Abstrakt: | Phishing is a social engineering attack, in which the attacker tricks their victim to visit and interact with a malicious website by imitating a legitimate business, institution or person. Attackers may register domains that look similar to domain of the website they are imitating, in order to make their website more convincing. Typosquatting is the practice of registering domains that are similar to the imitated domain but contain one or more typographical errors. Later, when the typosquatter's victim makes an error when typing the original domain name, they will be directed to the typosquatter's website instead of the website they intended to visit. This thesis explores how similarity between domain names can be used to detect phishing and typosquatting domains. We describe and compare various existing functions that measure similarity between two domains, and also propose two novel functions. Afterwards, we propose and implement a tool for generating domains that are similar to a given domain. We compare the tool with other similar tools.
|
---|