FALCO: Detecting Superfluous JavaScript Injection Attacks using Website Fingerprints

Chih-Chun Liu, Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim

2020

Abstract

JavaScript injection attacks enable man-in-the-middle adversaries to not only exploit innocent users to launch browser-based DDoS but also expose them to unwanted advertisements. Despite ongoing efforts to address the critical JavaScript injection attacks, prior solutions have several practical limitations, including the lack of deployment incentives and the difficulty to configure security policies. An interesting observation is that the injected JavaScript oftentimes changes the website’s behavior, significantly increasing the additional requests to previously unseen domains. Hence, this paper presents the design and implementation of a lightweight system called FALCO to detect JavaScript injection with mismatched website behavior fingerprints. We extract a website’s behavior fingerprint from its dependency on external domains, which yields compact fingerprint representations with reasonable detection accuracy. Our experiments show that FALCO can detect 96.98% of JavaScript-based attacks in simulation environments. FALCO requires no cooperation with servers and users can easily add an extension on their browsers to use our service without privacy concerns.

Download


Paper Citation


in Harvard Style

Liu C., Hsiao H. and Kim T. (2020). FALCO: Detecting Superfluous JavaScript Injection Attacks using Website Fingerprints.In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - Volume 3: SECRYPT, ISBN 978-989-758-446-6, pages 180-191. DOI: 10.5220/0009835101800191


in Bibtex Style

@conference{secrypt20,
author={Chih-Chun Liu and Hsu-Chun Hsiao and Tiffany Kim},
title={FALCO: Detecting Superfluous JavaScript Injection Attacks using Website Fingerprints},
booktitle={Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - Volume 3: SECRYPT,},
year={2020},
pages={180-191},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009835101800191},
isbn={978-989-758-446-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - Volume 3: SECRYPT,
TI - FALCO: Detecting Superfluous JavaScript Injection Attacks using Website Fingerprints
SN - 978-989-758-446-6
AU - Liu C.
AU - Hsiao H.
AU - Kim T.
PY - 2020
SP - 180
EP - 191
DO - 10.5220/0009835101800191