Security challenges and solutions for e-business

The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated.

[1]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[2]  Ali Yazdian Varjani,et al.  New rule-based phishing detection method , 2016, Expert Syst. Appl..

[3]  Chelsea Hicks,et al.  Privacy and biometrics: An empirical examination of employee concerns , 2016, Information Systems Frontiers.

[4]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[5]  Ching Y. Suen,et al.  Iris recognition using shape-guided approach and game theory , 2011, Pattern Analysis and Applications.

[6]  Arun Ross,et al.  A hybrid fingerprint matcher , 2002, Object recognition supported by user interaction for service robots.

[7]  Qiushi Zhao,et al.  Palm Vein Verification Using Gabor Filter , 2013 .

[8]  Jos van Hillegersberg,et al.  A Service-Oriented E-Commerce Reference Architecture , 2016, J. Theor. Appl. Electron. Commer. Res..

[9]  Soo-Won Kim,et al.  Hand Biometric Recognition Based on Fused Hand Geometry and Vascular Patterns , 2013, Sensors.

[10]  Andrew Zisserman,et al.  Deep Face Recognition , 2015, BMVC.

[11]  Pedro Sousa,et al.  Biometric access control systems: A review on technologies to improve their efficiency , 2016, 2016 IEEE International Power Electronics and Motion Control Conference (PEMC).

[12]  A Survey of Biometrics Security Systems , 2011 .

[13]  Elmarie Kritzinger,et al.  A conceptual analysis of information security education, information security training and information security awareness definitions , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[14]  Mayank Vatsa,et al.  Does Iris Change Over Time? , 2013, PloS one.

[15]  Dimitriadis Evangelos,et al.  The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes , 2016 .

[16]  Vincenzo Morabito,et al.  Business Innovation Through Blockchain , 2017 .

[17]  Sebastian Abeck,et al.  A View-based Approach for Service-Oriented Security Architecture Specification , 2011, ICIW 2011.

[18]  Angelo Furfaro,et al.  Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[19]  Steve Love,et al.  Designing a mobile game to thwarts malicious IT threats: A phishing threat avoidance perspective , 2015, ArXiv.

[20]  Jen-Chun Lee,et al.  A novel biometric system based on palm vein image , 2012, Pattern Recognit. Lett..

[21]  Waleed H. Abdulla,et al.  Palm vein recognition using curvelet transform , 2012, IVCNZ '12.

[22]  Joan Hash,et al.  Building an Information Technology Security Awareness and Training Program , 2003 .

[23]  Ming Yang,et al.  DeepFace: Closing the Gap to Human-Level Performance in Face Verification , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[24]  Zhenhai Duan,et al.  A Sender-Centric Approach to Detecting Phishing Emails , 2012, 2012 International Conference on Cyber Security.

[25]  Chin-Wang Tao,et al.  Iris Recognition Using Possibilistic Fuzzy Matching on Local Features , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[26]  Marc Pilkington,et al.  Blockchain Technology: Principles and Applications , 2015 .

[27]  Konstantin Beznosov,et al.  Phishing threat avoidance behaviour: An empirical investigation , 2016, Comput. Hum. Behav..

[28]  Ajay Kumar,et al.  Human Identification Using Palm-Vein Images , 2011, IEEE Transactions on Information Forensics and Security.

[29]  Manuel Flores,et al.  Fingerprint verification methods using delaunay triangulations , 2017, Int. Arab J. Inf. Technol..

[30]  David A. Elizondo,et al.  A renewed approach to serious games for cyber security , 2015, 2015 7th International Conference on Cyber Conflict: Architectures in Cyberspace.

[31]  John Daugman How iris recognition works , 2004 .

[32]  Deepak H. Sharma,et al.  Security-as-a-Service from Clouds: A Comprehensive Analysis , 2013 .

[33]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[34]  Andrew Zisserman,et al.  A Compact and Discriminative Face Track Descriptor , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[35]  Qiang Huo,et al.  Minutiae Matching Based Fingerprint Verification Using Delaunay Triangulation and Aligned-Edge-Guided Triangle Matching , 2005, AVBPA.

[36]  L. V. Batista,et al.  Analysis of the Performance Improvement Obtained by a Genetic Algorithm-based Approach on a Hand Geometry Dataset , 2015 .

[37]  Sungryoul Lee,et al.  Kargus: a highly-scalable software-based intrusion detection system , 2012, CCS.

[38]  Anne E. James,et al.  Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks , 2015, Comput. Electr. Eng..

[39]  Rachit Mathur,et al.  PREDICTING THE FUTURE OF STEALTH ATTACKS , 2011 .

[40]  Xiaogang Wang,et al.  DeepID3: Face Recognition with Very Deep Neural Networks , 2015, ArXiv.

[41]  Zhenhua Guo,et al.  Online joint palmprint and palmvein verification , 2011, Expert Syst. Appl..

[42]  Ashraf Darwish,et al.  A New Hybrid Cryptosystem for Internet of Things Applications , 2017 .

[43]  Eleni Berki,et al.  Towards a contingency approach with whitelist- and blacklist-based anti-phishing applications: what do usability tests indicate? , 2014, Behav. Inf. Technol..

[44]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[45]  C. K. Jha,et al.  Implementing the Logical Security Framework for E-Commerce Based on Service-Oriented Architecture , 2016 .

[46]  Anne James,et al.  Using Cisco Network Components to Improve NIDPS Performance , 2016 .

[47]  Gaogang Xie,et al.  Scalable high-performance parallel design for Network Intrusion Detection Systems on many-core processors , 2013, Architectures for Networking and Communications Systems.

[48]  Godwin J. Udo,et al.  Privacy and security concerns as major barriers for e-commerce: a survey study , 2001, Inf. Manag. Comput. Secur..

[49]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[50]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) , 2005, RFC.

[51]  Ming Yang,et al.  Web-scale training for face identification , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[52]  Sotiris Ioannidis,et al.  MIDeA: a multi-parallel intrusion detection architecture , 2011, CCS '11.

[53]  Munish Sabharwal The Assessment of Concerns, Opinions and Perceptions of Bank Customers to find the Significant Metrics for Deployment of Biometrics in E-Banking , 2016 .

[54]  Xiangji Huang,et al.  Mining network data for intrusion detection through combining SVMs with ant colony networks , 2014, Future Gener. Comput. Syst..

[55]  Said Jafari,et al.  Enhancing Security Culture through User-Engagement: An Organisational Perspective , 2017, Int. J. ICT Res. Afr. Middle East.

[56]  B. V. K. Vijaya Kumar,et al.  Cancelable biometric filters for face recognition , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[57]  Vincenzo Morabito,et al.  The Security of Blockchain Systems , 2017 .

[58]  Arun Ross,et al.  An introduction to biometrics , 2008, ICPR 2008.

[59]  B. Mathivanan,et al.  Multi Dimensional Hand Geometry Based Biometric Verification and Recognition System , 2012 .

[60]  Julius Beneoluchi Odili,et al.  Response option for attacks detected by intrusion detection system , 2015, 2015 4th International Conference on Software Engineering and Computer Systems (ICSECS).

[61]  John V. Monaco Robust Keystroke Biometric Anomaly Detection , 2016, ArXiv.

[62]  Abhishek Singhal,et al.  A literature survey on social engineering attacks: Phishing attack , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[63]  Anne E. James,et al.  Improving network intrusion detection system performance through quality of service configuration and parallel technology , 2015, J. Comput. Syst. Sci..

[64]  Lei Zhang,et al.  The Public Security and Personal Privacy Survey: Biometric Technology in Hong Kong , 2016, IEEE Security & Privacy.

[65]  Andrew Zisserman,et al.  Learning Local Feature Descriptors Using Convex Optimisation , 2014, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[66]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[67]  Sarah Elizabeth Kennedy The pathway to security - mitigating user negligence , 2016, Inf. Comput. Secur..

[68]  Ahmed Bouridane,et al.  Does independent component analysis perform well for iris recognition? , 2012, Intell. Data Anal..

[69]  Ashish Kumar Dwivedi,et al.  Incorporating Security Features in Service-Oriented Architecture using Security Patterns , 2015, SOEN.

[70]  Pohsiang Tsai,et al.  BSPNN: boosted subspace probabilistic neural network for email security , 2011, Artificial Intelligence Review.

[71]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[72]  Elaine Shi,et al.  On Scaling Decentralized Blockchains - (A Position Paper) , 2016, Financial Cryptography Workshops.

[73]  M. S. Kumbhar,et al.  An Identity-Authentication System Using Fingerprints , 2012 .

[74]  Xiangqian Wu,et al.  Palm Vein Verification Using Multiple Features and Locality Preserving Projections , 2014, TheScientificWorldJournal.

[75]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[76]  Massimiliano Rak,et al.  Intrusion Tolerance of Stealth DoS Attacks to Web Services , 2012, SEC.

[77]  Clyde W. Holsapple,et al.  Measuring perceived security in B2C electronic commerce website usage: A respecification and validation , 2014, Decis. Support Syst..

[78]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[79]  M. Iansiti,et al.  The Truth about Blockchain , 2017 .

[80]  M. Angela Sasse,et al.  Security Education against Phishing: A Modest Proposal for a Major Rethink , 2012, IEEE Security & Privacy.

[81]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[82]  Fei He,et al.  Efficient Iris Recognition Based on Optimal Subfeature Selection and Weighted Subregion Fusion , 2014, TheScientificWorldJournal.

[83]  Agustín Álvarez Marquina,et al.  Improving speaker recognition by biometric voice deconstruction , 2015 .

[84]  Anne E. James,et al.  Sensing for suspicion at scale: A Bayesian approach for cyber conflict attribution and reasoning , 2012, 2012 4th International Conference on Cyber Conflict (CYCON 2012).

[85]  Jiankun Hu,et al.  A Delaunay Triangle-Based Fuzzy Extractor for Fingerprint Authentication , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.