Threats of price scraping on e-commerce websites: attack model and its detection using neural network
- PDF / 3,058,109 Bytes
- 15 Pages / 595.276 x 790.866 pts Page_size
- 98 Downloads / 200 Views
ORIGINAL PAPER
Threats of price scraping on e-commerce websites: attack model and its detection using neural network Rizwan Ur Rahman1,2 · Deepak Singh Tomar1 Received: 4 December 2019 / Accepted: 21 September 2020 © Springer-Verlag France SAS, part of Springer Nature 2020
Abstract Scrapers are automated programs that mechanically traverse the website and steal the data from websites. According to numerous web traffic reports nearly fifty percent of the website traffic is coming from automated programs. Security issues of e-commerce websites are still in the initial phase, and despite a huge growth of e-commerce development, many security issues remain untouched. One of the most critical attacks on e-commerce application is price scraping as far as the competitors are concerned. Price Scraping is a method wherein prices of products are copied from e-commerce websites. According to bot traffic report, 21% of e-commerce traffic is coming from price scrapers. This paper provides well-known tools and techniques used for price scraping. In this paper, we have developed a novel attack scenario of price scraping attack. We have explained the execution steps of the developed attack scenario in systematic manner. In this paper, we also developed a security mechanism using time and byte entropy analysis. The proposed approach is evaluated by various experiments and the result analysis reveals that the proposed approach is efficient in differentiating price scrapers from human users. Keywords Web security · Price scraping · Web bot · Web scrapping · Cyber crime
1 Introduction E-commerce applications have increased exponentially in the past years and are likely to develop rapidly in the future. E-commerce applications have triggered fast and extensive development of information technology. The development includes the computerization of conventional commercial transactions and the creation of new transaction methods that were impossible without the use of extensively deployed information technology. E-Commerce applications have different parts, for instance, database server, web application server, and the (PGI) payment gateway interface for online transactions [1]. E-Commerce security is one of the major concerns which protect e-commerce users and businesses engaging with ecommerce. E-commerce application security is a branch of Information Security and is mainly applied to the compo-
B
Rizwan Ur Rahman [email protected]; [email protected]
1
Department of CSE and IT, Maulana Azad National Institute of Technology, Bhopal 462003, India
2
Department of CSE and IT, Jaypee University of Information Technology, Solan 173234, India
nents of e-commerce applications. Every component of an e-commerce application is vulnerable to numerous cyber attacks. For example, cyber attacks which mainly target the users are account takeover and account lockout attacks. On the other hand, the attack which targets the transaction is man in the middle attack. However, among those attacks, the most dangerous attack is the pr
Data Loading...
