Detecting Homograph IDNs Using OCR
Pieter Agten, Wouter Joosen, Frank Piessens, and Nick Nikiforakis. Seven months’ worth of mistakes: A longitudinal study of typosquatting abuse. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015). Internet Society, 2015.
Evgeniy Gabrilovich and Alex Gontmakher. The homograph attack. Communications of the ACM, Vol. 45, No. 2, p. 128, 2002.
Symatec. Bad guys using internationalized domain names (idns). https://www.symantec.com/connect/blogs/bad-guys-usinginternationalized- domain-names-idns.
Marcin Ulikowski. dnstwist. https://github.com/elceef/dnstwist/.
Unicode security mechanisms for utr #39. https://www.unicode.org/Public/security/10.0.0/confusables.txt, 2017.
ICANN. Internationalized domain names. https://www.icann.org/resources/pages/idn-2012-02-25-en.
P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing domain names in applications (idna). RFC 3490, RFC Editor, March 2003.
P. Hoffman and M. Blanchet. Nameprep: A stringprep profile for
internationalized domain names (idn). RFC 3491, RFC Editor, March
P. Hoffman and M. Blanchet. Preparation of internationalized strings (”stringprep”). RFC 3454, RFC Editor, December 2002.
A. Costello. Punycode: A bootstring encoding of unicode for
internationalized domain names in applications (idna). RFC 3492, RFC Editor, March 2003.
Tyson McElroy, Peter Hannay, and Greg Baatard. The 2017 homograph browser attack mitigation survey. 2017.
Xudong Zheng. Phishing with unicode domains. https://www.xudongz.com/blog/2017/idn-phishing/, 2017.
Wordfence. Chrome and firefox phishing attack uses domains identical to known safe sites. https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/, 2017.
Public suffix list. https://publicsuffix.org/list/.
Daiki Chiba, Takeshi Yagi, Mitsuaki Akiyama, Toshiki Shibahara, Tatsuya Mori, and Shigeki Goto. Domainprofiler: toward accurate and early discovery of domain names abused in future. International Journal of Information Security, Dec 2017.
Rapid7. Project sonar forward dns. https://opendata.rapid7.com/sonar.fdns v2/, 2017.
hpHosts. Ad and tracking servers only. https://hosts-file.net/ad servers.txt.
Dns-bh malware domain blockilist. http://www.malredomains/com/.
The spamhaus project ltd., the domain block list. https://www.spamhaus.org/dbl.
Tesseract ocr. https://opensource.google.com/projects/tesseract/.
Alexa Internet. Alexa topsites. https://www.alexa.com/topsites.
Janos Szurdi, Balazs Kocso, Gabor Cseh, Jonathan Spring, Mark Felegyhazi, and Chris Kanich. The long” taile” of typosquatting domain names. In USENIX Security Symposium, pp. 191–206, 2014.
Tobias Holgers, David E Watson, and Steven D Gribble. Cutting through the confusion: A measurement study of homograph attacks. In USENIX Annual Technical Conference, General Track, pp. 261–266, 2006.
Rachna Dhamija, J Doug Tygar, and Marti Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581–590. ACM, 2006.
- There are currently no refbacks.