Skip to main content
SpringerLink
Log in

Browser-Based Intrusion Prevention System

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5758))

Included in the following conference series:

  • 1652 Accesses

Abstract

This work proposes a novel intrusion prevention technique that leverages information located in the browser in order to mitigate client-side web attacks such as login cross-site request forgery, session hijacking, etc. The browser intrusion prevention system enforces a new fine-grained policy, which complements the same-origin policy, that restricts interaction between authenticated and unauthenticated regions of a page or its associated stored data objects. The browser intrusion prevention system monitors page interactions that occur through script processing or URL fetches. The outcome of this technique is a system that can prevent attacks that are perpetuated by exploiting a user’s browser into making malicious request.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Hypertext transfer protocol –http/1.1

    Google Scholar 

  2. Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: ACM Conference on Computer and Communications Security (2008)

    Google Scholar 

  3. Jovanovic, N., Kirda, E., Kruegel, C.: Preventing cross site request forgery attacks. In: Proceedings of the Second IEEE Conference on Security and Privacy in Communications Networks (SecureComm), pp. 1–10 (2006)

    Google Scholar 

  4. Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: ACM Conference on Computer and Communications Security, pp. 58–71 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Georgia Institute of Technology, USA

    Ikpeme Erete

Authors
  1. Ikpeme Erete
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia-Antipolis Cedex, France

    Engin Kirda  & Davide Balzarotti  & 

  2. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Erete, I. (2009). Browser-Based Intrusion Prevention System. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04342-0_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04341-3

  • Online ISBN: 978-3-642-04342-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation