ICTACT Journal on Communication Technology

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Preventing Click Event Hijacking by User Intention Inference


Affiliations
1 Center of Excellence in Research and Development, Vishwakarma Institute of Information Technology, India
     

   Subscribe/Renew Journal


Web applications are getting more complex and dynamic. By exploiting layout and JavaScript features of a web page, attackers can create web page objects that hijack users' clicks. Such objects look like normal web page objects, but users' clicks on these objects lead to unexpected browser actions, such as visiting different URLs or sending out malicious requests. We call this type of attacks click event hijacking attacks. The Facebook Clickjacking attack is an example, which puts a transparent layer containing the victim web application on top of another web page that lures users to click. While users think they click on the underlying web page, they actually click in the victim web application, resulting in unauthorized actions to the web application. In this paper, we propose a solution to mitigate the problem of click event hijacking by inferring users' intentions. Our solution Click Guard ensures that the browser's behavior after a click matches the user's original intention. The proposed solution is implemented as a Mozilla Firefox extension and evaluated its effectiveness against click event hijacking attacks.

Keywords

Event Hijacking, Clickjacking, Pop-Up, UI Overlay.
Subscription Login to verify subscription
User
Notifications
Font Size

Abstract Views: 228

PDF Views: 2




  • Preventing Click Event Hijacking by User Intention Inference

Abstract Views: 228  |  PDF Views: 2

Authors

Kailas Patil
Center of Excellence in Research and Development, Vishwakarma Institute of Information Technology, India

Abstract


Web applications are getting more complex and dynamic. By exploiting layout and JavaScript features of a web page, attackers can create web page objects that hijack users' clicks. Such objects look like normal web page objects, but users' clicks on these objects lead to unexpected browser actions, such as visiting different URLs or sending out malicious requests. We call this type of attacks click event hijacking attacks. The Facebook Clickjacking attack is an example, which puts a transparent layer containing the victim web application on top of another web page that lures users to click. While users think they click on the underlying web page, they actually click in the victim web application, resulting in unauthorized actions to the web application. In this paper, we propose a solution to mitigate the problem of click event hijacking by inferring users' intentions. Our solution Click Guard ensures that the browser's behavior after a click matches the user's original intention. The proposed solution is implemented as a Mozilla Firefox extension and evaluated its effectiveness against click event hijacking attacks.

Keywords


Event Hijacking, Clickjacking, Pop-Up, UI Overlay.