A Preliminary Review on Web Session Hijacking

  • Authors

    • Nor Naematul Saadah Ismail
    • MNM Warip
    • Shamsul J. Elias
    • R Badlishah Ahmad
    2018-08-13
    https://doi.org/10.14419/ijet.v7i3.15.17515
  • Information Security, Session Hijacking, Web Attack, Web Security
  • A fast internet-based technology such as web-driven and mobile application is the most popular usage of people nowadays. With the blink of the eye, the number of users is increasing tremendously every single second. So does the number of web-driven and mobile application. Thus, the number of a hacked website also increases daily. As the end user, we are likely to concern about the security breach that might occur. One of the threats that can happen at application layer users is web session hijacking. Generally, session hijacking is the attack occurs to impersonate the real resource to serve the pretended as the legitimate user. One of the ways for this threat to happen is by stealing the session identification number. This paper presents the session hijacking definition, the taxonomy and the attack that might occur also a various possible method to detect or prevent the attack in a various situation by previous researchers. In addition, this review hopes to bring some awareness to the end users about the threat that is likely to occur while accessing any resources over the Internet using website.

     

     

  • References

    1. [1] D. R. S. & D. S. T. Vineeta Jain, “Session Hijacking : Threat Analysis and Countermeasures,†no. May, 2015.

      [2] S. Wedman, A. Tetmeyer, and H. Saiedian, “An Analytical Study of Web Application Session Management Mechanisms and HTTP Session Hijacking Attacks,†Inf. Secur. J. A Glob. Perspect., vol. 22, no. 2, pp. 55–67, 2013.

      [3] Q. H. ;Gerhard P. Hancke, “A Session Hijacking Attack on Physical Layer Key Generation Agreement,†2017 IEEE Int. Conf. Ind. Technol., pp. 1418–1423, 2017.

      [4] S. S. Manivannan and E. Sathiyamoorthy, “A prevention model for session hijack attacks in wireless networks using strong and encrypted session ID,†Cybern. Inf. Technol., vol. 14, no. 3, pp. 46–60, 2014.

      [5] J. Y. Lai, J. S. Wu, S. J. Chen, C. H. Wu, and C. H. Yang, “Designing a taxonomy of web attacks,†Proc. - 2008 Int. Conf. Converg. Hybrid Inf. Technol. ICHIT 2008, pp. 278–282, 2008.

      1. K. Bharti and M. Chaudhary, “Prevention of Session Hijacking and IP Spoofing With Sensor Nodes and Cryptographic Approach,†Int. J. Comput. Appl. (0975 – 8887), vol. 76, no. 9, pp. 22–28, 2013.
      2. E. Abdallah, S. Abd Razak, and C. Yahaya, “Detection and prevention of denial of service attacks (DOS) in WLANs infrastructure,†J. Theor. Appl. Inf. Technol., vol. 71, no. 3, pp. 417–423, 2015.

      [6] L. Hi, S. Namitha, S. Gopalan, H. N. Sanjay, and K. Chandashekaran, “Risk Based Access Control In Cloud Computing,†pp. 1502–1505, 2015.

      [7] S. K. Chung et al., “Pseudo Random Alteration of Sequence Numbers (PRAS): A novel method for defending sessiion hijacking attack in mobile adhoc network,†2016 IST-Africa Conf. IST-Africa 2016, vol. 2, no. 2, pp. 1–10, 2015.

      1. Alabrah and M. Bassiouni, “Preventing session hijacking in collaborative applications with hybrid cache-supported one-way hash chains,†no. CollaborateCom, pp. 27–34, 2014.

      [8] M. Dasari, “Real Time Detection of MAC Layer DoS Attacks in,†14th IEEE Annu. Consum. Commun.Netw. Conf. II., pp. 946–951, 2017.

      [9] J. Cashion and M. Bassiouni, “Protocol for Mitigating the Risk of Hijacking Social Networking Sites,†Proc. 7th Int. Conf. Collab. Comput. Networking, Appl. Work., pp. 324–331, 2011.

      [10] V. G. Shankar and G. Somani, “Anti-Hijack: Runtime Detection of Malware Initiated Hijacking in Android,†in Physics Procedia, 2016, vol. 78, pp. 587–594.

      [11] H. A. Mangut, A. Al-Nemrat, C. Benzaïd, and A. R. H. Tawil, “ARP cache poisoning mitigation and forensics investigation,†Proc. - 14th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. 2015,vol. 1, pp. 1392–1397, 2015.

      [12] V. Akash Krishnan, P. P. Amritha, and M. Sethumadhavan, “Sum Chain Based Approach against Session Hijacking in MPTCP,†Procedia Comput. Sci., vol. 115, pp. 794–803, 2017.

      [13] D. Koizumi, T. Matsuda, and M. Sonoda, “On the automatic detection algorithm of Cross Site Scripting (XSS) with the non-stationary Bernoulli distribution,†5th Int. Conf. Commun. Comput. Appl., no. October, pp. 131–135, 2012.

      1. Shrivastava, S. Choudhary, and A. Kumar, “XSS Vulnerability Assessment and Prevention in Web Application,†2016 2nd Int. Conf. Next Gener. Comput. Technol., no. October, pp. 850–853, 2016.

      [14] H. Choi and Y. Kim, “HXD : Hybrid XSS Detection by using a Headless Browser.â€, 2017.

      [15] Y. Takamatsu, Y. Kosuga, and K. Kono, “Automated detection of session management vulnerabilities in web applications,†2012 10th Annu. Int. Conf. Privacy, Secur. Trust. PST 2012, pp. 112–119, 2012.

  • Downloads

  • How to Cite

    Naematul Saadah Ismail, N., Warip, M., J. Elias, S., & Badlishah Ahmad, R. (2018). A Preliminary Review on Web Session Hijacking. International Journal of Engineering & Technology, 7(3.15), 124-129. https://doi.org/10.14419/ijet.v7i3.15.17515