Dan Li
ABSTRACT
Address spoofing is a remarkably effective way to trick a user into revealing confidential information. The advent of Internationalized Domain Name (IDN), which benefits non-native speakers of English to access the Internet, poses a new hazard with non-English characters employed in domain names. Chinese domain name, as an important part of IDN, is attracting more and more attention.
Unlike alphabetic writing, the form of Chinese character is very complicated. There exist plenty of Chinese characters with similar shape or similar pronunciation, which is very confusing to users. Many of the traditional detection technologies cannot be applied to the new situation. In this paper, we perform a comprehensive study of Chinese domain name piracy, and put forward three detection methods accordingly. The experiment results show that these detection methods are feasible and effective.
- Anti-Phishing Working Group (APWG). Phishing Activity Trends Report 4st Quarter 2017. 2018. http://docs.apwg.org/reports/apwg_trends_report_q4_2017.pdfGoogle Scholar
- Anti-Phishing Alliance of China (APAC). Briefing on Handing of Phishing Websites in April 2018. 2018. http://en.apac.cn/Briefing_on_Handling_of_Phishing_Websites/201805/P020180515545876373680.pdfGoogle Scholar
- Weili Han, Ye Cao, Elisa Bertino, and Jianming Yong. 2012. Using automated individual white-list to protect web digital identities. Expert Syst. Appl. 39, 15 (2012), 11861--11869. Google ScholarDigital Library
- Pawan Prakash, Manish Kumar, Ramana Rao Kompella, and Minaxi Gupta. 2010. PhishNet: Predictive Blacklisting to Detect Phishing Attacks. In INFOCOM 2010. 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 15--19 March 2010, San Diego, CA, USA. 346--350. Google ScholarDigital Library
- Jian Zhang, Phillip A. Porras, and Johannes Ullrich. 2008. Highly Predictive Blacklisting. In Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA. 107--122. http://www.usenix.org/events/sec08/tech/full\_papers/zhang/zhang.pdf Google ScholarDigital Library
- Yuanchen He, Zhenyu Zhong, Sven Krasser, and Yuchun Tang. 2010. Mining DNS for malicious domain registrations. In The 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2010, Chicago, IL, USA, 9--12 October 2010. 1--6.Google ScholarCross Ref
- The 39th China Statistical Report on Internet Development. 2017. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201701/P020170123364672657408.pdfGoogle Scholar
- The 41th China Statistical Report on Internet Development. 2018. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201803/P020180305409870339136.pdfGoogle Scholar
- Viktor Krammer. 2006. Phishing defense against IDN address spoofing attacks. In Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, PST 2006, Markham, Ontario, Canada, October 30 -November 1, 2006. 32. Google ScholarDigital Library
- Bo Hong, Guanggang Geng, Liming Wang, and Wei Mao. 2013. Method to detect Chinese domain name homograph attack. Application Research of Computers 11 (12-2013), 3426--3429.Google Scholar
- Ankit Kumar Jain and B. Brij Gupta. 2018. Towards detection of phishing websites on client-side using machine learning based approach. Telecommunication Systems 68, 4 (2018), 687--700. Google ScholarDigital Library
- El-Sayed M. El-Alfy. 2017. Detection of Phishing Websites Based on Probabilistic Neural Networks and K-Medoids Clustering. Comput. J. 60, 12 (2017), 1745--1759.Google ScholarCross Ref
- Mayank Pandey and Vadlamani Ravi. 2013. Text and Data Mining to Detect Phishing Websites and Spam Emails. 8298 (2013), 559--573. Google ScholarDigital Library
- Dong Wang and Shihuan Xiong. 2013. New algorithm for similarity calculation of Chinese character glyph. Application Research of Computers 8 (10-2013), 2395--2397.Google Scholar
- Zhiqing Lin and Jun Guo. 2002. An Algorithm for the Recognition of Similar Chinese Characters. Journal of Chinese Information Processing 5 (3-2002), 44--48.Google Scholar
- Information technology - Universal multiple-octet coded character set (CJK unified ideographs) 15×16-dot matrix font: GB/T 17698--2010. 2011. Standards. http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=D213E624930ABEADB6DBDA92F97AB2BCGoogle Scholar
- http://导航.中国/.Google Scholar
Index Terms
- Detecting Chinese Domain Name Piracy
Recommendations
Variant Chinese Domain Name Resolution
Many efforts in past years have been made to lower the linguistic barriers for non-native English speakers to access the Internet. Internet standard RFC 3490, referred to as IDNA (Internationalizing Domain Names in Applications), focuses on access to ...
Comments