Defeating MageCart Attacks in a NAISS Way

被引:1
|
作者
Rus, Catalin [1 ]
Sarmah, Dipti Kapoor [1 ]
El-Hajj, Mohammed [1 ]
机构
[1] Univ Twente, EEMCS SCS, Drienerlolaan 5, Enschede, Netherlands
来源
PROCEEDINGS OF THE 20TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SECRYPT 2023 | 2023年
关键词
Image Steganography; E-skimmers; MageCart; Middlebox; Digital Signatures; Network Filter; E-commerce;
D O I
10.5220/0012079300003555
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.
引用
收藏
页码:691 / 697
页数:7
相关论文
共 50 条
  • [21] Defeating Jamming Attacks in Downlink Pairwise NOMA Using Relaying
    Van-Lan Dao
    Girs, Svetlana
    Uhlemann, Elisabeth
    2023 IEEE 34TH ANNUAL INTERNATIONAL SYMPOSIUM ON PERSONAL, INDOOR AND MOBILE RADIO COMMUNICATIONS, PIMRC, 2023,
  • [22] An OS security protection model for defeating attacks from network
    Shan, Zhiyong
    Wang, Qiuyue
    Meng, Xiaofeng
    INFORMATION SYSTEMS SECURITY, PROCEEDINGS, 2007, 4812 : 25 - 36
  • [23] Defeating memory corruption attacks via pointer taintedness detection
    Chen, S
    Xu, J
    Nakka, N
    Kalbarczyk, Z
    Iyer, RK
    2005 INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS, 2005, : 378 - 387
  • [24] Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms
    Shen, Wenbo
    Wu, Yifei
    Yang, Yutian
    Liu, Qirui
    Yang, Nanzi
    Li, Jinku
    Lu, Kangjie
    Ma, Jianfeng
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2025, 22 (01) : 474 - 490
  • [25] AI-Guardian: Defeating Adversarial Attacks using Backdoors
    Zhu, Hong
    Zhang, Shengzhi
    Chen, Kai
    2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, : 701 - 718
  • [26] Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks
    Giner, Lukas
    Steinegger, Stefan
    Purnal, Antoon
    Eichlseder, Maria
    Unterluggauer, Thomas
    Mangard, Stefan
    Gruss, Daniel
    2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, : 2273 - 2287
  • [27] Defeating Internet attacks using risk awareness and active honeypots
    Teo, L
    Sun, YA
    Ahn, GJ
    SECOND IEEE INTERNATIONAL INFORMATION ASSURANCE WORKSHOP, PROCEEDINGS, 2004, : 155 - 167
  • [28] Defeating Active Phishing Attacks for Web-Based Transactions
    Luo, Xin
    Tan, Teik Guan
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND PRIVACY, 2007, 1 (03) : 47 - 60
  • [29] Active router approach to defeating denial-of-service attacks in networks
    El-Moussa, F. A.
    Linge, N.
    Hope, M.
    IET COMMUNICATIONS, 2007, 1 (01) : 55 - 63
  • [30] Detecting and Defeating Advanced Man-In-The-Middle Attacks against TLS
    de la Hoz, Enrique
    Paez-Reyes, Rafael
    Cochrane, Gary
    Marsa-Maestre, Ivan
    Manuel Moreira-Lemus, Jose
    Alarcos, Bernardo
    2014 6TH INTERNATIONAL CONFERENCE ON CYBER CONFLICT (CYCON 2014), 2014, : 209 - +
12345