A Solution for the Automated Detection of Clickjacking Attacks
Clickjacking is a web-based attack that has recently received a wide media coverage. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only barely (or not at all) visible. By stealing the victims clicks, an attacker could force the user to perform an unintended action that is advantageous for the attacker (e.g., initiate an online money transaction). Although clickjacking has been the subject of many discussions and alarming reports, it is currently unclear to what extent clickjacking is being used by attackers in the wild, and how significant the attack is for the security of Internet users. In this paper, we propose a novel solution for the auto mated and efficient detection of clickjacking attacks. We describe the system that we designed, implemented and de ployed to analyze over a million unique web pages. The experiments show that our approach is feasible in practice. Also, the empirical study that we conducted on a large num ber of popular websites suggests that clickjacking has not yet been largely adopted by attackers on the Internet.
Clickjacking Web Security ClicklDS HTML IFRAME CSS Javascript, Browser Plug-In
Marco Balduzzi Manuel Egele Engin Kirda Davide Balzarotti Christopher Kruegel
Institute Eurecom Sophia-Antipolis Technical University Vienna University of California Santa Barbara
国际会议
北京
英文
135-144
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)