PREVENTING CLICK EVENT HIJACKING BY USER INTENTION INFERENCE

Abstract
Web applications are getting more complex and dynamic. By exploiting layout and JavaScript features of a web page, attackers can create web page objects that hijack users’ clicks. Such objects look like normal web page objects, but users’ clicks on these objects lead to unexpected browser actions, such as visiting different URLs or sending out malicious requests. We call this type of attacks click event hijacking attacks. The Facebook Clickjacking attack is an example, which puts a transparent layer containing the victim web application on top of another web page that lures users to click. While users think they click on the underlying web page, they actually click in the victim web application, resulting in unauthorized actions to the web application. In this paper, we propose a solution to mitigate the problem of click event hijacking by inferring users’ intentions. Our solution ClickGuard ensures that the browser’s behavior after a click matches the user’s original intention. The proposed solution is implemented as a Mozilla Firefox extension and evaluated its effectiveness against click event hijacking attacks.

Authors
Kailas Patil
Vishwakarma Institute of Information Technology, India

Keywords
Event Hijacking, Clickjacking, Pop-Up, UI Overlay
Published By :
ICTACT
Published In :
ICTACT Journal on Communication Technology
( Volume: 7 , Issue: 4 )
Date of Publication :
December 2016

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.