| 000 | 03970nam a22002537a 4500 | ||
|---|---|---|---|
| 008 | 210125b2018 a|||f mb|| 00| 0 eng d | ||
| 040 |
_aEG-CaNU _cEG-CaNU |
||
| 041 | 0 |
_aeng _beng |
|
| 082 | _a658 | ||
| 100 | 0 |
_aYahia Kandil Elsayed _9305 |
|
| 245 | 1 |
_aIDN Domain Name Masquerading Attack Detection _cYahia Kandil Elsayed |
|
| 260 | _c2018 | ||
| 300 |
_a77 p. _bill. _c21 cm. |
||
| 500 | _3Supervisor: Nashwa Abd El-Baki | ||
| 502 | _aThesis (M.A.)—Nile University, Egypt, 2018 . | ||
| 504 | _a"Includes bibliographical references" | ||
| 505 | 0 | _aContents: 1 Introduction 1 1.1 Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Internationalization in Domain Name . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Domain Name Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.4 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.5 Visual Spoofing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2 IDN Visual Spoofing Mitigation Techniques 11 2.1 User Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 Monitoring Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3 Proposed IDN Detection System 19 3.1 Punycode Extractor Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.2 Punycode Analyzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.3 Homoglyph Analyzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.4 Fuzzer Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.5 Spoofing Detection Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 3.6 Analytics Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 4 Solution Evaluation 37 4.1 Social Media Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 4.2 Majestic Top 100 Thousand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.3 System Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5 Conclusion and Future Work 47 References | |
| 520 | 3 | _aAbstract: Cybercriminals and attackers are constantly innovating various ways to successfully compromise a wide range of targets, individuals, private entities and governments alike. Phishing has emerged as the most effective social engineering attack as it takes advantage of human vulnerability or mistake. Introducing Unicode characters to domain names enabled end users to register a domain name in different languages, e.g., Russian, Arabic or Chinese. This process is defined as Internationalization in Domain Names (IDN). The Unicode standard contains a large set of characters and language scripts. Some of those Unicode characters may resemble some ASCII characters (this is commonly referred as ”Homoglyph”). As such, an attacker could use the concept of Homoglyph to masquerade a domain name and lure an innocent user to visit a decoy domain instead of a legitimate one. IDN domain masquerading could be best detected at the end user side or by using a centralized monitoring solution that can be used by the domain-name registrars to detect such attacks. This research work focuses on the different IDN spoofing attack types and the current existing mitigation techniques at both end user and registrar side. Then, we propose a new centralized monitoring solution that can best detect such attacks and we compare it with the existing similar solutions. Finally, we evaluate the proposed solution by monitoring the IDN attacks against the Majestic top 100K and some of the social media domains. | |
| 546 | _aText in English, abstracts in English. | ||
| 650 | 4 |
_aInformation Security _9294 |
|
| 655 | 7 |
_2NULIB _aDissertation, Academic _9187 |
|
| 690 |
_aInformation Security _9294 |
||
| 942 |
_2ddc _cTH |
||
| 999 |
_c8866 _d8866 |
||