Daiki Chiba, Ayako Akiyama Hasegawa, and Takashi Koide, NTT Secure Platform Laboratories; Yuta Sawabe and Shigeki Goto, Waseda University; Mitsuaki Akiyama, NTT Secure Platform Laboratories
Cyber attackers create domain names that are visually similar to those of legitimate/popular brands by abusing valid internationalized domain names (IDNs). In this work, we systematize such domain names, which we call deceptive IDNs, and understand the risks associated with them. In particular, we propose a new system called DomainScouter to detect various deceptive IDNs and calculate a deceptive IDN score, a new metric indicating the number of users that are likely to be misled by a deceptive IDN. We perform a comprehensive measurement study on the identified deceptive IDNs using over 4.4 million registered IDNs under 570 top level domains (TLDs). The measurement results demonstrate that there are many previously unexplored deceptive IDNs targeting non-English brands or combining other domain squatting methods. Furthermore, we conduct online surveys to examine and highlight vulnerabilities in user perceptions when encountering such IDNs. Finally, we discuss the practical countermeasures that stakeholders can take against deceptive IDNs.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Daiki Chiba and Ayako Akiyama Hasegawa and Takashi Koide and Yuta Sawabe and Shigeki Goto and Mitsuaki Akiyama},
title = {{DomainScouter}: Understanding the Risks of Deceptive {IDNs}},
booktitle = {22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)},
year = {2019},
isbn = {978-1-939133-07-6},
address = {Chaoyang District, Beijing},
pages = {413--426},
url = {https://www.usenix.org/conference/raid2019/presentation/chiba},
publisher = {USENIX Association},
month = sep
}