论文信息 - Regap: a Tool for Unicode-based Web Identity Fraud Detection Regap: a Tool for Unicode-based Web Identity Fraud Detection De

Regap: a Tool for Unicode-based Web Identity Fraud Detection Regap: a Tool for Unicode-based Web Identity Fraud Detection De

ABSTRACT We anticipate the widespread usage of an internationalized resource identifier (IRI) 1 or internationalized domain name (IDN) 2 on the web as complement to universal resource identifier (URI). IRI/IDN is composed of characters in a subset of Unicode, such that a Unicode attack 3 to IRI/IDN could happen. Hence, visually or semantically, certain phishing IRI/IDNs may show high similarity to the real ones. The potential phishing attacks based on this strategy are very likely to happen in the near future with the boosting utilization of IRI/IDN. We invented a method to detect such phishing attack. We constructed a unicode character similarity list (UC-SimList) based on char-char visual and semantic similarities and use a nondeterministic finite automaton (NFA) 4 to identify the potential IRI/IDN-based phishing patterns. We implemented a phishing IRI/IDN pattern generation tool, REGAP, by which phishing IRI/IDN patterns can be generated into regular expressions (RE) for phishing IRI/IDN detection. We ...

Xiaotie Deng | Wenyin Liu | Anthony Y. Fu | Xiaotie Deng | Wenyin Liu

[1] Ophir Frieder,et al. Collection statistics for fast duplicate document detection , 2002, TOIS.

[2] Xiaotie Deng,et al. A Potential IRI Based Phishing Strategy , 2005, WISE.

[3] Xiaotie Deng,et al. The methodology and an application to fight against Unicode attacks , 2006, SOUPS '06.

[4] Justin Zobel,et al. Methods for Identifying Versioned and Plagiarized Documents , 2003, J. Assoc. Inf. Sci. Technol..

[5] Xiaotie Deng,et al. An antiphishing strategy based on visual similarity assessment , 2006, IEEE Internet Computing.

[6] Roy T. Fielding,et al. Uniform Resource Identifier (URI): Generic Syntax , 2005, RFC.

[7] Manabu OKUMURA,et al. Structuring Web pages based on Repetition of Elements , 2003 .

[8] Jonathan Robie,et al. Document Object Model (DOM) Level 2 Specification , 1998 .

[9] J. Doug Tygar,et al. The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[10] Markus Jakobsson,et al. Modeling and Preventing Phishing Attacks , 2005, Financial Cryptography.

[11] Peter Linz,et al. An Introduction to Formal Languages and Automata , 1997 .

[12] Evgeniy Gabrilovich,et al. The homograph attack , 2002, CACM.

[13] Saul Gorn,et al. American standard code for information interchange , 1963, CACM.

[14] Xiaotie Deng,et al. Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.