Analysis of clickjacking attacks and an effective defense scheme for Android devices

机译：针对Android设备的点击劫持攻击和有效防御方案的分析

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Smartphones bring users lots of convenience by integrating all useful functions people may need. While users are spending more time on their phones, have they ever questioned of being spoofed by the phone they are interacting with? This paper conducts a thorough study of the mobile clickjacking attacks. We first present how the clickjacking attack works and the key points to remain undiscovered. Then, we evaluate its potential threats by exploring the feasibility of launching clickjacking attacks on various UIs, including system app windows, 3rd-party app windows, and other system UIs. Finally, we propose a system-level defense scheme against clickjacking attacks on Android platform, which requires no user or developer effort and is compatible with existing apps. The performance of the countermeasure is evaluated with extensive experiments. The results show that our scheme can effectively prevent clickjacking attacks with only a minor impact to the system.

机译：智能手机通过集成人们可能需要的所有有用功能，为用户带来了很多便利。当用户在手机上花费更多的时间时，是否有过被与之互动的电话欺骗的疑问？本文对移动点击劫持攻击进行了深入研究。我们首先介绍Clickjacking攻击的工作原理以及尚未发现的关键点。然后，我们通过探索在各种UI上发起点击劫持攻击的可行性来评估其潜在威胁，这些UI包括系统应用程序窗口，第三方应用程序窗口以及其他系统UI。最后，我们提出了一种针对Android平台上的点击劫持攻击的系统级防御方案，该方案无需用户或开发人员的努力，并且与现有应用程序兼容。该对策的性能通过广泛的实验进行了评估。结果表明，我们的方案可以有效地防止点击劫持攻击，而对系统的影响很小。

著录项

来源
《IEEE Conference on Communications and Network Security》|2016年|55-63|共9页
会议地点
作者
Longfei Wu; Benjamin Brandt; Xiaojiang Du; Bo Ji;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Mobile communication; Security; Smart phones; Androids; Humanoid robots; Windows; Conferences;

机译：移动通信;安全性;智能手机; Androids;类人机器人; Windows;会议;

相似文献

外文文献
中文文献
专利

1. Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms [J] . Longfei Wu, Xiaojiang Du, Jie Wu IEEE Transactions on Vehicular Technology . 2016,第8期

机译：针对移动计算平台上的网络钓鱼攻击的有效防御方案
2. A DDoS attack detection and defense scheme using time-series analysis for SDN [J] . Fouladi Ramin Fadaei, Ermis Orhan, Anarim Emin Journal of information security and applications . 2020,第Octa期

机译：使用时间序列分析的DDOS攻击检测和防御方案进行SDN
3. Anti-counterfeiting Effectivity Analysis Using Attack and Defense Tree Scenario Methods [J] . E. Gossen, J. Eckardt, E. Abele Procedia CIRP . 2015,第2aPartaB期

机译：基于攻防树场景方法的防伪效果分析
4. Analysis of clickjacking attacks and an effective defense scheme for Android devices [C] . Longfei Wu, Benjamin Brandt, Xiaojiang Du, IEEE Conference on Communications and Network Security . 2016

机译：ClickJacking攻击分析以及Android设备的有效防御方案
5. Novel Android User Interface Attacks and Defense by Real-Time Analysis of Inter-Process Communication Data [D] . Kraunelis, Joshua J. 2018

机译：通过进程间通信数据的实时分析实现新颖的Android用户界面攻防
6. Battery Draining Attack and Defense against Power Saving Wireless LAN Devices [O] . Il-Gu Lee, Kyungmin Go, Jung Hoon Lee 2020

机译：节省电力的无线局域网设备的电池消耗攻击和防御
7. Anti-counterfeiting Effectivity Analysis Using Attack and Defense Tree Scenario Methods [O] . Gossen E., Eckardt J., Abele E. 2015

机译：基于攻防树场景方法的防伪效果分析

Analysis of clickjacking attacks and an effective defense scheme for Android devices

摘要

著录项

相似文献

相关主题

期刊订阅