Large scale detection of IDN domain name masquerading

Introducing Unicode characters to domain names enabled end users to register a domain name in different languages, i.e., Russian, Arabic or Chinese. This process is defined as Internationalized Domain Names (IDN). The Unicode standard contains a large number of characters and character sets. Some of those Unicode characters' sets may resemble some ASCII characters (this is commonly referred as 'homoglyph') which are the basic building blocks for a domain name address. As such, an attacker could use the concept of homoglyph to spoof a domain name and lure an innocent user to visit a decoy domain instead of a legitimate one. IDN domain spoofing could be best detected at the end user side or by using a centralized monitoring solution. This research work is focusing on the different IDN spoofing attack types, and it proposes a new centralized monitoring system that can detect those attacks. © 2018 IEEE.