Title | Weaponizing Unicodes with Deep Learning -Identifying Homoglyphs with Weakly Labeled Data |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Deng, Perry, Linsky, Cooper, Wright, Matthew |
Conference Name | 2020 IEEE International Conference on Intelligence and Security Informatics (ISI) |
Keywords | cybersecurity, homoglyphs, Measurement, Metrics, Plagiarism, Predictive models, predictive security metrics, pubcrawl, security, software development management, unicode, visualization, Weapons |
Abstract | Visually similar characters, or homoglyphs, can be used to perform social engineering attacks or to evade spam and plagiarism detectors. It is thus important to understand the capabilities of an attacker to identify homoglyphs - particularly ones that have not been previously spotted - and leverage them in attacks. We investigate a deep-learning model using embedding learning, transfer learning, and augmentation to determine the visual similarity of characters and thereby identify potential homoglyphs. Our approach uniquely takes advantage of weak labels that arise from the fact that most characters are not homoglyphs. Our model drastically outperforms the Normal-ized Compression Distance approach on pairwise homoglyph identification, for which we achieve an average precision of 0.97. We also present the first attempt at clustering homoglyphs into sets of equivalence classes, which is more efficient than pairwise information for security practitioners to quickly lookup homoglyphs or to normalize confusable string encodings. To measure clustering performance, we propose a metric (mBIOU) building on the classic Intersection-Over-Union (IOU) metric. Our clustering method achieves 0.592 mBIOU, compared to 0.430 for the naive baseline. We also use our model to predict over 8,000 previously unknown homoglyphs, and find good early indications that many of these may be true positives. Source code and list of predicted homoglyphs are uploaded to Github: https://github.com/PerryXDeng/weaponizing\_unicode. |
DOI | 10.1109/ISI49825.2020.9280538 |
Citation Key | deng_weaponizing_2020 |