Online shopping integrating third-party payment platforms (TPPs) has rapidly developed recently. The integration leads to new security problems derived from complex interactions among Application Programming Interfaces (APIs), and the detection of such defects in application-level is costly and difficult. To deal with these security issues at the online stages, this paper presents a framework of modeling and monitoring online shopping business processes from the point of legal behavior patterns. We present Online Shopping Net (OSN) to model the normal business process, and make it as the legal behavior pattern used to monitor system behaviors. Then, a monitor based on OSN is constructed. The system behaviors beyond the legal behavior pattern would be alarmed and blocked. It is a novel attempt to guarantee the security of online shopping from the point of behaviors and online monitoring. Using the active defense tactics, we can effectively prevent the illegal behaviors of the users at application-level instead of constantly fixing bugs of applications. As a case study, we simulate an e-commerce site and a TPP, and the monitor can effectively prevent the malicious behaviors appearing recently.

• 出版日期2013
• 单位同济大学