Client-Side Detection of Clickjacking Attacks

Client-Side Detection of Clickjacking Attacks

Hossain Shahriar (Department of Computer Science, Kennesaw State University, Kennesaw, GA, USA) and Hisham M. Haddad (Kennesaw State University, Kennesaw, GA, USA)
Copyright: © 2015 |Pages: 25
DOI: 10.4018/IJISP.2015010101
OnDemand PDF Download:
$37.50

Abstract

Clickjacking attacks are emerging threat for web application users where click operations performed by victims lead to security breaches such as compromising webcams and posting unintended messages. Effective client-side defense technique could prevent the possible victims. This paper presents a client side approach to detect clickjacking attacks. The authors' approach examines web page requests and responses; the proposed approach is designed to detect advanced attack types such as cursorjacking, double click, and history object-based attacks. They evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that our approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.
Article Preview

2. Illustrative Example

We illustrate an example code snippet mimicking a clickjacking attack based on Facebook “Like” action. Here, the GUI element for “Like” is being hidden in an iframe of a web page controlled by an attacker. The attacker hides the GUI element by making the iframe invisible based on Cascading Style Sheet (CSS) features.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2017): 2 Released, 2 Forthcoming
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing