以NAISS的方式击败MageCart攻击

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI:10.5220/0012079300003555

Cătălin Rus, D. Sarmah, Mohammed El-hajj

{"title":"以NAISS的方式击败MageCart攻击","authors":"Cătălin Rus, D. Sarmah, Mohammed El-hajj","doi":"10.5220/0012079300003555","DOIUrl":null,"url":null,"abstract":": MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"10 1","pages":"691-697"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Defeating MageCart Attacks in a NAISS Way\",\"authors\":\"Cătălin Rus, D. Sarmah, Mohammed El-hajj\",\"doi\":\"10.5220/0012079300003555\",\"DOIUrl\":null,\"url\":null,\"abstract\":\": MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.\",\"PeriodicalId\":74779,\"journal\":{\"name\":\"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography\",\"volume\":\"10 1\",\"pages\":\"691-697\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5220/0012079300003555\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0012079300003555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

: MageCart攻击利用电子浏览程式窃取付款资料，对电子商贸平台构成安全威胁。图像隐写术被攻击者用来隐藏电子浏览器，使检测具有挑战性。现有的解决方案具有局限性，例如不兼容或功能不足。这项研究提出了NAISS，一个服务器端中间件解决方案，它利用数字签名过滤未经授权的图像，而不需要客户端修改。概念验证实现证明了NAISS的有效性，过滤了100%的最先进的隐写图像，同时指出了进一步改进的领域。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Defeating MageCart Attacks in a NAISS Way

: MageCart attacks pose a security threat to E-commerce platforms by using e-skimmers to steal payment details. Image steganography is used by attackers to conceal e-skimmers, making detection challenging. Existing solutions have limitations, such as incompatibility or insufficient functionality. This research proposes NAISS, a server-side middlebox solution that leverages digital signatures to filter unauthorized images without requiring client-side modifications. The proof-of-concept implementation demonstrates the efficacy of NAISS, filtering 100% of state of the art stegoimages, while indicating areas for further improvement.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography

自引率

0.00%

发文量