Abstract
Phishing is one of the most prevalent types of modern attacks, costing significant financial losses to enterprises and users each day. Despite the emergence of various anti-phishing tools, not only there has been a dramatic increase in the number of phishing attacks but also more sophisticated forms of these attacks have come into existence. One of these forms of phishing attacks is the tabnabbing attack. Tabnabbing takes advantage of the user’s trust and inattention to the open tabs in the browser and changes the appearance of an already open malicious page to the appearance of a trusted website. The existing tabnabbing detection and prevention techniques block scripts that are susceptible to perform malicious actions or violate the browser security policy. However, most of these techniques cannot effectively prevent the script-free variant of the tabnabbing attack. In this paper, we introduce TabsGuard, an approach that combines heuristics and a machine-learning technique to keep track of the major changes made to the layout of a webpage whenever a tab loses its focus. TabsGuard is developed as a browser extension and evaluated against the top 1,000 trusted websites from Alexa. The results of our evaluation convey a significant improvement over the existing techniques. Finally, TabsGuard can be deployed as an extension service as a viable means for protecting against tabnabbing attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This extension has recently been removed from Chrome and Opera repositories.
References
Anti-Phishing Working Group. Global Phishing Survey: Trends and Domain Name Use in 2H2013. http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2013.pdf
Belabed, A., Aïmeur, E., and Chikh, A.: A personalized whitelist approach for phishing webpage detection. In: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security, ARES 2012, pp. 249–254. IEEE Computer Society, Washington, DC (2012)
Bin, S., Qiaoyan, W., and Xiaoying, L.: A DNS-based anti-phishing approach. In: Proceedings of the 2010 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing - NSWCTC 2010, vol. 02, pp. 262–265. IEEE Computer Society, Washington (2010)
Dunlop, M., Groat, S., Shelly, D.: Goldphish: using images for content-based phishing analysis. In: Proceedings of the Fifth International Conference on Internet Monitoring and Protection, ICIMP 2010, pp. 123–128, May 2010
Maggi, F.: Are the Con Artists Back? A preliminary analysis of modern phone frauds. In: CIT, pp. 824–831. IEEE Computer Society (2010)
Tabnabbing: A New Type of Phishing Attack. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
Ryck, P.D., Nikiforakis, N., Desmet, L., Joosen, w.: TabShots: Client-side detection of tabnabbing attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 447–456. ACM, New York (2013)
Krebs on Security. Devious New Phishing Tactic Targets Tabs. http://avivraff.com/research/phish/article.php?1464682399
InformAction Open Source Software. Noscript. http://noscript.net/
Mozilla Foundation. Controle de Scripts. https://addons.mozilla.org/en-US/firefox/addon/controle-de-scripts/
Script Block. https://chrome.google.com/webstore/detail/scriptblock/hcdjknjpbnhdoabbngpmfekaecnpajba?hl=en
StatSoft. k-Nearest Neighbors. http://www.statsoft.com/textbook/k-nearest-neighbors
Alexa - Actionable Analytics for the Web. http://www.alexa.com/, May 2014
Learn How To Hack Best Online Ethical Hacking Website. Advanced Tabnabbing Tutorial. http://www.hackingloops.com/2012/04/advanced-tabnabbing-tutorial.html
Prakash, P., Kumar, M., Kompella, R.R., Gupta, M.: PhishNet: Predictive blacklisting to detect phishing attacks. In: Proceedings of the 29th Conference on Information Communications, INFOCOM 2010, pp. 346–350. IEEE Press, Piscataway (2010)
Ricca, F., Tonella, P.: Analysis and testing of web applications. In: Proceedings of the 23rd International Conference on Software Engineering, ICSE 2001, pp. 25–34, IEEE Computer Society Washington, DC (2001)
Tonella, P., Ricca, F.: Statistical testing of web applications. J. Softw. Maint. Evol. 16(1–2), 103–127 (2004)
Gottron, T.: Clustering template based web documents. In: Macdonald, C., Ounis, I., Plachouras, V., Ruthven, I., White, R.W. (eds.) ECIR 2008. LNCS, vol. 4956, pp. 40–51. Springer, Heidelberg (2008)
Seeking Wisdom. TF-IDF and Cosine Similarity. http://janav.wordpress.com/2013/10/27/tf-idf-and-cosine-similarity/
Cruz, I., Borisov, S., Marks, M.A., Webb, T.R.: Measuring structural similarity among web documents: preliminary results. In: Hersch, R.D., André, J., Brown, H. (eds.) RIDT 1998 and EPub 1998. LNCS, vol. 1375, pp. 513–524. Springer, Heidelberg (1998)
Tombros, A., Ali, Z.: Factors affecting web page similarity. In: Fernández-Luna, J.M., Losada, D.E. (eds.) ECIR 2005. LNCS, vol. 3408, pp. 487–501. Springer, Heidelberg (2005)
IETF. The Base16, Base32, and Base64 Data Encodings. https://tools.ietf.org/html/rfc4648/
Oracle Data Mining Concepts. Anomaly Detection. http://docs.oracle.com/cd/B28359_01/datamine.111/b28129/anomalies.htm#DMCON006
RapidMiner. http://rapidminer.com/
Mozilla Firefox. iMacros for FireFox. https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/
Nielsen Norman Group. How Long Do Users Stay on Web Pages? http://www.nngroup.com/articles/how-long-do-users-stay-on-web-pages/
Gupta, G., Pieprzyk, J.: Socio-technological phishing prevention. Inf. Secur. Tech. Rep. 16(2), 67–73 (2011)
Zhang, Y., Hong, J.I., Cranor, L.F.: CANTINA: A content-based approach to detecting phishing web sites. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, pp. 639–648. ACM, New York (2007)
Ludl, C., McAllister, S., Kirda, E., Kruegel, C.: On the effectiveness of techniques to detect phishing sites. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 20–39. Springer, Heidelberg (2007)
Carine, G.: Webber, Maria de Ftima W. do Prado Lima, and Felipe S. Hepp. Testing Phishing Detection Criteria and Methods. In: Sambath, S., Zhu, E. (eds.) Frontiers in Computer Education. Advances in Intelligent and Soft Computing, vol. 133, pp. 853–858. Springer, Berlin Heidelberg (2012)
Mozilla Corporation. Mozilla Persona. https://login.persona.org/about
Mozilla Foundation. YesScript. https://addons.mozilla.org/en-US/firefox/addon/yesscript/
Chrome Web Store. ScriptSafe. https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en
Chrome Web Store. NotScripts. https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en
Chrome Web Store. Script Defender. https://chrome.google.com/webstore/detail/scriptdefender/celgmkbkgakmkfboolifhbllkfiepcae?hl=en
Unlu, S.A., Bicakci, K.: NoTabNab: protection against the tabnabbing attack. In: eCrime Researchers Summit (eCrime), pp. 1–5 (2010)
Suri, R.K., Tomar, D.S., Sahu, D.R.: An approach to perceive tabnabbing attack. Int. J. Sci. Technol. Res. 1, 447–456 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Hashemi, H.F., Zulkernine, M., Weldemariam, K. (2015). TabsGuard: A Hybrid Approach to Detect and Prevent Tabnabbing Attacks. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-17127-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17126-5
Online ISBN: 978-3-319-17127-2
eBook Packages: Computer ScienceComputer Science (R0)