Abstract
Unicode has become a useful tool for information internationalization, particularly for applications in web links, web pages, and emails. However, many Unicode glyphs look so similar that malicious guys may utilize this feature to trick people’s eyes. In this paper, we propose to use Unicode string coloring as a promising countermeasure to this emerging threat. A coloring algorithm is designed and prototyped to assign colors to a set of required languages/scripts such that each language/script is displayed uniquely in color, while the color difference among different languages is maximized. Based on that, we proposed both fixed and adaptive coloring schemes to render Unicode strings in weblinks and documents so as to distinguish mixed Unicode characters from different language/script groups and vividly illustrate potential Homograph Obfuscation intentions. Our user study shows that it is helpful to remind end users of weirdly displayed strings.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Liu, W., Deng, X., Huang, G., Fu, A.Y.: An Anti-Phishing Strategy based on Visual Similarity Assessment. IEEE Internet Computing 10(2), 58–65 (2006)
Fu, A.Y., Deng, X., Liu, W.: REGAP: A Tool for Unicode-based Web Identity Fraud Detection Journal of Digital Forensic Practice 1(2), 83–97.(Special Edition on Anti-phishing and Online Fraud) (2006)
Fu, A.Y., Deng, X., Liu, W., Little, G.: The Methodology and an Application to Fight against Unicode Attacks. In: Proceedings of SOUPS 2006, CMU, Pittsburgh, USA (July 2006)
Gabrilovich, E., Gontmakher, A.: The Homograph Attack. Communications of the ACM 45(2), 128 (2002)
ICANN, http://www.icann.org
Unicode Consortium, The Unicode Character Code Charts By Script, http://www.unicode.org/charts
BTPLC, Safe Web Colours for Colour-Deficient Vision, http://www.btplc.com/age_disability/technology/RandD/colours/colours1.htm
Riemersma, T.: Colour Metric, http://www.compuphase.com/cmetric.htm
Karp, R.: Reducibility among Combinatorial Problems. In: Proceedings of Symposium on the Complexity of Computer Computations (1972)
Krammer, V.: Phishing Defense against IDN Address Spoofing Attacks. In: Proceedings of the 4th Annual Privacy Security Trust Conference 2006 (PST 2006), October 2006, pp. 275–284. ACM Press, New York (2006)
The UK Payment Association, http://www.apacs.org.uk
Computer Times, $8 Billion Lost to Online Scams, http://www.computertimes.com/oct06Articfle8BillionLostToOnlineScams.htm
CityU Coloring Palette, http://antiphishing.cs.cityu.edu.hk/ColoringScheme
Wu, M., Miller, R.C., Garfinkel, S.L.: Do Security Toolbars Actually Prevent Phishing Attacks? In: Proceedings of SIGCHI 2006, pp. 601–610 (2006), http://groups.csail.mit.edu/uid/projects/phishing/chi-security-toolbar.pdf
Macambira, E.M.: An Application of Tabu Search Heuristic for the Maximum Edge-Weighted Subgraph Problem. Annals of Operations Research 117, 175–190 (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wenyin, L., Fu, A.Y., Deng, X. (2008). Exposing Homograph Obfuscation Intentions by Coloring Unicode Strings. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds) Progress in WWW Research and Development. APWeb 2008. Lecture Notes in Computer Science, vol 4976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78849-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-78849-2_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78848-5
Online ISBN: 978-3-540-78849-2
eBook Packages: Computer ScienceComputer Science (R0)