IDN Domain Name Masquerading Attack Detection (Record no. 8866)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 03970nam a22002537a 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 210125b2018 a|||f mb|| 00| 0 eng d |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | EG-CaNU |
| Transcribing agency | EG-CaNU |
| 041 0# - Language Code | |
| Language code of text | eng |
| Language code of abstract | eng |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 658 |
| 100 0# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Yahia Kandil Elsayed |
| 245 1# - TITLE STATEMENT | |
| Title | IDN Domain Name Masquerading Attack Detection |
| Statement of responsibility, etc. | Yahia Kandil Elsayed |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Date of publication, distribution, etc. | 2018 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 77 p. |
| Other physical details | ill. |
| Dimensions | 21 cm. |
| 500 ## - GENERAL NOTE | |
| Materials specified | Supervisor: Nashwa Abd El-Baki |
| 502 ## - Dissertation Note | |
| Dissertation type | Thesis (M.A.)—Nile University, Egypt, 2018 . |
| 504 ## - Bibliography | |
| Bibliography | "Includes bibliographical references" |
| 505 0# - Contents | |
| Formatted contents note | Contents:<br/>1 Introduction 1<br/>1.1 Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br/>1.2 Internationalization in Domain Name . . . . . . . . . . . . . . . . . . . . . . . 2<br/>1.3 Domain Name Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br/>1.4 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br/>1.5 Visual Spoofing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br/>2 IDN Visual Spoofing Mitigation Techniques 11<br/>2.1 User Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br/>2.2 Monitoring Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15<br/>3 Proposed IDN Detection System 19<br/>3.1 Punycode Extractor Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23<br/>3.2 Punycode Analyzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br/>3.3 Homoglyph Analyzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27<br/>3.4 Fuzzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30<br/>3.5 Spoofing Detection Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32<br/>3.6 Analytics Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br/>4 Solution Evaluation 37<br/>4.1 Social Media Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37<br/>4.2 Majestic Top 100 Thousand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42<br/>4.3 System Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45<br/>5 Conclusion and Future Work 47<br/>References |
| 520 3# - Abstract | |
| Abstract | Abstract:<br/>Cybercriminals and attackers are constantly innovating various ways to successfully<br/>compromise a wide range of targets, individuals, private entities and governments alike.<br/>Phishing has emerged as the most effective social engineering attack as it takes advantage<br/>of human vulnerability or mistake.<br/>Introducing Unicode characters to domain names enabled end users to register a domain<br/>name in different languages, e.g., Russian, Arabic or Chinese. This process is defined<br/>as Internationalization in Domain Names (IDN).<br/>The Unicode standard contains a large set of characters and language scripts. Some<br/>of those Unicode characters may resemble some ASCII characters (this is commonly referred<br/>as ”Homoglyph”). As such, an attacker could use the concept of Homoglyph to<br/>masquerade a domain name and lure an innocent user to visit a decoy domain instead of<br/>a legitimate one.<br/>IDN domain masquerading could be best detected at the end user side or by using a<br/>centralized monitoring solution that can be used by the domain-name registrars to detect<br/>such attacks.<br/>This research work focuses on the different IDN spoofing attack types and the current<br/>existing mitigation techniques at both end user and registrar side. Then, we propose a new<br/>centralized monitoring solution that can best detect such attacks and we compare it with<br/>the existing similar solutions. Finally, we evaluate the proposed solution by monitoring<br/>the IDN attacks against the Majestic top 100K and some of the social media domains. |
| 546 ## - Language Note | |
| Language Note | Text in English, abstracts in English. |
| 650 #4 - Subject | |
| Subject | Information Security |
| 655 #7 - Index Term-Genre/Form | |
| Source of term | NULIB |
| focus term | Dissertation, Academic |
| 690 ## - Subject | |
| School | Information Security |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Dewey Decimal Classification |
| Koha item type | Thesis |
| 650 #4 - Subject | |
| -- | 294 |
| 655 #7 - Index Term-Genre/Form | |
| -- | 187 |
| 690 ## - Subject | |
| -- | 294 |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Home library | Current library | Date acquired | Total Checkouts | Full call number | Date last seen | Price effective from | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dewey Decimal Classification | Not For Loan | Main library | Main library | 01/25/2021 | 658 / Y.K.I / 2018 | 01/25/2021 | 01/25/2021 | Thesis |