Modeling and vulnerable points analysis for E-commerce transaction system with a known attack

Abstract

With the rapid development of network and mobile terminal, online trading has become more and more widespread. However, E-commerce transaction systems aren’t completely strong due to the openness of network. Some points of a system is vulnerable in the real world and thus they can be utilized by attackers and cheaters. We focus on E-commerce transaction systems with attacks, and propose a kind of Petri nets called VET-net (Vulnerable E-commerce Transaction nets) to model them. A VET-net considers both normal actions belonging to the related system and malicious actions ones such as tampering with a data. Based on VET-net, this paper proposes the concepts of vulnerable points and vulnerable levels in order to describe the cause and levels of vulnerability. And then it uses the dynamic sling method to locate the vulnerable points. A real example is used to illustrate the effectiveness and rationality of our concepts and method.