Impersonator identification through dynamic fingerprinting

Tracking the source of impersonation attacks is a difficult challenge for investigators. The attacks are frequently launched from botnets comprised of infected, innocent users and web servers compromised by malware. Current investigative techniques focus on tracking these components. In this paper, we propose the Automated Impersonator Image Identification System (AIIIS), which allows investigators to track images used in impersonation attacks back to the original download from the source. AIIIS accomplishes this by digitally encoding the IP address, server, and time of the image download into the image itself through a digital watermark. AIIIS differs from other image fingerprinting techniques in its combination of dynamic fingerprinting and spread spectrum data hiding. Additionally, the intended goal of AIIIS is tracking impersonation attacks, where the image is a tool used, whereas in most digital rights management techniques, the misuse of the content itself is the primary concern. Our experiments show that the AIIIS system permits recovery even after post-acquisition manipulation of the image, making it a significant addition to the fight against impersonators. The deployment of a pilot of AIIIS was successful in identifying the source of an impersonation attack, and further success is expected with full deployment.