DomainScouter: Analyzing the Risks of Deceptive Internationalized Domain Names

Daiki CHIBA  Ayako AKIYAMA HASEGAWA  Takashi KOIDE  Yuta SAWABE  Shigeki GOTO  Mitsuaki AKIYAMA  
[Paper recommended by Technical Committee on Information and Communication System Security]

IEICE TRANSACTIONS on Information and Systems   Vol.E103-D   No.7   pp.1493-1511
Publication Date: 2020/07/01
Publicized: 2020/03/19
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2019ICP0002
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Network and System Security
internationalized domain name (IDN),  deceptive IDN,  measurement,  user study,  

Full Text: PDF(1013.6KB)>>
Buy this Article

 | Errata[Uploaded on August 1,2020]

Internationalized domain names (IDNs) are abused to create domain names that are visually similar to those of legitimate/popular brands. In this work, we systematize such domain names, which we call deceptive IDNs, and analyze the risks associated with them. In particular, we propose a new system called DomainScouter to detect various deceptive IDNs and calculate a deceptive IDN score, a new metric indicating the number of users that are likely to be misled by a deceptive IDN. We perform a comprehensive measurement study on the identified deceptive IDNs using over 4.4 million registered IDNs under 570 top-level domains (TLDs). The measurement results demonstrate that there are many previously unexplored deceptive IDNs targeting non-English brands or combining other domain squatting methods. Furthermore, we conduct online surveys to examine and highlight vulnerabilities in user perceptions when encountering such IDNs. Finally, we discuss the practical countermeasures that stakeholders can take against deceptive IDNs.