Homoglyph Attack Detection with Unpaired Data

The human eyes fall prey to cyber-attacks designed to visually deceive us. One such attack that has been effective is named spoofing or homoglyph attack. A homoglyph attack employs a simple trick to deceive us by using a spoof domain or process (file) name that is hard to distinguish from the legitimate names. Due to this, a user might be drawn to click on the spoof process or domain names, and in worst-case it results in triggering any malicious malware planted in them. As a result, their sensitive personal information might be at risk of being exposed. To address the problem mentioned above, existing works use simple approaches related to string comparison techniques that are extensively applied to compare genomes. Although they are effective, these methods are computationally expensive and suffer from low precision due to high false positive predictions. In recent years, machine learning has been applied to a variety of problems, and similar efforts have been made to address homoglyph attacks with neural networks to improve the efficiency of preemptive cyber-attack detection. However, both of these approaches have a common constraint, which is related to the requirement of paired sequences to determine the difference between real vs. spoof strings. As a result, existing approaches are not practical to real-world scenarios when paired sequences are unavailable. In this paper, we introduce a new unpaired homoglyph attack detection system using a convolutional neural network. We formulate two unpaired datasets based on the original datasets reported in [36], which contain real and spoof names for both domains and processes. We train the model end-to-end in a supervised manner. Our experiments demonstrate the robustness of our model in terms of performance in detecting homoglyph attacks. Additionally, it is easy to integrate into any browser with a simple REST [28] API. We show that our model can reach state-of-the-art in detecting homoglyph attack with 94% accuracy on the domain spoof dataset and 95% accuracy on process spoof dataset even without requiring paired data as input. We believe that this work is useful in realworld to appropriately safeguard sensitive information of the users from adversaries.