IEEE Access (Jan 2020)

Vulnerability Evaluation Method for E-Commerce Transaction Systems With Unobservable Transitions

  • Mimi Wang,
  • Zhijun Ding,
  • Peihai Zhao

DOI
https://doi.org/10.1109/ACCESS.2020.2998132
Journal volume & issue
Vol. 8
pp. 101035 – 101048

Abstract

Read online

E-commerce transaction systems have become an important factor in trading activities. However, e-commerce systems are still undergoing development. Unobservable actions and attacks on systems are frequent problems that increase the vulnerability of e-commerce systems. Most existing approaches to addressing these issues cannot describe or analyze the overall structure of a local specification and unobservable actions well. The vulnerable e-commerce transaction net (VET-net) is a useful model for describing the unobservable actions, online transactions and third-party payment platforms of e-commerce systems. Based on a VET-net, we focus on the detection and evaluation of e-commerce transaction systems to attacks. We propose the concept of vulnerable transitions, which include not only vulnerable actions but also unobservable transitions. Then, we use an improved slice method to locate the vulnerable transitions. For these vulnerable transitions, we propose a vulnerable transition evaluation method based on a hidden Markov model along with a reachability graph (HMM-RG). The HMM-RG uses hidden Markov models (HMMs) to approximate the state reachability graph of a VET-net. By calculating the firing probability, the HMM-RG can evaluate the vulnerability degree of malicious states. We use a real-world case to show our method’s effectiveness and reasonability.

Keywords