A homoglyph attack is a form of phishing attack, which happens when a phishing site uses a domain name that is visually highly similar to a legitimate site. They can happen through various vectors (e.g. emails, websites, instant messaging), therefore it is challenging to defend all vectors with one technological solution.
We propose to address this challenge by two novel contributions and outcomes of this project: 1) a robust homoglyph detector/generator API service; 2) a comprehensive educational site, homoglyph.me, that will provide interactive learning tools based on the created service (e.g. users will distinguish legitimate domains from automatically generated homoglyphs).
The service will utilize machine learning (e.g. neural networks) to create a novel tool that can consider not only textual but also visual similarity. It will be provided as an open source to developers to protect users in their apps (e.g. to show a warning about a possible homoglyph attack in a comment in a discussion forum). The educational site (also serving as an example of how the service can be used), will educate users, thus minimizing the vulnerability to homoglyph attacks on all vectors at once.