A Hybrid Approach to Detect Tabnabbing Attacks

Thumbnail Image
Fahim Hashemi, Hana Sadat
Tabnabbing , Attack Detection , Phishing
Phishing is one of the most prevalent types of modern attacks, costing significant financial losses to enterprises and users each day. Despite the emergence of various anti-phishing tools and techniques, not only there has been a dramatic increase in the number of phishing attacks but also more sophisticated forms of these attacks have come into existence. One of the most complicated and deceptive forms of phishing attacks is the tabnabbing attack. This newly discovered threat takes advantage of the user’s trust and inattention to the open tabs in the browser and changes the appearance of an already open malicious page to the appearance of a trusted website that demands confidential information from the user. As one might imagine, the tabnabbing attack mechanism makes it quite probable for even an attentive user to be lured into revealing his or her confidential information. Few tabnabbing detection and prevention techniques have been proposed thus far. The majority of these techniques block scripts that are susceptible to perform malicious actions or violate the browser security policy. However, most of these techniques cannot effectively prevent the other variant of the tabnabbing attack that is launched without the use of scripts. In this thesis, we propose a hybrid tabnabbing detection approach with the aim of overcoming the shortcomings of the existing anti-tabnabbing approaches and techniques. Our approach combines five heuristic-based metrics with data mining techniques to keep track of the major changes made to the structure of a webpage whenever a tab loses its focus. We develop our approach as a browser extension for Mozilla Firefox and evaluate its effectiveness and performance using a dataset consisting of legitimate and tabnabbing websites. Our evaluation results convey a significant improvement over the existing techniques, indicating that our approach can be utilized as a viable means for protecting users from tabnabbing attacks.
External DOI