Defeating MageCart Attacks in a NAISS Way

被引:1
|
作者
Rus, Catalin [1 ]
Sarmah, Dipti Kapoor [1 ]
El-Hajj, Mohammed [1 ]
机构
[1] Univ Twente, EEMCS SCS, Drienerlolaan 5, Enschede, Netherlands
来源
PROCEEDINGS OF THE 20TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SECRYPT 2023 | 2023年
关键词
Image Steganography; E-skimmers; MageCart; Middlebox; Digital Signatures; Network Filter; E-commerce;
D O I
10.5220/0012079300003555
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.
引用
收藏
页码:691 / 697
页数:7
相关论文
共 50 条
  • [1] NAISS: A reverse proxy approach to mitigate MageCart's e-skimmers in e-commerce
    Rus, Adrian-Catalin
    El-Hajj, Mohammed
    Sarmah, Dipti Kapoor
    COMPUTERS & SECURITY, 2024, 140
  • [2] Towards Defeating DDoS Attacks
    Doyal, Alex
    Zhan, Justin
    Yu, Huiming Anna
    2012 ASE INTERNATIONAL CONFERENCE ON CYBER SECURITY (CYBERSECURITY), 2012, : 209 - 212
  • [3] Web attacks: defeating monetisation attempts
    Nguyen V.-L.
    Lin P.-C.
    Hwang R.-H.
    Network Security, 2019, 2019 (05): : 11 - 19
  • [4] An online approach to defeating ROP attacks
    Tian, Donghai
    Jia, Xiaoqi
    Zhang, Zhaolong
    Zhan, Li
    Hu, Changzhen
    Xue, Jingfeng
    CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2019, 31 (22):
  • [5] Defeating distributed denial of service attacks
    Geng, Xianjun
    Whinston, Andrew B.
    IT Professional, 2000, 2 (04) : 36 - 41
  • [6] Defeating buffer overflow attacks via virtualization
    Tian, Donghai
    Xiong, Xi
    Hu, Changzhen
    Liu, Peng
    COMPUTERS & ELECTRICAL ENGINEERING, 2014, 40 (06) : 1940 - 1950
  • [7] Defeating Misclassification Attacks Against Transfer Learning
    Wu, Bang
    Wang, Shuo
    Yuan, Xingliang
    Wang, Cong
    Rudolph, Carsten
    Yang, Xiangwen
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2023, 20 (02) : 886 - 901
  • [8] Defeating DoS attacks using wavelet aanalysis
    Heo, YJ
    Jang, JS
    SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2, 2003, : 248 - 252
  • [9] Safe Machine Learning and Defeating Adversarial Attacks
    Rouhani, Bita Darvish
    Samragh, Mohammad
    Javidi, Tara
    Koushanfar, Farinaz
    IEEE SECURITY & PRIVACY, 2019, 17 (02) : 31 - 38
  • [10] Defeating Any Secret Cryptography with SCARE Attacks
    Guilley, Sylvain
    Sauvage, Laurent
    Micolod, Julien
    Real, Denis
    Valette, Frederic
    PROGRESS IN CRYPTOLOGY - LATINCRYPT 2010, 2010, 6212 : 273 - +
12345