Presentation is loading. Please wait.

Presentation is loading. Please wait.

Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.

Published byDamion Lorance Modified over 9 years ago

Similar presentations

Presentation on theme: "Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari."— Presentation transcript:

1 Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari

2 Outline Introduction Background Methodology Parked Domain Classifier Data Sets Results Future Work Related Work Conclusion

3 Introduction - Motivation Traffic is important to domains! no point of launching without incoming traffic Loosing/Gaining traffic => loosing/gaining money One way to price the ADS is PPC => how important traffic Traffic Diversion could be a serious threat to a domain

4 Introduction - Motivation Typos may divert the traffic Users vulnerable to making typos Users may forget about visiting target domain Threat to Target Domain! Intentionally registering such typo domains is called Typo-squatting

5 Introduction - Goal To study how much traffic typo-squatters can get from target domains Are those domains attracting much traffic? Search engines typo-corrections! Browser auto-completions! How much traffic target domains is loosing? Is it of negligible ratio or a serious threat? Do users go back to target domains or get distracted?

6 Introduction - Challenges How to identify typo-squatting domains? Does Typo mean Typo-squatting? Short Domains www.abc.com and www.abd.com www.abc.comwww.abd.com Longer Domains www.walmart.com and www.walkmart.com www.walmart.comwww.walkmart.com If not, how can we? Hijacking indicator

7 Introduction - Contribution Automatic and accurate identification of typo- squatting domains show how much traffic target domains are loosing towards typo-squatting domains

8 Outline Introduction Background Methodology Parked Domain Classifier Data Results Related Work Future Work Conclusion

9 Background – Domain Parking Domain Parking showing a temporary page for an unused domain before launching them

10 Background - Domain Parking

11 Background – Domain Parking

12

13 Domain Parking Service Parks and hosts unused domains Monetize the traffic by showing ads Many Typo-squatting domains are parked domains (Wang et al, 06), (Keats, 07)

14 Outline Introduction Background Methodology Parked Domain Classifier Data Results Future Work Related Work Conclusion

15 Methodology Data Collection Identifying Typo-Squatting Domains

16 Methodology - Data Collection DNS traces @ UCI Revolvers Internal requests to domain names DNS query proceeds http request Caching limitation Our study represents a lower-bound

17 Methodology – Identify Typo- squatting Domain 1.Identify Similar Domains a. Single Error Typo Single error accounts for 90-95% of spelling errors www.walmart.com and www.walkmart.com www.walmart.comwww.walkmart.com b. gTLD substitution www.amazon.com and www.amazon.org www.amazon.comwww.amazon.org

18 Methodology – Identify Typo- squatting Domains But Similar domain is not enough! www.walmart.com and www.walkmart.comwww.walmart.comwww.walkmart.com Random Sample More than 54% are not Typo-squatting

19 Methodology – Identify Typo- squatting Domain 2. Identify Hijacking Indicator  Inappropriate Content  Domain For Sale  Forwarding to other domains  Ads – listing (Parked Domain)  More than 80%

20 Methodology – Identify Typo- squatting Domain Similar DomainParked Domain Typo-Squatting Domain

21 Methodology – Identify Typo- squatting Domain How to identify Parked Domain? Parked Domain Classifier Presence of Parking signatures Well-known parking signatures (domain names/urls)

22 Methodology - Summary Identify Similar Domains Identify Parked Domains List of Typo-squatting Domains

23 Outline Introduction Background Methodology Parked Domain Classifier Data Results Future Work Related Work Conclusion

24 Parked Domain Classifier Build Data Set Extract Core Features Combine Into Classifier

25 Data Set Data Set consists of 2,800 domains 700 are parked domain Collected from MS Strider Website 2,100 are non-parked domains Collected From the fourteen Yahoo Directory Top Categories

26 Feature Selection Heuristically, Identify common features in parked domain Compute the distribution of those features for verification Common Link Ratio Max

27 Combining Features Into Classifier Tried Different Classifier Algorithms Decision Tree SVM K-Nearest Neighbor Random Forest The best performance

28 Outline Introduction Background Methodology Parked Domain Classifier Data Sets Results Future Work Related Work Conclusion

29 DATA Sets DNS Traces Four Months Anonymous CNAME and A ~ 30 million domains ( ~ 2 billion hits ) ( ~ 30,000 users ) Target Domain Set Alexa’s Top 500 popular domains

30 Typo-Squatting Domains & Hits 1,332 typo-squatting 13,431 hits Is it Large or Small? 500 Target Domains 4 Month Period ~ 30,000 users Given Similar Ratio may translate to large number 30,000 => 13,000 300,000 => 130,000 3000,000 => 1,300,000

31 Typo-squatting Ratio 0.025% of total number of queries 89% LE 1% (70% LE 0.1%) ( 57% LE 0.01%)

32 User Correction Ratio – Alexa- 500 on average, 54% of typo-squatting queries are corrected

33 Potential Hit Loss 0.012% 92% LE 1% (78% LE 0.1%) (64% LE 0.01%)

34 Potential Money Loss 0.008% 96% LE % (91% LE 0.1%) ( 81% LE 0.01%)

35 Non-existing Similar Domains 463 potential typo-squatting 8,285 potential hits 0.015% of total number of queries 96% LE 1% (83% LE 0.1%) (66% LE 0.01%)

36 Typo-squatting Domains – TP60 629 typo-squatting 15,499 hits 0.045% of total number of queries 76% LE 1% (60% LE 0.5%)

37 Top Ten Typo-squatting Domains 19 % of all Typo-squatting hits

38 Top Ten Target Domains Responsible of 55% to all typo-squatting queries of Alexa-500 50 Million hits of “www.facebook.com”

39 Typo Characterization Most Typos are single errors ( 95% VS 5%) Most gTLD sub are “com” to “org” (50%) Add - 63% are of adjacent keys Sub – 23% are of adjacent keys Sub – 13% of substitutions are “a” and “o” Spelling error

40 Outline Introduction Background Methodology Parked Domain Classifier Data Sets Results Future Work Related Work Conclusion

41 Future Work How much target domains are paying squatters? Enhance our identification technique Typo Modeling for getting traffic back Why People go to Parked Domains? How can you increase the traffic

42 Outline Introduction Background Methodology Parked Domain Classifier Data Sets Results Future Work Related Work Conclusion

43 Related Work MS Strider Project [Wang et al. Sruti06] McAfee Study [Keats McAfee White Paper 07] JAAL project [Banerjee et al. Infocom 08]

44 Outline Introduction Background Methodology Parked Domain Classifier Data Sets Results Future Work Related Work Conclusion

45 Accurately and automatically identify typo-squatting domains How much traffic go typo-squatters Bound on how much traffic the target domain is loosing towards typo-squatting inconsequential

Download ppt "Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari."

Similar presentations

Predicting User Interests from Contextual Information

Predicting User Interests from Contextual Information
11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.

11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Qinqing Gan Torsten Suel Improved Techniques for Result Caching in Web Search Engines Presenter: Arghyadip ● Konark.

Qinqing Gan Torsten Suel Improved Techniques for Result Caching in Web Search Engines Presenter: Arghyadip ● Konark.
Harvesting SSL Certificate Data to Identify Web-Fraud Reporter : 鄭志欣 Advisor : Hsing-Kuo Pao 2010/10/04 1.

Harvesting SSL Certificate Data to Identify Web-Fraud Reporter : 鄭志欣 Advisor : Hsing-Kuo Pao 2010/10/04 1.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
Database Implementation of a Model-Free Classifier Konstantinos Morfonios ADBIS 2007 University of Athens.

Database Implementation of a Model-Free Classifier Konstantinos Morfonios ADBIS 2007 University of Athens.
Looking at both the Present and the Past to Efficiently Update Replicas of Web Content Luciano Barbosa * Ana Carolina Salgado ! Francisco Tenorio ! Jacques.

Looking at both the Present and the Past to Efficiently Update Replicas of Web Content Luciano Barbosa * Ana Carolina Salgado ! Francisco Tenorio ! Jacques.
6/16/20151 Recent Results in Automatic Web Resource Discovery Soumen Chakrabartiv Presentation by Cui Tao.

6/16/20151 Recent Results in Automatic Web Resource Discovery Soumen Chakrabartiv Presentation by Cui Tao.
Automatic Discovery and Classification of search interface to the Hidden Web Dean Lee and Richard Sia Dec 2 nd 2003.

Automatic Discovery and Classification of search interface to the Hidden Web Dean Lee and Richard Sia Dec 2 nd 2003.
Data-rich Section Extraction from HTML pages Introducing the DSE-Algorithm Original Paper from: Jiying Wang and Fred H. Lochovsky Department of Computer.

Data-rich Section Extraction from HTML pages Introducing the DSE-Algorithm Original Paper from: Jiying Wang and Fred H. Lochovsky Department of Computer.
Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.

Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.
Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.

Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.
WhoWas: A Platform for Measuring Web Deployments on IaaS Clouds Liang Wang *, Antonio Nappa +, Juan Caballero +, Thomas Ristenpart *, Aditya Akella * *

WhoWas: A Platform for Measuring Web Deployments on IaaS Clouds Liang Wang *, Antonio Nappa +, Juan Caballero +, Thomas Ristenpart *, Aditya Akella * *
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang 2010/3/29.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
Web Usage Mining Sara Vahid. Agenda Introduction Web Usage Mining Procedure Preprocessing Stage Pattern Discovery Stage Data Mining Approaches Sample.

Web Usage Mining Sara Vahid. Agenda Introduction Web Usage Mining Procedure Preprocessing Stage Pattern Discovery Stage Data Mining Approaches Sample.
Ask Joanne, LLC Fundamentals of Internet Marketing Free Teleclass by Ask Joanne, LLC September 19, 2006 9:30 – 10:30am.

Ask Joanne, LLC Fundamentals of Internet Marketing Free Teleclass by Ask Joanne, LLC September 19, :30 – 10:30am.
PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.
Abstract Introduction Results and Discussions James Kasson  (Dr. Bruce W.N. Lo)  Information Systems  University of Wisconsin-Eau Claire In a world.

Abstract Introduction Results and Discussions James Kasson  (Dr. Bruce W.N. Lo)  Information Systems  University of Wisconsin-Eau Claire In a world.

Similar presentations

Ads by Google