Communications of the ACM - Ontology: different ways of representing the same concept
Collection statistics for fast duplicate document detection
ACM Transactions on Information Systems (TOIS)
The TREC-5 Confusion Track: Comparing Retrieval Methods for Scanned Text
Information Retrieval
Methods for identifying versioned and plagiarized documents
Journal of the American Society for Information Science and Technology
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An Antiphishing Strategy Based on Visual Similarity Assessment
IEEE Internet Computing
Modeling and preventing phishing attacks
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
A potential IRI based phishing strategy
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
Fighting unicode-obfuscated spam
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Proceedings of the 2008 Spring simulation multiconference
Proceedings of the 2008 workshop on New security paradigms
HumanBoost: Utilization of Users' Past Trust Decision for Identifying Fraudulent Websites
ICONIP '09 Proceedings of the 16th International Conference on Neural Information Processing: Part II
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Exposing homograph obfuscation intentions by coloring unicode strings
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
| Hi-index | 0.00 |
Unicode is becoming a dominant character representation format for information processing. This presents a very dangerous usability and security problem for many applications. The problem arises because many characters in the UCS (Universal Character Set) are visually and/or semantically similar to each other. This presents a mechanism for malicious people to carry out Unicode Attacks, which include spam attacks, phishing attacks, and web identity attacks. In this paper, we address the potential attacks, and propose a methodology for countering them. To evaluate the feasibility of our methodology, we construct a Unicode Character Similarity List (UC-SimList). We then implement a visual and semantic based edit distance (VSED), as well as a visual and semantic based Knuth-Morris-Pratt algorithm (VSKMP), to detect Unicode attacks. We develop a prototype Unicode attack detection tool, IDN-SecuChecker, which detects phishing weblinks and fake user name (account) attacks. We also introduce the possible practical use of Unicode attack detectors.