The homograph attack

@article{Gabrilovich2002TheHA,
  title={The homograph attack},
  author={Evgeniy Gabrilovich and Alex Gontmakher},
  journal={Commun. ACM},
  year={2002},
  volume={45},
  pages={128}
}
Computing veterans remember an old habit of crossing zeros (O) in program listings to avoid confusing them with the letter O, in order to make sure the operator would type the program correctly into the computer. This habit, once necessary, has long been rendered obsolete by the increased availability of editing tools. However, the underlying problem of character resemblance is still there. Today it seems we may have to acquire a similar habit, this time to address an issue much more… 

Topics from this paper

Computer and Intrusion Forensics
From the Publisher: A comprehensive and broad introduction to computer and intrusion forensics, this practical book helps you master the tools, techniques and underlying concepts you need to know,
Enhanced Classification Method for Homograph Attack Detection
TLDR
This paper proposes an enhanced classification method for IDN homograph detection by utilizing the Structural Similarity Index (SSIM), and applies a multi-group-of-classifier method to the model, which can further increase the accuracy.
ShamFinder: An Automated Framework for Detecting IDN Homographs
TLDR
This work developed a framework named "ShamFinder," which is an automated scheme to detect IDN homographs, and develops an automatic construction of a homoglyph database, which can be used for direct countermeasures against the attack and to inform users about the context of an IDNhomograph.
Safeguard against unicode attacks: generation and applications of UC-simlist
TLDR
A solution based on the renowned Kernel Density Estimation (KDE) method to establish such a Unicode Similarity List (UC-SimList) based on evaluating the similarity of characters in UCS is developed.
Bad Characters: Imperceptible NLP Attacks
TLDR
It is concluded that text-based NLP systems require careful input sanitization, just like conventional applications, and that given such systems are now being deployed rapidly at scale, the urgent attention of architects and operators is required.
Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection
TLDR
A comprehensive picture of the tactics, techniques and procedures prevalent in the Dutch phishing landscape is painted and public policy takeaways for anti-phishing initiatives are presented.
I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible
TLDR
This work aims to make experts’ tools accessible to non-experts and assist general users in judging the safety of URLs by providing them with a usable report based on the information professionals use.
Information Integrity
TLDR
Through formal information flow models, the data modification view, and the relationship to data quality, information integrity will be surveyed and illustrated for databases and information trustworthiness.
Let Your Camera See for You: A Novel Two-Factor Authentication Method against Real-Time Phishing Attacks
TLDR
Let Your Camera See for You: A Novel Two-Factor Authentication Method against Real-Time Phishing Attacks is proposed and showed that compared to other 2FA systems, PhotoAuth has several advantages, especially no special hardware or software support is needed on the client side except a phone, making it readily deployable.
Trojan Source: Invisible Vulnerabilities
TLDR
This work presents a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye, and proposes definitive compiler-level defenses to block this attack.
...
1
2
3
4
5
...