Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information."— Presentation transcript:

1 Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information and Computer Sciences Computer Science Department malmisha, xwy@ics.uci.edu

2 Introduction Typo-Squatting refers to the act of registering domain names that are typographical errors of other popular domain names (target domains) to hijack the traffic intended to those popular domain names Hijacking for malicous purposes Hijacking for financial purposes

3 Goals & Contributions Accurately identify typo-squatting domains Measure the amount of traffic hijacked by squatters Build a system that would reduce the amount of traffic to such domains

4 Methodology Identifying Typos  Use edit distance of 1 as our typo definition  Less controversial in terms of typo definition  Users are more prone to make a single error than 2 or more  A study shows that 90-95% of spelling errors are of 1 mistake  Nevertheless, extending the typo definition is worth working at.

5 Methodology Identifying hijacking attempts  Is being a typo domain enough? No, 55% are not squatting  What are the common hijacking indicators? Parked Domain / Ads Listing (88.5%) Offensive Adult Content (3.1%) Domain For Sale (2.1%) Forwarding To Another Domain (8.3%)  How to identify Parked Domain? Use Machine Learning Classifier (96%) (100%)

6 Experiment Measure amount of hijacked traffic UCI DNS traces of 8 months 500 popular domains from Alexa Website Steps  Pre-processing of DNS queries  Finding Typo Domains  Finding Typo Squatting Domains

7 Measurement Results Typo-squatting Hits  Total of 23,989  Ranges from 1,675 to 3,621 Typo-squatting Domains  Total of 1,786 domains  Ranges from 347 to 530 domains

8 Measurement Results  Maximum Hits to Typo- squatting Domains Could reach up to 649 hits for one domain in on month  Average Hijack Ratio Low 0.33% to 1%

9 Measurement Results Maximum Hijack Ratio  From 82% to 100% Most squatted Domains  Most hijacked is www.facebook.com  2 nd Most hijacked is www.youtube.com www.facebook.com www.youtube.com www.myspace.com www.wikipedia.org www.google.com

10 Measurement Results Typo Characterization  14% of Cat 1 is missing dot  66% of Cat 2 is from neighbor keys  26% of Cat 2 is the same as one before or after  42 % is from neighbor keys Typo CategoryRatio Missing One Character 32% Adding One Character 33% Substituting One Character 22% Swapping Two Characters 13%

11 Comparison With Other Typo- correctors Google & Yahoo typo-correction web services 15% (12%) missed by Google (Yahoo) 99.6% (98%) of what is missed are real parked domains 23%(31%) fwd to the same target domain

12 System Implementation Successfully integrate our methodology with Mozilla Firefox browser Second set, 94% <= 167 ms Non Typo domains, 10 ms in avg and max is 25 ms

13 Classifier Data Set is of 2,800 sample 700 are parked domain and 2,100 general purpose domain from Yahoo Directory Identify distinguishing features Compute Distribution for verification Use WEKA library to try different classification algorithms, Random Forest was the best

14 Conclusion Defined and implemented an accurate identification methodology Performed measurements that show typo- squatters are moderately successful Integrated the methodology with a Firefox browser to detect typo-squatting domains on the fly

Download ppt "Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information."

Similar presentations

Exploring Linkability of User Reviews Mishari Almishari and Gene Tsudik Computer Science Department University of California, Irvine

Exploring Linkability of User Reviews Mishari Almishari and Gene Tsudik Computer Science Department University of California, Irvine
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.

11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.

Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.
Jeff Howbert Introduction to Machine Learning Winter 2012 1 Collaborative Filtering Nearest Neighbor Approach.

Jeff Howbert Introduction to Machine Learning Winter Collaborative Filtering Nearest Neighbor Approach.
Harvesting SSL Certificate Data to Identify Web-Fraud Reporter : 鄭志欣 Advisor : Hsing-Kuo Pao 2010/10/04 1.

Harvesting SSL Certificate Data to Identify Web-Fraud Reporter : 鄭志欣 Advisor : Hsing-Kuo Pao 2010/10/04 1.
GENERATING AUTOMATIC SEMANTIC ANNOTATIONS FOR RESEARCH DATASETS AYUSH SINGHAL AND JAIDEEP SRIVASTAVA CS DEPT., UNIVERSITY OF MINNESOTA, MN, USA.

GENERATING AUTOMATIC SEMANTIC ANNOTATIONS FOR RESEARCH DATASETS AYUSH SINGHAL AND JAIDEEP SRIVASTAVA CS DEPT., UNIVERSITY OF MINNESOTA, MN, USA.
Paper presentation for CSI5388 PENGCHENG XI Mar. 23, 2005

Paper presentation for CSI5388 PENGCHENG XI Mar. 23, 2005
Freshness Policy Binoy Dharia, K. Rohan Gandhi, Madhura Kolwadkar Department of Computer Science University of Southern California Los Angeles, CA.

Freshness Policy Binoy Dharia, K. Rohan Gandhi, Madhura Kolwadkar Department of Computer Science University of Southern California Los Angeles, CA.
6/16/20151 Recent Results in Automatic Web Resource Discovery Soumen Chakrabartiv Presentation by Cui Tao.

6/16/20151 Recent Results in Automatic Web Resource Discovery Soumen Chakrabartiv Presentation by Cui Tao.
Managing Distributed Collections: Evaluating Web Page Change, Movement, and Replacement Richard Furuta and Frank Shipman Center for the Study of Digital.

Managing Distributed Collections: Evaluating Web Page Change, Movement, and Replacement Richard Furuta and Frank Shipman Center for the Study of Digital.
Data-rich Section Extraction from HTML pages Introducing the DSE-Algorithm Original Paper from: Jiying Wang and Fred H. Lochovsky Department of Computer.

Data-rich Section Extraction from HTML pages Introducing the DSE-Algorithm Original Paper from: Jiying Wang and Fred H. Lochovsky Department of Computer.
Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.

Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.
Managing Distributed Collections: Evaluating Web Page Change, Movement, and Replacement Richard Furuta and Frank Shipman Center for the Study of Digital.

Managing Distributed Collections: Evaluating Web Page Change, Movement, and Replacement Richard Furuta and Frank Shipman Center for the Study of Digital.
California Car License Plate Recognition System ZhengHui Hu Advisor: Dr. Kang.

California Car License Plate Recognition System ZhengHui Hu Advisor: Dr. Kang.
Big data analytics with R and Hadoop Chapter 5 Learning Data Analytics with R and Hadoop 데이터마이닝연구실 2015.04.23 김지연.

Big data analytics with R and Hadoop Chapter 5 Learning Data Analytics with R and Hadoop 데이터마이닝연구실 김지연.
Automated malware classification based on network behavior

Automated malware classification based on network behavior
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Similar presentations

Ads by Google