US20160171494A1 - Software behavior monitoring and verification system - Google Patents

Software behavior monitoring and verification system Download PDF

Info

Publication number
US20160171494A1
US20160171494A1 US14/441,115 US201414441115A US2016171494A1 US 20160171494 A1 US20160171494 A1 US 20160171494A1 US 201414441115 A US201414441115 A US 201414441115A US 2016171494 A1 US2016171494 A1 US 2016171494A1
Authority
US
United States
Prior art keywords
software behavior
behavior
party
verification system
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/441,115
Inventor
Changjun Jiang
Hongzhong; CHEN
Chungang Yan
Zhijun Ding
Wangyang Yu
Junzhu Zhong
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Assigned to TONGJI UNIVERSITY reassignment TONGJI UNIVERSITY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEN, Hongzhong, DING, ZHIJUN, JIANG, Changjun, YAN, Chungang, YU, Wangyang, ZHONG, Junzhu
Publication of US20160171494A1 publication Critical patent/US20160171494A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Definitions

  • the present invention relates to the field of E-Commerce online transaction security and monitoring technologies.
  • E-Commerce has gradually become a new mode for commerce activities of people, and become an important business mode in international trade. Based on computer technology, communications technology, and network technology, E-Commerce uses methods such as electronic data exchange, emails, and electronic payment to implement electronic, digital, and network business of the whole commerce activities. With the emergence of electronic transaction platforms, the whole procedures of sales, transaction, and confirmation are replaced by online transaction.
  • EBS Electronic Brokerage System
  • EBS Electronic Brokerage System of the early bank transaction system of the first generation has developed to individual transaction platforms researched and developed by banks, and then to multi-subject transaction platforms provided by third parties and application program interfaces (APIs) demanded by the market.
  • APIs application program interfaces
  • the E-Commerce modes mainly include B2C, B2B, and C2C.
  • these modes generally adopts third-party payment mode.
  • Users, E-Commerce websites, and third-party payment platforms are three main subjects in the current electronic transaction process.
  • the aforementioned three parties trust each other on the basis of technologies such as signature, verification, and encryption, and invoke interfaces from each other for communications, thereby cooperating to complete the whole online transaction process.
  • the current software development technology is imperfect, user client software, E-Commerce websites, and even third-party payment platforms may have communications interface vulnerabilities and logic errors.
  • the present invention faces the situation that malicious users who are legally registered often use these vulnerabilities to be engaged in illegal behaviors, and make illegal profits for themselves. Moreover, because the vulnerabilities are diversified and hard to detect and protect, user behavior is changeful, and network platforms are in a distributed structure and have loose coupling, conventional security methods cannot ensure the security of current electronic network transactions.
  • An object of the present invention is to overcome the disadvantages of the prior art.
  • the present invention discloses a software behavior monitoring and verification system, and provides a security ensuring mode in which a user, an E-Commerce platform, and a third-party payment platform cooperate with one another.
  • the transaction process is monitored throughout the transaction, and an alarm can be sent in real time.
  • a software behavior monitoring and verification system where the system is composed of three parts comprising a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system.
  • the software behavior certificate is formed by a professional according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform to define normal legal interaction behavior of the three parties, and the software behavior certificate is a software behavior model formed corresponding to interaction modes between the E-Commerce website, the third-party payment platform, and a user client.
  • the three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform and the user client, and is used to monitor, in real time, data packets transmitted between the three parties in a complete transaction, and extract and integrate necessary parameter information (comprising a URL address and a parameter and the like) in the data packets, so as to send key information to the real-time software behavior verification system.
  • the three-party software behavior monitor is technically based on jpcap, and mainly captures HTTP data packets, and extracts URL addresses and parameter information in the data packets, a serial number of the E-Commerce and a serial number of the third-party payment platform in the three parties of the transaction, and then establishes a socket connection with the real-time software behavior verification system, and sends the key information to the real-time software behavior verification system by using a TCP data packet.
  • the real-time software behavior verification system After receiving data packets of interaction information in the transaction that are respectively submitted by the three-party software behavior monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets, and compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors comprising disorder and identity spoofing.
  • each transition_node in the software behavior certificate is a behavior node; data packets captured by any of the three parties are grouped into two categories: received message and sent message, which respectively correspond to input and output in the transition_node; the received message and the sent message need to meet such a logical sequence that the received message is prior to the sent message; and the captured behavior sequence is compared with the corresponding transition_node, and once the logical sequence is not met, an alarm is sent;
  • the real-time software behavior verification system further compares a current subject of the received message or the sent message with a subject name recorded by an attribute attri in the certificate behavior node (transition_node); if they are inconsistent, it indicates that an unauthorized user performs an identity spoofing attack, and an alarm is sent immediately;
  • a place_node defines a logical sequence between behavior nodes, and the behavior nodes (transition_node) are arranged according to a particular transaction sequence; and once a skip or disorder occurs, it indicates that the legal normal transaction process is broken and an irregular operation occurs, and an alarm is sent immediately.
  • the innovative points of the present invention and the beneficial effects thereof are as follows: by using key parameters such as URL exchanged among the three parties, a legal normal interaction process in the transaction of the three parties is defined, and a software behavior certificate is provided.
  • the software behavior certificate is formed by a professional according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform to define normal legal interaction behavior of the three parties.
  • the present invention provides a security ensuring mode in which the user, the E-Commerce platform, and the third-party payment platform cooperate with one another. The transaction process is monitored throughout the transaction, and an alarm can be sent in real time.
  • FIG. 1 is an architecture diagram of software behavior monitoring and verification.
  • FIG. 2 is a flowchart of a three-party software behavior monitor.
  • FIG. 3 is a flowchart of a real-time software behavior verification system.
  • FIG. 4 is a format (place_node) of a software behavior certificate.
  • FIG. 5 is a format (transition_node) of a software behavior certificate.
  • FIG. 1 The architecture of the whole software behavior monitoring and verification system is shown in FIG. 1 .
  • the whole software behavior monitoring and verification system stores behavior of real authorized users and uses the behavior to form a software behavior certificate, and performs real-time comparison and one-step verification on the three-party interaction behavior sequence and the software behavior certificate in the transaction process mainly according to a global unique order number; once any party has illegal behavior such as disorder of messages or identity spoofing, an alarm is sent or certain measures are taken.
  • the three-party software behavior monitor a data packet monitor installed on an E-Commerce website, a third-party payment platform, and a user client, and used to monitor, in real time, data packets transmitted between the three parties in a complete transaction, and extract and integrate necessary parameter information in the data packets, so as to send key information to the real-time software behavior verification system.
  • the monitor is technically based on jpcap, and mainly captures HTTP data packets, and extracts URL addresses and parameter information in the data packets, a serial number of the E-Commerce website, and a serial number of the third-party payment platform in the three parties of the transaction.
  • the monitor establishes a socket connection with the real-time software behavior verification system, and sends the key information to the real-time software behavior verification system by using a TCP data packet.
  • the three-party software behavior monitoring process is shown in FIG. 2 ;
  • FIG. 3 is a flowchart of the real-time software behavior verification system:
  • the software behavior certificate is formed according to interaction modes between the three parties, that is, the E-Commerce website, the third-party payment platform, and the user client, comprising the interaction modes between any two of them; the software behavior certificate is manually created by a professional, and is stored in a server in the format of an XML file.
  • FIG. 4 and FIG. 5 The format of the software behavior certificate is shown in FIG. 4 and FIG. 5 :
  • input is a key parameter (URL and the like) received by any of the three parties (user, E-Commerce website, and third-party payment platform); and output is a key parameter sent by the current party; the interaction information represents a software behavior sequence.
  • the software behavior defined in the software behavior certificate has certain behavior logic, which represents the interaction sequence of the three parties, premise conditions, and the like.
  • Each transition_node in the software behavior certificate is a behavior node; the data packets captured by any of the three parties are grouped into two categories: received message and sent message, which respectively correspond to input and output in the transition_node; the received message and the sent message need to meet such a logical sequence that the received message is prior to the sent message; and the captured behavior sequence is compared with the corresponding transition_node; and once the logical sequence is not met, an alarm is sent.
  • the real-time software behavior verification system further compares a current subject of the received message or the sent message with a subject name recorded by an attribute attri in the certificate behavior node (transition_node); and if they are inconsistent, it indicates that an unauthorized user performs an identity spoofing attack, and an alarm is sent immediately.
  • a place_node defines a logical sequence between behavior nodes, and the behavior nodes (transition_node) are arranged according to a particular transaction sequence; and once a skip or disorder occurs, it indicates that the legal normal transaction process is broken and an irregular operation occurs, and an alarm sent immediately.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a software behavior monitoring and verification system, which is composed of three parts including a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system. The software behavior certificate is formed according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform; the three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform, and the user client; after receiving data packets of interaction information in the transaction that are respectively submitted by the three-party monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets, and compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors such as disorder and identity spoofing. By using key parameters such as URL exchanged among the three parties, a legal normal interaction process in the transaction of the three parties is defined, and a software behavior certificate is provided.

Description

    BACKGROUND OF THE PRESENT INVENTION
  • 1. Field of Invention
  • The present invention relates to the field of E-Commerce online transaction security and monitoring technologies.
  • 2. Description of Related Arts
  • With the development of Internet, E-Commerce has gradually become a new mode for commerce activities of people, and become an important business mode in international trade. Based on computer technology, communications technology, and network technology, E-Commerce uses methods such as electronic data exchange, emails, and electronic payment to implement electronic, digital, and network business of the whole commerce activities. With the emergence of electronic transaction platforms, the whole procedures of sales, transaction, and confirmation are replaced by online transaction. Electronic Brokerage System (EBS) of the early bank transaction system of the first generation has developed to individual transaction platforms researched and developed by banks, and then to multi-subject transaction platforms provided by third parties and application program interfaces (APIs) demanded by the market. The development process of electronic transaction is rather rapid, but it also faces many opportunities and regulations.
  • In recent years, the E-Commerce modes mainly include B2C, B2B, and C2C. However, these modes generally adopts third-party payment mode. Users, E-Commerce websites, and third-party payment platforms are three main subjects in the current electronic transaction process. The aforementioned three parties trust each other on the basis of technologies such as signature, verification, and encryption, and invoke interfaces from each other for communications, thereby cooperating to complete the whole online transaction process. However, since the current software development technology is imperfect, user client software, E-Commerce websites, and even third-party payment platforms may have communications interface vulnerabilities and logic errors.
  • The present invention faces the situation that malicious users who are legally registered often use these vulnerabilities to be engaged in illegal behaviors, and make illegal profits for themselves. Moreover, because the vulnerabilities are diversified and hard to detect and protect, user behavior is changeful, and network platforms are in a distributed structure and have loose coupling, conventional security methods cannot ensure the security of current electronic network transactions.
  • SUMMARY OF THE PRESENT INVENTION
  • An object of the present invention is to overcome the disadvantages of the prior art. The present invention discloses a software behavior monitoring and verification system, and provides a security ensuring mode in which a user, an E-Commerce platform, and a third-party payment platform cooperate with one another. The transaction process is monitored throughout the transaction, and an alarm can be sent in real time.
  • The technical solutions provided by the present invention are:
  • a software behavior monitoring and verification system, where the system is composed of three parts comprising a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system.
  • The software behavior certificate is formed by a professional according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform to define normal legal interaction behavior of the three parties, and the software behavior certificate is a software behavior model formed corresponding to interaction modes between the E-Commerce website, the third-party payment platform, and a user client.
  • The three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform and the user client, and is used to monitor, in real time, data packets transmitted between the three parties in a complete transaction, and extract and integrate necessary parameter information (comprising a URL address and a parameter and the like) in the data packets, so as to send key information to the real-time software behavior verification system. The three-party software behavior monitor is technically based on jpcap, and mainly captures HTTP data packets, and extracts URL addresses and parameter information in the data packets, a serial number of the E-Commerce and a serial number of the third-party payment platform in the three parties of the transaction, and then establishes a socket connection with the real-time software behavior verification system, and sends the key information to the real-time software behavior verification system by using a TCP data packet.
  • After receiving data packets of interaction information in the transaction that are respectively submitted by the three-party software behavior monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets, and compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors comprising disorder and identity spoofing.
  • Software behavior defined in the software behavior certificate has behavior logic, which is reflected in that:
  • 1) each transition_node in the software behavior certificate is a behavior node; data packets captured by any of the three parties are grouped into two categories: received message and sent message, which respectively correspond to input and output in the transition_node; the received message and the sent message need to meet such a logical sequence that the received message is prior to the sent message; and the captured behavior sequence is compared with the corresponding transition_node, and once the logical sequence is not met, an alarm is sent;
  • 2) in the meantime, the real-time software behavior verification system further compares a current subject of the received message or the sent message with a subject name recorded by an attribute attri in the certificate behavior node (transition_node); if they are inconsistent, it indicates that an unauthorized user performs an identity spoofing attack, and an alarm is sent immediately;
  • 3) a place_node defines a logical sequence between behavior nodes, and the behavior nodes (transition_node) are arranged according to a particular transaction sequence; and once a skip or disorder occurs, it indicates that the legal normal transaction process is broken and an irregular operation occurs, and an alarm is sent immediately.
  • The innovative points of the present invention and the beneficial effects thereof are as follows: by using key parameters such as URL exchanged among the three parties, a legal normal interaction process in the transaction of the three parties is defined, and a software behavior certificate is provided. The software behavior certificate is formed by a professional according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform to define normal legal interaction behavior of the three parties. The present invention provides a security ensuring mode in which the user, the E-Commerce platform, and the third-party payment platform cooperate with one another. The transaction process is monitored throughout the transaction, and an alarm can be sent in real time.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is an architecture diagram of software behavior monitoring and verification.
  • FIG. 2 is a flowchart of a three-party software behavior monitor.
  • FIG. 3 is a flowchart of a real-time software behavior verification system.
  • FIG. 4 is a format (place_node) of a software behavior certificate.
  • FIG. 5 is a format (transition_node) of a software behavior certificate.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The architecture of the whole software behavior monitoring and verification system is shown in FIG. 1.
  • The whole software behavior monitoring and verification system stores behavior of real authorized users and uses the behavior to form a software behavior certificate, and performs real-time comparison and one-step verification on the three-party interaction behavior sequence and the software behavior certificate in the transaction process mainly according to a global unique order number; once any party has illegal behavior such as disorder of messages or identity spoofing, an alarm is sent or certain measures are taken.
  • The three-party software behavior monitor: a data packet monitor installed on an E-Commerce website, a third-party payment platform, and a user client, and used to monitor, in real time, data packets transmitted between the three parties in a complete transaction, and extract and integrate necessary parameter information in the data packets, so as to send key information to the real-time software behavior verification system. The monitor is technically based on jpcap, and mainly captures HTTP data packets, and extracts URL addresses and parameter information in the data packets, a serial number of the E-Commerce website, and a serial number of the third-party payment platform in the three parties of the transaction. Subsequently, the monitor establishes a socket connection with the real-time software behavior verification system, and sends the key information to the real-time software behavior verification system by using a TCP data packet. The three-party software behavior monitoring process is shown in FIG. 2;
  • the real-time software behavior verification system: after establishing a socket connection with the three-party software behavior monitor, the real-time software behavior verification system receives the TCP data packet sent by the three-party software behavior monitor, and extracts and integrates the key sequence and information in the data packets. Then, the real-time software behavior verification system authenticates a user behavior interaction sequence against the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors such as disorder and identity spoofing. FIG. 3 is a flowchart of the real-time software behavior verification system:
  • the software behavior certificate is formed according to interaction modes between the three parties, that is, the E-Commerce website, the third-party payment platform, and the user client, comprising the interaction modes between any two of them; the software behavior certificate is manually created by a professional, and is stored in a server in the format of an XML file.
  • The format of the software behavior certificate is shown in FIG. 4 and FIG. 5:
  • input is a key parameter (URL and the like) received by any of the three parties (user, E-Commerce website, and third-party payment platform); and output is a key parameter sent by the current party; the interaction information represents a software behavior sequence.
  • The software behavior defined in the software behavior certificate has certain behavior logic, which represents the interaction sequence of the three parties, premise conditions, and the like. Each transition_node in the software behavior certificate is a behavior node; the data packets captured by any of the three parties are grouped into two categories: received message and sent message, which respectively correspond to input and output in the transition_node; the received message and the sent message need to meet such a logical sequence that the received message is prior to the sent message; and the captured behavior sequence is compared with the corresponding transition_node; and once the logical sequence is not met, an alarm is sent. Meanwhile, the real-time software behavior verification system further compares a current subject of the received message or the sent message with a subject name recorded by an attribute attri in the certificate behavior node (transition_node); and if they are inconsistent, it indicates that an unauthorized user performs an identity spoofing attack, and an alarm is sent immediately. A place_node defines a logical sequence between behavior nodes, and the behavior nodes (transition_node) are arranged according to a particular transaction sequence; and once a skip or disorder occurs, it indicates that the legal normal transaction process is broken and an irregular operation occurs, and an alarm sent immediately.

Claims (2)

What is claimed is:
1. A software behavior monitoring and verification system, wherein
the system is composed of three parts comprising a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system, wherein
the software behavior certificate is formed by a professional according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform to define normal legal interaction behavior of the three parties, and the software behavior certificate is a software behavior model formed corresponding to interaction modes between the E-Commerce website, the third-party payment platform, and a user client;
the three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform and the user client, and is used to monitor, in real time, data packets transmitted among the three parties in a complete transaction, and extract and integrate necessary parameter information (comprising a URL address and a parameter) in the data packets, so as to send key information to the real-time software behavior verification system; the three-party software behavior monitor is based on jpcap, and mainly captures HTTP data packets, and extracts URL addresses and parameter information in the data packets, a serial number of the E-Commerce website and a serial number of the third-party payment platform in the three parties of the transaction, and then establishes a socket connection with the real-time software behavior verification system, and sends the key information to the real-time software behavior verification system by using a TCP data packet; and
after receiving data packets of interaction information in the transaction that are respectively submitted by the three-party software behavior monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets; compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors comprising disorder and identity spoofing.
2. The software behavior monitoring and verification system as in claim 1, wherein software behavior defined in the software behavior certificate has behavior logic, which is reflected in that:
1) each transition_node in the software behavior certificate is a behavior node; data packets captured by any of the three parties are grouped into two categories: received message and sent message, which respectively correspond to input and output in the transition_node; the received message and the sent message need to meet such a logical sequence that the received message is prior to the sent message; and the captured behavior sequence is compared with the corresponding transition_node, and once the logical sequence is not met, an alarm is sent;
2) the real-time software behavior verification system further compares a current subject of the received message or the sent message with a subject name recorded by an attribute attri in the certificate behavior node (transition_node); and if they are inconsistent, it indicates that an unauthorized user performs an identity spoofing attack, and an alarm is sent immediately;
3) a place_node defines a logical sequence between behavior nodes, the behavior nodes (transition_node) are arranged according to a particular transaction sequence, and once a skip or disorder occurs, it indicates that the legal normal transaction process is broken and an irregular operation occurs, and an alarm is sent immediately.
US14/441,115 2014-01-06 2014-06-23 Software behavior monitoring and verification system Abandoned US20160171494A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201410014450.6 2014-01-06
CN201410014450.6A CN103714456B (en) 2014-01-06 2014-01-06 Software action monitoring verification system
PCT/CN2014/080494 WO2015100969A1 (en) 2014-01-06 2014-06-23 Software behavior monitoring and verification system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/080494 A-371-Of-International WO2015100969A1 (en) 2014-01-06 2014-06-23 Software behavior monitoring and verification system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/245,212 Continuation-In-Part US11113412B2 (en) 2014-01-06 2019-01-10 System and method for monitoring and verifying software behavior

Publications (1)

Publication Number Publication Date
US20160171494A1 true US20160171494A1 (en) 2016-06-16

Family

ID=50407408

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/441,115 Abandoned US20160171494A1 (en) 2014-01-06 2014-06-23 Software behavior monitoring and verification system
US16/245,212 Active 2034-12-31 US11113412B2 (en) 2014-01-06 2019-01-10 System and method for monitoring and verifying software behavior

Family Applications After (1)

Application Number Title Priority Date Filing Date
US16/245,212 Active 2034-12-31 US11113412B2 (en) 2014-01-06 2019-01-10 System and method for monitoring and verifying software behavior

Country Status (6)

Country Link
US (2) US20160171494A1 (en)
CN (1) CN103714456B (en)
AU (1) AU2014101545A4 (en)
DE (1) DE112014000263T5 (en)
WO (1) WO2015100969A1 (en)
ZA (1) ZA201503032B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10037495B2 (en) * 2014-09-29 2018-07-31 Tongji University Clustering coefficient-based adaptive clustering method and system
CN109560977A (en) * 2017-09-25 2019-04-02 北京国双科技有限公司 Web site traffic monitoring method, device, storage medium, processor and electronic equipment
US10356116B2 (en) * 2016-04-07 2019-07-16 IDfusion, LLC Identity based behavior measurement architecture
CN110120964A (en) * 2018-02-07 2019-08-13 北京三快在线科技有限公司 User behavior monitoring method and device and calculating equipment
US11336668B2 (en) * 2019-01-14 2022-05-17 Penta Security Systems Inc. Method and apparatus for detecting abnormal behavior of groupware user
CN117081856A (en) * 2023-10-13 2023-11-17 湖南视觉伟业智能科技有限公司 Intelligent space analysis platform and early warning method based on cloud computing

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103714456B (en) * 2014-01-06 2015-08-19 同济大学 Software action monitoring verification system
CN104270359B (en) * 2014-09-25 2018-04-17 同济大学 The authentic authentication system and method for network trading
CN105184630A (en) * 2015-08-28 2015-12-23 王子瑜 Transaction flow legality detection method and system
CN105260675B (en) * 2015-10-16 2017-03-15 北京源创云网络科技有限公司 Electronic data consistency verification method, device, system and deposit card verification platform
CN106875167B (en) * 2016-08-18 2020-08-04 阿里巴巴集团控股有限公司 Detection method and device for fund transaction path in electronic payment process
CN108229964B (en) * 2017-12-25 2021-04-02 同济大学 Transaction behavior profile construction and authentication method, system, medium and equipment
US11070506B2 (en) * 2018-01-10 2021-07-20 Vmware, Inc. Email notification system
CN109885485B (en) * 2019-01-21 2022-08-05 中国光大银行股份有限公司 Transaction conflict detection method and device
US11799857B2 (en) 2021-08-31 2023-10-24 Cisco Technology, Inc. Software posture for zero trust access
CN113888760B (en) * 2021-09-29 2024-04-23 平安银行股份有限公司 Method, device, equipment and medium for monitoring violation information based on software application
US20230171281A1 (en) * 2021-11-29 2023-06-01 Canonic Security Technologies Ltd. System and method thereof for generating a threat indicator of an agentless third-party application
CN116069549A (en) * 2023-01-09 2023-05-05 国网江苏省电力有限公司 Non-homologous configuration consistency verification method and system based on effective configuration information

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130333033A1 (en) * 2012-06-06 2013-12-12 Empire Technology Development Llc Software protection mechanism
US20150121135A1 (en) * 2013-10-31 2015-04-30 Assured Information Security, Inc. Virtual machine introspection facilities
US20170230363A1 (en) * 2014-05-09 2017-08-10 Behaviometrics Ab Method, computer program, and system for identifying multiple users based on their behavior

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040034583A1 (en) * 2002-08-15 2004-02-19 Lanier Cheryl Lynn Systems and methods for performing electronic check commerce
CN1900963A (en) * 2005-07-18 2007-01-24 中国银联股份有限公司 Online safety payment system
JP4618263B2 (en) * 2007-03-23 2011-01-26 株式会社豊田中央研究所 Software behavior monitoring apparatus and software behavior monitoring system
JP5081480B2 (en) * 2007-03-28 2012-11-28 株式会社エヌ・ティ・ティ・ドコモ Software behavior modeling device, software behavior modeling method, software behavior verification device, and software behavior verification method
US20080293380A1 (en) * 2007-05-24 2008-11-27 Jim Anderson Messeaging service
CN101706937A (en) * 2009-12-01 2010-05-12 中国建设银行股份有限公司 Method and system for monitoring electronic bank risks
CN102194177A (en) * 2011-05-13 2011-09-21 南京柯富锐软件科技有限公司 System for risk control over online payment
WO2013018096A1 (en) * 2011-08-03 2013-02-07 Ramot At Tel-Aviv University Ltd. Use of integrase for targeted gene expression
CN103489101A (en) * 2012-06-14 2014-01-01 海瑞斯信息科技(苏州)有限公司 Safe electronic payment system and payment method based on converged communication technology
CN103279883B (en) * 2013-05-02 2016-06-08 上海携程商务有限公司 Electronic-payment transaction risk control method and system
CN103714456B (en) * 2014-01-06 2015-08-19 同济大学 Software action monitoring verification system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130333033A1 (en) * 2012-06-06 2013-12-12 Empire Technology Development Llc Software protection mechanism
US20150121135A1 (en) * 2013-10-31 2015-04-30 Assured Information Security, Inc. Virtual machine introspection facilities
US20170230363A1 (en) * 2014-05-09 2017-08-10 Behaviometrics Ab Method, computer program, and system for identifying multiple users based on their behavior

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10037495B2 (en) * 2014-09-29 2018-07-31 Tongji University Clustering coefficient-based adaptive clustering method and system
US10356116B2 (en) * 2016-04-07 2019-07-16 IDfusion, LLC Identity based behavior measurement architecture
US10958678B2 (en) 2016-04-07 2021-03-23 IDfusion, LLC Identity based behavior measurement architecture
CN109560977A (en) * 2017-09-25 2019-04-02 北京国双科技有限公司 Web site traffic monitoring method, device, storage medium, processor and electronic equipment
CN110120964A (en) * 2018-02-07 2019-08-13 北京三快在线科技有限公司 User behavior monitoring method and device and calculating equipment
US11336668B2 (en) * 2019-01-14 2022-05-17 Penta Security Systems Inc. Method and apparatus for detecting abnormal behavior of groupware user
CN117081856A (en) * 2023-10-13 2023-11-17 湖南视觉伟业智能科技有限公司 Intelligent space analysis platform and early warning method based on cloud computing

Also Published As

Publication number Publication date
CN103714456B (en) 2015-08-19
AU2014101545A4 (en) 2015-07-02
US11113412B2 (en) 2021-09-07
CN103714456A (en) 2014-04-09
US20190163925A1 (en) 2019-05-30
WO2015100969A1 (en) 2015-07-09
DE112014000263T5 (en) 2015-10-15
ZA201503032B (en) 2018-11-28

Similar Documents

Publication Publication Date Title
AU2014101545A4 (en) Software behavior monitoring and verification system
Li et al. EduRSS: A blockchain-based educational records secure storage and sharing scheme
JP6527590B2 (en) System and method for detecting covert channel network intrusion based on offline network traffic
TWI635412B (en) Method, device and system for verifying user identity by using social relationship data
Jahankhani et al. Cybercrime classification and characteristics
US9967265B1 (en) Detecting malicious online activities using event stream processing over a graph database
US20210377258A1 (en) Attributed network enabled by search and retreival of privity data from a registry and packaging of the privity data into a digital registration certificate for attributing the data of the attributed network
US20150227761A1 (en) Systems and methods for secure messaging
CN103501229B (en) Method for conducting safety certification based on e-commerce platform safety certification system managed by supply chain
CN113254947B (en) Vehicle data protection method, system, equipment and storage medium
CN107124281A (en) A kind of data security method and related system
CN110958239B (en) Method and device for verifying access request, storage medium and electronic device
CN106101092A (en) A kind of information evaluation processing method and first instance
Onwubiko Fraud matrix: A morphological and analysis-based classification and taxonomy of fraud
ITTO20130513A1 (en) SYSTEM AND METHOD FOR FILTERING ELECTRONIC MESSAGES
CN111274597B (en) Data processing method and device
CN111833062A (en) Credibility verification system for digital asset data packet
TWI422206B (en) Tolerant key verification method
Iorliam Cybersecurity in Nigeria: A Case Study of Surveillance and Prevention of Digital Crime
CN113536372B (en) Data processing method and device and electronic equipment
Ahmed et al. Impact and Significance of Human Factors in Digital Information Security
CN109658101A (en) A kind of block chain hardware encryption safe mechanism
CN107181619A (en) The monitoring system of service condition
TW201835794A (en) Method and device for recording website access log
CN115119070B (en) Video signing method, device and system based on alliance chain

Legal Events

Date Code Title Description
AS Assignment

Owner name: TONGJI UNIVERSITY, CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:JIANG, CHANGJUN;CHEN, HONGZHONG;YAN, CHUNGANG;AND OTHERS;REEL/FRAME:038492/0838

Effective date: 20150515

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION