{"title":"Easier in Reverse: Simplifying URL Reading for Phishing URLs via Reverse Domain Name Notation","authors":"Vincent Drury, Jakob Drees, Ulrike Meyer","doi":"10.1145/3600160.3604989","DOIUrl":null,"url":null,"abstract":"Phishing attacks are a persistent problem to users and organizations world-wide, resulting in monetary loss and providing a first step in more complex attacks. To improve the anti-phishing defensive efforts, this paper offers two main contributions: First, we present a novel categorization of phishing URLs with the goal of capturing the URL reading capabilities of untrained users and evaluate it in a user study. We find, that phishing URLs which are similar to the target URL when read from the left were the most complicated to classify in our study. Second, based on these results, we evaluate Reverse Domain Name (RDN) notation as an alternative URL notation where attacker-controlled information no longer makes up the left-most part of the URL. We evaluate the effect of using RDN notation in a second user study, and show that accuracies indeed improved for the relevant URL categories, and that users were significantly faster in their decisions compared to normal URL notation. Our results extend previous work aiming to understand users’ URL reading, provide recommendations when designing user studies including URL classification tests, and motivate further research into the potential advantages of RDN notation in practice.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3604989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Phishing attacks are a persistent problem to users and organizations world-wide, resulting in monetary loss and providing a first step in more complex attacks. To improve the anti-phishing defensive efforts, this paper offers two main contributions: First, we present a novel categorization of phishing URLs with the goal of capturing the URL reading capabilities of untrained users and evaluate it in a user study. We find, that phishing URLs which are similar to the target URL when read from the left were the most complicated to classify in our study. Second, based on these results, we evaluate Reverse Domain Name (RDN) notation as an alternative URL notation where attacker-controlled information no longer makes up the left-most part of the URL. We evaluate the effect of using RDN notation in a second user study, and show that accuracies indeed improved for the relevant URL categories, and that users were significantly faster in their decisions compared to normal URL notation. Our results extend previous work aiming to understand users’ URL reading, provide recommendations when designing user studies including URL classification tests, and motivate further research into the potential advantages of RDN notation in practice.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
