视频容易篡改攻击，从而改变含义并欺骗观众。以前的视频伪造检测方案找到了微小的线索来定位篡改区域。但是，攻击者可以通过使用视频压缩或模糊破坏此类线索来成功逃避监督。本文提出了一个视频水印网络，用于篡改本地化。我们共同训练一个基于3D-UNET的水印嵌入网络和一个预测篡改面罩的解码器。水印嵌入产生的扰动几乎是无法察觉的。考虑到没有现成的可区分的视频编解码器模拟器，我们建议通过结合其他典型攻击的模拟结果来模仿视频压缩，例如JPEG压缩和模糊，作为近似值。实验结果表明，我们的方法生成具有良好不可识别的水印视频，并且在攻击版本中可以稳健，准确地定位篡改区域。

图像裁剪是一种廉价而有效的恶意改变图像内容的操作。现有的裁剪检测机制分析了图像裁剪的基本痕迹，例如色差和渐晕，以发现种植攻击。但是，它们在常见的后处理攻击方面脆弱，通过删除此类提示，欺骗取证。此外，他们忽略了这样一个事实，即恢复裁剪的内容可以揭示出行为造成攻击的目的。本文提出了一种新型的强大水印方案，用于图像裁剪定位和恢复（CLR-NET）。我们首先通过引入不可察觉的扰动来保护原始图像。然后，模拟典型的图像后处理攻击以侵蚀受保护的图像。在收件人方面，我们预测裁剪面膜并恢复原始图像。我们提出了两个即插即用网络，以改善CLR-NET的现实鲁棒性，即细粒生成性JPEG模拟器（FG-JPEG）和Siamese图像预处理网络。据我们所知，我们是第一个解决图像裁剪本地化和整个图像从片段中恢复的综合挑战的人。实验表明，尽管存在各种类型的图像处理攻击，但CLR-NET可以准确地定位裁剪，并以高质量和忠诚度恢复裁剪区域的细节。

Deepfakes在良好的信仰应用中越来越受欢迎，例如在娱乐和恶意预期的操作，例如在图像和视频伪造中。主要是由后者的动机，最近已经提出了大量的浅频道探测器以识别此类内容。虽然这种探测器的性能仍然需要进一步的改进，但它们通常以简单的话进行评估，如果不是琐碎的情景。特别地，诸如转码，去噪，调整和增强的良性处理操作的影响是不充分研究。本文提出了一种更严格和系统的框架，以评估DeepFake探测器在更现实情况中的性能。它定量测量每个良性处理方法如何以及在艺术最先进的深蓝检测方法的情况下衡量如何和何种程度。通过在流行的DeepFake探测器中说明它，我们的基准测试提出了一种框架来评估探测器的稳健性，并提供有价值的洞察设计更高效的DeeFake探测器。

Video compression plays a crucial role in video streaming and classification systems by maximizing the end-user quality of experience (QoE) at a given bandwidth budget. In this paper, we conduct the first systematic study for adversarial attacks on deep learning-based video compression and downstream classification systems. Our attack framework, dubbed RoVISQ, manipulates the Rate-Distortion ($\textit{R}$-$\textit{D}$) relationship of a video compression model to achieve one or both of the following goals: (1) increasing the network bandwidth, (2) degrading the video quality for end-users. We further devise new objectives for targeted and untargeted attacks to a downstream video classification service. Finally, we design an input-invariant perturbation that universally disrupts video compression and classification systems in real time. Unlike previously proposed attacks on video classification, our adversarial perturbations are the first to withstand compression. We empirically show the resilience of RoVISQ attacks against various defenses, i.e., adversarial training, video denoising, and JPEG compression. Our extensive experimental results on various video datasets show RoVISQ attacks deteriorate peak signal-to-noise ratio by up to 5.6dB and the bit-rate by up to $\sim$ 2.4$\times$ while achieving over 90$\%$ attack success rate on a downstream classifier. Our user study further demonstrates the effect of RoVISQ attacks on users' QoE.

With the spread of tampered images, locating the tampered regions in digital images has drawn increasing attention. The existing image tampering localization methods, however, suffer from severe performance degradation when the tampered images are subjected to some post-processing, as the tampering traces would be distorted by the post-processing operations. The poor robustness against post-processing has become a bottleneck for the practical applications of image tampering localization techniques. In order to address this issue, this paper proposes a novel restoration-assisted framework for image tampering localization (ReLoc). The ReLoc framework mainly consists of an image restoration module and a tampering localization module. The key idea of ReLoc is to use the restoration module to recover a high-quality counterpart of the distorted tampered image, such that the distorted tampering traces can be re-enhanced, facilitating the tampering localization module to identify the tampered regions. To achieve this, the restoration module is optimized not only with the conventional constraints on image visual quality but also with a forensics-oriented objective function. Furthermore, the restoration module and the localization module are trained alternately, which can stabilize the training process and is beneficial for improving the performance. The proposed framework is evaluated by fighting against JPEG compression, the most commonly used post-processing. Extensive experimental results show that ReLoc can significantly improve the robustness against JPEG compression. The restoration module in a well-trained ReLoc model is transferable. Namely, it is still effective when being directly deployed with another tampering localization module.

数字图像水印寻求保护数字媒体信息免受未经授权的访问，其中消息被嵌入到数字图像中并从中提取，甚至在各种数据处理下应用一些噪声或失真，包括有损图像压缩和交互式内容编辑。在用一些事先约束时，传统图像水印解决方案容易受到鲁棒性，而最近的基于深度学习的水印方法无法在特征编码器和解码器的各种单独管道下进行良好的信息丢失问题。在本文中，我们提出了一种新的数字图像水印解决方案，具有一个小巧的神经网络，名为可逆的水印网络（IWN）。我们的IWN架构基于单个可逆的神经网络（INN），这种双翼飞变传播框架使我们能够通过将它们作为彼此的一对逆问题同时解决信息嵌入和提取的挑战，并学习稳定的可逆性映射。为了增强我们的水印解决方案的稳健性，我们具体地引入了一个简单但有效的位消息归一化模块，以冷凝要嵌入的位消息，并且噪声层旨在模拟我们的iWN框架下的各种实际攻击。广泛的实验表明了我们在各种扭曲下的解决方案的优越性。

在大多数视频平台（如youtube和Tiktok）中，播放的视频通常经过多个视频编码，例如通过记录设备，视频编辑应用程序的软件编码，以及视频应用程序服务器的单个/多个视频转码。以前的压缩视频恢复工作通常假设压缩伪像是由一次性编码引起的。因此，衍生的解决方案通常在实践中通常不起作用。在本文中，我们提出了一种新的方法，时间空间辅助网络（TSAN），用于转码视频恢复。我们的方法考虑了视频编码和转码之间的独特特征，我们将初始浅编码视频视为中间标签，以帮助网络进行自我监督的注意培训。此外，我们采用相邻的多帧信息，并提出用于转码视频恢复的时间可变形对准和金字塔空间融合。实验结果表明，该方法的性能优于以前的技术。代码可在https://github.com/iceCherylxuli/tsan获得。

传统的视频压缩（VC）方法基于运动补偿变换编码，并且由于端到端优化问题的组合性质，运动估计，模式和量化参数选择的步骤和熵编码是单独优化的。学习VC允许同时对端到端速率失真（R-D）优化非线性变换，运动和熵模型的优化训练。大多数工作都在学习VC基于R-D损耗对连续帧的对考虑连续视频编解码器的端到端优化。它在传统的VC中众所周知的是，双向编码优于顺序压缩，因为它能够使用过去和未来的参考帧。本文提出了一种学习的分层双向视频编解码器（LHBDC），其结合了分层运动补偿预测和端到端优化的益处。实验结果表明，我们达到了迄今为​​止在PSNR和MS-SSIM中的学习VC方案报告的最佳R-D结果。与传统的视频编解码器相比，我们的端到端优化编解码器的RD性能优于PSNR和MS-SSIM中的X265和SVT-HEVC编码器（“非常流”预设）以及MS-中的HM 16.23参考软件。 SSIM。我们提出了由于所提出的新颖工具，例如学习屏蔽，流场附带和时间流量矢量预测等新颖工具，展示了表现出性能提升。重现我们结果的模型和说明可以在https://github.com/makinyilmaz/lhbdc/中找到

Online media data, in the forms of images and videos, are becoming mainstream communication channels. However, recent advances in deep learning, particularly deep generative models, open the doors for producing perceptually convincing images and videos at a low cost, which not only poses a serious threat to the trustworthiness of digital information but also has severe societal implications. This motivates a growing interest of research in media tampering detection, i.e., using deep learning techniques to examine whether media data have been maliciously manipulated. Depending on the content of the targeted images, media forgery could be divided into image tampering and Deepfake techniques. The former typically moves or erases the visual elements in ordinary images, while the latter manipulates the expressions and even the identity of human faces. Accordingly, the means of defense include image tampering detection and Deepfake detection, which share a wide variety of properties. In this paper, we provide a comprehensive review of the current media tampering detection approaches, and discuss the challenges and trends in this field for future research.

This study examines the relationship between H.264 video compression and the performance of an object detection network (YOLOv5). We curated a set of 50 surveillance videos and annotated targets of interest (people, bikes, and vehicles). Videos were encoded at 5 quality levels using Constant Rate Factor (CRF) values in the set {22,32,37,42,47}. YOLOv5 was applied to compressed videos and detection performance was analyzed at each CRF level. Test results indicate that the detection performance is generally robust to moderate levels of compression; using a CRF value of 37 instead of 22 leads to significantly reduced bitrates/file sizes without adversely affecting detection performance. However, detection performance degrades appreciably at higher compression levels, especially in complex scenes with poor lighting and fast-moving targets. Finally, retraining YOLOv5 on compressed imagery gives up to a 1% improvement in F1 score when applied to highly compressed footage.

Visually realistic GAN-generated facial images raise obvious concerns on potential misuse. Many effective forensic algorithms have been developed to detect such synthetic images in recent years. It is significant to assess the vulnerability of such forensic detectors against adversarial attacks. In this paper, we propose a new black-box attack method against GAN-generated image detectors. A novel contrastive learning strategy is adopted to train the encoder-decoder network based anti-forensic model under a contrastive loss function. GAN images and their simulated real counterparts are constructed as positive and negative samples, respectively. Leveraging on the trained attack model, imperceptible contrastive perturbation could be applied to input synthetic images for removing GAN fingerprint to some extent. As such, existing GAN-generated image detectors are expected to be deceived. Extensive experimental results verify that the proposed attack effectively reduces the accuracy of three state-of-the-art detectors on six popular GANs. High visual quality of the attacked images is also achieved. The source code will be available at https://github.com/ZXMMD/BAttGAND.

来自单个运动模糊图像的视频重建是一个具有挑战性的问题，可以增强现有的相机的能力。最近，几种作品使用传统的成像和深度学习解决了这项任务。然而，由于方向模糊和噪声灵敏度，这种纯粹 - 数字方法本质上是有限的。一些作品提出使用非传统图像传感器解决这些限制，然而，这种传感器非常罕见和昂贵。为了使这些限制具有更简单的方法，我们提出了一种用于视频重建的混合光学 - 数字方法，其仅需要对现有光学系统的简单修改。在图像采集期间，在镜头孔径中使用学习的动态相位编码以对运动轨迹进行编码，该运动轨迹用作视频重建过程的先前信息。使用图像到视频卷积神经网络，所提出的计算相机以各种编码运动模糊图像的各种帧速率产生锐帧帧突发。与现有方法相比，我们使用模拟和现实世界的相机原型表现了优势和改进的性能。

How to effectively explore the colors of reference exemplars and propagate them to colorize each frame is vital for exemplar-based video colorization. In this paper, we present an effective BiSTNet to explore colors of reference exemplars and utilize them to help video colorization by a bidirectional temporal feature fusion with the guidance of semantic image prior. We first establish the semantic correspondence between each frame and the reference exemplars in deep feature space to explore color information from reference exemplars. Then, to better propagate the colors of reference exemplars into each frame and avoid the inaccurate matches colors from exemplars we develop a simple yet effective bidirectional temporal feature fusion module to better colorize each frame. We note that there usually exist color-bleeding artifacts around the boundaries of the important objects in videos. To overcome this problem, we further develop a mixed expert block to extract semantic information for modeling the object boundaries of frames so that the semantic image prior can better guide the colorization process for better performance. In addition, we develop a multi-scale recurrent block to progressively colorize frames in a coarse-to-fine manner. Extensive experimental results demonstrate that the proposed BiSTNet performs favorably against state-of-the-art methods on the benchmark datasets. Our code will be made available at \url{https://yyang181.github.io/BiSTNet/}

深度学习在各种工业应用中取得了巨大成功。公司不希望他们的宝贵数据被恶意员工偷来培训盗版模式。他们也不希望竞争对手在线使用后分析的数据。我们提出了一种新的解决方案，在这种情况下，通过稳健地并可逆地将图像转换为对手图像。我们开发一个可逆的对抗性示例生成器（Raeg），对图像引入略微变化以欺骗传统的分类模型。尽管恶意攻击培训基于Deacened版本的受保护图像的盗版模型，但Raeg可以显着削弱这些模型的功能。同时，Raeg的可逆性确保了授权模型的表现。广泛的实验表明，Raeg可以通过比以前的方法更好地防止对抗对抗防御的轻微扭曲。

基于神经网络的图像压缩已经过度研究。模型稳健性很大程度上被忽视，但它对服务能够实现至关重要。我们通过向原始源图像注入少量噪声扰动来执行对抗攻击，然后使用主要学习的图像压缩模型来编码这些对抗示例。实验报告对逆势实例的重建中的严重扭曲，揭示了现有方法的一般漏洞，无论用于底层压缩模型（例如，网络架构，丢失功能，质量标准）和用于注射扰动的优化策略（例如，噪声阈值，信号距离测量）。后来，我们应用迭代对抗的FineTuning来细化掠夺模型。在每次迭代中，将随机源图像和对抗示例混合以更新底层模型。结果通过大大提高压缩模型稳健性来表明提出的FineTuning策略的有效性。总体而言，我们的方法是简单，有效和更广泛的，使其具有开发稳健的学习图像压缩解决方案的吸引力。所有材料都在HTTPS://njuvision.github.io/trobustn中公开访问，以便可重复研究。

近年来，随着深度神经网络的发展，端到端优化的图像压缩已取得了重大进展，并超过了速度延伸性能的经典方法。但是，大多数基于学习的图像压缩方法是未标记的，在优化模型时不考虑图像语义或内容。实际上，人眼对不同内容具有不同的敏感性，因此还需要考虑图像内容。在本文中，我们提出了一种面向内容的图像压缩方法，该方法处理具有不同策略的不同类型的图像内容。广泛的实验表明，与最先进的端到端学习的图像压缩方法或经典方法相比，所提出的方法可实现竞争性的主观结果。

Video classification systems are vulnerable to adversarial attacks, which can create severe security problems in video verification. Current black-box attacks need a large number of queries to succeed, resulting in high computational overhead in the process of attack. On the other hand, attacks with restricted perturbations are ineffective against defenses such as denoising or adversarial training. In this paper, we focus on unrestricted perturbations and propose StyleFool, a black-box video adversarial attack via style transfer to fool the video classification system. StyleFool first utilizes color theme proximity to select the best style image, which helps avoid unnatural details in the stylized videos. Meanwhile, the target class confidence is additionally considered in targeted attacks to influence the output distribution of the classifier by moving the stylized video closer to or even across the decision boundary. A gradient-free method is then employed to further optimize the adversarial perturbations. We carry out extensive experiments to evaluate StyleFool on two standard datasets, UCF-101 and HMDB-51. The experimental results demonstrate that StyleFool outperforms the state-of-the-art adversarial attacks in terms of both the number of queries and the robustness against existing defenses. Moreover, 50% of the stylized videos in untargeted attacks do not need any query since they can already fool the video classification model. Furthermore, we evaluate the indistinguishability through a user study to show that the adversarial samples of StyleFool look imperceptible to human eyes, despite unrestricted perturbations.

随着生成模型的快速发展，基于AI的面部操纵技术，称为DeepFakes，已经变得越来越真实。这种脸部伪造的方法可以攻击任何目标，这对个人隐私和财产安全构成了新的威胁。此外，滥用合成视频在许多领域都显示出潜在的危险，例如身份骚扰，色情和新闻谣言。受到生理信号中的空间相干性和时间一致性在所生物的内容中被破坏的事实，我们试图找到可以区分真实视频和合成视频的不一致模式，从面部像素的变化是与生理信息高度相关的。我们的方法首先将多个高斯级别的eulerian视频放大倍数（EVM）应用于原始视频，以扩大面部血容量的变化引起的生理变化，然后将原始视频和放大的视频转换为多尺度欧拉宽度的空间 - 时间地图（MemstMap），其可以代表不同八度的时变的生理增强序列。然后，这些地图以列为单位重新装入帧修补程序，并发送到视觉变压器以学习帧级别的时空描述符。最后，我们整理了嵌入功能并输出判断视频是真实还是假的概率。我们在面部框架++和DeepFake检测数据集上验证了我们的方法。结果表明，我们的模型在伪造检测中实现了出色的性能，并在交叉数据域中显示出出色的泛化能力。

Conventional video compression approaches use the predictive coding architecture and encode the corresponding motion information and residual information. In this paper, taking advantage of both classical architecture in the conventional video compression method and the powerful nonlinear representation ability of neural networks, we propose the first end-to-end video compression deep model that jointly optimizes all the components for video compression. Specifically, learning based optical flow estimation is utilized to obtain the motion information and reconstruct the current frames. Then we employ two auto-encoder style neural networks to compress the corresponding motion and residual information. All the modules are jointly learned through a single loss function, in which they collaborate with each other by considering the trade-off between reducing the number of compression bits and improving quality of the decoded video. Experimental results show that the proposed approach can outperform the widely used video coding standard H.264 in terms of PSNR and be even on par with the latest standard H.265 in terms of MS-SSIM. Code is released at https://github.com/GuoLusjtu/DVC. * Corresponding author (a) Original frame (Bpp/MS-SSIM) (b) H.264 (0.0540Bpp/0.945) (c) H.265 (0.082Bpp/0.960) (d) Ours ( 0.0529Bpp/ 0.961

凭借生成的对抗网络（GANS）和其变体的全面合成和部分面部操纵已经提高了广泛的公众关注。在多媒体取证区，检测和最终定位图像伪造已成为一个必要的任务。在这项工作中，我们调查了现有的GaN的面部操纵方法的架构，并观察到其上采样方法的不完美可以作为GaN合成假图像检测和伪造定位的重要资产。基于这一基本观察，我们提出了一种新的方法，称为FAKELOCATOR，以在操纵的面部图像上全分辨率获得高分辨率准确性。据我们所知，这是第一次尝试解决GaN的虚假本地化问题，灰度尺寸贴身贴图，保留了更多伪造地区的信息。为了改善Fakelocator跨越多种面部属性的普遍性，我们介绍了注意机制来指导模型的培训。为了改善不同的DeepFake方法的FakElecator的普遍性，我们在训练图像上提出部分数据增强和单一样本聚类。对流行的面部刻度++，DFFD数据集和七种不同最先进的GAN的面部生成方法的实验结果表明了我们方法的有效性。与基线相比，我们的方法在各种指标上表现更好。此外，该方法对针对各种现实世界的面部图像劣化进行鲁棒，例如JPEG压缩，低分辨率，噪声和模糊。