Request and Response Analysis Framework for Mitigating Clickjacking Attacks

International journal of secure software engineering Pub Date : 2015-07-01 DOI:10.4018/IJSSE.2015070101
H. Shahriar, Hisham M. Haddad, V. Devendran
{"title":"Request and Response Analysis Framework for Mitigating Clickjacking Attacks","authors":"H. Shahriar, Hisham M. Haddad, V. Devendran","doi":"10.4018/IJSSE.2015070101","DOIUrl":null,"url":null,"abstract":"This paper addresses the detection of clickjacking attacks, which is an emerging web application security issue. The authors propose a web application request and response page analysis framework to detect clickjacking attacks. Their framework considers not only inspects visual features related to frame, JavaScript code pattern in details to match with known attack signatures. The proposed approach is able to detect advanced clickjacking attacks such as cursorjacking, double click, and history object-based attacks. The authors evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that their approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"20 1","pages":"1-25"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSE.2015070101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9

Abstract

This paper addresses the detection of clickjacking attacks, which is an emerging web application security issue. The authors propose a web application request and response page analysis framework to detect clickjacking attacks. Their framework considers not only inspects visual features related to frame, JavaScript code pattern in details to match with known attack signatures. The proposed approach is able to detect advanced clickjacking attacks such as cursorjacking, double click, and history object-based attacks. The authors evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that their approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
缓解点击劫持攻击的请求和响应分析框架
点击劫持攻击是一个新兴的web应用程序安全问题。作者提出了一个web应用程序请求和响应页面分析框架来检测点击劫持攻击。他们的框架不仅考虑了与框架相关的视觉特征,还考虑了JavaScript代码模式的细节,以匹配已知的攻击签名。所提出的方法能够检测高级点击劫持攻击,如光标劫持、双击和基于历史对象的攻击。作者用一组合法和恶意网站来评估所提出的方法。结果表明,该方法具有较低的假阳性和假阴性率。所提出的方法所带来的开销可以忽略不计。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
International journal of secure software engineering
International journal of secure software engineering
自引率
0.00%
发文量
0
期刊最新文献
Analysis of Existing Software Cognitive Complexity Measures Risk Centric Activities in Secure Software Development in Public Organisations LDAP Vulnerability Detection in Web Applications A Database of Existing Vulnerabilities to Enable Controlled Testing Studies Goal Modelling for Security Problem Matching and Pattern Enforcement
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1