TY  - JOUR
T1  - Securing Social Sites-Mitigating Clickjacking Attacks
AU - Vinod, Anjana Joyce AU - Harini, N. 
JO  - Asian Journal of Information Technology
VL  - 16
IS  - 7
SP  - 592
EP  - 598
PY  - 2017
DA  - 2001/08/19
SN  - 1682-3915
DO  - ajit.2017.592.598
UR  - https://makhillpublications.co/view-article.php?doi=ajit.2017.592.598
KW  - screenshot
KW  -hybrid schema
KW  -scoring mechanism
KW  -signature detection
KW  -Clickjacking
KW  -approach
AB  - Clickjacking attack is an emerging threat on the web. Although, tools are available for identifying
clickjack attacks on web pages, complete information on attacks are not available and more over the procedure
adopted by the tool to identify and handle attacks is not made visible for users. Hence, arises the need for
developing an application which can aid users in collecting dataset, allow users to modify/streng then, the
procedures for identifying and preventing clickjacking attack. In clickjacking attack the attacker presents a
sensitive user interface to the user by making the user interface transparent and thus, the user is tricked to
perform an action which is out of context. So, to mitigate the clickjacking attack a schema is introduced that
consist of two phases: signature detection and in context defence. Signature detection approach determines
whether the attack is detected by comparing them against a database of signatures or their pattern from the
known malicious sites. By using a scoring mechanism signature detection is done. This method uses static
features to identify potential malicious pages. Scoring algorithm works based on the concept of standard score
which measure how standard deviation of the observed attribute is away from the mean. Using each instance,
two types of scores are calculated, Foreign content score and the script content score and based on the score
the web pages are classified as malicious or not. A threshold value is chosen and the group score greater than
the threshold value is considered as a malicious page. In context checks whether an attack has occurred by
comparing the referred bitmap and the screenshot of the current browser. Thus, a hybrid schema is introduced
to mitigate the clickjacking attack. The focus of the researcher is to create an attack dataset that could be used
to train the system to prevent the clickjacking attack.
ER  - 