Abstract
Evolution of web technologies also brings new exploits in web applications. Attacker gains new flaws in the web application to perform wide variety of malicious tasks. These malicious tasks will compromise sensitive information of users and also makes loss in market value of the organization. Thus, the study of various types of vulnerabilities and their weakness in the web application structure is a challenging task. This paper focuses on clickjacking attack and provides an efficient detection technique to overcome this attack. The proposed technique has the features and standards to measure the attack and how much the vulnerability is being exposed with respect to the context of application in the dynamic environment. Thus, the proposed system handles clickjacking efficiently and the vulnerability of the attack can be measured by the deviation of the system state with expected state.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://msdn.microsoft.com/en-us/library/office/aa218647%28v=office.11%29.aspx.
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29.
Alenezi M, Reed MJ. School of Computer Science and Electronic Engineering. Denial of service detection through TCP congestion window analysis. In: World Congress on Internet Security 2013.
Yousra Faisal Gad Mahgoup Elhakeem, Bazara I. A. Barry Developing a security model to protect websites from cross-site scripting attacks using Zend framework application. In: 2013 International Conference on Computing.
Yongle Wangs Xuchang ploughs the recent information science research institute Xuchang, JunZHang Chen Xuchang Vocational Technical College Xuchang, China. Hijacking spoofing attack and defense strategy based on Internet TCP sessions, 2013.
Proceedings of 2013 IEEE Conference on Information and Communication Technologies (ICT 2013). A fast and secure way to prevent SQL injection attacks. Piyush Mittal1, Sanjay Kumar Jena2.
Shahriar H, Zulkernine M. Client-side detection of cross-site request forgery attacks. In: 2010 IEEE.
Rydstedt G, Bursztein E, Boneh D, Jackson C. Busting framebusting: a study of click-jacking vulnerabilities at popular sites. In: Proceedings of the Web 2.0 Security and Privacy, 2010.
Paul S. Next generation click-jacking. BlackHat Europe. 2010.
US-CERT. CVE-2008-4503: adobe flash player click-jacking vulnerability. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4503. Accessed 10, 2008.
Wang HJ, Grier C, Moshchuk A, King ST, Choudhury P, Venter H. The multi-principal OS construction of the gazelle web browser. In: Proceedings of the 18th Conference on USENIX Security Symposium, 2009.
Rydstedt G, Gourdin B, Bursztein E, Boneh D. Framing attacks on smart phones and dumb routers: tap-jacking and geo-localization attacks. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, USENIX Association, 2010.
Hickson I et al. HTML5 sandbox attribute, 2010. http://www.whatwg.org/specs/webapps/currentwork/attr-iframe-sandbox.
Sophos. “What is ‘Likejacking’?” Sophos. [Online] http://www.sophos.com/en-us/security-news-trends/security-trends/what-is-likejacking.aspx. Accessed 17 Apr 2014.
Maone G. Noscript clearclick. http://noscript.net/faq#clearclick. Accessed Jan 2012.
Maone G. Hello ClearClick, Goodbye Clickjacking! http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/. Accessed 10, 2008.
Balduzzi M, Egele M, Kirda E, Balzarotti D, Kruegel C Solution for the automated detection of click-jacking attacks. I:n ASIACCS’10, 2010.
Bradbury Danny. The dangers of badly formed websites. Comput Fraud Secur. 2012;2012(1):12–4.
Shamsi JA, Hameed S, Rahman W, Zuberi F, Altaf K, Amjad A. Click safe, providing security against click-jacking attacks. In: 15th International Symposium on High-Assurance Systems Engineering, IEEE 2014.
Microsoft. How to recognize phishing email messages, links, or phone calls. Microsoft. http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx. Accessed 17 Apr 2014.
Lundeen R, Jesse O, Travis R. New ways I’m going to hack YourWeb App. Blackhat AD, 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer India
About this paper
Cite this paper
Kavitha, D., Chandrasekaran, S., Rani, S.K. (2016). HDTCV: Hybrid Detection Technique for Clickjacking Vulnerability. In: Dash, S., Bhaskar, M., Panigrahi, B., Das, S. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 394. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2656-7_56
Download citation
DOI: https://doi.org/10.1007/978-81-322-2656-7_56
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2654-3
Online ISBN: 978-81-322-2656-7
eBook Packages: EngineeringEngineering (R0)