Automatic categorization of web sites based on source types
Proceedings of the fifteenth ACM conference on Hypertext and hypermedia
A Fuzzy Find Matching Tool for Image Text Analysis
AIPR '04 Proceedings of the 33rd Applied Imagery Pattern Recognition Workshop
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Narrative text classification for automatic key phrase extraction in web document corpora
Proceedings of the 7th annual ACM international workshop on Web information and data management
Automatic Classification of Web Information Based on Site Structure
CW '05 Proceedings of the 2005 International Conference on Cyberworlds
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft
Strider typo-patrol: discovery and analysis of systematic typo-squatting
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Ads-portal domains: Identification and measurements
ACM Transactions on the Web (TWEB)
| Hi-index | 0.00 |
One form of profiting from the web is URL typosquatting: people register phony sites that are common mispellings of popular sites. These phony sites advertise and sell products or, in the worst case, con users into identify theft. In this work, we quantify the extent of this phenomenon, and propose, SUT, a practical countermeasure based on network metrics. We start with an initial set of 900 popular websites, and create 3 million name variations in a systematic and exhaustive way. We find that URL typosquatting is a wide-spread phenomenon and identify common practices and preferred targets of typosquatters. Second, we find that phony websites exhibit significantly different network-layer behavior, such as number of http redirections, compared to regular sites. Based on this insight, we develop, SUT, an automated approach to detect phony websites. We find that the power of SUT lies in the use of the network-layer profile of the phony sites, and less in the perceived popularity of the site. We find that SUT can identify phony websites with near perfect accuracy and recall in our controlled tests. We conclude that our approach is a promising step towards protecting users from URL typosquatting.