Abstract
E-commerce transaction systems have become an important factor in trading activities. However, e-commerce systems are still undergoing development. Unobservable actions and attacks on systems are frequent problems that increase the vulnerability of e-commerce systems. Most existing approaches to addressing these issues cannot describe or analyze the overall structure of a local specification and unobservable actions well. The vulnerable e-commerce transaction net (VET-net) is a useful model for describing the unobservable actions, online transactions and third-party payment platforms of e-commerce systems. Based on a VET-net, we focus on the detection and evaluation of e-commerce transaction systems to attacks. We propose the concept of vulnerable transitions, which include not only vulnerable actions but also unobservable transitions. Then, we use an improved slice method to locate the vulnerable transitions. For these vulnerable transitions, we propose a vulnerable transition evaluation method based on a hidden Markov model along with a reachability graph (HMM-RG). The HMM-RG uses hidden Markov models (HMMs) to approximate the state reachability graph of a VET-net. By calculating the firing probability, the HMM-RG can evaluate the vulnerability degree of malicious states. We use a real-world case to show our method’s effectiveness and reasonability.
Highlights
With the development of e-commerce, an increasing number of people are paying attention to the study of economic systems
Due to the uncomplicated graphical representation of a labeled Petri net, it can describe the overall structure of a local specification and unobservable actions well
The vulnerable e-commerce transaction net (VET-net) is a subclass of labeled Petri nets
Summary
With the development of e-commerce, an increasing number of people are paying attention to the study of economic systems. The behavior patterns represent potential attacks that violate security [5] They are not suitable for vulnerable e-commerce systems with unobservable actions. M. Wang et al.: Vulnerability Evaluation Method for E-Commerce Transaction Systems work [12] proposes vulnerable e-commerce transaction nets (VET-nets). Such a method ignores the effects of unobservable activities that lead to a malicious state It cannot perform the appropriate adjustment of the e-commerce system. Another method only considers unexpected attack forms and ignores unobservable actions It is not good for testing the e-commerce system itself. By capturing the user transaction behaviors of the e-commerce trading process, we analyze the observable and unobservable actions and construct a VET-net model.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
