Domain squatting is an efficient attacking technique that relies on the similarity between domain names to trick users. Sound-squatting is a type of domain squatting that explores the similarity in the pronunciation of domains. Sound-squatting requires better approaches to protect users, and indeed it demands more research attention due to popularization of intelligent speakers and the increase of voice-based navigation. In this work we propose an AI-based methodology to automatically build sound-squatting candidates. We leverage recent results of AI, namely the ability to translate text, to automatically generate possible sound-squatting candidates. We evaluate our methodology by verifying the generated candidates and classifying them according to their threat class. We generate over twenty thousand candidates from popular domains, out of which, 7% are found active at the time of the analysis. Active domains include “Parked/Ads/For-Sale” domains. We thus show that automatic sound-squatting generation is useful to proactively check and limit the abuse of such offences
AI-based Sound-Squatting Attack Made Possible / Vieira Valentim, Rodolfo; Drago, Idilio; Cerutti, Federico; Mellia, Marco. - (2022), pp. 448-453. (Intervento presentato al convegno 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) tenutosi a Genoa, Italy nel 06-10 June 2022) [10.1109/EuroSPW55150.2022.00053].
AI-based Sound-Squatting Attack Made Possible
Vieira Valentim, Rodolfo;Drago, Idilio;Cerutti, Federico;Mellia, Marco
2022
Abstract
Domain squatting is an efficient attacking technique that relies on the similarity between domain names to trick users. Sound-squatting is a type of domain squatting that explores the similarity in the pronunciation of domains. Sound-squatting requires better approaches to protect users, and indeed it demands more research attention due to popularization of intelligent speakers and the increase of voice-based navigation. In this work we propose an AI-based methodology to automatically build sound-squatting candidates. We leverage recent results of AI, namely the ability to translate text, to automatically generate possible sound-squatting candidates. We evaluate our methodology by verifying the generated candidates and classifying them according to their threat class. We generate over twenty thousand candidates from popular domains, out of which, 7% are found active at the time of the analysis. Active domains include “Parked/Ads/For-Sale” domains. We thus show that automatic sound-squatting generation is useful to proactively check and limit the abuse of such offencesFile | Dimensione | Formato | |
---|---|---|---|
_Workshop__Data_driven_Soundsquatting_Generation (7).pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
1.7 MB
Formato
Adobe PDF
|
1.7 MB | Adobe PDF | Visualizza/Apri |
AI-based_Sound-Squatting_Attack_Made_Possible.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
287.29 kB
Formato
Adobe PDF
|
287.29 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2970511