Request and Response Analysis Framework for Mitigating Clickjacking Attacks

Department

Information Systems

Document Type

Article

Publication Date

2015

Abstract

This paper addresses the detection of clickjacking attacks, which is an emerging web application security issue. The authors propose a web application request and response page analysis framework to detect clickjacking attacks. Their framework considers not only inspects visual features related to frame, JavaScript code pattern in details to match with known attack signatures. The proposed approach is able to detect advanced clickjacking attacks such as cursorjacking, double click, and history object-based attacks. The authors evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that their approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.

Journal Title

International Journal of Secure Software Engineering

Journal ISSN

1947-3044

Volume

6

Issue

3

First Page

1

Last Page

25

Digital Object Identifier (DOI)

10.4018/IJSSE.2015070101

Share

COinS