It's All in the Name: Why Some URLs are More Vulnerable to Typosquatting
- Resource Type
- Conference
- Authors
- Tahir, Rashid; Raza, Ali; Ahmad, Faizan; Kazi, Jehangir; Zaffar, Fareed; Kanich, Chris; Caesar, Matthew
- Source
- IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Computer Communications (INFOCOM), 2018 IEEE Conference on. :2618-2626 Apr, 2018
- Subject
- Communication, Networking and Broadcast Technologies
Uniform resource locators
Keyboards
Layout
Measurement
Phishing
Browsers
- Language
Typosquatting is a blackhat practice that relies on human error and low-cost domain registrations to hijack legitimate traffic from well-established websites. The technique is typically used for phishing, driving traffic towards competitors or disseminating indecent or malicious content and as such remains a concern for businesses. We take a fresh new look at this well-studied phenomenon to explore why some URLs are more vulnerable to typing mistakes than others. We explore the relationship between human hand anatomy, keyboard layouts and typing mistakes using various URL datasets. We create an extensive user-centric typographical model and compute a Hardness Quotient (likelihood of mistyping) for each URL using a quantitative measure for finger and hand effort. Furthermore, our model predicts the most likely typos for each URL which can then be defensively registered. Cross-validation against actual URL and DNS datasets suggests that this is a meaningful and effective defense mechanism.