Understanding the effectiveness of typosquatting techniques

Spaulding, Jeffrey; Nyang, DaeHun; Mohaisen, Aziz

doi:10.1145/3132465.3132467

Cited by 14 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Such attacks include various variants, i.e. typosquatting [63,64,5,65,66,67,68,69], bitsquatting [70,71,72], combosquatting [41], and soundsquatting [73]. Domain name squatting becomes popular as an attack vector to start many other types of attacks [66,65].…”

Section: Dns Threat Landscapementioning

confidence: 99%

See 1 more Smart Citation

Domain Name System Security and Privacy: A Contemporary Survey

Khormali¹,

Park²,

Alasmary³

et al. 2020

Preprint

View full text Add to dashboard Cite

The domain name system (DNS) is one of the most important components of today's Internet, and is the standard naming convention between human-readable domain names and machine-routable IP addresses of Internet resources. However, due to the vulnerability of DNS to various threats, its security and functionality have been continuously challenged over the course of time. Although, researchers have addressed various aspects of the DNS in the literature, there are still many challenges yet to be addressed. In order to comprehensively understand the root causes of the vulnerabilities of DNS, it is mandatory to review the various activities in the research community on DNS landscape. To this end, this paper surveys more than 170 peer reviewed papers, which are published in both top conferences and journals in last ten years, and summarizes vulnerabilities in DNS and corresponding countermeasures. This paper not only focuses on the DNS threat landscape and existing challenges, but also discusses the utilized data analysis methods, which are frequently used to address DNS threat vulnerabilities. Furthermore, we looked into the DNS threat landscape from the view point of the involved entities in the DNS infrastructure in an attempt to point out more vulnerable entities in the system.

show abstract

Section: Dns Threat Landscapementioning

confidence: 99%

“…Domain name squatting practices expose users to a variety of vulnerabilities, such as trademark infringement, monetization, malware, and scams. There exists several research works that attempted to investigate the landscape and impact of the domain squatting [65,67,41,68,66,69,72], which we define below.…”

Section: Domain Name Squattingmentioning

confidence: 99%

Domain Name System Security and Privacy: A Contemporary Survey

Khormali¹,

Park²,

Alasmary³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Spaulding et al [33] reviewed the typosquatting landscape, listing the models used to generate deceptive domains, the features that suggest a higher probability of typosquatting, the monetization strategies of the squatters and potential countermeasures. They also compared the effectiveness of typosquatting techniques through a user study [34]. Tahir et al [35] studied why typosquatting is effective from a human-centric perspective, predicting the likelihood of typos based on domain composition, hand anatomy and keyboard layouts.…”

Section: Related Workmentioning

confidence: 99%

A Smörgåsbord of Typos: Exploring International Keyboard Layout Typosquatting

Pochat

Goethem

Joosen

2019

2019 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

Typosquatting is the malicious practice of registering domains that result from typos made when users try to visit popular domains. Previous works have only considered the US English keyboard layout, but of course other layouts are widely used around the world. In this paper, we uncover how typosquatters are also targeting communities that use these other layouts by examining typo domains on non-US English keyboards for 100 000 popular domains. We find that German users are the most targeted, with over 15 000 registered typo domains. Companies such as Equifax and Amazon have defensively registered such domains but are often incomplete; moreover, other major companies ignore them altogether and allow malicious actors to capitalize on their brand. Parking domains or advertising them for sale remains the most popular monetization strategy of squatters on at least 40% of registered domains, but we also see more harmful practices, such as a scam website that spoofs a local newspaper. This proves that domain squatters also consider typos on non-US English keyboards to be valuable, and that companies should be more alert in claiming these domains.

show abstract

“…Related to our use of network features is a line of research on traffic analysis for malware and botnet detection. Such works include [39][40][41][42][43][44], with others paying particular attention to the use of fast-flux techniques [45][46][47][48][49][50]. Support for our use of DNS features for malware analysis comes in [51][52][53].…”

Section: Related Workmentioning

confidence: 99%

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Mohaisen¹,

Alrawi²,

Park³

et al. 2018

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Using runtime execution artifacts to identify malware and its associated "family" is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.

show abstract

Understanding the effectiveness of typosquatting techniques

Cited by 14 publications

References 9 publications

Domain Name System Security and Privacy: A Contemporary Survey

Domain Name System Security and Privacy: A Contemporary Survey

A Smörgåsbord of Typos: Exploring International Keyboard Layout Typosquatting

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Contact Info

Product

Resources

About