Skip to main content
Article thumbnail
Location of Repository

A Solution for the Automated Detection of Clickjacking Attacks

By Engin Kirda, Marco Balduzzi, Davide Balzarotti, Manuel Egele and Christopher Kruegel

Abstract

Clickjacking is a web-based attack that has recently received a wide media coverage. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only barely (or not at all) visible. By stealing the victim’s clicks, an attacker could force the user to perform an unintended action that is advantageous for the attacker (e.g., initiate an online money transaction). Although clickjacking has been the subject of many discussions and alarming reports, it is currently unclear to what extent clickjacking is being used by attackers in the wild, and how significant the attack is for the security of Internet users. In this paper, we propose a novel solution for the automated and efficient detection of clickjacking attacks. We describe the system that we designed, implemented and deployed to analyze over a million unique web pages. The experiments show that our approach is feasible in practice. Also, the empirical study that we conducted on a large number of popular websites suggests that clickjacking has not yet been largely adopted by attackers on the Internet. Categories andSubject Descriptor

Topics: K.6.5 [Management of Computing and Information Systems, Security and Protection General Terms Security, Design, Experimentation Keywords Clickjacking, Web Security, ClickIDS, HTML IFRAME, CSS, Javascript, Browser Plug-In
Year: 2011
OAI identifier: oai:CiteSeerX.psu:10.1.1.183.1418
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://iseclab.org/papers/asia... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.