CINECA IRIS Institutional Research Information System

Domain squatting is an efficient attacking technique that relies on the similarity between domain names to trick users. Sound-squatting is a type of domain squatting that explores the similarity in the pronunciation of domains. Sound-squatting requires better approaches to protect users, and indeed it demands more research attention due to popularization of intelligent speakers and the increase of voice-based navigation. In this work we propose an AI-based methodology to automatically build sound-squatting candidates. We leverage recent results of AI, namely the ability to translate text, to automatically generate possible sound-squatting candidates. We evaluate our methodology by verifying the generated candidates and classifying them according to their threat class. We generate over twenty thousand candidates from popular domains, out of which, 7% are found active at the time of the analysis. Active domains include "Parked/Ads/For-Sale" domains. We thus show that automatic sound-squatting generation is useful to proactively check and limit the abuse of such offences.

AI-based Sound-Squatting Attack Made Possible

Drago, I;
2022-01-01

Abstract

Domain squatting is an efficient attacking technique that relies on the similarity between domain names to trick users. Sound-squatting is a type of domain squatting that explores the similarity in the pronunciation of domains. Sound-squatting requires better approaches to protect users, and indeed it demands more research attention due to popularization of intelligent speakers and the increase of voice-based navigation. In this work we propose an AI-based methodology to automatically build sound-squatting candidates. We leverage recent results of AI, namely the ability to translate text, to automatically generate possible sound-squatting candidates. We evaluate our methodology by verifying the generated candidates and classifying them according to their threat class. We generate over twenty thousand candidates from popular domains, out of which, 7% are found active at the time of the analysis. Active domains include "Parked/Ads/For-Sale" domains. We thus show that automatic sound-squatting generation is useful to proactively check and limit the abuse of such offences.
2022
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Genova, Italy
06-10 June 2022
Proceedings of the 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
IEEE
448
453
978-1-6654-9560-8
squatting; transformers; proactive security; deception for offense
Valentim, R; Drago, I; Cerutti, F; Mellia, M
04A-Conference paper in volume
File in questo prodotto:
File Dimensione Formato  
main.pdf

Accesso riservato

Descrizione: Articolo
Tipo di file: POSTPRINT (VERSIONE FINALE DELL’AUTORE)
Dimensione 1.68 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
1.68 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2318/1876799
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact