Australian Information Security Management Conference

Document Type

Conference Proceeding




Originally published as: McElroy, T., Hannay, P., & Baatard, G. (2017). The 2017 homograph browser attack mitigation survey. In Valli, C. (Ed.). (2017). The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Western Australia. (pp.88-96).


Since their inception, International Domain Names (IDN) have allowed for non-Latin characters to be entered into domain names. This feature has led to attackers forging malicious domains which appear identical to the Latin counterpart. This is achieved through using non-Latin characters which appear identical to their Latin counterpart. This attack is referred to as a Homograph attack. This research continues the work of Hannay and Bolan (2009), and Hannay and Baatard (2012), which assessed the mitigation methods incorporated by web browsers in mitigating IDN homograph attacks. Since these works, time IDN mitigation algorithms have been altered, such as the one used in Mozilla Firefox (Gerv, 2017). This study evaluates browser homograph attack mitigation strategies in browsers released post-2011. In this study, we find a high level of effective multi-script mitigation across the browser families surveyed. Notable exceptions to this include a single version of Firefox in which the mitigation features were not present and ongoing omission of mitigation against single script attacks.