Conferences >2013 11th International Confe...

On Detection and Prevention of Clickjacking Attack for OSNs

Download PDF
Download References
Request Permissions
Save to
Alerts

Abstract:

Click jacking attacks are the emerging threats to websites, especially to online social networks (OSNs). In this paper, we describe some new attacks to online websites. T...Show More

Metadata

Abstract:

Click jacking attacks are the emerging threats to websites, especially to online social networks (OSNs). In this paper, we describe some new attacks to online websites. The new Click jacking attacks cause serious damage to users by stealing their personal credentials or by sharing their personal information on social networks bringing moral degradation to them. The attacker applications are hidden behind the sensitive user interface to steal the clicks of the user and use them for the illegal purposes. To detect and prevent Click jacking attacks, we propose a browser-based solution referred to as Cursor Spoofing and Click jacking Prevention (CSCP). CSCP ensures protection Cursor spoofing attack with high effectiveness and also the Like jacking attacks, other variation of Click jacking attacks which associate malicious code to Facebook Like buttons. We have conducted our studies on 442 participants to evaluate the effectiveness of our attacks and also defenses. Results show that our attack success rate falls between 76% and 78%.

Published in: 2013 11th International Conference on Frontiers of Information Technology

Date of Conference: 16-18 December 2013

Date Added to IEEE Xplore: 23 January 2014

ISBN Information:

DOI: 10.1109/FIT.2013.37

Conference Location: Islamabad, Pakistan

Contents

I. Introduction

Clickjacking attack was introduced by Robert Hansen and Jeremiah Grossman in 2008, to steal user initiated mouse clicks to perform actions that the user is not interested in. The attacker achieves the goal by choosing a clickable region on a web page e.g. the region where the login button on the webpage is located and user is asked to enter his or her username and password. On clicking, malicious web page loads from the website inside an iframe, which makes use of Cascading Style Sheets (CSS) to hide all the content on the website except the targeted region. In that region, Clickjacking is used to trick the user on the button or routing him to another web page. It may be transparent or overlapped by another element on the website. Technically, both the JavaScript and CSS are used to place the iframe under the mouse cursor to make user click in the targeted region resulting a malicious action the attacker is intended to do [1]. The vulnerability can occur in all the browsers to embed the code or a script of Clickjacking, which executes without the user's knowledge. Clickjacking attack can cause several threats like stealing personal data such as bank account information, credit card information and social security numbers or installing software applications on a computer.

References is not available for this document.

MIT Libraries

MIT Libraries

On Detection and Prevention of Clickjacking Attack for OSNs

Abstract:

Metadata

Abstract:

I. Introduction

References

IEEE Account

Purchase Details

Profile Information

Need Help?

MIT Libraries

MIT Libraries

On Detection and Prevention of Clickjacking Attack for OSNs

Alerts

Abstract:

Metadata

Abstract:

I. Introduction

References