nofish - using Levenshtein distance for phishing detection

nofish is a proof-of-concept Chrome extension to thwart phishing attempts. It uses the Levenshtein edit distance to calculate a "similarity score" between the requested domain and a list of known good hosts. If the requested hostname is too similar to a known host, nofish will block the request from being sent.

Since the inclusion of Unicode characters in domain names, IDN homoglyph attacks are more potent as there are far more visually similar characters in the Unicode charset. nofish uses a modified symbol equality check in the Levenshtein algorithm that includes also Unicode confusables.

This phising detection technique could also be implemented at the DNS resolver level to prevent bitsquatting or typosquatting.

Leo Xiong

Leo Xiong

Just Another Fantastic Auckland living in Sydney.
Sydney, Australia