{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T16:37:44Z","timestamp":1767890264062,"version":"3.49.0"},"reference-count":70,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"7","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. &amp; Syst."],"published-print":{"date-parts":[[2020,7,1]]},"DOI":"10.1587\/transinf.2019icp0002","type":"journal-article","created":{"date-parts":[[2020,6,30]],"date-time":"2020-06-30T22:14:50Z","timestamp":1593555290000},"page":"1493-1511","source":"Crossref","is-referenced-by-count":7,"title":["DomainScouter: Analyzing the Risks of Deceptive Internationalized Domain Names"],"prefix":"10.1587","volume":"E103.D","author":[{"given":"Daiki","family":"CHIBA","sequence":"first","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Ayako","family":"AKIYAMA HASEGAWA","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Takashi","family":"KOIDE","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Yuta","family":"SAWABE","sequence":"additional","affiliation":[{"name":"Waseda University"}]},{"given":"Shigeki","family":"GOTO","sequence":"additional","affiliation":[{"name":"Waseda University"}]},{"given":"Mitsuaki","family":"AKIYAMA","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]}],"member":"532","reference":[{"key":"1","unstructured":"[1] D. Chiba, A.A. Hasegawa, T. Koide, Y. Sawabe, S. Goto, and M. Akiyama, \u201cDomainScouter: Understanding the risks of deceptive IDNs,\u201d Proc. 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pp.413-426, 2019."},{"key":"2","unstructured":"[2] ICANN, \u201cInternationalized domain names.\u201d https:\/\/www.icann.org\/resources\/pages\/idn-2012-02-25-en."},{"key":"3","doi-asserted-by":"crossref","unstructured":"[3] B. Liu, C. Lu, Z. Li, Y. Liu, H. Duan, S. Hao, and Z. Zhang, \u201cA reexamination of internationalized domain names: The good, the bad and the ugly,\u201d Proc. 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp.654-665, 2018. 10.1109\/dsn.2018.00072","DOI":"10.1109\/DSN.2018.00072"},{"key":"4","unstructured":"[4] Y. Sawabe, D. Chiba, M. Akiyama, and S. Goto, \u201cDetecting homograph IDNs using OCR,\u201d Proc. Asia-Pacific Advanced Network (APAN) Research Workshop, pp.56-64, 2018."},{"key":"5","unstructured":"[5] \u201cTouched by an IDN: Farsight Security shines a light on the Internet&apos;s oft-ignored and undetected security problem.\u201d https:\/\/www.farsightsecurity.com\/2018\/01\/17\/mschiffm-touched_by_an_idn\/."},{"key":"6","unstructured":"[6] X. Zheng, \u201cPhishing with Unicode Domains.\u201d https:\/\/www.xudongz.com\/blog\/2017\/idn-phishing\/."},{"key":"7","unstructured":"[7] NewSky Security, \u201cFake Adobe website delivers BetaBot.\u201d https:\/\/blog.newskysecurity.com\/fake-adobe-website-delivers-betabot-4114d1775a18."},{"key":"8","unstructured":"[8] Tencent Security Xuanwu Lab, \u201cSpoof All Domains Containing \u2018d\u2019 in Apple Products [CVE-2018-4277].\u201d https:\/\/xlab.tencent.com\/en\/2018\/11\/13\/cve-2018-4277\/."},{"key":"9","doi-asserted-by":"crossref","unstructured":"[9] P. Kintis, N. Miramirkhani, C. Lever, Y. Chen, R.R. G\u00f3mez, N. Pitropakis, N. Nikiforakis, and M. Antonakakis, \u201cHiding in plain sight: A longitudinal study of combosquatting abuse,\u201d Proc. 24th ACM SIGSAC Conference on Computer and Communications Security (CCS), pp.569-586, 2017. 10.1145\/3133956.3134002","DOI":"10.1145\/3133956.3134002"},{"key":"10","unstructured":"[10] Y. Wang, D. Beck, J. Wang, C. Verbowski, and B. Daniels, \u201cStrider typo-patrol: Discovery and analysis of systematic typo-squatting,\u201d Proc. 2nd USENIX Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006."},{"key":"11","unstructured":"[11] J. Szurdi, B. Kocso, G. Cseh, J. Spring, M. F\u00e9legyh\u00e1zi, and C. Kanich, \u201cThe long \u201ctaile\u201d of typosquatting domain names,\u201d Proc. 23rd USENIX Security Symposium, pp.191-206, 2014."},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] P. Agten, W. Joosen, F. Piessens, and N. Nikiforakis, \u201cSeven months&apos; worth of mistakes: A longitudinal study of typosquatting abuse,\u201d Proc. 22nd Annual Network and Distributed System Security Symposium (NDSS), 2015. 10.14722\/ndss.2015.23058","DOI":"10.14722\/ndss.2015.23058"},{"key":"13","doi-asserted-by":"crossref","unstructured":"[13] M.T. Khan, X. Huo, Z. Li, and C. Kanich, \u201cEvery second counts: Quantifying the negative externalities of cybercrime via typosquatting,\u201d Proc. 36th IEEE Symposium on Security and Privacy (SP), pp.135-150, 2015. 10.1109\/sp.2015.16","DOI":"10.1109\/SP.2015.16"},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] N. Nikiforakis, S.V. Acker, W. Meert, L. Desmet, F. Piessens, and W. Joosen, \u201cBitsquatting: exploiting bit-flips for fun, or profit?,\u201d Proc. 22nd International World Wide Web Conference (WWW), pp.989-998, 2013. 10.1145\/2488388.2488474","DOI":"10.1145\/2488388.2488474"},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] T.P. Thao, Y. Sawaya, H.-Q. Nguyen-Son, A. Yamada, K. Omote, and A. Kubota, \u201cHunting Brand Domain Forgery: A Scalable Classification for Homograph Attack,\u201d Proc. 34th IFIP International Conference on Information Security and Privacy Protection (IFIP SEC), pp.3-18, 2019. 10.1007\/978-3-030-22312-0_1","DOI":"10.1007\/978-3-030-22312-0_1"},{"key":"16","unstructured":"[16] IANA, \u201cRoot zone database.\u201d https:\/\/www.iana.org\/domains\/root\/db."},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] M. Korczynski, M. Wullink, S. Tajalizadehkhoob, G.C.M. Moura, A. Noroozian, D. Bagley, and C. Hesselman, \u201cCybercrime after the sunrise: A statistical analysis of DNS abuse in new gTLDs,\u201d Proc. 13th ACM Asia Conference on Computer and Communications Security (ASIACCS), pp.609-623, 2018. 10.1145\/3196494.3196548","DOI":"10.1145\/3196494.3196548"},{"key":"18","unstructured":"[18] ICANN, \u201cICANN new gTLDs delegated strings.\u201d https:\/\/newgtlds.icann.org\/en\/program-status\/delegated-strings."},{"key":"19","unstructured":"[19] ICANN, \u201cICANN IDN Glossary.\u201d https:\/\/www.icann.org\/resources\/pages\/glossary-2014-02-04-en."},{"key":"20","unstructured":"[20] ICANN, \u201cICANN IDN ccTLD Fast Track Process.\u201d https:\/\/www.icann.org\/resources\/pages\/fast-track-2012-02-25-en."},{"key":"21","unstructured":"[21] \u201cWhois XML API.\u201d https:\/\/www.whoisxmlapi.com\/."},{"key":"22","unstructured":"[22] \u201cAlexa Top Sites.\u201d http:\/\/www.alexa.com\/topsites\/."},{"key":"23","unstructured":"[23] \u201cCisco Umbrella 1 Million.\u201d https:\/\/umbrella.cisco.com\/blog\/2016\/12\/14\/cisco-umbrella-1-million\/."},{"key":"24","unstructured":"[24] \u201cMajestic Million.\u201d https:\/\/majestic.com\/reports\/majestic-million."},{"key":"25","doi-asserted-by":"crossref","unstructured":"[25] Q. Scheitle, O. Hohlfeld, J. Gamba, J. Jelten, T. Zimmermann, S.D. Strowes, and N. Vallina-Rodriguez, \u201cA long way to the top: Significance, structure, and stability of Internet top lists,\u201d Proc. 18th ACM Internet Measurement Conference (IMC), pp.478-493, 2018. 10.1145\/3278532.3278574","DOI":"10.1145\/3278532.3278574"},{"key":"26","doi-asserted-by":"crossref","unstructured":"[26] V. Le Pochat, T. Van Goethem, S. Tajalizadehkhoob, M. Korczy\u0144ski, and W. Joosen, \u201cTranco: A research-oriented top sites ranking hardened against manipulation,\u201d Proc. 26th Annual Network and Distributed System Security Symposium (NDSS), 2019.","DOI":"10.14722\/ndss.2019.23386"},{"key":"27","unstructured":"[27] \u201cVirusTotal.\u201d https:\/\/www.virustotal.com\/."},{"key":"28","unstructured":"[28] \u201chpHosts.\u201d http:\/\/www.hosts-file.net\/."},{"key":"29","unstructured":"[29] \u201cGoogle Safe Browsing.\u201d https:\/\/developers.google.com\/safe-browsing\/."},{"key":"30","unstructured":"[30] Symantec, \u201cDeepsight intelligence.\u201d https:\/\/www.symantec.com\/services\/cyber-security-services\/deepsight-intelligence."},{"key":"31","unstructured":"[31] StatCounter, \u201cBrowser Market Share Worldwide.\u201d http:\/\/gs.statcounter.com\/browser-market-share."},{"key":"32","unstructured":"[32] Mozilla foundation, \u201cPublic suffix list.\u201d https:\/\/publicsuffix.org\/list\/."},{"key":"33","doi-asserted-by":"publisher","unstructured":"[33] D. Chiba, M. Akiyama, T. Yagi, K. Hato, T. Mori, and S. Goto, \u201cDomainChroma: Building actionable threat intelligence from malicious domain names,\u201d Computers &amp; Security, vol.77, pp.138-161, 2018. 10.1016\/j.cose.2018.03.013","DOI":"10.1016\/j.cose.2018.03.013"},{"key":"34","unstructured":"[34] \u201cPolyglot.\u201d http:\/\/polyglot.readthedocs.org."},{"key":"35","doi-asserted-by":"publisher","unstructured":"[35] Z. Wang, A.C. Bovik, H.R. Sheikh, and E.P. Simoncelli, \u201cImage quality assessment: from error visibility to structural similarity,\u201d IEEE Trans. Image Process., vol.13, no.4, pp.600-612, 2004. 10.1109\/tip.2003.819861","DOI":"10.1109\/TIP.2003.819861"},{"key":"36","unstructured":"[36] \u201cPyssim.\u201d https:\/\/github.com\/jterrace\/pyssim."},{"key":"37","doi-asserted-by":"publisher","unstructured":"[37] L. Breiman, \u201cRandom forests,\u201d Machine Learning, vol.45, no.1, pp.5-32, 2001. 10.1023\/a:1010933404324","DOI":"10.1023\/A:1010933404324"},{"key":"38","doi-asserted-by":"crossref","unstructured":"[38] J. Ma, L.K. Saul, S. Savage, and G.M. Voelker, \u201cBeyond blacklists: learning to detect malicious web sites from suspicious URLs,\u201d Proc. 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp.1245-1254, 2009. 10.1145\/1557019.1557153","DOI":"10.1145\/1557019.1557153"},{"key":"39","doi-asserted-by":"crossref","unstructured":"[39] S. Yadav, A.K.K. Reddy, A.L.N. Reddy, and S. Ranjan, \u201cDetecting algorithmically generated malicious domain names,\u201d Proc. 10th ACM SIGCOMM Internet Measurement Conference (IMC), pp.48-61, 2010. 10.1145\/1879141.1879148","DOI":"10.1145\/1879141.1879148"},{"key":"40","unstructured":"[40] M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N.Feamster, \u201cBuilding a dynamic reputation system for DNS,\u201d Proc. 19th USENIX Security Symposium, pp.273-290, 2010."},{"key":"41","doi-asserted-by":"crossref","unstructured":"[41] M. K\u00fchrer, C. Rossow, and T. Holz, \u201cPaint it black: Evaluating the effectiveness of malware blacklists,\u201d Proc. 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pp.1-21, 2014. 10.1007\/978-3-319-11379-1_1","DOI":"10.1007\/978-3-319-11379-1_1"},{"key":"42","doi-asserted-by":"crossref","unstructured":"[42] D. Chiba, T. Yagi, M. Akiyama, T. Shibahara, T. Yada, T. Mori, and S. Goto, \u201cDomainProfiler: Discovering domain names abused in future,\u201d Proc. 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp.491-502, 2016. 10.1109\/dsn.2016.51","DOI":"10.1109\/DSN.2016.51"},{"key":"43","unstructured":"[43] L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, \u201cEXPOSURE: finding malicious domains using passive DNS analysis,\u201d Proc. 18th Network and Distributed System Security Symposium (NDSS), 2011."},{"key":"44","unstructured":"[44] M. Antonakakis, R. Perdisci, W. Lee, N.V. II, and D. Dagon, \u201cDetecting malware domains at the upper DNS hierarchy,\u201d Proc. 20th USENIX Security Symposium, 2011."},{"key":"45","unstructured":"[45] M. Antonakakis, R. Perdisci, Y. Nadji, N.V. II, S. Abu-Nimeh, W. Lee, and D. Dagon, \u201cFrom throw-away traffic to bots: Detecting the rise of DGA-based malware,\u201d Proc. 21st USENIX Security Symposium, pp.491-506, 2012."},{"key":"46","unstructured":"[46] Farsight Security, Inc., \u201cDNSDB.\u201d https:\/\/www.dnsdb.info\/."},{"key":"47","doi-asserted-by":"publisher","unstructured":"[47] E.L. Kaplan and P. Meier, \u201cNonparametric estimation from incomplete observations,\u201d Journal of the American Statistical Association, vol.53, no.282, pp.457-481, 1958. 10.1080\/01621459.1958.10501452","DOI":"10.1080\/01621459.1958.10501452"},{"key":"48","doi-asserted-by":"crossref","unstructured":"[48] C. Ga\u00f1\u00e1n, O. Cetin, and M. van Eeten, \u201cAn empirical analysis of ZeuS C&amp;C lifetime,\u201d Proc. 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp.97-108, 2015. 10.1145\/2714576.2714579","DOI":"10.1145\/2714576.2714579"},{"key":"49","doi-asserted-by":"crossref","unstructured":"[49] T. Lauinger, K. Onarlioglu, A. Chaabane, W. Robertson, and E. Kirda, \u201cWHOIS lost in translation: (mis)understanding domain name expiration and re-registration,\u201d Proc. 16th ACM on Internet Measurement Conference (IMC), pp.247-253, 2016. 10.1145\/2987443.2987463","DOI":"10.1145\/2987443.2987463"},{"key":"50","doi-asserted-by":"crossref","unstructured":"[50] A. Noroozian, M. Korczynski, C.H. Ga\u00f1\u00e1n, D. Makita, K.Yoshioka, and M. van Eeten, \u201cWho gets the boot? analyzing victimization by DDoS-as-a-Service,\u201d Proc. 19th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), pp.368-389, 2016. 10.1007\/978-3-319-45719-2_17","DOI":"10.1007\/978-3-319-45719-2_17"},{"key":"51","unstructured":"[51] T.C. Projects, \u201cIDN in Google Chrome.\u201d https:\/\/www.chromium.org\/developers\/design-documents\/idn-in-google-chrome."},{"key":"52","unstructured":"[52] \u201cGuidelines for URL Display.\u201d https:\/\/chromium.googlesource.com\/chromium\/src\/+\/master\/docs\/security\/url_display_guidelines\/url_display_guidelines.md."},{"key":"53","unstructured":"[53] E. Stark, \u201cThe URLephant in the room. In <i>USENIX Enigma 2019<\/i>.\u201d https:\/\/www.usenix.org\/conference\/enigma2019\/presentation\/stark."},{"key":"54","unstructured":"[54] \u201cGuidelines for the Implementation of Internationalized Domain Names Version 4.0.\u201d https:\/\/www.icann.org\/en\/system\/files\/files\/idn-guidelines-10may18-en.pdf."},{"key":"55","doi-asserted-by":"crossref","unstructured":"[55] K. Davies and A. Freytag, \u201cRepresenting Label Generation Rulesets Using XML.\u201d RFC 7940 (Proposed Standard), Aug. 2016. 10.17487\/rfc7940","DOI":"10.17487\/RFC7940"},{"key":"56","unstructured":"[56] \u201cRepository of IDN Practices.\u201d https:\/\/www.iana.org\/domains\/idn-tables."},{"key":"57","unstructured":"[57] \u201cThe Trademark Clearinghouse.\u201d http:\/\/trademark-clearinghouse.com."},{"key":"58","unstructured":"[58] \u201cUniform Domain-Name Dispute-Resolution Policy.\u201d https:\/\/www.icann.org\/resources\/pages\/help\/dndr\/udrp-en."},{"key":"59","unstructured":"[59] \u201cICANN-Accredited Registrars.\u201d https:\/\/www.icann.org\/registrar-reports\/accredited-list.html."},{"key":"60","unstructured":"[60] \u201cJP Domain Name Dispute Resolution Policy (JP-DRP).\u201d https:\/\/www.nic.ad.jp\/en\/drp\/."},{"key":"61","unstructured":"[61] \u201cWIPO Cybersquatting Cases Reach New Record in 2017.\u201d https:\/\/www.wipo.int\/pressroom\/en\/articles\/2018\/article_0001.html."},{"key":"62","unstructured":"[62] \u201cWIPO UDRP Domain Name Decisions (gTLD).\u201d https:\/\/www.wipo.int\/amc\/en\/domains\/decisionsx\/index-gtld.html."},{"key":"63","unstructured":"[63] \u201cUniform Rapid Suspension (URS).\u201d https:\/\/www.icann.org\/resources\/pages\/urs-2014-01-09-en."},{"key":"64","unstructured":"[64] \u201cSchedule of Fees under the UDRP (valid as of December 1, 2002).\u201d https:\/\/www.wipo.int\/amc\/en\/domains\/fees\/."},{"key":"65","unstructured":"[65] \u201cBaseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.7.\u201d https:\/\/cabforum.org\/wp-content\/uploads\/BRv1.1.7.pdf."},{"key":"66","doi-asserted-by":"crossref","unstructured":"[66] B. Laurie, A. Langley, and E. Kasper, \u201cCertificate Transparency.\u201d RFC 6962 (Experimental), June 2013. 10.17487\/rfc6962","DOI":"10.17487\/rfc6962"},{"key":"67","doi-asserted-by":"publisher","unstructured":"[67] E. Gabrilovich and A. Gontmakher, \u201cThe homograph attack,\u201d Commun. ACM, vol.45, no.2, p.128, 2002. 10.1145\/503124.503156","DOI":"10.1145\/503124.503156"},{"key":"68","unstructured":"[68] T. Holgers, D.E. Watson, and S.D. Gribble, \u201cCutting through the confusion: A measurement study of homograph attacks,\u201d Proc. USENIX Annual Technical Conference (ATC), pp.261-266, 2006."},{"key":"69","doi-asserted-by":"crossref","unstructured":"[69] V.L. Pochat, T. van Goethem, and W. Joosen, \u201cFunny accents: Exploring genuine interest in internationalized domain names,\u201d Proc. 20th International Conference on Passive and Active Measurement (PAM), pp.178-194, 2019. 10.1007\/978-3-030-15986-3_12","DOI":"10.1007\/978-3-030-15986-3_12"},{"key":"70","doi-asserted-by":"crossref","unstructured":"[70] H. Suzuki, D. Chiba, Y. Yoneya, T. Mori, and S. Goto, \u201cShamFinder: An automated framework for detecting IDN homographs,\u201d Proc. 19th ACM Internet Measurement Conference (IMC), pp.449-462, 2019. 10.1145\/3355369.3355587","DOI":"10.1145\/3355369.3355587"}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/7\/E103.D_2019ICP0002\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,4]],"date-time":"2020-07-04T03:24:38Z","timestamp":1593833078000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/7\/E103.D_2019ICP0002\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,1]]},"references-count":70,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2020]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2019icp0002","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,1]]}}}