High Impact Factor : 4.396 icon | Submit Manuscript Online icon |

Malicious Web Page Detection System (Real Time Approach)

Author(s):

Aishwary Pandey , Wainganga College of Engineering & Management; Dipak Suryawanshi, Wainganga College of Engineering & Management; Suraj Chaudhari, Wainganga College of Engineering & Management

Keywords:

Extension, Web browser, Internet

Abstract

All major web browsers support browser extensions to add new features and extend their functionalities. Nevertheless, browser extensions have been the target of several attacks due to their tight relation with the browser environment. As a consequence, extensions have been abused in the past for malicious tasks such as private information gathering, browsing history retrieval, or passwords theft — leading to a number of severe targeted attacks. Even though no protection techniques existed in the past to secure extensions, all browsers now implement defensive countermeasures that, in theory, protect extensions and their resources from third party access. In this paper, we present two attacks that bypass these control techniques in every major browser family, enabling enumeration attacks against the list of installed extensions. In particular, we present a timing side-channel attack against the access control settings and an attack that takes advantage of poor programming practice, affecting a large number of Safari extensions. Due to the harmful nature of our findings, we also discuss possible counter measures against our own attacks and reported our findings and countermeasures to the different actors involved. We believe that our study can help secure current implementations and help developers to avoid similar attacks in the future.

Other Details

Paper ID: IJSRDV5I120542
Published in: Volume : 5, Issue : 12
Publication Date: 01/03/2018
Page(s): 877-878

Article Preview

Download Article