东南大学学报(自然科学版)2017,Vol.47Issue(z1):39-43,5.DOI:10.3969/j.issn.1001-0505.2017.S1.008
同形异义的国际化域名检测与测量
Detecting and measuring IDN homograph attack
摘要
Abstract
Internationalized domain names(IDNs)provid a convenient way for homograph phishing attack.To better understand the abusing of IDNs by an attacker, a light-weight detection system based on passive DNS data and graph similarity fingerprint algorithm is proposed to identify IDN homograph domains.At the detection stage,active IDNs are extracted from 360 passive DNS data, and the similarity with the famous domain name is analyzed by a graph similarity algorithm based on fingerprint information.At the measurement stage,the domain names with the register information, DNS query number and content types of web sites are analyzed.The experimental results show that, IDN cybersquatting is a serious problem in real world,172 IDNs have been used toward malicious activities,including phishing and malicious domain parking,etc.There is an urgent need for a better regulation of domain brand protection.关键词
国际化域名/域名滥用/同形异义攻击/被动DNSKey words
internationalized domain names(IDNs)/domain abuse/homograph attacks/passive DNS分类
信息技术与安全科学引用本文复制引用
刘莹,刘保君..同形异义的国际化域名检测与测量[J].东南大学学报(自然科学版),2017,47(z1):39-43,5.基金项目
国家自然科学基金资助项目(61772307)、赛尔网络下一代互联网技术创新资助项目(NGII20160403). (61772307)
