CN114419633B

CN114419633B - Detection method and system for certificate document image falsification

Info

Publication number: CN114419633B
Application number: CN202111650672.3A
Authority: CN
Inventors: 晏榕; 张光斌; 赵建强; 尤俊生; 杜新胜; 张辉极
Original assignee: Xiamen Meiya Pico Information Co Ltd
Current assignee: Xiamen Meiya Pico Information Co Ltd
Priority date: 2021-12-30
Filing date: 2021-12-30
Publication date: 2024-12-17
Anticipated expiration: 2041-12-30
Also published as: CN114419633A

Abstract

A detection method and system for falsification of document images of credentials are disclosed, which comprises the steps of performing first falsification and post-processing on original images, performing second falsification and post-processing on the basis of the first falsification and post-processing to obtain falsified images, comparing differences of gray level images of the original images and the falsified images respectively by utilizing a structure similarity algorithm from brightness, contrast and structure to obtain falsified region mask images, inputting the falsified images and falsified region mask images into a network based on ScSE U-Net and a twin network to train to obtain detection models, and reasoning the images to be detected by utilizing the detection models to obtain predicted mask images. The invention can effectively improve the image falsification detection and positioning capability of certificate documents.

Description

Detection method and system for certificate document image falsification

Technical Field

The invention relates to the technical field of data processing, in particular to a detection method and a detection system for falsification of certificate document images.

Background

The image PS falsification basic operations can be divided into four types, i.e., copy-move, different-image stitching (splicing), removing pixels and filling with other pixels (removed), generating characters (generated), and edge feathering, painting, color change, etc., are performed with tools in these operations to generate a falsified image of high quality. The difficulty of certificate text type tamper detection is that counterfeiters often also perform processes such as median filtering (MEDIAN FITERING), gaussian blurring (Gaussian Blurrin), resampling (REAAMPLING) and the like on the image, and perform secondary tamper after the primary tamper, so that the purpose that human eyes and even some tamper detection models are difficult to recognize is achieved.

The PS tampering identification and positioning method is mainly divided into a traditional identification method and a method based on deep learning. The conventional authentication algorithm is an algorithm for extracting features according to the statistical characteristics of an image, for example, a DCT (discrete cosine transform) -based falsification detection algorithm, a SIFT (scale-invariant feature transform) detection algorithm, a resampling trace detection algorithm and the like, and the authentication algorithm based on deep learning is divided into an algorithm based on target detection, for example, a double-flow master-rcnn algorithm and the like, and an algorithm based on semantic segmentation, for example, an authentication algorithm based on Unet and the like.

In all PS tampering identification positioning algorithms, the traditional identification algorithm is based on statistical characteristics for detection and positioning, has longer development time, plays a certain detection effect, but has limitations, such as DCT algorithm, SIFT algorithm and the like, only can detect the copy of the same image, CFA algorithm, resampling algorithm and the like, can detect the images spliced by different images, but has poor tampering detection effect on low-quality images, the development of the traditional algorithm is limited due to the defects of low robustness and generalization, the detection positioning method based on deep learning is further divided into an algorithm based on target detection and an algorithm based on semantic segmentation, aiming at the characteristics of more report text-like image characters and no multiple complete independent image main bodies, the problems need to be distinguished to each pixel point in the image, namely whether each pixel belongs to a tampered area or not is judged, and therefore the algorithm for example segmentation is more applicable than the algorithm for target detection.

Disclosure of Invention

In order to solve the technical problems of weak identification capability, insufficient detection and positioning and the like of certificate text images in the prior art, the invention provides a detection method and a detection system for falsification of certificate document images, and aims to solve the technical problems.

According to one aspect of the present invention, there is provided a detection method for falsification of a document class image of a certificate, comprising:

s1, performing first tampering and post-processing on an original image, and performing second tampering and post-processing on the basis of the first tampering and post-processing to obtain a tampered image;

s2, respectively comparing the difference of gray level images of the original image and the tampered image from brightness, contrast and structure by utilizing a structure similarity algorithm to obtain a fake region mask image;

s3, inputting the tampered image and the fake region mask image into a network based on ScSE U-Net and training the network to obtain a detection model, and

And S4, reasoning the image to be detected by using the detection model to obtain a predicted mask image.

In some specific embodiments, the tampering in step S1 includes homographic copying, heterographic stitching, pixel removal, other pixel padding, and character generation, and the post-processing includes adding gaussian blur, JPEG compression, and adding noise.

In some specific embodiments, in the step S2, the non-difference position pixels in the forged region mask chart are black, and the difference position pixels are white.

In some specific embodiments, the structural similarity algorithm in step S2 characterizes similarity by the following formula:

where u _X、u_Y distribution represents the mean of images X and Y, σ _X、σ_Y represents the standard deviation of images X and Y, σ _XY represents the covariance of images X and Y, C ₁、C₂、C₃ is a constant, and the structural similarity algorithm SSIM index is SSIM (X, Y) =l (X, Y) ×c (X, Y) ×s (X, Y).

In some specific embodiments, training based on ScSE U-Net network and twinning network in step S3 specifically includes:

The method comprises the steps of instantiating two coding blocks which have the same parameters and are not shared in a network input part based on a twin network, respectively coding a primary tampered image and a secondary tampered image, adding feature images, outputting the feature images through decoding blocks, and connecting each decoding block with a scSE module, wherein the coding blocks, the decoding blocks and a bottleneck layer are of a network structure based on U-net. Based on the scheme, the robustness of the model can be enhanced, and the recognition capability is enhanced.

In some specific embodiments, the encoding Block employs a SE-Resnet feature extraction network with SE Block added to Resnet. By virtue of this arrangement, the characteristics of the important channels can be enhanced.

In some specific embodiments, features are spliced according to channel dimensions in the up-sampling process, and scSE modules are added in the up-sampling process to obtain feature mappingWherein, cSE module obtains the index of measuring the importance of the channel through compressing the space information, sSE module obtains the index of measuring the importance of the space position through compressing the channel information.

According to a second aspect of the present invention, a computer-readable storage medium is presented, on which one or more computer programs are stored which, when executed by a computer processor, implement the method of any of the above.

According to a third aspect of the present invention, there is provided a detection system for falsification of images of the document class, the system comprising:

The image processing unit is configured to perform first tampering and post-processing on the original image, and perform second tampering and post-processing on the basis of the first tampering and post-processing to obtain a tampered image, wherein tampering comprises same-image copying, different-image splicing, pixel removal, other pixel filling and character generation, and post-processing comprises Gaussian blur addition, JPEG compression and noise addition;

a difference comparing unit configured to compare differences of gray level images of the original image and the tampered image from brightness, contrast and structure respectively by using a structure similarity algorithm, and obtain a forged region mask image, wherein pixels without difference positions in the forged region mask image are black, and pixels with difference positions are white;

the training model acquisition unit is configured to input the tampered image and the fake region mask map into a network based on ScSE U-Net and train the network to acquire a detection model;

and the detection unit is configured to use the detection model to infer the image to be detected so as to obtain a predicted mask image.

In some specific embodiments, the structural similarity algorithm characterizes similarity by the following formula:

In some specific embodiments, training based on ScSE U-Net network and twin network specifically comprises instantiating two coding blocks with same parameters and not shared by two structures in a network input part based on twin network, respectively coding a primary tampered image and a secondary tampered image, adding feature images, outputting the feature images through decoding blocks, and connecting each decoding block with scSE module, wherein the coding blocks, the decoding blocks and the bottleneck layer are of a network structure based on U-Net. Based on the scheme, the robustness of the model can be enhanced, and the recognition capability is enhanced.

The invention provides a detection method and a detection system for certificate document image falsification. The method notices the defects of the conventional algorithm and the existing deep learning algorithm in the PS falsified image detection and positioning technology, scSE block is added in the Network to enhance the image recognition capability of the Network, two twin networks (Siamese networks) with identical parameters and not shared by the Network structure are instantiated in the Network input part to respectively encode the once falsified and twice falsified images, the image falsified detection and positioning capability of certificate documents is effectively improved, se-Resnet is selected as a feature extraction Network, and the features of important channels are enhanced. The method solves the problems that the post-processing is serious, the forged images of the certificate documents with primary falsification and secondary falsification are difficult to detect and locate, and provides a new way and method for the forged identification of the images of the certificate documents such as various certificates, various reports, publications, various certificates, receipt for a loan receipts and the like.

Drawings

The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the application. Many of the intended advantages of other embodiments and embodiments will be readily appreciated as they become better understood by reference to the following detailed description. Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:

FIG. 1 is a flow chart of a method for detecting tampering of a document class image of a document, in accordance with one embodiment of the application;

FIG. 2 is a training network architecture diagram of a particular embodiment of the present application;

FIG. 3 is a network structure diagram of Se-Resnet50 of one embodiment of the present application;

FIG. 4 is a block diagram of a scSE module according to one embodiment of the present application;

FIG. 5 is a block diagram of a detection system for document class image tampering of a credential according to one embodiment of the application;

Fig. 6 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the application.

Detailed Description

The application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be noted that, for convenience of description, only the portions related to the present application are shown in the drawings.

It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.

Fig. 1 shows a flowchart of a detection method for falsification of a document class image according to an embodiment of the present application. As shown in fig. 1, the method includes:

s101, performing first tampering and post-processing on the original image, and performing second tampering and post-processing on the basis of the first tampering and post-processing to obtain a tampered image.

In a specific embodiment, data comprising various certificates, various reports, document books, receipt for a loan receipts, various licenses and the like are subjected to primary tampering and post-processing by PS, and secondary tampering and post-processing are performed on the basis of the primary tampering. Tampering is performed by copy-move, different-graph stitching (splicing), pixel removal and other pixel filling (remove), character generation (generated) so that naked eyes cannot recognize, and post-processing is performed by Gaussian blur, JPEG compression, noise addition and the like.

S102, respectively comparing the difference of gray level images of the original image and the tampered image from brightness, contrast and structure by utilizing a structure similarity algorithm to obtain a fake region mask image.

In a specific embodiment, SSIM (structural similarity) algorithm is adopted to compare the difference of the gray level image of the real image and the gray level image of the falsified image from the three aspects of brightness, contrast and structure, so as to obtain a difference binary image or a falsified area mask mak image, namely, the pixel points at the non-difference positions are black, the pixel points at the difference positions are white, and the difference part is the falsified part. The SSIM algorithm characterizes similarity by the following formula:

Where the u _X、u_Y distribution represents the mean of images X and Y, σ _X、σ_Y represents the standard deviation of images X and Y, respectively, and σ _XY represents the covariance of images X and Y. C ₁、C₂、C₃ is a constant to avoid a denominator of 0. The final SSIM index is SSIM (X, Y) =l (X, Y) C (X, Y) S (X, Y).

And S103, inputting the tampered image and the fake region mask map, and training based on ScSE U-Net network and twin network to obtain a detection model.

In a specific embodiment, as shown in fig. 2, the training network is based on the idea of a twin network, two coding blocks (Encoder block) with identical structures and unshared parameters are instantiated in the network input part, and the primary tampered image and the secondary tampered image are respectively coded to enhance the robustness of the model, learn more characteristics, add the characteristic diagrams, and finally output through decoding blocks (Decoder blocks), wherein each decoding block is connected with scSE Block in sequence to enhance the recognition capability. The dashed lines represent copying and shearing operations performed on the extracted features, where the features are stitched together in the channel dimension during upsampling to exploit shallow features. The Encoder Blocks coding Blocks, decoder Blocks decoding Blocks, and Bottleneck Blocks bottleneck layer in the network are based on the U-net network architecture.

In a specific embodiment, the extracted feature part Encoder Blocks selects Se-Resnet50, the feature extraction network is added with SE Block on the basis of Resnet, the feature of the important channel is enhanced by the module, and the structure of Se-Resnet is shown in figure 3.

In a specific embodiment, scSE modules are added during upsampling to enhance model recognition capability, a block diagram of scSE Block is shown in FIG. 4, in whichThe sign activation function is represented by a convolution kernel of size m×n and the number of output channels p. Feature mapping based on this structure The cSE module obtains an index for measuring the importance of the channel by compressing the space information, and the sSE module obtains an index for measuring the importance of the space position by compressing the channel information.

In a specific embodiment, in the cSE module, the input feature map is u= [ U ₁,u₂,...,u_c ], where each channel U _i,u_i∈R^H*W, U passes through the global pooling layer to obtain a vector z, z e R ^1*1*C, and the value of each position k is: Vector z passes through the full-connection layer twice, W ₁,W₂ is the weight of the full-connection layer respectively, and the process is as follows: After the ReLU activation function, the whole process can be expressed by the following formula: The information represented is the importance level of the i-th channel u _i.

In a specific embodiment, in sSE, for the input feature map u= [ U ^1,1,u^1,2,...u^i,j,...,u^H ^,W ], H, W are the dimensions of the feature map, respectively, (i, j) is the spatial position of the feature map, compression on the channel is achieved by convolution of 1×1 and output channel 1, W _sq∈R^1*1*C*1 operates as follows: q=w _sq ×u, where output is q, q is the feature map of channel 1, and then the whole process is operated as follows by Sigmoid activation function: Where σ (q _i,j) represents the degree of importance of the spatial position (i, j) in the feature map.

S104, reasoning the image to be detected by using the detection model to obtain a predicted mask image.

According to the method, the binary images of the difference value graph of the original image and the tampered image are used as labels, scSE block is added on the basis of a U-net Network to enhance the image recognition capability of the Network, the characteristic Network selects Se-Resnet50, two twin networks (Siamese Network) with identical parameters of the Network structure and which are not shared are respectively encoded in the Network input part to tamper and tamper images for the first time, and therefore the image tamper detection and positioning capability of certificate documents can be effectively improved. The method solves the problems that the post-processing is serious, the forged images of the certificate documents with primary falsification and secondary falsification are difficult to detect and locate, and provides a new way and method for the forged identification of the images of the certificate documents such as various certificates, various reports, publications, various certificates, receipt for a loan receipts and the like.

With continued reference to FIG. 5, FIG. 5 illustrates a block diagram of a detection system for document class image tampering in accordance with an embodiment of the invention. The system specifically comprises an image processing unit 501, a difference comparing unit 502, a training model obtaining unit 503 and a detecting unit 504, wherein the image processing unit 501 is configured to perform first tampering and post-processing on an original image, second tampering and post-processing are performed on the basis of the first tampering and post-processing to obtain a tampered image, tampering comprises same-image copying, different-image stitching, pixel removal, other pixel filling and character generation, post-processing comprises adding Gaussian blur, JPEG compression and noise, the difference comparing unit 502 is configured to compare differences of gray images of the original image and the tampered image respectively from brightness, contrast and structure by utilizing a structure similarity algorithm to obtain a fake area mask image, pixels at non-difference positions in the fake area mask image are black, pixels at difference positions in the fake area mask image are white, the training model obtaining unit 503 is configured to perform training on the tampered image and the fake area mask image on the basis of a ScSE U-Net network and a twin network to obtain a detection model, and the detecting unit 504 is configured to infer the image to be detected by utilizing the detection model to obtain a predicted image.

Referring now to FIG. 6, there is illustrated a schematic diagram of a computer system 600 suitable for use in implementing an electronic device of an embodiment of the present application. The electronic device shown in fig. 6 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.

As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU) 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.

Connected to the I/O interface 605 are an input section 606 including a keyboard, a mouse, and the like, an output section 607 including a Liquid Crystal Display (LCD) and the like and a speaker and the like, a storage section 608 including a hard disk and the like, and a communication section 609 including a network interface card such as a LAN card, a modem, and the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.

In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the method of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 601. The computer readable storage medium of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The modules involved in the embodiments of the present application may be implemented in software or in hardware.

As another aspect, the present application also provides a computer-readable storage medium that may be included in the electronic device described in the above embodiment, or may exist alone without being incorporated into the electronic device. The computer readable storage medium carries one or more programs, which when executed by the electronic device, cause the electronic device to tamper and post-process an original image for the first time, tamper and post-process the original image for the second time on the basis of the first tamper and post-process to obtain a tampered image, compare differences of gray patterns of the original image and the tampered image from brightness, contrast and structure respectively by using a structural similarity algorithm to obtain a falsified region mask, input the tampered image and the falsified region mask to training based on ScSE U-Net network and twin network to obtain a detection model, and infer an image to be detected by using the detection model to obtain a predicted mask image.

The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the inventive concept described above. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.

Claims

1. A method for detecting tampering of a document-like image of a document, comprising:

s2, respectively comparing the difference of gray level images of the original image and the tampered image from brightness, contrast and structure by using a structure similarity algorithm to obtain a forged region mask image;

s3, inputting the tampered image and the fake region mask map into a network based on ScSE U-Net and training the network to obtain a detection model, and

S4, reasoning the image to be detected by using the detection model to obtain a predicted mask image;

The structural similarity algorithm in step S2 characterizes the similarity by the following formula:

Wherein u _X、u_Y distribution represents the mean value of images X and Y, σ _X、σ_Y represents the standard deviation of images X and Y, σ _XY represents the covariance of images X and Y, C ₁、C₂、C₃ is a constant, and the structural similarity algorithm SSIM index is SSIM (X, Y) =l (X, Y) ×c (X, Y) ×s (X, Y);

in the step S3, training based on ScSE U-Net network and twin network specifically comprises:

The method comprises the steps of instantiating two coding blocks which have the same parameters and are not shared in the network input part based on a twin network, and respectively coding a primary tampered image and a secondary tampered image;

The encoding Block adopts a Se-Resnet characteristic extraction network added with SE blocks on the basis of Resnet;

splicing the features according to the channel dimension in the up-sampling process, and adding the scSE module in the up-sampling process to obtain the feature mapping as Wherein, cSE module obtains the index of measuring the importance of the channel through compressing the space information, sSE module obtains the index of measuring the importance of the space position through compressing the channel information.

2. The method according to claim 1, wherein the falsification in step S1 includes copy of the same image, stitching of different images, pixel removal, filling of other pixels, and character generation, and the post-processing includes adding gaussian blur, JPEG compression, and adding noise.

3. The method according to claim 1, wherein the non-difference position pixels in the fake region mask map in the step S2 are black, and the difference position pixels are white.

4. A computer readable storage medium having stored thereon one or more computer programs, which when executed by a computer processor implement the method of any of claims 1 to 3.

5. A detection system for document-like image tampering, the system comprising:

An image processing unit configured to perform first tampering and post-processing on an original image, and perform second tampering and post-processing on the basis of the first tampering and post-processing to obtain a tampered image, wherein tampering includes homographic copying, heterographic stitching, pixel removal, other pixel filling and character generation, and post-processing includes adding gaussian blur, JPEG compression and noise;

A difference comparing unit configured to compare differences of gray level images of the original image and the tampered image from brightness, contrast and structure respectively by using a structure similarity algorithm, so as to obtain a forged region mask image, wherein pixels without difference positions in the forged region mask image are black, and pixels with difference positions are white;

The training model acquisition unit is configured to input the tampered image and the fake region mask map into a network based on ScSE U-Net and a twin network for training to obtain a detection model;

The detection unit is configured to infer an image to be detected by using the detection model to obtain a predicted mask image;

Structural similarity algorithms characterize similarity by the following formula:

The training based on ScSE U-Net network and twin network specifically comprises the steps of instantiating two coding blocks with same parameters and not shared in the network input part based on the twin network, respectively coding a primary tampered image and a secondary tampered image, adding feature images, outputting the feature images through decoding blocks, and connecting scSE modules behind each decoding block, wherein the coding blocks, the decoding blocks and the bottleneck layer are of a network structure based on U-Net;