Defeating MageCart Attacks in a NAISS Way

被引：1

作者：

Rus, Catalin ^{[1
]}

Sarmah, Dipti Kapoor ^{[1
]}

El-Hajj, Mohammed ^{[1
]}

机构：

[1] Univ Twente, EEMCS SCS, Drienerlolaan 5, Enschede, Netherlands

来源：

PROCEEDINGS OF THE 20TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SECRYPT 2023 | 2023年

关键词：

Image Steganography; E-skimmers; MageCart; Middlebox; Digital Signatures; Network Filter; E-commerce;

D O I：

10.5220/0012079300003555

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.

引用

页码：691 / 697

页数：7

共 50 条

[41] Still a long way to go to defeating atherosclerotic disease: a call to arms!
Danchin, Nicolas
EUROPEAN HEART JOURNAL, 2009, 30 (19) : 2297 - 2299
[42] Defeating Reflector Based Denial-of-Service Attacks using Single Packet Filters
Sairam, Ashok Singh
Subramaniam, Late Ashish
Barua, Gautam
2010 5TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM), 2010,
[43] Two-Factor Authentication Approach Based on Behavior Patterns for Defeating Puppet Attacks
Wang, Wenhao
Li, Guyue
Chu, Zhiming
Li, Haobo
Faccio, Daniele
IEEE SENSORS JOURNAL, 2024, 24 (06) : 8250 - 8264
[44] Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper)
Soghoian, Christopher
Stamm, Sid
FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, 2012, 7035 : 250 - 259
[45] Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
Park, Keun
Seo, Dongwon
Yoo, Jaewon
Lee, Heejo
Kim, Hyogon
INFORMATION SECURITY PRACTICE AND EXPERIENCE, 2008, 4991 : 176 - 187
[46] CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing
Liu, Fangfei
Ge, Qian
Yarom, Yuval
Mckeen, Frank
Rozas, Carlos
Heiser, Gernot
Lee, Ruby B.
PROCEEDINGS OF THE 2016 IEEE INTERNATIONAL SYMPOSIUM ON HIGH-PERFORMANCE COMPUTER ARCHITECTURE (HPCA-22), 2016, : 406 - 418
[47] A filter check system for defeating attacks which employ IP source address spoofing
Shiraishi, Yoshiaki
Fukuta, Youji
Morii, Masakatu
WMSCI 2007: 11TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL II, PROCEEDINGS, 2007, : 289 - +
[48] MLPrivacyGuard: Defeating Confidence Information based Model Inversion Attacks on Machine Learning Systems
Alves, Tiago A. O.
Franca, Felipe M. G.
Kundu, Sandip
GLSVLSI '19 - PROCEEDINGS OF THE 2019 ON GREAT LAKES SYMPOSIUM ON VLSI, 2019, : 411 - 415
[49] Defeating Primary User Emulation Attacks Using Belief Propagation in Cognitive Radio Networks
Yuan, Zhou
Niyato, Dusit
Li, Husheng
Song, Ju Bin
Han, Zhu
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2012, 30 (10) : 1850 - 1860
[50] WebMTD: Defeating Cross-Site Scripting Attacks Using Moving Target Defense
Niakanlahiji, Amirreza
Jafarian, Jafar Haadi
SECURITY AND COMMUNICATION NETWORKS, 2019, 2019

← 1 2 3 4 5 →