高容量可逆浮水印之研究

行政院國家科學委員會專題研究計畫 成果報告

高容量可逆浮水印之研究

研究成果報告(精簡版)

計 畫 類 別 ： 個別型

計 畫 編 號 ： NSC 96-2221-E-151-016-

執 行 期 間 ： 96 年 08 月 01 日至 97 年 09 月 30 日

執 行 單 位 ： 國立高雄應用科技大學電子工程系

計 畫 主 持 人 ： 廖斌毅

共 同 主 持 人 ： 潘正祥、謝欽旭

計畫參與人員： 碩士班研究生-兼任助理人員：林一成

碩士班研究生-兼任助理人員：許哲瑋

碩士班研究生-兼任助理人員：李健民

碩士班研究生-兼任助理人員：廖浴彬

碩士班研究生-兼任助理人員：林勇成

碩士班研究生-兼任助理人員：高世育

碩士班研究生-兼任助理人員：吳家豪

碩士班研究生-兼任助理人員：孫瑞強

碩士班研究生-兼任助理人員：白宗育

碩士班研究生-兼任助理人員：鄭榮展

報 告 附 件 ： 出席國際會議研究心得報告及發表論文

處 理 方 式 ： 本計畫可公開查詢

中 華 民 國 97 年 11 月 21 日

行政院國家科學委員會補助專題研究計畫

■成果報告

□期中進度報告

高容量可逆浮水印之研究

計畫類別：■ 個別型計畫 □ 整合型計畫

計畫編號：NSC 96-2221-E-151-016

執行期間：

2007 年 8 月 1 日至 2008 年 9 月 30 日

計畫主持人：廖斌毅教授

共同主持人：潘正祥教授

謝欽旭助理教授

計畫參與人員：

成果報告類型(依經費核定清單規定繳交)：■精簡報告 □完整報告

本成果報告包括以下應繳交之附件：

□赴國外出差或研習心得報告一份

□赴大陸地區出差或研習心得報告一份

□出席國際學術會議心得報告及發表之論文各一份

□國際合作研究計畫國外研究報告書一份

處理方式：除產學合作研究計畫、提升產業技術及人才培育研究計畫、

列管計畫及下列情形者外，得立即公開查詢

□涉及專利或其他智慧財產權，□一年□二年後可公開查詢

執行單位：

中 華 民 國 97 年 11 月 20 日

高容量可逆浮水印之研究

High Capacity Reversible Watermarking Scheme

計畫主持人：高雄應用科技大學 廖斌毅教授(電資學院院長)

共同主持人：高雄應用科技大學 潘正祥教授(電子系主任)

高雄應用科技大學 謝欽旭助理教授(資訊管理系)

國科會編號: NSC 96-2221-E-151-016

摘要：

數位浮水印技術主要應用於法律、醫學影像系統、軍事影像系統等領域中，

希望在萃取浮水印後都必須要能夠無失真的將浮水印影像恢復成原始影像。但是

目前被提出的可逆浮水印演算法可隱藏的資訊容量都不大，再加上可逆浮水印對

於抵抗幾何攻擊是很脆弱的，其強健性是有待加強。因此本計畫針對可逆浮水印

演算法的缺點加以改進，發展出高容量且可抵抗幾何攻擊的可逆浮水印技術。

本計畫中，主要完成以下兩項內容：(1)設計出高容量可逆浮水印技術，提

升目前被提出的可逆浮水印演算法可藏匿的資訊容量；(2)抵抗幾何攻擊增加可

逆浮水印的強健性。本計畫中，我們利用本團隊在浮水印相關領域內的深厚研究

基礎及理論，透過各項浮水印理論方面的研究，推展可逆浮水印的發展並使其完

善，應用於實際需求上，對於學術界及產業界能有重大的貢獻。

關鍵詞︰可逆浮水印、高容量、幾何攻擊

(一) 前言

數位浮水印技術主要應用於法律、醫學影像系統、軍事影像系統等領域中，

希望在萃取浮水印後都必須要能夠無失真的將浮水印影像恢復成原始影像。但是

目前被提出的可逆浮水印演算法可隱藏的資訊容量都不大，再加上可逆浮水印對

於抵抗幾何攻擊是很脆弱的，其強健性是有待加強。因此本計畫針對可逆浮水印

演算法的缺點加以改進，發展出高容量且可抵抗幾何攻擊的可逆浮水印技術。

(二)

研究目的

在本計畫中，研究工作主要集中在以下兩項內容上：(1)設計出高容量可逆

浮水印技術，提升目前被提出的可逆浮水印演算法可藏匿的資訊容量；(2)本計

畫提出的可逆浮水印能夠抵抗幾何攻擊增加可逆浮水印的強健性。在本計畫中，

我們利用本團隊在浮水印相關領域內的深厚研究基礎及理論，期望透過以上各項

浮水印理論方面的研究，推展可逆浮水印的發展並使其完善，應用於實際需求

上，對於學術界及產業界能有重大的貢獻。

(三) 文獻探討

可逆浮水印技術最早由 Eastman Kodak[1]及 Fridrich et al.[2]提出了一種可逆

資訊嵌入方法，透過無損壓縮位平面，達到節省空間的效果，進而嵌入浮水印。

De Vleeschouwer et al. [3]提出了基於 Patchwork 理論[4]的無損數據隱藏演算法。

Goljan et a1.[5]提出了兩個循環的跳變序列 F，序列 F 被用作在群像素中嵌入浮

水印。

Tian[6]利用像素之間的多餘的資訊，將每兩個像素嵌一個位元。Alatter [7]

把差擴展運用到了三個像素中。Xuan et al. [8]嵌入浮水印在小波領域。Thodi et al.

[9] 用每個像素的三個像素去預測這個像素，然後在不引起上溢位和下溢位的情

況下，對預測誤差進行浮水印進行擴展，從而達到嵌入的目的。Celik et al. [10]

提出了一種新的認證架構。以上這些方法雖然實現了可逆的嵌入浮水印和萃取浮

水印，但是嵌入容量依舊不算高，而且不能抵抗任何的影像攻擊，像是幾何攻擊

等等…。

因此本計畫針對可逆浮水印演算法的缺點加以改進，發展出高容量且可抵抗

幾何攻擊的可逆浮水印技術。

(四) 研究方法

本計畫主提出基於差分擴展的可逆浮水印方法研究，我們比較現有的可逆

浮水印演算法，本計畫所使用的方法可以使得影像品質沒有降低的情況下，在嵌

入浮水印容量上有很大的提升。

在差分擴展方法中，需要紀錄可以擴展的像素稱作為位置圖

L

，將所有的可

擴展的 h 紀錄成 1，其他的位置則紀錄成 0。並且在萃取的過程中不需要任何的

額外資訊。為了節省空間，位置圖

L

需要被壓縮且嵌入到影像當中。

對於差分擴展的方法中，在門檻值

T

_h

較小的時候，

h

≤ 的數量和

T

_h

的數

量相差不大，因此位置圖

h

h

>

T

L

很難被高位元率壓縮，可能所有擴展類的差值不能攜

帶壓縮後的位置圖，因此必須提高嵌入門檻值增加嵌入數量，但是這通常會引起

PSNR 值的下降。

在本計畫中我們使用壓縮和擴展( Companding ) 技術，使

也能被擴

展，因此被擴展的數量增加，位置圖能被高位元率壓縮，因此嵌入的容量能有大

幅度的提升。同時 PSNR 值沒有下降，實現了在門檻值很小的情況下，也能有較

高的嵌入容量，但同時還能保有很高的 PSNR 值。適合數值擴展的壓縮函數。除

了考慮使用整數變換獲得較小的絕對值外，常用於語音處理的壓縮和擴展

( Companding )技術也可被用來減小絕對值高位元移位產生的大幅度信號失真，

詳細的細節可參考文獻[11]。

h

h

>

T

壓縮和擴展技術主要方法是對處理對象的動態範圍進行壓縮和擴展以適應

不同的應用要求。在這個演算法中，壓縮和擴展技術被用來壓縮高絕對值使其適

應位元移位的需要：一方面避免音頻取樣值的溢位，一方面減小絕對值因高位元

移位所引起的大幅度失真。

設 C 為壓縮函數，E 為擴展函數，則信號 x 的壓縮和擴展過程應滿足：

ECx

=

Ix

(1)

其中為等價函數，即

Ix

=

x

。設

x 為

0

≤

x n

[ ]

≤ 内的正實數，則壓縮和擴展過程

1

為：

1

[ ]

(

)[ ]

[ ]

2

c

x n

=

Cx n

=

x n

(2)

2

[ ] = (

_c

)[ ] = (2 [ ])

_c

x n

Ex

n

x n

(3)

由於 x 是模擬數值，所以只要計算系统有足夠的計算精準度，壓縮函數 C 和

擴展函數 E 都是一一映射。但在實際的數字壓縮和擴展系统中，由於量化電平

的離散化，動態範圍的壓縮函數

實際上是一個多對一的映射，這就會使壓縮

後的數值

Q

C

[ ]

Q

x

n 經過擴展函數

E

_Q

擴展後得到的信號

x

E

[ ]

n 同原始信號

x n 之間

[ ]

有一個誤差

q n ：

[ ]

[ ]

[ ]

(

Q Q

)

[ ]

[ ]

E

[ ]

q n

=

x n

−

E C x n

=

x n

−

x

n

(4)

對於可逆浮水印的應用而言，原始信號必須完全還原：

[ ]

[ ]

(

Q Q

)

[ ]

[ ]

E

[ ]

x n

=

q n

+

E C x n

=

q n

+

x

n

(5)

因而在嵌入浮水印資訊的同時，還必須記錄壓縮和擴展誤差 q[n]的完整資訊。圖

1 表示一個完整的利用壓縮和擴展技術實現可逆浮水印的架構。

此外本計畫提出一抵抗幾何攻擊的高容量可逆浮水印演算法。下圖 1 中是本

計畫所提出的演算法流程圖。

圖 1 本計畫所提出的演算法流程圖

首先對要嵌入浮水印的圖像進行分割成

32

×

32

的區塊，並對所有的區塊圖像

用 Patchwork 的方法嵌入相同的定位模式，定位模式嵌入的具體過程如下：

第一步: 將原始圖像切割成

32

× 大小的區塊；

32

第二步: 用相同的密鑰在每一個區塊中進行 Patchwork 的方法進行點對的選取和

像素值的修改(對於

32

× 的區塊，對 A 和 B 各選取了 41 個點)。

32

第三步: 取 255 的餘數，A 中的像素加

δ

，B 中的像素減

δ

。

第四步：為了避免取餘數所帶來的 salt and pepper noise，保持跳變像素值

(

x

∈

(

[

0,

δ

− ∪

1

] [

255

− +

δ

1, 255

]

)

,x 是某個像素值)不變。產生一個二進

位碼表用來標示跳變像素值和非跳變，0 表示跳變像素值，1 表示非跳

變，或者相反表示 1 表示跳變像素值，0 表示非跳變。

每個區塊中剩餘的像素採用我們所改良的差分擴展方法進行真正的浮水印

嵌入真正的浮水印資訊。

(五) 結果與討論

本計畫提出了一個高容量可逆浮水印技術，提升目前被提出的可逆浮水印演

算法可藏匿的資訊容量，增加可逆浮水印的強健性模擬結果如圖 2 及在影像被經

過有意或無意的幾何攻擊破壞後仍然可以被解密模擬結果如圖 3。

圖 2 高容量可逆浮水印模擬 圖三高容量可逆浮水印之強健性模擬

此外本計畫所使的高容量可逆浮水印技術在影像受到裁切及旋轉後亦可順

利抽取出所藏之浮水印如圖五。

(六) 計畫成果自評

本計劃實現了ㄧ高容量可逆浮水印技術，使用差分擴展方式在影像內嵌入浮

水印，增加浮水印可藏匿的資訊容量及抵抗幾何攻擊的能力增加其強健性。

於學術研究之貢獻方面，本研究群彙整研究結果，投稿一篇至國際會議

(ISDA) 已被接受，預計於 97 年 11 月 26 日於會議期間發表。於國家發展之貢獻

方面，多媒體資訊處理和智慧財產權保護是目前國家重點發展的科技之一，本計

畫的研究成果將可直接落實至實際的技術應用之中。

(七) 參考文獻

[1] C. W. Honsinger, P. Jones, M. Rabbani, and J. C. Stoffel, “Lossless Recovery of

an Original Image Containing Embedded Data,” US patent, No 7102/E-D, 1999.

[2] J.Fridrich, J.Goljan, and R.Du, “Invertible Authentication,” in Proceedings of

SPIE, Security and Watermarking of multimedia Content, San Jose, Jan. 2001,

pp. 197–208.

[3] C. De Vleeschouwer, J. F. Delaigle, and B. Macq, “Circular interpretation of

bijective transformations in lossless watermarking for media asset management,”

IEEE Tran. Multimedia, vol. 5, Mar. 2003, pp. 97–105.

[4] W. Bender, D. Gruhl, N. Morimoto, and A. Lu, “Techniques for data hiding,”

IBM Syst. J., vol. 35, no. 3-4, 1996, pp. 313–336.

[5] M. Goljan, J. Fridrich, and R. Du “ Distortion-free data embedding for images,”

4th Information Hiding Workshop, LNCS vol. 2137, Springer-Verlag, New York,

2001, pp. 27-41.

[6] J.Tian, “Reversible data embedding using a difference expansion,” IEEE Trans.

Circuits and Systems for Video Tech, vol.13, no.8, Aug.2003, pp.890-896.

[7] A. M. Alattar ,“Reversible Watermark Using Difference Expansion of Triplets,”

ICIP’2003, Barcelona, Spain, 2003, pp. 501-504.

[8] Xuan, G.R , Yang, C.Y, Zhen, Y.Z., and Shi, Y.Q. , “Reversible Data Hiding

Using Integer Wavelet Transform and Companding Technique”, IWDW, 2004.

[9] Thodi, M. and Rodríguez, Jeffrey.J. ,“Prediction-error based reversible

watermarking, ” Proc. of ICIP, Genova, vol.3, Oct. 2004 , pp.1549-1552.

[10] Celik, M. U., Sharma, G., and Tekalp, A. M.: `Lossless watermarking for image

authentication a new framework and an implementation', IEEE Trans. on Image

Processing, 2006, pp. 1042-1049.

[11] Menezes, A., Oorchot, P.Van., and Vanstone, S.: Handbook of Applied

Cryptography, Boca Raton, FL: CRC, 1997

Robust and Progressive Color Image Visual Secret Sharing Cooperated with

Data Hiding

Hao Luo

1

, Faxin Yu (Correspondence author)

1

, Jeng-Shyang Pan

2

, Zhe-Ming Lu

3

1

_{School of Aeronautics and Astronautics, Zhejiang University, Hangzhou, 310027, P.R. China}

[email protected], [email protected]

2

_{National Kaohsiung University of Applied Sciences, Kaohsiung 807, Taiwan, ROC.}

[email protected]

3

_{Sun Yat-sen University, Guangzhou 501725, P.R. China}

[email protected]

Abstract

This paper proposes a visual secret sharing scheme for color image encryption with robust and progressive decryption abilities. Robust decryption means the secret content can be still decrypted from shares even the shares are corrupted with intentional or unintentional alterations. In progressive decryption, three levels quality of secret images can be decrypted with the same shares. A lower visual quality secret content can be revealed by stacking shares. A halftone version of secret can be decrypted by simple XOR shares. Furthermore, a nearly lossless version of the secret content can be reconstructed by a decoding procedure. The method is cooperated with data hiding technique which has two functions, one is for encoding some secret content and the other is for embedding some extra information, e.g., permutation key. Experimental results show the effectiveness of the proposed method.

1. Introduction

Visual cryptography is a paradigm introduced by Naor and Shamir [1] to encrypt a secret image into two or more random noise-like share images. Generally, a visual cryptography scheme is designed based on a {k, n}-threshold framework. That is, a secret image is encrypted into n shares distributed to n participants. Via stacking some k or more than k shares, the secret content is revealed by the human visual system. Nowadays a lot of visual cryptography schemes have been proposed for halftone, gray-scale [2, 3] and color image [4] encryption. The key advantage of visual cryptography compared with conventional cryptography algorithms lies in that no computations

or prior knowledge (e.g., a key) are required in secret image decryption.

In most available visual cryptography methods, the distortion such as changes in contrast and resolution is inevitably introduced during secret image decryption. However, in some practical application scenarios the secret image is required to be reconstructed more accurately. For example, Lukac et al. [5] proposed an effective image sharing scheme that can perfectly retrieve the secret image using bit-level logical operations. Although their scheme loses the ability of decryption by visual means, it still has potentially wide applications in the Internet world popular with digital contents.

Data hiding refers to hide data unnoticeable in cover media which usually used for multimedia copyright protection, tamper detection, content authentication, etc. In recent years, data hiding techniques are involved in VSS schemes. Fang et al. [6] proposed a method for hiding some confidential data in shares of VSS. In fact, embedding extra data in shares has many potential applications. But most of these methods focus on hiding some affiliated information of the secret image such as author’s name, production date, license number, content annotation, etc.

This paper focuses on a novel visual secret sharing (VSS) scheme cooperated with data hiding techniques. Contribution of our work lies in three aspects. (1) Progressive decryption. There are three levels of visual quality can be obtained. The lowest quality content is revealed by stacking shares. While a halftone version of the secret image is obtained by extracting and reconstructed some decrypted pixels. Furthermore, a nearly lossless version of the secret image can be recovered by a decoding procedure. (2) Robust decryption. In distribution, shares are easily to be corrupted including unintentional alterations such as

common image operations and intentional attacks. Most available methods do not consider the problem when shares are corrupted. Accordingly, we aim to propose a robust decryption method. That is, even when shares are corrupted, the secret content can be recovered to some extent, also with three levels of visual quality can be obtained. (3) Pixel values encoding and confidential information embedding based on data hiding. An important characteristic of our method is data hiding is also involved. Not only for confidential data embedding as popular used in previous work [6], data hiding in our method performs another crucial function, pixel values encoding.

In our context, assume 0 and 1 represent a white and a black pixel bit component respectively in each bit-plane. All halftone images used in this paper are produced by performing Floyd-Steinberg error diffusion on corresponding continuous-tone images. The rest of this paper is organized as follows. Section 2 briefly reviews the related work including the conventional {2, 2} VSS model and available progressive decryption methods. Section 3 extensively describes the encryption and decryption operations of our method. Experimental results and some discussions are given in Section 4, and Section 5 concludes the whole paper.

2. Related Work

In the conventional {2, 2} VSS, a secret image is encrypted into two shares. Figure 1(a) illustrates the encryption and decryption strategy of conventional {2, 2} VSS. Each white (black) pixel has six pairs of encryptions modes with encoding to two 2×2 blocks. It is clear that the size of the shares is four times of the secret image. Hence, a heavy loading for the limited network bandwidth and the storage space will be leaded by the conventional {2, 2} VSS.

Most available VSS models cause image size expansion. Namely, sizes of shares are larger than secret images. For example, in the conventional {2, 2} VSS model, size of share images is expanded to four times of the secret image. Consequently, this will greatly places heavy loading for the limited network bandwidth and the storage space.

To mitigate this problem, we adopt a non-expansion {2, 2} VSS model [7] which is based on a probabilistic principle. As shown in Figure 1(b), there are two choices for the encryption of a white or black pixel. In particular, when encrypting a white (black) pixel, we

randomly select a column and assign them to S1 and S2

respectively.

Generally speaking, progressive decryption aims for maintaining secret images with hierarchical visual

qualities. In other words, lower quality and higher quality (even lossless) versions can be decrypted based on the same set of shares. Jin et al. [4] proposed a progressive color visual cryptography scheme with principle described as follows.

secret S1 S2 stacking XOR

C0

C1

(a)

secret S1 S2 stacking XOR

C0

C1

(b)

Figure 1. Encryption and decryption strategy, (a) conventional {2, 2} VSS, (b) non-expansible

image size VSS

Figure 2. Assignment of 8 bits of a pixel inside a 3×3 block

b5 b1 b7

b3 0 b4

The key idea of Jin et al’s method is to encode a gray level image into a binary transparency first. As shown in Figure 2, each secret image pixel’s 8

bit-plane information (b1, b2, …, b8) is assigned in a 3×3

block. The center position of this 3×3 block is used to carry a halftone pixel corresponding to the same position of secret image. Then the binary block is mapped into another one according to a look-up table constructed with the metric of Hamming weight in advance. This operation aims for making average luminance of the mapped block is approximately equal to that of the secret pixel. After that, the new 3×3 block is encrypted using the conventional {2, 2} VSS and thus two shares are produced. Note that, in decryption, the same look-up table must be used for decoding blocks. Hence, three hierarchical levels of decrypted images can be obtained by just stacking, XOR or with more complex computations.

Figure 3. Block diagram of encryption and decryption, (a) encryption, (b) decryption

3. Proposed method

3.1. Overview

The block diagram of encryption and decryption is shown in Figure 3. In encryption as shown in Figure 3(a), the secret image S is transformed into a halftone image H, and then a transition image T is constructed according to the secret image and halftone image. Next, the transition image is encrypted based on non-expansion VSS model. Meanwhile, part of the secret

image is encoded in the transition image and another part is embedded in shares during encryption.

As shown in Figure 3(b), secret content with level 1 visual quality can be viewed by stacking the two

shares. To decrypt the level 2 and 3 quality secret, S1 is

XORed with S2. Then secret with level 2 quality

(halftone version of secret image) can be obtained by a simple mechanism of extracting and rearranging pixels of the XORed result. Furthermore, if necessary, the original secret image can be nearly losslessly recovered by decoding based on the reconstructed transition image.

3.2. Data Hiding During Encryption

Here we propose a general method for hiding data during encryption based on the non-expansion VSS

model. Suppose a secret binary sequence s={s1,s2…,sj}

is encrypted into two binary sequence shares S1 and S2.

The data hiding principle is shown in Figure 4 and details are described as follows.

Figure 4. Data hiding during encryption based on the non-expansion {2, 2} VSS model

First, s1 is encrypted in p and 11

2 1

p . Randomly

select a white or black pixel and assign it to 1

1 p , and then 2 1 p is determined by 1 1 p and the s1 as 1 2 1 1 1 1 1 1 if 0 1 if 1 p s p p s ⎧ = ⎪ = ⎨ − = ⎪⎩ (1)

Second, w1 is encrypted in p12 and p . That is, 12 p 12

is determined by 2

1

p and w1 according to Eq. (2).

2 1 1 1 2 2 1 1 if 0 1 if 1 p w p p w ⎧ ₌ ⎪ = ⎨ − = ⎪⎩

(2) Third, s2 is encrypted in p12 and p22. That is, p22 is

determined by 1 2

p and s2 according to Eq. (3).

Secret image S Halftone image H Transition image construction T Non-expansion VSS encryption Shares S1, S2 Shares S1, S2 Stacking Level 1 decryption S1 XOR S2 Transition image reconstruction T Level 3 decryption Level 2 decryption (a) (b) sj sj-1 wj-1 wj-2 w3 s3 w2 s2 w1 s1 S1 p11 p12 p31 …… p1j−1 p1j …… 2 1 p 2 2 p 2 3 p 2 1 j p₋ 2 j p S2

1 2 2 2 2 1 2 2 if 0 1 if 1 p s p p s ⎧ ₌ ⎪ = ⎨ − = ⎪⎩ (3) Repeat the above procedures till wj-1 is encrypted in 2 1 j p₋ and 1 j p , and sj is encrypted in 1 j p and 2 j p . In this way two shares are produced.

In decoding, the secret pixels can be extracted as

1 2 ( , ) r r r s =XOR p p 1 r≤ ≤ (4) j 1 2 1 ( , ) r r r w =XOR p₊ p 1≤ ≤ − (5) r j 1

Actually, there is an interleaving order (s1, w1, s2,

w2, …, sj-1, wj-1, sj) in encryption as indicated by the

solid arrow and dash arrow. Given two j-bit binary sequence share, a j-bit binary sequence secret and a (j-1)-bit extra confidential data sequence can be encoded.

3.3 Encoding and Encryption

Suppose the original secret 24-bit color image S is

of the size k1×k2 pixels. Before encryption, the secret

image S is transformed into a halftone image H with error diffusion halftoning [8].

To encrypt a color image, it must be decomposed into red (R), green (G) and blue (B) channels first, and then the proposed scheme is used to encrypt each color channel independently. And finally, shares in three channels are composed to form the final share images.

Figure 5. Pixels arrangement in a secret image block, halftone secret block and a transition

image block

Next, the transition image must be constructed. In our context, the transition image T refers to a binary

image with the size of 2k1×2k2 pixels. Partition S and H

into 2×2 non-overlapping blocks sb={sb1, sb2, …, sbm}

and hb={hb1, hb2, …, hbm} respectively. To enhance

the robustness of decryption, sb are permuted into

another set of blocks psb={psb1, psb2, …, psbm} using

a pseudo-random number generator with a key K. Then T is partitioned into 4×4 non-overlapping blocks

tb={tb1, tb2, …, tbm}. Next, each hb is set in the center

part of the corresponding tb, as shown in Figure 5. Besides the center 4 positions, each tb block can only carry 12 bits. tb is further encrypted into two blocks with the same size. From the analysis of section 3.2, 15 bits data can be encoded into the two share blocks during tb encryption. Therefore, totally 27 bits can be encoded in tb directly and encryption. However, to losslessly encode a psb block, 32 bits must be processed. Obviously, the provided information carrying ability is insufficient.

Actually, much information redundancy exists in natural images. In particular, in a 2×2 block, four pixel values are quite similar. Based on this, it is reasonable to assume the difference among four pixel values is less than 32 levels in most cases.

Figure 6. Arrangement of psb of a block

The arrangement of 27 bits sb information is shown

in Figure 6 where psbp1(1), psbp1(2), …, psbp1(8)

represent the 8 bits of the pixel sbp1 with sbp1(1) and

sbp1(8) denotes the MSB and LSB bit respectively.

sign1,i denotes the sign of difference between psbp1 and

psbpi (i=2,3,4) obtained as Eq. (4).

1 1, 1 0 if 1 if i i i psbp psbp sign psbp psbp > ⎧ = ⎨ ≤ ⎩ (4)

d1,i denotes the absolute value of difference between

sbp1 and sbpi (i=2,3,4) obtained as Eq. (5). d1,i(5),

d1,i(4), …, d1,i(1) denotes the highest five MSB bits of

d1,i, other bits are discarded if exist.

1,i 1 i

d = psbp −psbp (5) The last bit is assigned to Key bit, e.g, permutation key and authentication information. Now 27 bits psb information shown in Figure 6 is divided into two groups for encoding and encryption with indicated tagged as different luminance. The first group contains the first 12 bits is directly set in the positions around the center part of tb. Thus tb is produced. The second group indicating with blue contains the remained 15 bits are hidden in two shares during tb encryption based on the VSS model and strategy in Section 3.3.

psbp1 psbp2 psbp3 psbp4 psb hbp1 hbp2 hbp3 hbp4 hb tb psbp1(2) hbp1 hbp2 hbp3 hbp4 psbp1(3) d1,2(5) d1,2(4) psbp1(5) psbp1(7) psbp1(6) psbp1(8) psbp1(4) sign1,2 d1,2(3) psbp1(1) … … … d1,2(5) d1,2(1) psbp1(1) psbp1(8) sign1,2 sign1,3 d1,3(1) d1,3(5) sign1,4 d1,5(5) Key d1,4(5)

Now we only need to encrypt the transition image T and hiding the second group of each psb information at the same time. Before encryption, the 4×4 block of tb can be rearranged into a 1×16 binary sequence, and thus the encryption strategy can be used.

One of the most important advantages of conventional VSS schemes is no key is required during decryption. If a key is involved, some storage space is needed, and secure transmission of it is also a sensitive problem. However, although a permutation key is used in our scheme, the original flexibility of the conventional VSS schemes is still maintained for the key is also hidden in shares during the Key bit encryption. To a k1×k2 secret image S, k1/2×k2/2 bits

can be provided for key embedding.

4. Experimental results and Discussions

A modified PSNR [9] is adopted to evaluate the image quality of the reconstructed secret color image compared with the original secret image given as

2 10 255 10log PSNR MSE = (6) 1 2 2 1 1 1 2 2 2 1 [( ( , ) ( , )) 3( ) ( ( , ) ( , )) ( ( , ) ( , )) ] k k os rs i j os rs os rs MSE R i j R i j k k G i j G i j B i j B i j = = = − × + − + −

∑∑

₍₇₎

where Ros(i, j), Gos(i, j) and Bos(i, j) denote the R,G, B

channels of the original secret image, and Rrs(i, j), Grs(i, j) and Brs(i, j) denote those of the reconstruct secret

image. A higher PSNR value corresponds to better quality of the reconstructed image.

Experimental results with shares no attack suffered are shown in Figure 7 with the real size of images are also indicated. Three levels of decrypt secret content can be obtained. The PSNR between the highest quality reconstructed image and the original image is 27.14.

Another experiment with shared are attacked is also implemented. As shown in Figure 8, the two shares are marked with characters, although the stacking result is not satisfactory, the reconstructed halftone and level 3 images are of better qualities.

It is necessary to note that, although the permutation key is of a short binary sequence, we encrypt is with an image as shown in Figure 7(c). Consequently, even shared are attacked, this strategy is useful to keep the key information “robust” to some extent. For example, in the second experiment, it can be distinguished clearly in Figure 8(d). A comparison of the proposed method with Jin et al’s method is shown in Table 1. We can find that our scheme outperforms it in some aspects.

5. Conclusions

A color image secret sharing scheme is proposed. The scheme has the ability to robust and progressive decryption. It can be used in situations when shares suffer alterations. The one-encryption, multiple decryption strategy provides flexibility with which different decryption image qualities can be obtained. The method improves the performance of the previous methods in some aspects.

(a)

(b) (c)

(d) (e)

(f) (g)

(h) (i)

Figure 7. Experimental results with shares no attack suffered, (a) Original secret image

(440×720), (b) Original halftone image (440×720), (c) Original key image (220×360), (d)

S1 (880×1440), (e) S2 (880×1440), (f) S1 stacking S2 (880×1440), (g) Reconstructed key image

(220×360), (h) Reconstructed halftone image (440×720), (i) Reconstructed secret image

(a) (b)

(c) (d)

(e) (f)

Figure 8. Experimental results with shares attacked, (a) S1 (880×1440), (b) S2 (880×1440),

(c) S1 stacking S2 (880×1440), (d)

Reconstructed key image (220×360), (e) Reconstructed halftone image(440×720), (f)

Reconstructed secret image (440×720)

References

[1] M. Naor and A. Shamir, “Visual cryptography”,

Eurocrypt94, Lecture Notes in Computer Science, vol.

950, pp. 1-12, 1995.

[2] C. C. Lin, W. H. Tsai, “Visual cryptography for gray-level images by dithering techniques”, Pattern

Recognition Letters, vol. 24, pp. 349-358, 2003.

[3] C. Blundo, Santis A De. and M. Naor, “Visual cryptography for grey level images”, Information

Processing Letters, vol. 75(6), pp. 255-259, 2000.

[4] D. Jin, W.Q. Yan and M.S. Kankanhalli, “Progressive Color Visual Cryptography”, Journal of

Electronic Imaging, vol 14(3), 2005.

[5] R. Lukac, K.N. Plataniotis, “Bi-level based secret sharing for image encryption”, Pattern Recognition, vol. 38 (5), pp. 767-772, 2005.

[6] W.P. Fang and J.C. Lin, “Visual Cryptography with Extra Ability of Hiding Confidential Data”, Journal of

Electronic Imaging, vol. 15(2), 2006.

[6] D. Jin, W.Q. Yan, M.S. Kankanhalli, “Progressive color visual cryptography”, Journal of Electronic

Imaging, vol. 14(3), 2005.

[7] R. Ito, H. Kuwakado, and H. Tanka, “Image size invariant visual cryptography”, IEICE Trans.

Fundamentals, vol. E82-A(10), pp. 2172-2177, 1999

[8] R. Floyd and L. Steinberg, “An adaptive algorithm for spatial gray scale”, SID. Int. Symp. Dig. Tech. Papers, pp. 36-37, 1975

[9] C.C. Chang, C. C. Lin, C. H. Lin, Y. H. Chen, “A novel secret image sharing scheme in color images using small shadow images”, Information Sciences, vol. 178, pp. 2433-2447, 2008.

Table 1 Comparison of Jin et al’s method and our method

Jin et al’s method Our method Encoder/Decoder

look-up table

both must be held by encoder and

decoder

no look-up table used

Number of shares 2 2

Share images type 1-bit depth 1-bit depth

Share images size 6×6 expansion 2×2 expansion

Decrypted images visual qualities three hierarchical levels three hierarchical levels Level 1 decryption Content recognizable, 6×6 expansion, by stacking Content recognizable, 2×2 expansion, by stacking Level 2 decryption Halftone version, no expansion, by XOR Halftone version, no expansion, by XOR Level 3 decryption Lossless recovery, no expansion, with computations Nearly lossless recovery, no expansion, with computations

Robust decryption Cannot suffer _alterations Can suffer some _alterations Ability of

additional data embedding

出席國際學術會議心得報告

計畫編號 NSC

96-2221-E-151-016

計畫名稱

高容量可逆浮水印之研究

出國人員姓名

服務機關及職稱

廖斌毅

國立高雄應用科技大學電子工程系 教授

會議時間地點 96 年 09 月 05 日~96 年 09 月 07 日 日本熊本

會議名稱

第二屆創新計算、資訊及控制國際研討會

發表論文題目 Parity Modulation Based Watermarking Resisting to Cropping

一、參加會議經過

本人此次前往日本熊本參加第二屆創新計算、資訊及控制國際研討會，發表論文一

篇，並且於會議第三天口頭報告發表論文，論文研究方向與本研究之領域具相關性。會

議結束後與會議主辦單位中相關領域之權威人士及與會學術權威之先進前輩討論相關研

究領域未來之發展及相關研究潛能，隨後於會議結束隔天返台。

二、與會心得

本次參與第二屆創新計算、資訊及控制國際研討會中獲得許多研究相關領域知識與

新的思維。對於目前研究之改良及未來研究方向、題目頗有幫助。本次會議與會人數約

六百餘人，於會議過程中亦與許多相關研究領域學者有良好互動，互相討論、切磋，並

交換研究心得與國內、外相關研究動態。此行實為獲益良多，對研究及教學材料皆有相

當正面的貢獻。

計畫編號 NSC

96-2221-E-151-016

計畫名稱

高容量可逆浮水印之研究

出國人員姓名

服務機關及職稱

廖斌毅

國立高雄應用科技大學電子工程系 教授

會議時間地點 96 年 09 月 05 日~96 年 09 月 07 日 大陸地區大連

會議名稱

第三屆創新計算、資訊及控制國際研討會

發表論文題目 Detection of Network Attack and Intrusion Using PCA-ICA

三、參加會議經過

本人此次前往大連參加第三屆創新計算、資訊及控制國際研討會，發表論文一篇，

並且於會議第三天口頭報告發表論文。於會議舉辦期間與會議主辦單位相關人事有良好

的互動及認識，並與相關領域之權威人士及與會先進前輩討論相關研究領域發展及相關

研究議題，隨後於會議結束隔天返台。

四、與會心得

本次參與第三屆創新計算、資訊及控制國際研討會中獲得許多研究相關領域知識與

新的思維。本次會議與會人數約三百餘人，於會議過程中亦與許多相關研究領域學者有

良好互動，互相討論、切磋，對於目前研究之改良及未來研究方向、題目頗有幫助。並

交換研究心得與國內、外相關研究動態。

Parity Modulation Based Watermarking Resisting to Cropping

Chuang Lin

a

, Jeng-Shyang Pan

b

Member, IEEE, Bin-Yih Liao

c

a

_{Department of Automatic Test and Control, Harbin Institute of Technology, Harbin, China,}

Email: [email protected]

b

_{Department of Electronic Engineering, National Kaohsiung University of Applied Sciences,}

Kaohsiung, Taiwan

Email: [email protected]

c

_{Department of Electronic Engineering, National Kaohsiung University of Applied Sciences,}

Kaohsiung, Taiwan

Email: [email protected]

Abstract

In this paper, we proposed a parity modulation based digital image watermarking scheme in DWT domain, focusing on resisting cropping attack. The watermark is embedded in the subband coefficients of DWT by the parity modulation method. Experimental results show that the proposed watermarking method can resist not only cropping attack, but also some common signal processing attacks, such as JPEG compression, Gaussian noise, and filtering etc.

3 LL

1. Introduction

Digital watermarking technique is one way to embed certain secret information into the digital media for the purpose of copyright protection, facticity and integrality‘s authentication, access control, tracing, covert communication etc [1]. Traditionally, the watermark is embedded in the spatial domain or the transformed domains such as DCT and DWT. From the aspect of application, the watermarking technique can be separated into two classes, the fragile watermarking technique and the robust watermarking technique. The former is mainly used in facticity and integrality‘s authentication, the later is mainly used in copyright protection etc. The robust watermark should resist not only common signal processing attacks, but also some uncommon attacks, such as geometrical attack, sticking attack etc. In general, the geometrical attack contains cropping, rotation, enlarging and shrinking etc.

In this paper, we proposed a parity modulation based digital image watermarking scheme in DWT domain, focusing on resisting cropping attack.

Generally, in order to resist the geometrical attack, the synchronizing template is needed [2-4]. The former schemes which can resist to geometrical attack are mainly in DFT domain, which have lower robustness to other attacks. In reference [5], the authors proposed a CDMA based watermarking scheme to resist the cropping attack, it also needs a synchronizing template. While our method can resist the cropping attack with no aid of the synchronizing template. If with the aid of synchronizing template, our scheme will resist other geometrical attacks, such as rotation, enlarging and shrinking. In this paper, a comparison between the special and the transformation domain based watermarking method is carried out. From the experimental results, we can see that, with the same embedding and extracting method, the spacial domain based method has better robustness to geometrical attacks, but very vulnerable to JPEG compression, Gaussian noise and filtering. While the transformation domain based method are very robust to cropping, JPEG compression , Gaussian noise and filtering, but if with no aid of the synchronizing template, it is vulnerable to rotation, enlarging and shrinking attacks.

The rest of the paper is organized as follows, in section 2, the detailed procedure of the proposed algorithm is given. In section 3, the experimental results are presented. We conclude the paper in section 4.

2. Proposed watermarking scheme

In this paper, the watermark is embedded in the subband coefficients of DWT by the parity modulation method, the detailed embedding and extracting steps can be described as follows.

3 LL

0-7695-2882-1/07 $25.00 ©2007 IEEE

2.1. Watermark embedding

Assume the original gray image is A, the binary watermark image is W, , the embedding steps are as follows:

(

W _wij)

Step1. For A, the 3-level DWT decomposition is made to get the DWT coefficients LL₃.

Step2. For each coefficient p in , calculate its quantization value 3 LL O . round( )p O G , (1) Where round is the function which rounds the element to the nearest integer, G is the step length of the quantization.

Step3. According to the watermark to be embedded, change p to_pw: 1 ( ) , 1 (mod 2) 2 1 ( ) , 0 (mod 2) 2 wij pw wij O G O O G O ­ _{  {} °° ® ° _{  {} °¯ , (2)

Step3. IDWT operation is made to get the watermarked image Aw .

2.2. Watermark extracting

Step1. For the watermarked image Aw , the 3-level DWT decomposition is made to get the DWT coefficients _{LL w3} .

Step2. Calculate the quantization value wO of the DWT coefficients_pw.

floor(pw)

w

O

G , (3) Where floor is the function which rounds the element to the nearest integers less than or equal to itself.ˊ

Step3. Determine the value of the watermark bit according to the parity of

wijc O . If ww O is the odd

number, the watermark w_ijc should be 1; if O is the _w even number, the watermark _wijc should be 0. That is:

1 1 (mod 2) 0 , 0 (mod 2) w wijc ®­ O_Ow{_{ ¯ ˈ _{. (4)}

Formula (4) can be interpreted as follows.

If O {1 (mod 2)and if , we can conclude that and 0 wij 1 (mod 2) wij O { O {_w 0 (mod 2).

If O {1 (mod 2)and if , we can conclude that and 1 wij 0 (mod 2) wij O { O {_w 1 (mod 2). If O {0 (mod 2)and if , we can conclude that and 0 wij 0 (mod 2) wij O { O {_w 0 (mod 2). If O {0 (mod 2)and if , we can conclude that and 1 wij 1 (mod 2) wij O { O {_w 1 (mod 2).

From the analysis above we can see that the formula (4) is right.

The watermark can also be embedded into the spacial domain of the image using the same method, which can resist cropping, rotation, enlarging and shrinking etc, but the spacial domain based method is very vulnerable to JPEG compression and Gaussian noise attack.

3. Experimental results

The original image is Lena image with size

512 512u and 8bits per pixel resolution. The input

watermark is bird image with size 64 and 1bit per pixel resolution, each pixel bit is as a watermark bit. the step length of the quantization

64 u

34.43

G , the wavelet base is Haar wavelet. BCR is bit-correct-rate of the extracted watermark.

(a1) Original Lena image (b1) Watermarked Lena image with PSNR value

40.1862

(a2) Original watermark (b2) Extracted watermark, BCR=1

Figure1. Original Lena image and the embedded watermark. Watermarked Lena

image and the extracted watermark.

(a1) (b1)

(a2) (b2)

(c1) (d1)

(c2) (d2)

Figure2. Experimental results under cropping attack. (a) QF=100 BCR=1 (b) QF=90 BCR =1 (c) QF=80 BCR =1 (d) QF=70 BCR =1 (e) QF=60 BCR =1 (f) QF=50 BCR =1 (g) QF=40 BCR =1 (h) QF=30 BCR = 0.9998 (i) QF=20 BCR = 0.8132 (j) QF=10 BCR = 0.4919

Figure3. Experimental results under JPEG compression attack with different quality

factor.

(a) Gaussian white noise of mean 0 and variance

0.001, BCR= 0.9602

(b) Gaussian white noise of mean 0 and variance

0.002, BCR= 0.8667

(c) Gaussian white noise mean 0 and variance 0.003, BCR= 0.7810

(d)Salt and Pepper noise with noise density 0.002,

BCR= 0.9529

(e) Average filter

BCR=0.9458 (f) Median filter BCR=0.9958

(g) Gaussian low pass filter

BCR=0.9829

Figure4. Experimental results under noise attack and filter attack.

(a1) (b1)

(a2) _(b2)

4. Conclusions

Figure5. Experimental results under rotation attack

The paper proposed a parity modulation based watermarking scheme in DWT domain. It has some better performance than the spacial domain based method, but if we do not take the synchronizing template or the scale and rotation invariables into account, this method is vulnerable to the rotation, enlarging and shrinking attacks. The further work may pay attention to not only using the synchronizing template but also some other more effective method to sole this problem.

(a) QF=90 BCR =0.9861 (b) QF=80 BCR =0.8701

(c) QF=70 BCR =0.7893 (d) QF=60 BCR =0.7319

(e) Gaussian white noise of mean 0 and variance

0.001, BCR=0.5098 (f) Average filter BCR=0.8228

5. References

[1] Yin H, Lin C, Qiu F, et al. A survey of digital watermarking. Journal of Computer Research and Development, Vol.42, No. 7, pp.1093-1099, 2005.

[2] C. -Y. Lin, M. Wu, J. A. Bloom, I. J. Cox, M. L. Miller, and Y. -M. Lui, “Rotation, Scale, and Translation Resilient Watermarking for Images,” IEEE Trans. On Image Processing, Vol.10, No. 5, pp. 767-782, 2001.

Figure6. Embed the watermark in the spacial domain with the same method.

[3] S. Pereia and T. Pun, “Robust Template Matching for Affine Resistant Image Watermarks,” IEEE Trans. on Image Processing, Vol.9, No.6, pp. 1123-1129, Jun. 2000.

From the experimental results we can see that, the proposed watermarking scheme is very robust to cropping, JPEG compression, Gaussian noise, Salt and pepper noise, filtering attacks. But with no aid of the synchronizing template the DWT based method is vulnerable to rotation, enlarging and shrinking attacks. While the spacial domain based method is vulnerable to JPEG and Gaussian noise attacks, but robust to rotation, enlarging and shrinking attacks.

[4] Xiangui Kang, Jiwu Huang, Yun Q. Shi, and Yan Lin. “A DWT-DFT Composite Watermarking Scheme Robust to Both Affine Transform and JPEG Compression,” IEEE Trans. on Circuits and Systems for Video Technology, Vol.8, pp. 776-786, Aug. 2003.

[5] Yanmei Fang, Jiwu Huang, and Shaoqun Wu, “CDMA based watermarking resisting to cropping”, ISCAS, pp. 25-28, 2004.

Detection of Network Attack and Intrusion Using PCA-ICA

Hong-Chi Shih

1

, Jiun-Huei Ho

2

, Chih-Ping Chang

1

, Jeng-Shyang Pan

1

,

Bin-Yih Liao

1

, and Te-Hui Kuo

2

1

_{National Kaohsiung University of Applied Sciences, Taiwan}

2

_{Cheng Shiu University, Taiwan}

[email protected]

Abstract

The attack detection and information security for computer network become popular topics for many researchers in recent years. In this paper, the PCA-ICA method for attack and intrusion detection is proposed. According to the experimental result, the proposed method performs higher correct ratio on recognition than the PCA.

1. Introduction

The development of computer network brings the convenience for information exchanging. After the information passing on the internet smoothly, the attack detection and information security for computer network become popular topics for many researchers. Hence, the Network Intrusion Detection System (NIDS) is generated.

Papers regarding intrusion usually use KDD-Cup-99 to be the database for simulating various kinds of attack and intrusion. In this paper, the Principal Component Analysis (PCA) is applied to fetch the major characteristics of the database, and then the Singular Value Decomposition (SVD) is applied to reduce the dimension of the major characteristics for raising the performance. Moreover, the Independent Component Analysis (ICA) is applied to create the independent sub-space for attack and intrusion detection. According to the experimental result, the proposed method, PCA-ICA, perform higher correct ratio on recognition than PCA.

2. The KDD-Cup-99

The KDD-Cup-99 is a database, which is developed for simulating the attack modes on the computer network, by Lincoln Lab., MIT in 1998. [1] It is usually applied for simulating the attack modes and for

detecting the intrusion. The simulations are processed by collecting all kinds of connections, package flow, and several abnormal situations under the TCP/IP environment.

The KDD-Cup-99 is composed of a known attack connection record, and an unknown dataset connection record. In general, the abnormal situation is classified into 4 classes, and 22 attack modes. The classification is listed in Table 1. The classes of the abnormal situation can be described as follows:

‹ DOS: Denial-of-service, e.g. Syn flood.

‹ R2L: Unauthorized access from a remote

machine, e.g. guessing password.

‹ U2R: Unauthorized access to local super user

(root) privileges, e.g., various ``buffer overflow'' attacks.

‹ Probing: Surveillance and other probing, e.g.,

port scanning.

Table 1. The classification of the abnormal situations

Attack

Type Attack Category

Dos back land neptune pod

smurf teardrop

U2R buffer_ overflow

loadmodule perl rootkit

R2L ftp_write Guess

passwd imap multihop phf spy warezclient warezmaster

Probing ipsweep nmap portsweep satan

In the KDD-Cup-99, every row in the database denotes a complete network connection record. There are 42 attributes in each record. The last column denotes whether it is an attack or a normal connection. An example of the connection record is displayed in Figure 1. Obviously, dataset like this must be preprocessed before applying to the detection methods. The detail of how to reformat the data is represented later.

The 3rd Intetnational Conference on Innovative Computing Information and Control (ICICIC'08)

978-0-7695-3161-8/08 $25.00 © 2008 IEEE

Figure 1. Data format of the KDD-Cup-99

3. Principal Component Analysis (PCA)

The PCA is a well-known method for data compression and data analysis [2]. And it is also widely applied for solving engineering problems. The purpose of applying PCA in attack and intrusion detection is to decrease the dimension of the original dataset existing in the high-dimensional space into several low-dimensional sub-spaces. It decrease the dimension of the dataset by projecting the original dataset into the sub-spaces, and simultaneously, makes sure that the variance of the projected data is the largest, i.e. the most important. Thus, the dataset can be decreased into lower-dimensional sub-spaces. The principle of PCA can be described as follows:

Assume that there are M training samples with

h

l

u

dimensions. Reformat the dataset by combining l

times

1

u

h

sub-datasets into M datasets with

1

u

n

dimensions, where

n

l

u

h

. Equation (1) is applied

to calculate the mean vector over all training samples,

where

X

_i denotes the ith _{reformatted training sample.}

In equation (2), all the reformatted training samples

are subtract Ӵ, and then product themselves of their

own transposed vector. Thus, the covariance matrix C is generated. 1

1

M i i

X

M

P

¦

(1) 1

1

(

)(

)

M T T i i i

C

X

X

AA

M

¦



P



P

(2)

After calculating C, the eigenvalue ӳ and the eigenvector U are able to be evaluated. Later than

reorderingӳ and U by descending order, selecting

m

largest eigenvectors to be the principals. Let

U

_r

denotes the principles, where

r



> @

1

,

m

. These

principals construct a sub-space.

Via equation (3), the original datasets can be projected into the sub-space. Hence, the dimension of

the dataset can be reduced from

n

to

m

.

T j j

y

U X

(3)

4. Independent Component Analysis (ICA)

The ICA is proposed for solving the problem of the Blind Source Separation (BSS) [3]. The basic theorem of the ICA is based on a simple assumption. Based on

the assumption, a set of bases is used to express a series of random variables to make every element to be count independence or similar independence. In our work, we would like to exercise these independent bases to transform the samples. Hence, the outcomes should be similar independent, even be independent. This is helpful for us to analyze, and classify the data.

In equation (4), ICA is applied to an

m

-dimensional data

X

, and we have the outcome

U

.

Equation (5) is applied for calculating the separate

matrix

W

_I.

W

_I is calculated via iteration method, i.e.

repeating equation (4) to equation (7). The first step is

to calculate

W

_Z by equation (6). The second step is to

calculate

W

for this generation by equation (7). The

final step is to calculate

U

. These steps are repeated

until the desired iteration is achieved, and then the

final

W

_I is generated.

X

W

U

_I (4) z I

WW

W

(5) ) 2 / 1 (

))

(

*

2

(

Cov

X



W

_z (6) i i u i T

Y

Y

e

u

f

U

f

Y

W

U

Y

I

W

2

1

1

1

)

(

)

(

)

(

' '







'

 (7)

In the experiment, we combine the scheme of the ICA with the PCA in order to gain higher performance on classification. The details are described as follows.

5. Experiment

Since the KDD-Cup-99 provides the known connection records and the unknown ones, we separate the known records into 5 classes, namely, DOS-attack connection, R2L-attack connection, U2R-attack connection, Probing-attack connection, and the normal connection. These classes are divided again into 2 parts: one of them is used as the training sample; and the other on is used as the test sample.

In the beginning, we apply the PCA to extract the principal components of the training samples. And then we apply the ICA to the principal components, which we got from the PCA, to construct the sub-spaces. The last step is to project both the training samples and the test samples into the constructed sub-spaces. The Euclidean distance is applied for evaluating the distances between the incoming test

The 3rd Intetnational Conference on Innovative Computing Information and Control (ICICIC'08)

978-0-7695-3161-8/08 $25.00 © 2008 IEEE

sample and the training samples. Then the class, who is the closest to the test sample, is presented. Figure 2 represents the flow chart of the experiment.

Figure 2. The flowchart of the experiment

During the training, analyzing the known connection records is required. As we mentioned above, the datasets in KDD-Cup-99 is classified into 4 classes, namely, DOS, R2L, U2R, and Probing, we add a class, which includes the normal connection records,

to be the 5th _{class to identify the regular connection. To}

apply ICA transform, permuting the input data into a one-dimensional vector is required. By applying equation (1), we can get the mean vector Ӵ . According to equation (2), the covariance matrix C is calculated. However, the outcome from the PCA has the same dimension as the input data; this is not suitable for real time network detection. To solve this problem, we apply the SVD to reduce the dimension

[4]. Hence, the equation (2) can be rewritten into

equation (8), and then the covariance matrix C, the eigenvalue and the eigenvector can be measured by equation (4).

T

C

A A

(8)

Since we have applied SVD to the outcome of the

PCA, we can directly take

n

outcomes of SVD to

construct the sub-spaces. This process is represented in

equation (9), where

U

_i is the ith _{eigenvector of the}

covariance matrix C, and

O

_i denotes the

corresponding eigenvalue. In equation (10), the

original training data

X

is projected into the

sub-spaces.

1

i=1,...,n

i i i

W

AU

O

(9) T j j

y

W X

(10)

To lead in the ICA scheme, we apply the eigenvalue

W

, which comes from the outcome of the PCA, into

equation (4) to equation (7) to create a new sub-space. Based on the independent sub-space from the ICA,

equation (10) can be rewritten to be (10.1), where

P

denotes the independent basis, which is calculated by the ICA. Hence, the training sample can be projected into the new sub-space, which is created by ICA, via equation (10.1). Thus, the training phase is accomplished. ' j T j j

W

XP

y

(10.1)

To examine the outcome of the proposed method, we project the test samples into the sub-space by equation (10.1), and then apply equation (11) to calculate the Euclidean distances between the test sample and all the training samples.

2 1 1

(

)

n n ij ij i j

D

¦¦

A



B

(11)

If the shortest distance exists between the test sample and the regular connection on the sub-space, the outcome of this test sample is determined to be a normal connection. On the other hand, if the shortest distance exists between the test sample and any kind of the attack record on the sub-space, the outcome of this test sample is determined to be the corresponding attack, and the alarm is issued.

6. Experimental Results

In the experiment, we divide the connection records from the KDD-Cup-99 into 5 classes; and in each class, we divide it into the training samples and the test samples. In other words, there are 26 training samples and 26 test samples in every class. We compare the correct ratio on recognition and the process time of the proposed method to the PCA.

Figure 3 represents the result of the PCA and the PCA-ICA with different numbers of eigenvectors to the correct ratio on recognition. According to the experimental result, both the PCA and the PCA-ICA present correct ratio at 96.92% when the number of the selected eigenvectors is larger than 5.

In figure 4, we present the result of the PCA and the PCA-ICA with different numbers of training samples

The 3rd Intetnational Conference on Innovative Computing Information and Control (ICICIC'08)

978-0-7695-3161-8/08 $25.00 © 2008 IEEE

to the correct ratio on recognition. For all numbers of the training samples, the number of the test sample is fixed to 26.

Figure 3. The correct ratio on recognition to different numbers of eigenvectors

Figure 4. The correct ratio on recognition to different numbers of training samples Table 2. The average correct ratio and the average computing time of 1 to 26 training

samples Average correct rate Average computing time PCA 73.75 % 17.58 s PCA+ICA 89.61 % 29.18 s

According to figure 4 and table 2, when the training sample is less, the training is misplaced into the wrong class results in a huge decrease of the correct ratio for the PCA method. However, in the same situation, the PCA-ICA method still holds higher correct ratio on recognition. Although the computing time of the PCA-ICA method is longer, it is still acceptable for such a usage of attack and intrusion detection of computer network, and the average correct ratio of recognition is improved about 16%.

7. Conclusion

In this paper, we propose a PCA-ICA method for detection the attack and intrusion on the computer network, and the proposed method presents higher correct ratio on recognition. By applying SVD into PCA, the dimension of the original data is decreased largely, and the computation time is reduced. We use KDD-Cup-99 to simulate the attack and the intrusion on the computer network. According to the experimental result, the correct ratio on recognition is improved about 5% to 16%.

8. References

[1] KDD Cup 1999 Dataset

http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html [2] M. Turk and A. Pentland, “Face recognition using eigenfaces”, Proceedings of IEEE, CVPR , pp. 586-591, Hawaii, June, 1991

[3] Marian Stewart Bartlett, Javier R. Movellan, and Terrence J. Sejnowski, “Face Recognition by Independent Component Analysis”,IEEE TRANSACTIONS ON NEURAL NETWORKS, VOL. 13, NO. 6, NOVEMBER 2002

[4] Jian Yang, Jing-yu Yang, and Alejandro F. Frangi, "Combined Fisherfaces framework", Image and Vision Computing 21 (2003) 1037–1044

[5] Huang Jun, Guang-Ping, and Xiao-Lu Lin ,"Intrusion detection based on principal component analysis", Journal oc China Jiliang Unversity, Vol.18 No.3 Sep.2007

The 3rd Intetnational Conference on Innovative Computing Information and Control (ICICIC'08)

978-0-7695-3161-8/08 $25.00 © 2008 IEEE