{"title":"反向更容易:通过反向域名表记简化网络钓鱼URL的URL阅读","authors":"Vincent Drury, Jakob Drees, Ulrike Meyer","doi":"10.1145/3600160.3604989","DOIUrl":null,"url":null,"abstract":"Phishing attacks are a persistent problem to users and organizations world-wide, resulting in monetary loss and providing a first step in more complex attacks. To improve the anti-phishing defensive efforts, this paper offers two main contributions: First, we present a novel categorization of phishing URLs with the goal of capturing the URL reading capabilities of untrained users and evaluate it in a user study. We find, that phishing URLs which are similar to the target URL when read from the left were the most complicated to classify in our study. Second, based on these results, we evaluate Reverse Domain Name (RDN) notation as an alternative URL notation where attacker-controlled information no longer makes up the left-most part of the URL. We evaluate the effect of using RDN notation in a second user study, and show that accuracies indeed improved for the relevant URL categories, and that users were significantly faster in their decisions compared to normal URL notation. Our results extend previous work aiming to understand users’ URL reading, provide recommendations when designing user studies including URL classification tests, and motivate further research into the potential advantages of RDN notation in practice.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Easier in Reverse: Simplifying URL Reading for Phishing URLs via Reverse Domain Name Notation\",\"authors\":\"Vincent Drury, Jakob Drees, Ulrike Meyer\",\"doi\":\"10.1145/3600160.3604989\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Phishing attacks are a persistent problem to users and organizations world-wide, resulting in monetary loss and providing a first step in more complex attacks. To improve the anti-phishing defensive efforts, this paper offers two main contributions: First, we present a novel categorization of phishing URLs with the goal of capturing the URL reading capabilities of untrained users and evaluate it in a user study. We find, that phishing URLs which are similar to the target URL when read from the left were the most complicated to classify in our study. Second, based on these results, we evaluate Reverse Domain Name (RDN) notation as an alternative URL notation where attacker-controlled information no longer makes up the left-most part of the URL. We evaluate the effect of using RDN notation in a second user study, and show that accuracies indeed improved for the relevant URL categories, and that users were significantly faster in their decisions compared to normal URL notation. Our results extend previous work aiming to understand users’ URL reading, provide recommendations when designing user studies including URL classification tests, and motivate further research into the potential advantages of RDN notation in practice.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3604989\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3604989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Easier in Reverse: Simplifying URL Reading for Phishing URLs via Reverse Domain Name Notation
Phishing attacks are a persistent problem to users and organizations world-wide, resulting in monetary loss and providing a first step in more complex attacks. To improve the anti-phishing defensive efforts, this paper offers two main contributions: First, we present a novel categorization of phishing URLs with the goal of capturing the URL reading capabilities of untrained users and evaluate it in a user study. We find, that phishing URLs which are similar to the target URL when read from the left were the most complicated to classify in our study. Second, based on these results, we evaluate Reverse Domain Name (RDN) notation as an alternative URL notation where attacker-controlled information no longer makes up the left-most part of the URL. We evaluate the effect of using RDN notation in a second user study, and show that accuracies indeed improved for the relevant URL categories, and that users were significantly faster in their decisions compared to normal URL notation. Our results extend previous work aiming to understand users’ URL reading, provide recommendations when designing user studies including URL classification tests, and motivate further research into the potential advantages of RDN notation in practice.