Classification of Clickjacking Attacks and Detection Techniques

Department

Computer Science

Document Type

Article

Publication Date

10-22-2014

Abstract

Among many existing security threats, clickjacking attacks are the least understood and one of the common emerging security threats on the Web. A clickjacking attack lures users to click on objects transparently placed in malicious Web pages that may lead to unwanted operations on the legitimate Websites without the knowledge of the users. In particular, victims can be tricked to click on objects from various Websites such as social networks (Facebook, Twitter), shopping (Amazon), and online banking. Therefore, clickjacking attacks need to be addressed to mitigate these unwanted consequences. To combat the clickjacking attacks, it is necessary to understand how clickjacking attacks occur in the real world along with the comparative performance of the state-of-the art solutions. In this article, we discuss various basic and advanced clickjacking attacks. We then discuss a number of client, server, and proxy-level approaches that can be employed to combat clickjacking attacks. We also highlight the advantages and disadvantages along with attack type coverage information. The findings should enable security practitioners to be aware of the most recent development in this area and choose the appropriate defense mechanism based on their needs.

Journal Title

Information Security Journal: A Global Perspective

Journal ISSN

1939-3547

Volume

23

Issue

4

First Page

137

Last Page

147

Digital Object Identifier (DOI)

10.1080/19393555.2014.931489

Share

COinS