Researches On Detection Method Of User Interface Hijacking Attacks Based On Component Set Integrity

With the rapid development of mobile internet technology and the popularization of mobile devices,the Internet has entered the mobile era,more and more users choose to use mobile devices to access the Internet,and mobile device systems have become the focus of the attackers,many traditional platform attack modes have begun to transfer to the mobile platform.The UI(User Interface)operation hijacking attack is a kind of web attack in the traditional platform,which has been transferred to the mobile platform in recent years,has become a new kind of application attack method,which has been widely concerned by the industry.In this paper,we study on the UI operation hijacking attack in the Android platform,includes GUI confusion attack and clickjacking.This attack uses the flaw of the UI scheduling mechanism of the Android system,interferes with the target UI,and achieves the purpose of stealing the user's sensitive input data or controlling the target application,which has a wide range of harm and concealment.Even worse,this attack influences multi-version popupar systems,and it cannot be defeated by Android sandbox and permission scheme.Because of the difference between traditional PC platform system and Android system,the defense method of hijacking attack against traditional platform UI cannot be directly applied to Android platform.In this paper,we analyzed the existing detection schemes,found that they are not enough,on the one hand,most of detection schemes is limited in use scene,on the other hand,some of them has obvious false positives phenomenon.Therefore,this paper designs a GUI hijacking detection method based on the set integrity of the task components,and a clickjacking detection method based on the integrity of the window component,to detect multiple UI hijacking attacks.The operations that modifying the UI component set is traced back to their source,and the integrity rules of the set are defined to realize the detection.Based on the Android simulator platform and the instrumentation tool,the detection scheme is implemented.The experimental results show that the detection method can effectively detect 6 kinds of UI hijacking attacks under Android 4.4.4-7.1.0.And for common applications and 4 kinds of false positives in existing work,this method does not produce misjudgment,though existing detection methods(Windowguard,etc.)have obvious false positives phenomenon.