A Reexamination of Internationalized Domain Names: The Good, the Bad and the Ugly

This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the projects CyberSec4Europe (https://www.cybersec4europe.eu) (Grant Agreement no. 830929), LOCARD (https://locard.eu) (Grant Agreement no. 832735) and ECHO, (https://echonetwork.eu) (Grant Agreement no 830943). The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors.

show abstract

“…Content may change prior to final publication. .bazar and OpenNIC domains 32 . The extension monitors the requests of the browser for domains.…”

Section: A Using the Bdns Extensionmentioning

confidence: 99%

Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In 2006, Holgers et al identified only a small number of malicious homograph domains [15]. More recently, multiple studies found a growing number of homograph domains [11,21,26,28], even though the number remains small compared to typosquatting and combosquatting.…”

Section: Domain Squattingmentioning

confidence: 99%

Be the Phisher -- Understanding Users' Perception of Malicious Domains

Quinkert

Degeling

Blythe

et al. 2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Attackers use various domain squatting techniques to convince users that their services are legitimate. Previous work has shown that methods like typosquatting, where single characters are removed or duplicated, can successfully deceive users. In this paper, we present a study that evaluates how well participants distinguish malicious from benign domains before and after they learned and applied domain squatting techniques themselves. In a multi-part survey, 288 participants create 2,880 malicious domains based on common domain squatting techniques and rate both domains created by other participants and real-world phishing domains in terms of how convincing they are. Our key results show that participants have problems to identify legitimate domains as benign if they include unusual top-level domains, additional terms, or use subdomains. Moreover, participants rated domains created by other participants higher than real-world phishing domains. Overall, we find that participants are more sceptic of domains, and flag more benign domains as malicious, if they contain domain squatting characteristics after they gained practical experience creating phishing domains themselves. In particular, the number of falsely classified domains that were actually benign increased from 33.7% to 46.6% after our training. Our results show that training users to act as an adversary can help to increase the effectiveness of security trainings. In addition, we recommend that online services do not create domains that make use of common domain squatting techniques, to reduce confusion for users.

show abstract

“…These homographs use a specific trick: they replace all characters in legitimate domain names with letters from another language to prevent web browsers from identifying the characters as homographs. Several holders who manage legitimate domain names register homograph domain names for brand protection, but only a few take such countermeasures because registering and managing domain names are costly [15]. As a result, although we are already aware of the threats of homograph attacks, we still need sufficient countermeasures against these attacks.…”

Section: Homograph Attacksmentioning

confidence: 99%

“…Liu et al [15] examined the registered IDNs based on several zone files managed by TLDs. The researchers devised a system for detecting homograph IDNs by evaluating the similarity between legitimate domain names and IDNs using a structural similarity (SSIM) index.…”

Section: Related Workmentioning

confidence: 99%

Detection Method of Homograph Internationalized Domain Names with OCR

Sawabe

Chiba²,

Akiyama³

et al. 2019

Journal of Information Processing

View full text Add to dashboard Cite

Currently, many attacks are targeting legitimate domain names. In homograph attacks, attackers exploit human visual misrecognition, thereby leading users to visit different (fake) sites. These attacks involve the generation of new domain names that appear similar to an existing legitimate domain name by replacing several characters in the legitimate name with others that are visually similar. Specifically, internationalized domain names (IDNs), which may contain non-ASCII characters, can be used to generate/register many similar IDNs (homograph IDNs) for their application as phishing sites. A conventional method of detecting such homograph IDNs uses a predefined mapping between ASCII and similar non-ASCII characters. However, this approach has two major limitations: (1) it cannot detect homograph IDNs comprising characters that are not defined in the mapping and (2) the mapping must be manually updated. Herein, we propose a new method for detecting homograph IDNs using optical character recognition (OCR). By focusing on the idea that homograph IDNs are visually similar to legitimate domain names, we leverage OCR techniques to recognize such similarities automatically. Further, we compare our approach with a conventional method in evaluations employing 3.19 million real (registered) and 10,000 malicious IDNs. Results reveal that our method can automatically detect homograph IDNs that cannot be detected when using the conventional approach.

show abstract

A Reexamination of Internationalized Domain Names: The Good, the Bad and the Ugly

Cited by 33 publications

References 25 publications

Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

Be the Phisher -- Understanding Users' Perception of Malicious Domains

Detection Method of Homograph Internationalized Domain Names with OCR

Contact Info

Product

Resources

About