TY  - BOOK
AU  - Yahia Kandil Elsayed
TI  - IDN Domain Name Masquerading Attack Detection
U1  - 658 
PY  - 2018///
KW  - Information Security
KW  - NULIB
KW  - Dissertation, Academic
N1  - Thesis (M.A.)—Nile University, Egypt, 2018; "Includes bibliographical references"; Contents:
1 Introduction 1
1.1 Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Internationalization in Domain Name . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Domain Name Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.5 Visual Spoofing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 IDN Visual Spoofing Mitigation Techniques 11
2.1 User Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2 Monitoring Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3 Proposed IDN Detection System 19
3.1 Punycode Extractor Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.2 Punycode Analyzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.3 Homoglyph Analyzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.4 Fuzzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.5 Spoofing Detection Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.6 Analytics Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4 Solution Evaluation 37
4.1 Social Media Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.2 Majestic Top 100 Thousand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.3 System Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5 Conclusion and Future Work 47
References
N2  - Abstract:
Cybercriminals and attackers are constantly innovating various ways to successfully
compromise a wide range of targets, individuals, private entities and governments alike.
Phishing has emerged as the most effective social engineering attack as it takes advantage
of human vulnerability or mistake.
Introducing Unicode characters to domain names enabled end users to register a domain
name in different languages, e.g., Russian, Arabic or Chinese. This process is defined
as Internationalization in Domain Names (IDN).
The Unicode standard contains a large set of characters and language scripts. Some
of those Unicode characters may resemble some ASCII characters (this is commonly referred
as ”Homoglyph”). As such, an attacker could use the concept of Homoglyph to
masquerade a domain name and lure an innocent user to visit a decoy domain instead of
a legitimate one.
IDN domain masquerading could be best detected at the end user side or by using a
centralized monitoring solution that can be used by the domain-name registrars to detect
such attacks.
This research work focuses on the different IDN spoofing attack types and the current
existing mitigation techniques at both end user and registrar side. Then, we propose a new
centralized monitoring solution that can best detect such attacks and we compare it with
the existing similar solutions. Finally, we evaluate the proposed solution by monitoring
the IDN attacks against the Majestic top 100K and some of the social media domains
ER  -