Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mohammad Taha Khan *, Xiang Huo *, Zhou Li † & Chris Kanich * University of Illinois at Chicago * & RSA Labs † Every Second Counts: Quantifying the Negative.

Published byTimothy Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "Mohammad Taha Khan *, Xiang Huo *, Zhou Li † & Chris Kanich * University of Illinois at Chicago * & RSA Labs † Every Second Counts: Quantifying the Negative."— Presentation transcript:

1 Mohammad Taha Khan *, Xiang Huo *, Zhou Li † & Chris Kanich * University of Illinois at Chicago * & RSA Labs † Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting

2 Cybersecurity In General... Generally focus on:  Detecting malicious programs  Finding and fixing bugs and flaws  Economic analyses The ultimate goal:  Minimize the harm caused to users  Harm: Monetary, wasted effort, loss of time Why Is This Important ?

3 Typosquatting One of the common forms of cybercrime Typosquatting Attacker Model:  Identify and register common typos of established websites  Host advertisements, malware or competing content Not really popular from malware standpoint * * [J. Szurdi, B. Kocso, G. Cseh, M. Felegyhazi, and C. Kanich, “The Long “Taile” of Typosquatting Domain Names, USENIX, 2014. ] yotube.com

4 Typosquatting causes visitor loss and a loss of users time An Example… Time Δt facebook.com faecbook.com

5 Typosquatting Evidence that typosquatting is PERVASIVE :  Large organizations invest into defensive registrations  Internet users continue to make typos What makes it FEASIBLE to study:  Observable from a network level  Can infer User intent from available data

6 Our Contributions  Passive detection of typosquatting domains using a conditional probability model  Present a harm metric in the form of loss of time and users  Apply this metric to quantify the cybercrime of typosquatting  Our work uses an open methodology with fine grained measurements

7 Data-Sets Passive Sources  HTTP data logs  DNS logs from recursive resolver  Enterprise proxy data Active Sources  High Fidelity Crawler

8 User Intent  User Intent to visit the destination website generates similar pairs of domains  User intent is manifested in various discovery methods Time faecbook.com facebook.com

9 Conditional Probability Characteristics of typo domain pairs (d1,d2):  Damerau Levenshtein distance = 1  Pairs at most 33 seconds apart  Latter d 2, must be a resolvable domain  Appeared at least 3 times in the dataset Threshold Cutoff =0.2 Eba.com followed by Ebay.com 90% nhl.com followed by nfl.com 0.08% Total Distinct Typo Domains = 34,400

10 Typo Characterization Adversarial registrations  Parked Domains  Malicious Websites  Other Cooperative registrations  JavaScript and 3xx redirections  Defensive registrations Unregistered websites  NX Domains

11 What Next... ??

12 Quantifying Harm CooperativeAdversarialUnregistered Average Delay (s)2.879.5810.38 Average User Loss (%) 3.3016.8111.53

13 Search VS Typein Delays Different discovery methods show varying delay trends Typein Search Typein Search Adversarial Domains Unregistered Domains

14 Target Domain Category Most Typos exist in the long tail of popularity Most distinct typos belonged to Adult and Blogs

15 Delay & Success Clustering * [T. Vissers, W. Joosen & N. Nikiforakis, “Parking Sensors: Analyzing and Detecting Parked Domains”. NDSS 2015 ] Some typo domains help users to get faster to their destination websites Top service providers are also popular of domain parking * Top Providers dnsredirection.com Parkingcrew.net fabolous.com above.com Internettraffic.com sedoparking.com

16 Loss of Revenue Convert time and user loss into dollars. Intended site owner has a negative externality ratio of 18:1 against the typosquatter Using per capita income an average user loses $0.29 to typosquatting per year For defenders, the effort ratio is 4.62:1, far lower than non-violent crime * * [J. M. Rao and D. H. Reiley, “The Economics of Spam,” The Journal of Economic Perspectives, pp. 87–110, 2012. ]

17 Conclusions Typosquatting is much less societally damaging than other non-violent crimes Defensive registrations do help against mistyping but not much against typosquatting Special technical or policy interventions are not necessarily required to deal with it

18 Thank You! Qeustions ?

19 Target Domain Length Longer domains are more likely to be mistyped Ratemyprofessors.com

20 How Is This Different  Traditional harm analyses are performed economists on a macro level  Organizations are specifically interested in a specific aspect of cybercrime  Large scale analyses limit the insight into different forms of harm

21 Bob’s Credit Card

Download ppt "Mohammad Taha Khan *, Xiang Huo *, Zhou Li † & Chris Kanich * University of Illinois at Chicago * & RSA Labs † Every Second Counts: Quantifying the Negative."

Similar presentations

Click Trajectories: End-to-End Analysis of the Spam Value Chain Author : Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, M’ark F’elegyh’azi,

Click Trajectories: End-to-End Analysis of the Spam Value Chain Author : Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, M’ark F’elegyh’azi,
A Systematic Study of the Mobile App Ecosystem Thanasis Petsas, Antonis Papadogiannakis, Evangelos P. Markatos Michalis PolychronakisThomas Karagiannis.

A Systematic Study of the Mobile App Ecosystem Thanasis Petsas, Antonis Papadogiannakis, Evangelos P. Markatos Michalis PolychronakisThomas Karagiannis.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.

Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.
Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic Matt Thomas Data Architect, Verisign Labs.

Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic Matt Thomas Data Architect, Verisign Labs.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Cloak and Dagger. In a nutshell… Cloaking Cloaking in search engines Search engines’ response to cloaking Lifetime of cloaked search results Cloaked pages.

Cloak and Dagger. In a nutshell… Cloaking Cloaking in search engines Search engines’ response to cloaking Lifetime of cloaked search results Cloaked pages.
One-Click Hosting Services: A File-Sharing Hideout Demetris Antoniades Evangelos P. Markatos ICS-FORTH Heraklion,

One-Click Hosting Services: A File-Sharing Hideout Demetris Antoniades Evangelos P. Markatos ICS-FORTH Heraklion,
SESSION ID: #RSAC Chaz Lever Characterizing Malicious Traffic on Cellular Networks A Retrospective MBS-W01 Researcher Damballa,

SESSION ID: #RSAC Chaz Lever Characterizing Malicious Traffic on Cellular Networks A Retrospective MBS-W01 Researcher Damballa,
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.

Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.
Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.

Typo-Squatting: a Nuisance or a Threat to Your Traffic? Mishari Almishari.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.
Differentiated Multimedia Web Services Using Quality Aware Transcoding S. Chandra, C.Schlatter Ellis and A.Vahdat InfoCom 2000, IEEE Journal on Selected.

Differentiated Multimedia Web Services Using Quality Aware Transcoding S. Chandra, C.Schlatter Ellis and A.Vahdat InfoCom 2000, IEEE Journal on Selected.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Search Engine Marketing Pay Per Click. Distinctions: SEM vs. SEO Search Engine Marketing (SEM), aka –“paid search” –“pay per click” (PPC) Search Engine.

Search Engine Marketing Pay Per Click. Distinctions: SEM vs. SEO Search Engine Marketing (SEM), aka –“paid search” –“pay per click” (PPC) Search Engine.
A Measurement-driven Analysis of Information Propagation in the Flickr Social Network WWW09 报告人: 徐波.

A Measurement-driven Analysis of Information Propagation in the Flickr Social Network WWW09 报告人: 徐波.
1 SOCIAL BOOKMARKING 101. HIBA KHALID BILAL SAEED KHAN FARID ALIANI ASKARI HASAN SOCIAL BOOKMARKING.

1 SOCIAL BOOKMARKING 101. HIBA KHALID BILAL SAEED KHAN FARID ALIANI ASKARI HASAN SOCIAL BOOKMARKING.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google