The methodology and an application to fight against Unicode attacks

Anthony Y. Fu, Xiaotie Deng, Liu Wenyin, Greg Little
2006 Proceedings of the second symposium on Usable privacy and security - SOUPS '06  
Unicode is becoming a dominant character representation format for information processing. This presents a very dangerous usability and security problem for many applications. The problem arises because many characters in the UCS (Universal Character Set) are visually and/or semantically similar to each other. This presents a mechanism for malicious people to carry out Unicode Attacks, which include spam attacks, phishing attacks, and web identity attacks. In this paper, we address the
more » ... ddress the potential attacks, and propose a methodology for countering them. To evaluate the feasibility of our methodology, we construct a Unicode Character Similarity List (UC-SimList). We then implement a visual and semantic based edit distance (VSED), as well as a visual and semantic based Knuth-Morris-Pratt algorithm (VSKMP), to detect Unicode attacks. We develop a prototype Unicode attack detection tool, IDN-SecuChecker, which detects phishing weblinks and fake user name (account) attacks. We also introduce the possible practical use of Unicode attack detectors.
doi:10.1145/1143120.1143132 dblp:conf/soups/FuDWL06 fatcat:ony3cjgurjeojcmzp447wigttq