ShamFinder: An automated framework for detecting IDN homographs

Hiroaki Suzuki, Daiki Chiba, Yoshiro Yoneya, Tatsuya Mori, Shigeki Goto

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

The internationalized domain name (IDN) is a mechanism that enables us to use Unicode characters in domain names. The set of Unicode characters contains several pairs of characters that are visually identical with each other; e.g., the Latin character 'a' (U+0061) and Cyrillic character 'а' (U+0430). Visually identical characters such as these are generally known as homoglyphs. IDN homograph attacks, which are widely known, abuse Unicode homoglyphs to create lookalike URLs. Although the threat posed by IDN homograph attacks is not new, the recent rise of IDN adoption in both domain name registries and web browsers has resulted in the threat of these attacks becoming increasingly widespread, leading to large-scale phishing attacks such as those targeting cryptocurrency exchange companies. In this work, we developed a framework named “ShamFinder,” which is an automated scheme to detect IDN homographs. Our key contribution is the automatic construction of a homoglyph database, which can be used for direct countermeasures against the attack and to inform users about the context of an IDN homograph. Using the ShamFinder framework, we perform a large-scale measurement study that aims to understand the IDN homographs that exist in the wild. On the basis of our approach, we provide insights into an effective countermeasure against the threats caused by the IDN homograph attack.

Original languageEnglish
Title of host publicationIMC 2019 - Proceedings of the 2019 ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery
Pages449-462
Number of pages14
ISBN (Electronic)9781450369480
DOIs
Publication statusPublished - 2019 Oct 21
Event19th ACM Internet Measurement Conference, IMC 2019 - Amsterdam, Netherlands
Duration: 2019 Oct 212019 Oct 23

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Conference

Conference19th ACM Internet Measurement Conference, IMC 2019
CountryNetherlands
CityAmsterdam
Period19/10/2119/10/23

Keywords

  • DNS
  • Homoglyph
  • IDN homograph
  • Unicode

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'ShamFinder: An automated framework for detecting IDN homographs'. Together they form a unique fingerprint.

Cite this