计算机应用与软件
計算機應用與軟件
계산궤응용여연건
COMPUTER APPLICATIONS AND SOFTWARE
2014年
11期
312-317
,共6页
曹娇华%苏璞睿%应凌云%闫佳%褚燕琴
曹嬌華%囌璞睿%應凌雲%閆佳%褚燕琴
조교화%소박예%응릉운%염가%저연금
智能手机%点击劫持%触屏劫持%数据保护%浏览安全
智能手機%點擊劫持%觸屏劫持%數據保護%瀏覽安全
지능수궤%점격겁지%촉병겁지%수거보호%류람안전
Smartphone%Clickjacking%Tapjacking%Data protection%Browsing security
点击劫持通过欺骗用户点击经过伪装的界面元素达到攻击目的。移动互联网环境下,智能手机的屏幕特征、手势识别、HTML5支持度高等特性成为点击劫持新的利用点。深入分析并实验验证智能手机脆弱特性,在此基础上提出点击劫持在智能手机上的潜在攻击方案。进而设计并实现一套有针对性的检测方案。该方案从静态页面和动态行为两个角度提取攻击特征,并进行基于规则的量化评估与组合判定。实验结果表明该方案可以有效地降低传统页面特征检测方案的漏报和误报情况。
點擊劫持通過欺騙用戶點擊經過偽裝的界麵元素達到攻擊目的。移動互聯網環境下,智能手機的屏幕特徵、手勢識彆、HTML5支持度高等特性成為點擊劫持新的利用點。深入分析併實驗驗證智能手機脆弱特性,在此基礎上提齣點擊劫持在智能手機上的潛在攻擊方案。進而設計併實現一套有針對性的檢測方案。該方案從靜態頁麵和動態行為兩箇角度提取攻擊特徵,併進行基于規則的量化評估與組閤判定。實驗結果錶明該方案可以有效地降低傳統頁麵特徵檢測方案的漏報和誤報情況。
점격겁지통과기편용호점격경과위장적계면원소체도공격목적。이동호련망배경하,지능수궤적병막특정、수세식별、HTML5지지도고등특성성위점격겁지신적이용점。심입분석병실험험증지능수궤취약특성,재차기출상제출점격겁지재지능수궤상적잠재공격방안。진이설계병실현일투유침대성적검측방안。해방안종정태혈면화동태행위량개각도제취공격특정,병진행기우규칙적양화평고여조합판정。실험결과표명해방안가이유효지강저전통혈면특정검측방안적루보화오보정황。
Clickjacking reaches its attacking purpose by luring the victims to click the disguised interface elements.In mobile internet en-vironment,the specialities of smartphone such as screen feature,gesture recognition and high-level support of HTML5 become the new availa-ble loopholes of clickjacking.In the paper we elaborately analyse and verify through the experiment the vulnerable characteristics of smartpho-nes,and present on this basis the latent attacking scheme of clickjacking on smartphones,thus design and implement a set of targeted detection solution.The solution extracts the attacking features from two perspectives of static webpage and dynamic behaviour,and makes the rules-based quantitative assessment and combinational judgement.Experimental result illustrates that the solution can effectively reduce the false negatives and false positives of the traditional webpage feature detection scheme.
