Request and Response Analysis Framework for Mitigating Clickjacking Attacks
Department
Information Systems
Document Type
Article
Publication Date
2015
Abstract
This paper addresses the detection of clickjacking attacks, which is an emerging web application security issue. The authors propose a web application request and response page analysis framework to detect clickjacking attacks. Their framework considers not only inspects visual features related to frame, JavaScript code pattern in details to match with known attack signatures. The proposed approach is able to detect advanced clickjacking attacks such as cursorjacking, double click, and history object-based attacks. The authors evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that their approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.
Journal Title
International Journal of Secure Software Engineering
Journal ISSN
1947-3044
Volume
6
Issue
3
First Page
1
Last Page
25
Digital Object Identifier (DOI)
10.4018/IJSSE.2015070101