Skip to content

Statistical methods for digital image forensics: Algorithm mismatch for blind spatial steganalysis and score-based likelihood ratios for camera device identification

Published: 2020
Primary Author: Stephanie Reinders
Research Area: Digital

Forensic science currently faces a variety of challenges. Statistically suitable reference databases need to be developed and maintained. Subjective methods that can introduce bias need to be replaced by objective methods. Highly technical forensic methods need to be clearly and accurately communicated to juries. Juries should also be given information about the strength of the forensic evidence.

Many traditional blind steganalysis frameworks require training examples from all potential steganographic embedding algorithms, but creating a representative stego image database becomes increasingly more difficult as the number and availability of embedding algorithm grows. We introduce a straight-forward, non-data-intensive framework for blind steganalysis that only requires examples of cover images and a single embedding algorithm for training. Our framework addresses the case of algorithm mismatch, where a classifier is trained on one algorithm and tested on another. Our experiments use RAW image data from the BOSSbase Database and six iPhone devices from the StegoAppDB project. We use four spatial embedding algorithms: LSB matching, MiPOD, S-UNIWARD, and WOW. We train Ensemble Classifiers with Spatial Rich Model features on a single embedding algorithm and tested on each of the four algorithms. Classifiers trained on the MiPOD, S-UNIWARD and WOW embedding algorithms achieve decent detection rates when testing on all four spatial embedding algorithms. Most notably, an Ensemble Classifier with an adjusted decision threshold trained on LSB matching data achieves decent detection rates on the three more advanced, content-adaptive algorithms: MiPOD, S-UNIWARD and WOW.

Score-based likelihood ratios (SLR) have been employed in various areas of forensics when likelihood ratios (LR) are unavailable. SLRs, like LRs, quantify the strength of evidence in support of two mutually exclusive but non-exhaustive hypotheses. LRs and SLRs have both been used for camera device identification, but the full framework for source-anchored, trace-anchored, and general match SLRs has not been investigated. In this work, we present a framework for all three types of SLRs for camera device identification. We use photo-response non-uniformity (PRNU) estimates as camera fingerprints and correlation distance as a similarity score. We calculate source-anchored, trace-anchored, and general match SLRs for 48 camera devices from four publicly available image databases: ALASKA, BOSSbase, Dresden, and StegoAppDB. Our experiments establish that all three types of SLRs are capable of distinguishing between devices of the same model and between devices from different models. The false positive and false negative rates for all three types of SLRs are low, and can be lowered further still by adding an inconclusive class.

Related Resources

Statistical Methods for the Forensic Analysis of User-Event Data

Statistical Methods for the Forensic Analysis of User-Event Data

A common question in forensic analysis is whether two observed data sets originate from the same source or from different sources. Statistical approaches to addressing this question have been widely…
Hunting wild stego images, a domain adaptation problem in digital image forensics

Hunting wild stego images, a domain adaptation problem in digital image forensics

Digital image forensics is a field encompassing camera identication, forgery detection and steganalysis. Statistical modeling and machine learning have been successfully applied in the academic community of this maturing field.…
Statistical Methods for the Forensic Analysis of Geolocated Event Data

Statistical Methods for the Forensic Analysis of Geolocated Event Data

A common question in forensic analysis is whether two observed data sets originated from the same source or from different sources. Statistical approaches to addressing this question have been widely…
CSAFE 2020 All Hands Meeting

CSAFE 2020 All Hands Meeting

The 2020 All Hands Meeting was held May 12 and 13, 2020 and served as the closing to the last 5 years of CSAFE research and focused on kicking off…
Do you have 44.03 seconds?

44.3 Seconds. That is the average amount of time it takes for a visitor to provide site feedback.
Test it yourself by taking the survey.


    A scientist/researcherA member of the forensic science communityA journalist/publicationA studentOther. Please indicate.


    Learn more about CSAFE overall.Discover research CSAFE is undertaking.Explore collaboration opportunities.Find tools and education opportunities.Other. Please indicate.


    YesNo