Lom: Discovering logic flaws within MongoDB-based web applications

Wen, Shuo; Xu, Jing; Yuan, Liying; Song, Wenli; Yang, Hongji; Si, Guannan

doi:10.1007/s11633-016-1051-x

Cited by 7 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…; then use them as the input event streams of the CEP engine; finally, the online shopping risks are identified by the complex event processing platform. Here, according to the typical user malicious behavior patterns [6]- [10], we define the relevant variables, atomic events, and the relevant event patterns in this section.…”

Section: B Definitions Of Complex Event Patternsmentioning

confidence: 99%

See 1 more Smart Citation

A Complex Event Processing-Based Online Shopping User Risk Identification System

Zhai

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Online shopping is an important part of the development of the Internet and plays a critical role in the current and future economy. However, there are many risks in the trading process. In order to reduce the hidden risks, it is necessary to study the method of risk identification. This paper proposes user risk identification method of online shopping system based on Complex Event Process (CEP). In this paper, we use the Esper as the CEP engine and the risk behavior patterns are defined as the event pattern language. Firstly, the CEP system captures event streams by analyzing data streams in real-time. Secondly, the captured event streams are sent to the CEP's engine. Finally, the Esper intelligently analyzes user's online shopping risk behaviors in real-time according to the event pattern languages. User risk identification effectively guarantees the fund and account security of the shopping users.INDEX TERMS Complex event process, behavior patterns, risk identification, esper, intelligent analysis.

show abstract

Section: B Definitions Of Complex Event Patternsmentioning

confidence: 99%

“…For example, while the user identity is legal, he/she can achieve malicious purposes by using API calls, multiple accounts information to achieving alternative attacks, and spoofing identity. Currently, there are many such cases [6]- [10]. Another part of researches focused on secure protocols [11].…”

Section: Introductionmentioning

confidence: 99%

A Complex Event Processing-Based Online Shopping User Risk Identification System

Zhai

et al. 2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…As a distributed Web application, online shopping systems are loosely coupled and interactively complex. Despite the third party service providers bridging the gap of trustiness between merchants and users, their involvement complicates the logic flow in the checkout process [9]. Logic flows of online shopping systems allow malicious users to carry out malicious behaviors under legal identities, e.g., purchase products using fabricated payments [10,11].…”

Section: Introductionmentioning

confidence: 99%

Modeling and Analyzing User Behavior Risks in Online Shopping Processes Based on Data-Driven and Petri-Net Methods

Zhai

et al. 2023

cai

View full text Add to dashboard Cite

With the rapid spread of e-commerce and e-payment, the increasing number of people choose online shopping instead of traditional buying way. However, the malicious user behaviors have a significant influence on the security of users' accounts and property. In order to guarantee the security of shopping environment, a method based on Complex Event Process (CEP) and Colored Petri nets (CPN) is proposed in this paper. CEP is a data-driven technology that can correlate and process a large amount of data according to Event Patterns, and CPN is a formal model that can simulate and verify the specifications of the online shopping processes. In this work, we first define the modeling scheme to depict the user behaviors and Event Patterns of online shopping processes based on CPN. The Event Patterns can be constructed and verified by formal methods, which guarantees the correctness of Event Patterns. After that, the Event Patterns are translated into Event Pattern Language (EPL) according to the corresponding algorithms. Finally, the EPLs can be inserted into the complex event processing engine to analyze the users' behavior flows in real-time. In this paper, we validate the effectiveness of the proposed method through case studies.

show abstract

Petri net-based methods for analyzing structural security in e-commerce business processes

Ding

Liu

et al. 2020

Future Generation Computer Systems

View full text Add to dashboard Cite

Lom: Discovering logic flaws within MongoDB-based web applications

Cited by 7 publications

References 20 publications

A Complex Event Processing-Based Online Shopping User Risk Identification System

A Complex Event Processing-Based Online Shopping User Risk Identification System

Modeling and Analyzing User Behavior Risks in Online Shopping Processes Based on Data-Driven and Petri-Net Methods

Petri net-based methods for analyzing structural security in e-commerce business processes

Contact Info

Product

Resources

About