Defeating MageCart Attacks in a NAISS Way

被引：1

作者：

Rus, Catalin ^{[1
]}

Sarmah, Dipti Kapoor ^{[1
]}

El-Hajj, Mohammed ^{[1
]}

机构：

[1] Univ Twente, EEMCS SCS, Drienerlolaan 5, Enschede, Netherlands

来源：

PROCEEDINGS OF THE 20TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SECRYPT 2023 | 2023年

关键词：

Image Steganography; E-skimmers; MageCart; Middlebox; Digital Signatures; Network Filter; E-commerce;

D O I：

10.5220/0012079300003555

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.

引用

页码：691 / 697

页数：7

共 50 条

[31] GAMING THE GAME: DEFEATING A GAME CAPTCHA WITH EFFICIENT AND ROBUST HYBRID ATTACKS
Gao, Song
Mohamed, Manar
Saxena, Nitesh
Zhang, Chengcui
2014 IEEE INTERNATIONAL CONFERENCE ON MULTIMEDIA AND EXPO (ICME), 2014,
[32] Defeating against sybil-attacks in peer-to-peer networks
Xiang, Xu
2012 IEEE 26TH INTERNATIONAL PARALLEL AND DISTRIBUTED PROCESSING SYMPOSIUM WORKSHOPS & PHD FORUM (IPDPSW), 2012, : 1218 - 1222
[33] MF (minority first) scheme for defeating distributed denial of service attacks
Ahn, G
Kim, K
Jang, J
EIGHTH IEEE INTERNATIONAL SYMPOSIUM ON COMPUTERS AND COMMUNICATION, VOLS I AND II, PROCEEDINGS, 2003, : 1233 - 1238
[34] Secure Mobile Grid Environment Defeating Wormhole Attacks and Scam Users
Vimala, S.
Sasikala, T.
INTERNATIONAL CONFERENCE ON INNOVATION INFORMATION IN COMPUTING TECHNOLOGIES, 2015, 2015,
[35] Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks
Naderi-Afooshteh, Abbas
Anh Nguyen-Tuong
Bagheri-Marzijarani, Mandana
Hiser, Jason D.
Davidson, Jack W.
2015 45TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, 2015, : 172 - 183
[36] FlowCloak: Defeating Middlebox-Bypass Attacks in Software-Defined Networking
Bu, Kai
Yang, Yutian
Guo, Zixuan
Yang, Yuanyuan
Li, Xing
Zhang, Shigeng
IEEE CONFERENCE ON COMPUTER COMMUNICATIONS (IEEE INFOCOM 2018), 2018, : 396 - 404
[37] Detecting and defeating denial-of-service attacks on network intrusion detection systems
Sun, Qindong
Zhang, Deyun
Gao, Peng
Zhang, Xiao
Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University, 2004, 38 (02): : 132 - 135
[38] Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation
McEvoy, Thomas Richard
Wolthusen, Stephen D.
CRITICAL INFORMATION INFRASTRUCTURE SECURITY, CRITIS 2011, 2013, 6983 : 70 - 80
[39] Defeating deep learning based de-anonymization attacks with adversarial example
Yin, Haoyu
Liu, Yingjian
Li, Yue
Guo, Zhongwen
Wang, Yu
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2023, 220
[40] Defeating Depression: The Calm and Sense Way To Find Happiness and Satisfaction.
Bigelow, Deborah
LIBRARY JOURNAL, 2011, 136 (09) : 94 - 94

← 1 2 3 4 5 →