES FOR IMAGE FORENSICS
One of the most common image manipulations is to clone
(copy and paste) portions of the image, for instance, to conceal
a person or an object in the pictured scene. When this is done
with care, and retouching tools are used, it can be very difficult
to detect cloning. Moreover, since the copied parts are from the
same images, some components (e.g., noise and color) will be
compatible with the rest of the image and thus will not be de-
tectable using methods that look for incompatibilities in statis-
tical measures in different parts of the image [14], [15]. Further-
more, since the cloned regions can be of any shape and location,
it is computationally infeasible to search all possible image lo-
cations and sizes with an exhaustive search as pointed out in
[16].
The problem of copy–move forgery detection has been faced
by proposing different approaches each of these based on the
same concept: a copy–move forgery introduces a correlation
between the original image area and the pasted one. Several
methods search for this dependence by dividing the image
into overlapping blocks and then applying a feature extraction
process in order to represent the image blocks with a low
dimensional representation. In [17], the averages of red, green,
and blue components are chosen together with four other
features computed on overlapping blocks, and obtained by
calculating the energy distribution of luminance along four
different directions. A different approach is presented in [18]
in which the features are represented by the singular value
decomposition (SVD) performed on low-frequency coefficients
of the block-based discrete wavelet transform (DWT). The
authors in [19] proposed a block representation calculated
using blur invariants. Their specific aim is to find features
invariant to the presence of blur artifacts that a falsifier can
apply to make detection of forgery more difficult. Then they
used principal component analysis (PCA) to reduce the number
of features and a -tree to identify the interesting regions. In
[20], the authors present a technique to detect cloning when
the copied part has been modified using two specific tools, the
Adobe Photoshop healing brush and Poisson cloning. Another
two algorithms, [16] and [21], are based on low dimensional
representations of blocks and fast sorting to improve efficiency
and have been developed to detect copy–move image regions.
In particular, the authors in [16] apply a discrete cosine trans-
form (DCT) to each block. Duplicated regions are then detected
by lexicographically sorting the DCT block coefficients and
grouping similar blocks with the same spatial offset in the
image. In [21] the authors apply PCA on image blocks to yield
a reduced-dimension representation. Duplicated regions are
again detected by lexicographically sorting and grouping all
of the image blocks. A related approach is the method in [22]
where a Fourier Mellin Transform is applied on each block.
Forgery decision is performed when there are more than a given
number of blocks that are connected to each other and the dis-
tance between block pairs is the same. To create a convincing
forgery, it is often necessary to resize, rotate, or stretch portions
of an image. For example, when creating a composition of two
objects, one object may have to be resized to match the relative
heights. This process requires resampling of the original image
introducing specific periodic correlations between neighboring
pixels. The presence of these correlations due to resampling
can be used to detect that something happened to the image
[23] but not to detect the specific manipulation.
So a good copy–move forgery detection should be robust
to some types of transformation, such as rotation and scaling,
and also to some manipulations including JPEG compression,
Gaussian noise addition, and gamma correction. Most existing
methods do not deal with all these manipulations and are often
computationally prohibitive. In particular, the method in [21]
is not able to detect scaling or rotation transformation, whereas
with the methods in [16] and [22] only small variations in rota-
tion and scaling are identifiable as reported in [24]. The authors
in [25] make an attempt to overcome the problem using Zernike
moments to identify copy–move manipulation when only rota-
tion of the copied area takes place. This issue is also discussed
in [26] where rotation transformations, JPEG compression, and
Gaussian noise manipulations are analyzed to understand how
they affect the copy–move detection. The authors in [27] in-
stead propose a method to detect duplicated and transformed
regions through the use of a block description invariant to re-
flection and rotation such as the log-polar block representation
summed along its angle axis. Finally, a comparison among some
of the copy–move methods described above has been reported
in [28], evaluating the performance of each method with and
without geometric transformation applied to the copied patch.
Today, local visual features (e.g., SIFT, SURF, GLOH, etc.)
have been widely used for image retrieval and object recog-
nition, due to their robustness to several geometrical transfor-
mations (such as rotation and scaling), occlusions, and clutter.
More recently, attempts have been made to apply these kinds of
AMERINI et al.: SIFT-BASED FORENSIC METHOD FOR COPY–MOVE ATTACK DETECTION AND TRANSFORMATION RECOVERY
features also in the digital forensics domain; in fact, SIFT fea-
tures have been used for fingerprint detection [29], shoeprint
image retrieval [30], and also for copy–move detection [31],
[12], [32].
A. Review of the SIFT Algorithm
Most of the algorithms proposed in the literature for detecting
and describing local visual features usually require two steps.
The first is the detection step, in which interest points are local-
ized, while in the second step robust local descriptors are built
so as to be invariant with respect to orientation, scale, and affine
transformations. A comprehensive analysis of several local de-
scriptors is provided in [33], while local affine region detectors
are surveyed in [34]. These works confirm that SIFT features
[13] are a good solution because of their robust performance
and relatively low computational costs.
This method can be roughly summarized as the following
four steps: 1) scale-space extrema detection; 2) keypoint local-
ization; 3) assignment of one (or more) canonical orientations;
4) generation of keypoint descriptors.
In other words, given an input image , SIFT features are
detected at different scales using a scale-space representation
implemented as an image pyramid. The pyramid levels are ob-
tained by Gaussian smoothing and subsampling of the image
resolution while interest points are selected as local extrema
(minimum/maximum) in the scale-space. These keypoints, re-
ferred to as in the following, are extracted by applying a com-
putable approximation of the Laplacian of Gaussian called Dif-
ference of Gaussians (DoG). Specifically, a DoG image is
given by:
, where is the convolution
of the original image with the Gaussian blur
at scale .
In order to guarantee invariance to rotations, the algorithm
assigns to each keypoint a canonical orientation . To determine
this orientation, a gradient orientation histogram is computed
in the neighborhood of the keypoint. Specifically, for an image
sample at scale (the scale in which that keypoint
was detected), the gradient magnitude and orientation
are precomputed using pixel differences
(1)
(2)
An orientation histogram with 36 bins is formed, with
each bin covering approximately 10 . Each sample in the
neighboring window added to a histogram bin is weighted by
its gradient magnitude and by a Gaussian-weighted circular
window with equal to 1.5 times respect to the scale of the
keypoint. The peaks in this histogram correspond to dominant
orientations. Once these keypoints are detected, and canonical
orientations are assigned, SIFT descriptors are computed at
their locations in both image plane and scale-space. Each
feature descriptor consists of a histogram of 128 elements,
obtained from a 16 16 pixel area around the corresponding
keypoint. This area is selected using the coordinates of
1101
the keypoint as the center and its canonical orientation as the
origin axis. The contribution of each pixel is obtained by ac-
cumulating image gradient magnitude and orientation
in scale-space and the histogram is computed as the
local statistics of gradient orientations (considering eight bins)
in 4 4 subpatches.
Summarizing the above, given an image , this procedure
ends with a list of keypoints each of which is completely
described by the following information:
where are the coordinates in the image plane, is the
scale of the keypoint (related to the level of the image-pyramid
used to compute the descriptor), is the canonical orientation
(used to achieve rotation invariance), and is the final SIFT
descriptor.
B. Our Contribution
A very preliminary work on copy–move forgery detection
based on SIFT features was proposed in [31], but in that paper
no estimation of the parameters of the applied geometric trans-
formation is performed and, furthermore, extended numerical
results to evaluate real performances of the methodology (e.g.,
true/false positive rates) are not provided. Another very recent
work has been presented in [32]. Although the technique is able
to deal with region extraction by resorting to a correlation map,
it cannot manage affine transformation and, also in this case,
quantitative results on the reliability of the estimate of geometric
transformation parameters are not given; in addition, this ap-
proach adopts many different empirical thresholds whose set-
ting seems to be not completely unsupervised. Moreover none
of these contributions considers accurately the case of multiple
copy–move forgeries. As we will show furthermore, this is a key
point in a realistic forensic scenario since often a forged image
contains several cloned areas (like in the case of Fig. 2).
In this scenario is placed our proposed method that is able to
detect and then to estimate the geometrical transformation used
in a copy–move forgery attack. Multiple copy–move forgeries
are managed by performing a robust feature matching proce-
dure and then a clustering on the keypoint coordinates in order
to separate the different cloned areas. These two tasks are fun-
damental since otherwise, in case of multiple cloning, it is often
impossible to detect and separate each forgery and also to es-
timate the geometric transformation. Estimating the geometric
parameters with accuracy is deemed as a fundamental task not
only to understand how the cloned patch has been processed
[35] and possibly to infer which was the counterfeiter’s motive,
but also to compare the original source block of image and the
forged one on a common ground. Furthermore, a reliable esti-
mate of the transformation allows us to register the two patches
for a possible deeper forensics analysis [36]. The method pro-
posed hereafter is able to deal with affine geometric transforma-
tions and, as demonstrated by experimental results, also gives
reliable estimates of the transformation parameters. Our tech-
nique works by relying on a unique empirical threshold which
regulates clustering operation, and that has been determined by
a training procedure on a general dataset. This is a very impor-
tant issue also in comparison with similar techniques like that
in [32].
1102 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
Fig. 3. Overview of the proposed system. SIFT matched pairs and clusters.
III. PROPOSED METHOD
The proposed approach is based on the SIFT algorithm to ex-
tract robust features which can allow it to discover if a part of
an image was copy–moved, and furthermore, which geomet-
rical transformation was applied. In fact, the copied part has
basically the same appearance of the original one, thus key-
points extracted in the forged region will be quite similar to
the original ones. Therefore, matching among SIFT features can
be adopted for the task of determining possible tampering. A
simple schematization of the whole system is shown in Fig. 3:
the first step consists of SIFT feature extraction and keypoint
matching, the second step is devoted to keypoint clustering and
forgery detection, while the third one estimates the occurred
geometric transformation, if tampering has been detected.
A. SIFT Features Extraction and Multiple Keypoint Matching
Given a test image, a set of keypoints with
their corresponding SIFT descriptors is extracted.
A matching operation is performed in the SIFT space among the
vectors of each keypoint to identify similar local patches in
the test image. The best candidate match for each keypoint
is found by identifying its nearest neighbor from all the other
keypoints of the image, which is the keypoint with the
minimum Euclidean distance in the SIFT space. In order to de-
cide that two keypoints match (i.e., “are these two descriptors
the same or not?”), simply evaluating the distance between two
descriptors with respect to a global threshold does not perform
well. This is due to the high-dimensionality of the feature space
(128) in which some descriptors are much more discriminative
than others.
We can obtain a more effective procedure, as suggested
in [13], by using the ratio between the distance of the closest
neighbor to that of the second-closest one, and comparing it with
a threshold (often fixed to 0.6). For the sake of clarity, given a
keypoint we define a similarity vector
that represents the sorted Euclidean distances with respect
to the other descriptors. Following this idea, the keypoint is
matched only if this constraint is satisfied:
where (3)
We refer to this procedure as the 2NN test. This matching pro-
cedure has one main drawback: it is unable to manage multiple
keypoint matching. This is a key aspect in case of copy–move
forgeries since it may happen that the same image area is cloned
over and over (see, for example, Fig. 2). In other words, it only
finds matches between keypoints whose SIFT descriptors are
very different from those of the rest of the set (i.e., features that
are globally distinctive). Therefore, the case of cloned patches
is very critical since the keypoints detected in those regions are
very similar to each other.
For this reason, we propose a novel matching procedure that
is a generalization of (3), and is able to deal with multiple copies
of the same features. Our generalized 2NN test (referred as
2NN) starts from the observation that in a high dimensional
feature space such as that of SIFT features, keypoints that are
different from one considered share very high and very similar
values (in terms of Euclidean distances) among them. Instead,
similar features show low Euclidean distances with respect to
the others. The idea of the 2NN test is that the ratio between the
distance of the candidate match and the distance of the second
nearest neighbor is low in the case of a match (e.g., lower than
0.6) and very high in case of two “random features” (e.g., greater
than 0.6). Our generalization consists of iterating the 2NN test
between until this ratio is greater than (in our exper-
iments we set this value to 0.5). If is the value in which the
procedure stops, each keypoint in correspondence to a distance
in (where ) is considered as a match for
the inspected keypoint.
Finally, by iterating over keypoints in , we can obtain the set
of matched points. All the matched keypoints are retained, but
isolated ones are no longer considered in subsequent processing
steps. Already at this stage a draft idea of the authenticity of
the image is provided. But it can happen that images that legit-
imately contain areas with very similar texture yield matched
keypoints that might induce false alarms. The following two
steps of the proposed methodology reduce this possibility.
B. Clustering and Forgery Detection
To identify possible cloned areas, an agglomerative hierar-
chical clustering [37] is performed on spatial locations (i.e.,
coordinates) of the matched points. Hierarchical clustering cre-
ates a hierarchy of clusters which may be represented by a tree
structure. The algorithm starts by assigning each keypoint to
a cluster; then it computes all the reciprocal spatial distances
among clusters, finds the closest pair of clusters, and finally
merges them into a single cluster. Such computation is itera-
tively repeated until a final merging situation is achieved. The
way this final merging can be accomplished is basically condi-
tioned both by the linkage method adopted and by the threshold
used to stop cluster grouping.
Several linkage methods exist in the literature and our ex-
periments evaluate their performance to estimate the best cutoff
AMERINI et al.: SIFT-BASED FORENSIC METHOD FOR COPY–MOVE ATTACK DETECTION AND TRANSFORMATION RECOVERY
threshold for forgery detection (see Section IV-A for a de-
tailed description of such experiments). In particular, three dif-
ferent linkage methods have been evaluated: Single, Centroid,
and Ward’s linkage. Given two clusters and , respectively
containing and objects (where and indicate
the th and the th object in the clusters and ), the linkage
methods operate as follows:
1) Single linkage uses the smallest Euclidean distance be-
tween objects in the two clusters
(4)
2) Centroid linkage uses the Euclidean distance between the
centroids of the two clusters
(5)
where
and (6)
3) Ward’s linkage evaluates the increment/decrement in the
error sum of squares (ESS) after merging the two clusters
into a single one with respect to the case of two separated
clusters
(7)
where
(8)
where is the centroid (again) and indicates the
combined cluster.
According to the adopted linkage method, a specific tree
structure is obtained. In addition to this, the proper choice
of the threshold , to determine where to cut the tree and
consequently which is the final number of clusters, is crucial.
The parameter which is compared with is the inconsistency
coefficient (IC) which characterizes each clustering operation;
a higher value of this coefficient, the less similar the objects
connected by the link, thus when it exceeds the threshold
clustering stops. IC takes basically into account the average
distance among clusters and does not allow us to join clusters
spatially too far at that level of hierarchy. It is easy to see
that an appropriate choice of directly influences tampering
detection performance. At the end of the clustering procedure,
clusters which do not contain a significant number (more than
three) of matched keypoints are eliminated. On this basis,
to optimize detection performance and consequently to the
carried out experimental tests (see again Subsection IV-A), we
consider that an image has been altered by a copy–move attack
if the method detects two (or more) clusters with at least three
pairs of matched points linking a cluster to another one. This
aspect has been investigated and this assumption yields a good
trade-off between the need to provide a low false alarm rate.
It should be noted that it can happen that no matched key-
points are obtained, mainly because salient features are not de-
tected in the forged patch (e.g., when an object is hidden with
1103
a flat patch). Anyway, this is a very well-known open issue in
SIFT-related scientific literature.
C. Geometric Transformation Estimation
When an image has been classified as nonauthentic, the pro-
posed method can determine which geometrical transformation
was used between the original area and its copy–moved ver-
sion. Let the matched point coordinates be, for the two areas,
and , respectively; their geo-
metric relationships can be defined by an affine homography
which is represented by a 3 3 matrix as
(9)
This matrix can be computed by resorting to at least three
matched points. In particular, we determine using maximum
likelihood estimation of the homography [38]. This method
seeks homography and pairs of perfectly matched points
and that minimizes the total error function as in (10)
(10)
However, mismatched points (outliers) can severely disturb
the estimated homography. For this reason, we perform the pre-
vious estimation by applying the RANdom SAmple Consensus
algorithm (RANSAC) [39]. This algorithm randomly selects a
set (in our case three pairs of points) from the matched points
and estimates the homography ; then all the remaining points
are transformed according to and compared in terms of dis-
tance with respect to their corresponding matched ones. If this
distance is under or above a certain threshold , they are cat-
alogued as inliers or outliers, respectively. After a predefined
number of iterations, the estimated transformation which
is associated with the higher number of inliers is chosen. In our
experimental tests, has been set to 1000 and the threshold
to 0.05; this is due to the fact that we used a standard method
of normalization of the data for homography estimation. The
points are translated so that their centroid is at the origin and
then they are scaled so that the average distance from the origin
is equal to . This transformation is applied to both of the two
areas and independently.
Once the affine homography is found, rotation and scaling
transformations can be computed from its decomposition, while
translation can be determined by considering the centroids of the
two matched clusters. In particular, can be represented as
where (11)
The matrix is the composition of rotation and nonisotropic
scaling transformations. In fact, it can always be decomposed as
(12)
where and are rotations by and , respectively, and
is a diagonal matrix for the scaling trans-
formation. Hence, the defines the concatenation of a rotation
by , a scaling by and , respectively, in the rotated and
1104 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
TABLE I
TEN DIFFERENT COMBINATIONS OF GEOMETRIC TRANSFORMATIONS APPLIED
TO THE ORIGINAL PATCH FOR THE MICC-F220 DATASET
TABLE II
FOURTEEN DIFFERENT COMBINATIONS OF GEOMETRIC TRANSFORMATIONS
APPLIED TO THE ORIGINAL PATCH FOR THE MICC-F2000 DATASET
directions; a rotation back by ; and finally another rota-
tion by . This decomposition is computed directly by the SVD.
In fact, the matrix can be also rewritten as
since and are orthog-
onal matrices.
IV. EXPERIMENTAL RESULTS
In this section, we evaluate the proposed methodology
providing two main kinds of the tests: first, on a small dataset
named MICC-F220, a benchmarking of the technique is done
to properly set the threshold and to compare it with other
methods known in the literature; second, on a larger dataset
named MICC-F2000, a complete evaluation is carried out
by testing the system against different types of modifica-
tions. Both datasets are composed of images with different
contents coming from the Columbia photographic image repos-
itory [40] and from a personal collection. The first dataset
MICC-F220 consists of 220 images: 110 are tampered im-
ages and 110 are originals. The image resolution varies from
722 480 to 800 600 pixels and the size of the forged
patch covers, on the average, 1.2% of the whole image. The
second dataset MICC-F2000 is composed of 2000 photos of
2048 1536 pixels (3 M pixels) and the forgery is, on average,
1.12% of the whole image: so it is again quite small and similar
to the MICC-F220 dataset case. To reproduce as much as
possible a practical situation, the number of original and altered
images belonging to the MICC-F2000 dataset is not the same:
1300 original images and 700 tampered images have been
taken. The forged images are obtained, in both the datasets,
by randomly selecting (both as location and as dimension) an
image area (square or rectangular) and copy-pasting it over
the image after having applied a number of different attacks
such as translation, rotation, scale (symmetric/asymmetric), or
a combination of them.
Tables I and II summarize the geometric transformations for
the attack applied in the MICC-F220 dataset (10 attacks, from
to in Table I) and in the MICC-F2000 (14 attacks, from
to in Table II), respectively. In particular, for each attack, we
report the rotation in degrees and the scaling factors ,
TABLE III
TRAINING PHASE: TPR AND FPR VALUES (IN PERCENTAGE) FOR EACH
METRIC WITH RESPECT TO
applied to the and axis of the cloned image part (e.g., in the
attack , the and axes are scaled by 30%, and no rotation is
performed).
A. Settings for Forgery Detection
First of all, the proposed method is analyzed to determine
the best settings for the cutoff threshold introduced in
Section III-B according to the chosen linkage method. These
values are set for the all remaining experiments and compar-
isons. To address this problem, the following experiment has
been setup applying a four-fold cross-validation process: from
the database of 220 images (MICC-F220), 165, that is of the
image set, (82 tampered and 83 original) have been randomly
chosen to perform a training to find the best threshold for
each of the three considered linkage methods (Single, Centroid,
Ward’s); the remaining 55 images ( of the whole set) have
been used in a successive testing phase to evaluate detection
performances of the proposed technique. The experiment was
repeated four times, by cyclically exchanging the four image
subsets belonging to the training (3 subsets) and to the testing
set (1 subset), and the results have been averaged. Detection
performance was measured in terms of true positive rate (TPR)
and false positive rate (FPR), where TPR is the fraction of
tampered images correctly identified as such, while FPR is the
fraction of original images that are not correctly identified
We repeat that an image is considered to have been altered by
a copy–move attack if the method detects two (or more) clusters
with at least three pairs of matched points that link a cluster to
another one (as detailed in Subsection III-B).
In Table III, for each linkage method, the TPR and the FPR
obtained during the training phase are reported with respect to
the threshold , which varies in the interval [0.8, 3] with steps
of 0.2. The goal was to minimize the FPR while maintaining a
very high TPR; we see that FPR is almost always very low, while
on the contrary TPR is highly variable. The optimal threshold
has been chosen, as evidenced in Table III, for the maximum
value of TPR that is 1.6 for the Single linkage method, 1.8 for the
Centroid and 2.2 for the Ward’s linkage. Finally, the test phase
has been launched for the best metrics using the previously
AMERINI et al.: SIFT-BASED FORENSIC METHOD FOR COPY–MOVE ATTACK DETECTION AND TRANSFORMATION RECOVERY
TABLE IV
TEST PHASE ON MICC-F220 DATASET: DETECTION RESULTS
IN TERMS OF FPR AND TPR
TABLE V
TRANSFORMATION PARAMETER ESTIMATION ERRORS FOR THE MICC-F220
(SINGLE LINKAGE METHOD WITH , AS PREVIOUSLY UNDERLINED
OTHER METRICS GIVE SIMILAR PERFORMANCES). THE VALUES AND
ARE EXPRESSED IN PIXELS WHILE IS IN DEGREES
obtained in the training phase. The final detection results are re-
ported in Table IV. These values show that the proposed method
performs satisfactorily, providing a low FPR while maintaining
a high rate of correct tampering detection for all the used linkage
methods, though Ward’s metric seems to be slightly better. We
conclude that the choice of linkage methods is not so funda-
mental, while the setting is crucial.
Furthermore, for the cases of correctly detected forged im-
ages, the estimation of the geometric transformation parameters
which bring the original patch onto the forged one has also been
computed. The mean absolute error (MAE) between each of the
true values of the transformation parameters and the estimated
ones are reported in Table V. As in the previous tables, and
refer to the scaling factors occurred in the transformation,
refers to the rotation (in degrees), while and are translation
on direction, respectively.
Results show a high degree of precision in the estimate of the
various parameters of the affine transformation. In addition to
this, Table VI reports for one of the test images belonging to the
MICC-F220, named Cars (see Fig. 4, first column), each trans-
formation parameter (the original value applied to the patch, the
estimated one and the absolute error ). It can be observed
how reliable the estimate is, specifically for the scale parameters
and also for an asymmetric scaling combined with a rotation.
1) Qualitative Evaluation: Here we report some experi-
mental results on images where a copy–move attack has been
performed by taking into account the context. In this case, the
patch is selected according to the specific goal to be achieved
and, above all, transformed by paying attention to perfectly
conceal the modification. Alterations are not recognizable at
least at a first glance and a forensic tool could help in investi-
gations. In Fig. 4, four such cases are pictured by presenting
the tampered image and the corresponding one where matched
keypoints and clusters, extracted by the proposed method, are
highlighted. An interesting situation concerns the individuation
of a cloned patch for the image named Dune (second column)
where, though the duplicated area is quite flat, the method is
able to detect a sufficient number of matched keypoints. On the
contrary, the opposite occurs for the image named Santorini
(last column), where a large number of matched keypoints is
obtained; now the cloned block is very textured and though
it has undergone a geometrical transformation to be properly
adapted to the context, the SIFT algorithm is robust enough not
to be disturbed.
1105
2) Copy–Move Methods Comparison: The proposed ap-
proach has been compared to the results obtained with our
implementations of the methods presented in [16], based on
DCT, and in [21], based on PCA (both have been previously
introduced in Section II). The input parameters required by the
two methods are set as follows: (number of pixels per
block), (number of neighborhood rows to search in
the lexicographically sorted matrix), (threshold
for the minimum frequency), and (threshold to
determine a duplicated block). These parameters are used in
both the algorithms, while (fraction of the ignored
variance along the principle axes after PCA is computed) and
(number of the quantization bins) are only used for
the method presented in [21]. In our method, Ward’s linkage
with a threshold has been used.
The experiments have been launched on the whole
MICC-F220 image database on a machine with an Intel
Q6600 quad core with 4-GB RAM and the FPR, TPR, and
processing time have been evaluated. Table VII shows the
detection performance and the processing time on average (in
seconds) for an image.
The results indicate that the proposed method performs better
with respect to the others methods; in fact the processing time
(per image) is on average about 5 s, whereas the other two take
more than 1 min and almost 5 min, respectively. Furthermore,
the DCT and PCA methods, though obtaining an acceptable
TPR, fail when a decision about original image is required (high
FPR values in Table VII). This is basically due to the incapacity
of such methods to properly deal with cases where a geomet-
rical transformation which is not pure translation is applied to
the copy–moved patch. For the specific case of pure patch trans-
lation, FPR is 0% for all the three methods.
B. Test on Multiple Copied Regions
In this experiment, we analyze the performance of our method
in the presence of tampered images which have multiple copies
of the same region. This test has been performed on ten photos
of 2048 1536 pixels. In these pictures, one or more image
areas are copied and pasted in several different positions over
the image, taking into account the context in order to hide, at
first glance, the forgery.
In this scenario, as we have previously highlighted in
Subsection III-A, the standard 2NN matching procedure is a
critical point for copy–move forgery detection methods based
on SIFT features [31], [32]. In fact, comparing the standard
SIFT matching technique with our 2NN strategy, we see that
our method increases (on average) by 195% the number of the
extracted matches. A high number of matches is fundamental in
order to have sufficient information for a correct estimation of
the geometric transformation, but it can introduce false alarms.
To this end, we tested our matching strategy on the MICC-F220
dataset in order to evaluate how these new matches influence
the results. We found that we lose on average 3% in terms of
FPR with the same results in terms of TPR.
Fig. 5 shows a qualitative comparison between the two tech-
niques. It is interesting to note that the number of the matched
keypoints between the gun and , obtained by the standard
2NN technique, are very few (2 matches) with respect to 2NN
(54 matches). In this case, the technique, based on standard
1106 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
TABLE VI
TRANSFORMATION PARAMETER ESTIMATION ON IMAGE CARS. THE VALUES
Fig. 4. Some examples of tampered images are pictured in the first row; the corresponding detection results are reported in the second row.
TABLE VII
TPR, FPR VALUES (%) AND PROCESSING TIME (AVERAGE, PER IMAGE)
FOR EACH METHOD
Fig. 5. Matched keypoints computed by the 2NN standard SIFT matching tech-
nique (left) and our 2NN strategy (right).
matching, fails to detect the relationship between the two guns.
Finally, Fig. 6 shows some examples of multiple cloning ob-
tained with the 2NN test. Detection results are reported by
highlighting matched keypoints and clusters.
C. Test on a Large Dataset
In this section, experimental results obtained on a larger
dataset, named MICC-F2000, to verify the behavior of the
proposed technique are presented; detection performances and
geometric transformation parameters estimation are investi-
gated as well. Furthermore, tests to check the robustness of the
AND ARE EXPRESSED IN PIXELS WHILE IS IN DEGREES
method against usual operations such as JPEG compression or
noise addition, an image can undergo, have been carried out;
such kinds of processing have been considered as applied both
to the whole forged image and only to the altered image patch.
First of all, we set up again an experiment to determine the
best threshold , according to the three linkage methods, as
done in Section IV-A for the MICC-F220; this has been made to
further check if the established thresholds were correct. To do
this, a four-fold cross-validation process has been carried out.
Results are listed in Table VIII. It can be observed that a sim-
ilar behavior to that obtained with MICC-F220 is obtained and,
above all, that the values chosen in Subsection IV-A for (1.6
for Single, 1.8 for Centroid, and 2.2 for Ward’s) still yield higher
performance in terms of TPR and FPR. After this, the test phase
is launched by setting such values for . In Table IX, the de-
tection rates are reported demonstrating both the effectiveness
of the proposed method which achieves a TPR of around 93%
for all three metrics, and its robustness obtaining again perfor-
mances very consistent with those in Table VIII for these fixed
thresholds.
Going into detail, in Fig. 7, the number of errors for each
attack is listed with regard to tampered images not detected as
such. The most critical attacks seem to be the (
and ) and the ( and ) which
increase twice the patch dimension and apply a 40 rotation
combined with a consistent variation in scale. The histogram
in Fig. 7 shows that these two kinds of attacks generate around
30% of the total errors.
In Table X, we report the errors in estimated geometric trans-
formation parameters averaged over all 500 test images. The
MAE still remains small although the transformations applied
AMERINI et al.: SIFT-BASED FORENSIC METHOD FOR COPY–MOVE ATTACK DETECTION AND TRANSFORMATION RECOVERY 1107

Fig. 6. Examples of tampered images with multiple cloning are shown in the first row, while the detection results are reported in the second row.

Fig. 7. Error analysis of tampered images misdetection for each different attack (in percentage).

TABLE VIII TABLE X

TRAINING PHASE ON MICC-F2000 DATASET: TPR AND FPR VALUES FOR TRANSFORMATION PARAMETER ESTIMATION ERRORS. THE VALUES AND
EACH METRIC WITH RESPECT TO ARE EXPRESSED IN PIXELS, WHILE IS IN DEGREES

pact of JPEG compression and noise addition on all the 2000

TABLE IX
TEST PHASE ON MICC-F2000 DATASET: DETECTION RESULTS IN TERMS
OF FPR AND TPR OBTAINED WITH , , AND
FOR THE THREE LINKAGE METHODS, RESPECTIVELY
to the images for the MICC-F2000 dataset are more challenging
with respect to those in the MICC-F220 dataset.
1) JPEG Compression and Noise Addition: The proposed
methodology has also been tested in terms of detection perfor-
mance from a robustness point of view; in particular, the im-
images of the MICC-F2000 dataset has been investigated. In
the first experiment all the images which were originally in the
JPEG format (quality factor of 100), have been compressed in
JPEG format with a decreasing quality factor of 75, 50, 40, and
20. Table XI (left) shows the FPR and TPR (Ward’s linkage
method with ) for all the diverse JPEG quality fac-
tors; it can be seen that FPR is practically stable while the TPR
tends to slightly diminish when image quality decreases. In the
second experiment, in the same way as before, the images of
MICC-F2000 dataset are distorted by adding a Gaussian noise
to obtain a decreasing signal-to-noise ratio (SNR) of 50, 40, 30,
and 20 dB. Noisy images are obtained by adding white Gaussian
noise to the image with a JPEG quality factor of 100. In Table XI
(right), obtained results are shown and it can be noticed that the
TPR is over 90% until an SNR of 30 dB while FPR is again
quite stable, though it seems to even improve.
2) JPEG Compression, Noise Addition, and Gamma Correc-
tion on Copied Patch: Duplicated patches are often modified
by applying further processing such as brightness/contrast ad-
justment, gamma correction, noise addition, and so on, in order
1108 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
TABLE XI
DETECTION PERFORMANCES AGAINST JPEG COMPRESSION (LEFT) AND NOISE
ADDITION (RIGHT)
TABLE XII
DETECTION PERFORMANCE AGAINST GAMMA CORRECTION, JPEG
COMPRESSION, AND NOISE ADDITION APPLIED TO THE DUPLICATED
AND GEOMETRICALLY TRANSFORMED PATCH
to adjust the patch with respect to the image area where it has to
be located. To explore this scenario, the following experiment
has been performed. Starting from ten original images, a block
is randomly (as explained before) selected for each of them and
four geometric transformations ( , , , and from Table II)
are applied to every one of these patches. Furthermore, before
pasting them, four different gamma corrections with values [2.2,
1.4, 0.7, 0.45] are applied to each block. Finally, 160 tampered
images are obtained. In the same way, the final stage of gamma
correction is first substituted by JPEG compression with dif-
ferent quality factors [75, 50, 40, 20] and second by Gaussian
noise addition with SNR (dB) equal to 50, 40, 30, 20. For every
case, 160 fake images have been created. So for each of the three
situations (gamma correction, JPEG compression, and noise ad-
dition), a dataset composed by 160 fake images and by 350 orig-
inal ones randomly taken from the MICC-F2000 database is
built. In Table XII, performance in terms of TPR and FPR is
reported.
These experiments show that the proposed method maintains
its level of accuracy though diverse kinds of postprocessing are
applied to the duplicated patch in addition to a geometric trans-
formation, to adapt it to the image context where it is pasted.
D. Image Splicing
Though the proposed technique has been presented to op-
erate in a copy–move attack scenario, it can also be utilized in a
context where a splicing operation has occurred. With the term
splicing attack we mean that a part of an image is grabbed and,
possibly after having been adapted (geometrically transformed
and/or enhanced), and pasted onto another one to build a new,
fake, image. In most cases, only the final fake photo is avail-
able to the forensic analyst for inspection, the source image is
often undeterminable; because of this, the SIFT matching pro-
cedure, which is the core of the proposed method cannot take
place and would seem that there is no room for it in such a cir-
cumstance. This is not always true in practice. In fact, often, the
analyst is required to give an assessment of a dataset of images,
for example, belonging to a specific person under judgement, or
that have been found on a hard disk or a pen drive, and so on. In
this operative scenario, it can happen that the source image used
TABLE XIII
DETECTION PERFORMANCES AGAINST SPLICING ATTACK
(IN PERCENTAGE)
to create fraudulent content belongs to the image collection at
disposal. It is easy to understand that the proposed method can
be adopted again to determine both if within the to-be-checked
collection there is a false image containing an “external” patch
and, above all, where it comes from. It is interesting to highlight
that succeeding in detecting such links could help investigation
activities. To show that the proposed technique can be used in
such a scenario the following experimental test has been set up.
A subset of 100 images (96 original and 4 tampered with)
taken from a private collection with size of 800 600 pixels has
been selected. In particular, the 4 fake images have been created
by pasting a patch that was cut from another image belonging to
the other original 96. The proposed technique has been launched
to analyze all the possible pairs of photos
in the dataset looking for duplicated
areas. To allow to the presented algorithm to perform as is, the
pair of images to be checked are considered as a single image
with a double number of columns (size equal to );
due to this, the detection threshold has been increased up
to 3.4 (it was 2.2 in the previous experiments of this section) for
Ward’s linkage method which was chosen for this experiment.
In Table XIII, performances in terms of FPR and TPR are re-
ported.
The method is able to correctly reveal all four fake pairs, de-
termining a link between the possible original image and the
forged one, though it cannot distinguish the source from the
destination if other tools are not adopted. The procedure also
detects two other innocent pairs of images causing false alarms.
In Fig. 8, the four cases of splicing attack detection are pictured,
while in Fig. 9, one of the false alarms is illustrated. In this last
case, we see immediately that the error is caused by the presence
of the same objects (the posters over the wall of the wooden box)
in both the photos taken in the same real context. However, this
could be an actual situation that happens in practical scenarios
(e.g., establishing possible relations among photos acquired in
similar environments).
V. CONCLUSION
A novel methodology to support image forensics investiga-
tion based on SIFT features has been proposed. Given a sus-
pected photo, it can reliably detect if a certain region has been
duplicated and, furthermore, determine the geometric transfor-
mation applied to perform such tampering. The presented tech-
nique shows effectiveness with respect to diverse operative sce-
narios such as composite processing and multiple cloning. Fu-
ture work will be mainly dedicated to investigating how to im-
prove the detection phase with respect to the cloned image patch
with highly uniform texture where salient keypoints are not re-
covered by SIFT-like techniques. In particular, integration with
other forensics techniques applied locally onto flat zones is en-
visaged. Furthermore, the clustering phase will be extended by
means of an image segmentation procedure.
AMERINI et al.: SIFT-BASED FORENSIC METHOD FOR COPY–MOVE ATTACK DETECTION AND TRANSFORMATION RECOVERY
Fig. 8. Examples of correct detection of a splicing attack.
Fig. 9. Example of wrong detection of a splicing attack.
ACKNOWLEDGMENT
The authors would like to thank L. Del Tongo for his support
in the preparation of the experiments.
REFERENCES
[1] S. Lyu and H. Farid, “How realistic is photorealistic?,” IEEE Trans.
Signal Process., vol. 53, no. 2, pt. 2, pp. 845–850, Feb. 2005.
[2] H. Farid, “Photo fakery and forensics,” Adv. Comput., vol. 77, pp. 1–55,
2009.
[3] J. A. Redi, W. Taktak, and J.-L. Dugelay, “Digital image forensics: A
booklet for beginners,” Multimedia Tools Applicat., vol. 51, no. 1, pp.
133–162, 2011.
[4] I. J. Cox, M. L. Miller, and J. A. Bloom, Digital Watermarking. San
Francisco, CA: Morgan Kaufmann, 2002.
[5] M. Barni and F. Bartolini, Watermarking Systems Engineering: En-
abling Digital Assets Security and Other Applications. New York:
Marcel Dekker, 2004.
[6] H. Farid, “A survey of image forgery detection,” IEEE Signal Process.
Mag., vol. 2, no. 26, pp. 16–25, 2009.
[7] A. Popescu and H. Farid, “Statistical tools for digital forensics,” in
Proc. Int. Workshop Information Hiding, Toronto, Canada, 2005.
[8] A. Swaminathan, M. Wu, and K. Liu, “Digital image forensics via in-
trinsic fingerprints,” IEEE Trans. Inf. Forensics Security, vol. 3, no. 1,
pp. 101–117, Mar. 2008.
[9] M. Chen, J. Fridrich, M. Goljan, and J. Lukas, “Determining image
origin and integrity using sensor noise,” IEEE Trans. Inf. Forensics
Security, vol. 3, no. 1, pp. 74–90, Mar. 2008.
[10] N. Khanna, G. T.-C. Chiu, J. P. Allebach, and E. J. Delp, “Forensic
techniques for classifying scanner, computer generated and digital
camera images,” in Proc. IEEE ICASSP, Las Vegas, NV, 2008.
[11] R. Caldelli, I. Amerini, and F. Picchioni, “A DFT-based analysis to
discern between camera and scanned images,” Int. J. Digital Crime
Forensics, vol. 2, no. 1, pp. 21–29, 2010.
[12] I. Amerini, L. Ballan, R. Caldelli, A. Del Bimbo, and G. Serra, “Geo-
metric tampering estimation by means of a SIFT-based forensic anal-
ysis,” in Proc. IEEE ICASSP, Dallas, TX, 2010.
1109
[13] D. G. Lowe, “Distinctive image features from scale-invariant key-
points,” Int. J. Comput. Vision, vol. 60, no. 2, pp. 91–110, 2004.
[14] S. Bayram, I. Avcibas, B. Sankur, and N. Memon, “Image manipula-
tion detection with binary similarity measures,” in Proc. EUSIPCO,
Antalya, Turkey, 2005.
[15] H. Farid and S. Lyu, “Higher-order wavelet statistics and their applica-
tion to digital forensics,” in Proc. IEEE CVPR Workshop on Statistical
Analysis in Computer Vision, Madison, WI, 2003.
[16] J. Fridrich, D. Soukal, and J. Lukás, “Detection of copy-move forgery
in digital images,” in Proc. DFRWS, Cleveland, OH, 2003.
[17] W. Luo, J. Huang, and G. Qiu, “Robust detection of region-duplication
forgery in digital image,” in Proc. ICPR, Washington, DC, 2006.
[18] G. Li, Q. Wu, D. Tu, and S. J. Sun, “A sorted neighborhood approach
for detecting duplicated regions in image forgeries based on DWT and
SVD,” in Proc. IEEE ICME, Beijing, China, 2007.
[19] B. Mahdian and S. Saic, “Detection of copy-move forgery using a
method based on blur moment invariants,” Forensic Sci. Int., vol. 171,
no. 2–3, pp. 180–189, 2007.
[20] B. Dybala, B. Jennings, and D. Letscher, “Detecting filtered cloning in
digital images,” in Proc. ACM Int. Workshop on Multimedia & Security
(MM&Sec), New York, 2007.
[21] A. Popescu and H. Farid, Exposing Digital Forgeries by Detecting Du-
plicated Image Regions Computer Science Dept., Dartmouth College,
Hanover, NH, Tech. Rep. TR2004-515, 2004.
[22] S. Bayram, H. T. Sencar, and N. Memon, “An efficient and robust
method for detecting copy-move forgery,” in Proc. IEEE ICASSP,
Washington, DC, 2009.
[23] A. C. Popescu and H. Farid, “Exposing digital forgeries by detecting
traces of resampling,” IEEE Trans. Signal Process., vol. 53, no. 2, pt.
2, pp. 758–767, Feb. 2005.
[24] S. Bayram, H. T. Sencar, and N. Memon, “A survey of copy-move
forgery detection techniques,” in Proc. IEEE Western New York Image
Processing Workshop, Rochester, NY, 2008.
[25] S.-J. Ryu, M.-J. Lee, and H.-K. Lee, “Detection of copy-rotate-move
forgery using zernike moments,” in Proc. Int. Workshop on Information
Hiding, Calgary, Canada, 2010.
[26] H.-J. Lin, C.-W. Wang, and Y.-T. Kao, “Fast copy-move forgery detec-
tion,” WSEAS Trans. Signal Process., vol. 5, no. 5, pp. 188–197, 2009.
[27] S. Bravo-Solorio and A. K. Nandi, “Passive method for detecting du-
plicated regions affected by reflection, rotation and scaling,” in Proc.
EUSIPCO, Glasgow, Scotland, 2009.
[28] V. Christlein, C. Riess, and E. Angelopoulou, “A study on features for
the detection of copy-move forgeries,” in Proc. Information Security
Solutions Europe, Berlin, Germany, 2010.
[29] X. Shuai, C. Zhang, and P. Hao, “Fingerprint indexing based on com-
posite set of reduced SIFT features,” in Proc. ICPR, Tampa, FL, 2008.
[30] H. Su, A. Bouridane, and M. Gueham, “Local image features for
shoeprint image retrieval,” in Proc. BMVC, Warwick, UK, 2007.
[31] H. Huang, W. Guo, and Y. Zhang, “Detection of copy-move forgery
in digital images using SIFT algorithm,” in Proc. IEEE Pacific-Asia
Workshop on Computational Intell. and Industrial Application, Wuhan,
China, 2008.
[32] X. Pan and S. Lyu, “Detecting image region duplication using SIFT
features,” in Proc. IEEE ICASSP, Dallas, TX, 2010.
1110 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
[33] K. Mikolajczyk and C. Schmid, “A performance evaluation of local
descriptors,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 27, no. 10,
pp. 1615–1630, Oct. 2005.
[34] K. Mikolajczyk, T. Tuytelaars, C. Schmid, A. Zisserman, J. Matas, F.
Schaffalitzky, T. Kadir, and L. Van Gool, “A comparison of affine re-
gion detectors,” Int. J. Comput. Vision, vol. 65, no. 1/2, pp. 43–72,
2005.
[35] W. Wei, S. Wang, X. Zhang, and Z. Tang, “Estimation of image rotation
angle using interpolation-related spectral signatures with application to
blind detection of image forgery,” IEEE Trans. Inf. Forensics Security,
vol. 5, no. 3, pp. 507–517, Sep. 2010.
[36] W. Lu, A. L. Varna, and M. Wu, “Forensic hash for multimedia infor-
mation,” in Proc. SPIE Media Forensics and Security, San Jose, CA,
2010.
[37] T. Hastie, R. Tibshirani, and J. H. Friedman, The Elements of Statistical
Learning. New York: Springer, 2003.
[38] R. I. Hartley and A. Zisserman, Multiple View Geometry in Computer
Vision. Cambridge, U.K.: Cambridge Univ. Press, 2004.
[39] M. Fischler and R. Bolles, “Random sample consensus: A paradigm
for model fitting with applications to image analysis and automated
cartography,” Commun. ACM, vol. 24, no. 6, pp. 381–395, 1981.
[40] T.-T. Ng, S.-F. Chang, J. Hsu, and M. Pepeljugoski, Columbia Pho-
tographic Images and Photorealistic Computer Graphics Dataset AD-
VENT, Columbia Univ., New York, Tech. Rep., 2004.
Irene Amerini received the Laurea degree in com-
puter engineering in 2006 and the Ph.D. degree in
computer engineering, multimedia, and telecommu-
nication in 2011, both from the University of Flo-
rence, Italy.
She was a visiting scholar at Binghamton Uni-
versity, Binghamton, NY, in 2010. Currently she
is a postdoctoral researcher at the Image and
Communication Laboratory, Media Integration and
Communication Center, University of Florence,
Florence, Italy. Her main research interests focus on
multimedia forensics and image processing.
Lamberto Ballan (S’08) received the Laurea degree
in computer engineering in 2006 and the Ph.D. degree
in computer engineering, multimedia, and telecom-
munication in 2011, both from the University of Flo-
rence, Italy.
He was a visiting scholar at Télécom ParisTech/
ENST, Paris, in 2010. Currently he is a postdoctoral
researcher at the Media Integration and Communica-
tion Center, University of Florence, Florence, Italy.
His main research interests focus on multimedia in-
formation retrieval, image and video analysis, pattern
recognition, and computer vision.
Roberto Caldelli (M’10) received the Laurea degree
in electronic engineering in 1997 and the Ph.D. de-
gree in computer science and telecommunication in
2001, both from the University of Florence, Florence,
Italy.
Currently he is an assistant professor at the Media
Integration and Communication Center of the Uni-
versity of Florence. He is also a member of CNIT. His
main research activities, witnessed by several publi-
cations, include digital image processing, image and
video digital watermarking, and multimedia foren-
sics.
Alberto Del Bimbo (M’90) is a full professor of
computer engineering at the University of Florence,
Florence, Italy, where he is also the director of the
Master in Multimedia, and the director of the Media
Integration and Communication Center. His research
interests include pattern recognition, multimedia
information retrieval, and human–computer interac-
tion. He has published more than 250 publications
in some of the most distinguished scientific journals
and international conferences, and is the author of
the monograph Visual Information Retrieval.
Dr. Del Bimbo is an IAPR fellow and Associate Editor of Multimedia
Tools and Applications, Pattern Analysis and Applications, Journal of Visual
Languages and Computing, and the International Journal of Image and
Video Processing, and was an Associate Editor of Pattern Recognition, IEEE
TRANSACTIONS ON MULTIMEDIA, and IEEE TRANSACTIONS ON PATTERN
ANALYSIS AND MACHINE INTELLIGENCE.
Giuseppe Serra received the Laurea degree in com-
puter engineering in 2006, and the Ph.D. degree in
computer engineering, multimedia, and telecommu-
nication in 2010, both from the University of Flo-
rence, Florence, Italy.
He is a postdoctoral researcher at the Media
Integration and Communication Center, University
of Florence. He was a visiting scholar at Carnegie
Mellon University, Pittsburgh, PA, and at Télécom
ParisTech/ENST, Paris, in 2006 and 2010, respec-
tively. His research interests include image and
video analysis, multimedia ontologies, image forensics, and multiple-view
geometry.