Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2017: Security and Privacy in Communication Networks pp 47–59Cite as

Securing Websites Against Homograph Attacks

  • Conference paper
  • First Online:

Abstract

With the globalisation of the Internet, standard frameworks such as the Internationalized Domain Name (IDN) that enable everyone to code a domain name in their native language or script has emerged. While IDN enabled coding the domain names in different languages, it has also put users of web browsers that support IDNs at risk of homograph attacks. As IDN-based homograph attacks have recently become a significant threat in content-based attacks such as phishing and other fraudulent attacks against Internet users, an approach that could automatically thwart such attacks against web browsers is important to the Internet users. To this end, we propose a new approach to mitigate the Internationalised Domain Name homograph attacks in this paper. The proposed approach is very easy to deploy in the existing browsers and requires no change in the way the end-user interact with the web-browsers. We implemented the proposed approach as an add-on to a popular web-browser and demonstrate its effectiveness against the homograph attack. Our assessment of the proposed implementation shows that the proposed solution to the IDN-based homograph attack protects web browsers with no noticeable overhead.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Al Helou, J., Tilley, S.: Multilingual web sites: internationalized domain name homograph attacks. In: 12th IEEE International Symposium on Web Systems Evolution (WSE), pp. 89–92 (2010)

    Google Scholar 

  2. Roshanbin, N., Miller, J.: Finding homoglyphs - a step towards detecting unicode-based visual spoofing attacks. In: Bouguettaya, A., Hauswirth, M., Liu, L. (eds.) WISE 2011. LNCS, vol. 6997, pp. 1–14. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24434-6_1

    Chapter  Google Scholar 

  3. Maurer, M.-E., Höfer, L.: Sophisticated phishers make more spelling mistakes: using url similarity against phishing. In: Xiang, Y., Lopez, J., Kuo, C.-C.J., Zhou, W. (eds.) CSS 2012. LNCS, vol. 7672, pp. 414–426. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35362-8_31

    Chapter  Google Scholar 

  4. Wenyin, L., Fu, A.Y., Deng, X.: Exposing homograph obfuscation intentions by coloring unicode strings. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds.) APWeb 2008. LNCS, vol. 4976, pp. 275–286. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78849-2_29

    Chapter  Google Scholar 

  5. Qiu, B., Fang, N., Wenyin, L.: Detect visual spoofing in unicode-based text. In: 20th International Conference on Pattern Recognition (ICPR), pp. 1949–1952 (2010)

    Google Scholar 

  6. Abawajy, J.: User preference of cyber security awareness delivery methods. J. Behav. Inf. Technol. 33(3), 236–247 (2014)

    MathSciNet  Google Scholar 

  7. Lin, E., Greenberg, S., Trotter, E., Ma, D., Aycock, J.: Does domain highlighting help people identify phishing sites? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2075–2084 (2011)

    Google Scholar 

  8. Canova, G., Volkamer, M., Bergmann, C., Borza, R., Reinheimer, B., Stockhardt, S., Tenberg, R.: Learn to spot phishing URLs with the android nophish app. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2015. IAICT, vol. 453, pp. 87–100. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18500-2_8

    Chapter  Google Scholar 

  9. Helfrich, J.N., Neff, R.: Dual canonicalization: an answer to the homograph attack, eCrime Researchers Summit (2012)

    Google Scholar 

  10. Baasanjav, U.B.: Linguistic diversity on the internet: Arabic, Chinese and Cyrillic script top-level domain names. Telecommun. Policy 38(11), 961–969 (2014)

    Article  Google Scholar 

  11. Hamid, I.R.A., Abawajy, J.H.: An approach for profiling phishing activities. Comput. Secur. 45, 27–41 (2014)

    Article  Google Scholar 

  12. Cluley, G.: Lloydsbank, IIoydsbank - researcher highlights the homographic phishing problem, 29 June 2015

    Google Scholar 

  13. Davis, M., Suignard, M.: Unicode security considerations, Unicode Technical Report #36 (2014). http://unicode.org/reports/tr36/. Accessed 10 Aug 2015

Download references

Acknowledgment

The authors wish to thank Maliha Omar. Without her help, this paper will not be possible to be completed. The authors would also like to extend their appreciation to Deakin University for partially funding this project.

Author information

Authors and Affiliations

  1. Faculty of Science and Technology, School of Information Technology, Deakin University, Melbourne, Australia

    Jemal Abawajy

  2. Department of Computer Science, College of Sciences, University of Sharjah, Sharjah, UAE

    A. Richard & Zaher Al Aghbari

Authors
  1. Jemal Abawajy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Richard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zaher Al Aghbari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jemal Abawajy .

Editor information

Editors and Affiliations

  1. Wilfrid Laurier University, Waterloo, Ontario, Canada

    Xiaodong Lin

  2. University of New Brunswick, Fredericton, New Brunswick, Canada

    Ali Ghorbani

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. Pennsylvania State University, Philadelphia, Pennsylvania, USA

    Sencun Zhu

  5. Anhui Normal University, Wuhu, China

    Aiqing Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abawajy, J., Richard, A., Aghbari, Z.A. (2018). Securing Websites Against Homograph Attacks. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-78816-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-78816-6_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-78815-9

  • Online ISBN: 978-3-319-78816-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation