Abstract
With the globalisation of the Internet, standard frameworks such as the Internationalized Domain Name (IDN) that enable everyone to code a domain name in their native language or script has emerged. While IDN enabled coding the domain names in different languages, it has also put users of web browsers that support IDNs at risk of homograph attacks. As IDN-based homograph attacks have recently become a significant threat in content-based attacks such as phishing and other fraudulent attacks against Internet users, an approach that could automatically thwart such attacks against web browsers is important to the Internet users. To this end, we propose a new approach to mitigate the Internationalised Domain Name homograph attacks in this paper. The proposed approach is very easy to deploy in the existing browsers and requires no change in the way the end-user interact with the web-browsers. We implemented the proposed approach as an add-on to a popular web-browser and demonstrate its effectiveness against the homograph attack. Our assessment of the proposed implementation shows that the proposed solution to the IDN-based homograph attack protects web browsers with no noticeable overhead.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Al Helou, J., Tilley, S.: Multilingual web sites: internationalized domain name homograph attacks. In: 12th IEEE International Symposium on Web Systems Evolution (WSE), pp. 89–92 (2010)
Roshanbin, N., Miller, J.: Finding homoglyphs - a step towards detecting unicode-based visual spoofing attacks. In: Bouguettaya, A., Hauswirth, M., Liu, L. (eds.) WISE 2011. LNCS, vol. 6997, pp. 1–14. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24434-6_1
Maurer, M.-E., Höfer, L.: Sophisticated phishers make more spelling mistakes: using url similarity against phishing. In: Xiang, Y., Lopez, J., Kuo, C.-C.J., Zhou, W. (eds.) CSS 2012. LNCS, vol. 7672, pp. 414–426. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35362-8_31
Wenyin, L., Fu, A.Y., Deng, X.: Exposing homograph obfuscation intentions by coloring unicode strings. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds.) APWeb 2008. LNCS, vol. 4976, pp. 275–286. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78849-2_29
Qiu, B., Fang, N., Wenyin, L.: Detect visual spoofing in unicode-based text. In: 20th International Conference on Pattern Recognition (ICPR), pp. 1949–1952 (2010)
Abawajy, J.: User preference of cyber security awareness delivery methods. J. Behav. Inf. Technol. 33(3), 236–247 (2014)
Lin, E., Greenberg, S., Trotter, E., Ma, D., Aycock, J.: Does domain highlighting help people identify phishing sites? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2075–2084 (2011)
Canova, G., Volkamer, M., Bergmann, C., Borza, R., Reinheimer, B., Stockhardt, S., Tenberg, R.: Learn to spot phishing URLs with the android nophish app. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2015. IAICT, vol. 453, pp. 87–100. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18500-2_8
Helfrich, J.N., Neff, R.: Dual canonicalization: an answer to the homograph attack, eCrime Researchers Summit (2012)
Baasanjav, U.B.: Linguistic diversity on the internet: Arabic, Chinese and Cyrillic script top-level domain names. Telecommun. Policy 38(11), 961–969 (2014)
Hamid, I.R.A., Abawajy, J.H.: An approach for profiling phishing activities. Comput. Secur. 45, 27–41 (2014)
Cluley, G.: Lloydsbank, IIoydsbank - researcher highlights the homographic phishing problem, 29 June 2015
Davis, M., Suignard, M.: Unicode security considerations, Unicode Technical Report #36 (2014). http://unicode.org/reports/tr36/. Accessed 10 Aug 2015
Acknowledgment
The authors wish to thank Maliha Omar. Without her help, this paper will not be possible to be completed. The authors would also like to extend their appreciation to Deakin University for partially funding this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Abawajy, J., Richard, A., Aghbari, Z.A. (2018). Securing Websites Against Homograph Attacks. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-78816-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-78816-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78815-9
Online ISBN: 978-3-319-78816-6
eBook Packages: Computer ScienceComputer Science (R0)