Modeling and Analyzing User Behavior Risks in Online Shopping Processes Based on Data-Driven and Petri-Net Methods

With the rapid spread of e-commerce and e-payment, the increasing number of people choose online shopping instead of traditional buying way. However, the malicious user behaviors have a significant influence on the security of users' accounts and property. In order to guarantee the security of shopping environment, a method based on Complex Event Process (CEP) and Colored Petri nets (CPN) is proposed in this paper. CEP is a data-driven technology that can correlate and process a large amount of data according to Event Patterns, and CPN is a formal model that can simulate and verify the specifications of the online shopping processes. In this work, we first define the modeling scheme to depict the user behaviors and Event Patterns of online shopping processes based on CPN. The Event Patterns can be constructed and verified by formal methods, which guarantees the correctness of Event Patterns. After that, the Event Patterns are translated into Event Pattern Language (EPL) according to the corresponding algorithms. Finally, the EPLs can be inserted into the complex event processing engine to analyze the users' behavior flows in real-time. In this paper, we validate the effectiveness of the proposed method through case studies

PETRI NET MODEL IN THE PROCESS OF SUBMISSION FOR CUSTOMER CREDIT OF BPR LAMBANG GANDA SERANG

The credit application process is one of a service that involves queues. This study aims to determine the design of the credit process application service system at the Lambang Ganda Serang Credit Bank using the Petri Net model. This study has 12 places, eight transitions, six operators, and 22 arcs of Petri Net model from credit application service system using Woped 3.2.0 version softwar

Engineering framework for service-oriented automation systems

Tese de doutoramento. Engenharia Informática. Universidade do Porto. Faculdade de Engenharia. 201

Model Petri Net Sistem Pembayaran Pajak Kendaraan Bermotor Jenis 5 Tahun

Paying taxes is an example of public service. In the process of serving, the service is often synonymous with the queuing process. Queuing is a condition in which several people or objects from a waiting line to be served are generally caused by the need for services to exceed the service capacity or service facilities so that users of arriving facilities cannot immediately receive service. Therefore, overcoming many complaints due to queues can be done by improving services and maximizing time efficiency using the Petri net model. In this study, a Petri net model of the 5-year tax payment service system for a motor vehicle at SAMSAT Oku Timur 1 was made as many as 17 places, 15 transitions, two operators, and 30 arcs using WOPED 3.2.0 software

Perfomance Analysis and Resource Optimisation of Critical Systems Modelled by Petri Nets

Un sistema crítico debe cumplir con su misión a pesar de la presencia de problemas de seguridad. Este tipo de sistemas se suele desplegar en entornos heterogéneos, donde pueden ser objeto de intentos de intrusión, robo de información confidencial u otro tipo de ataques. Los sistemas, en general, tienen que ser rediseñados después de que ocurra un incidente de seguridad, lo que puede conducir a consecuencias graves, como el enorme costo de reimplementar o reprogramar todo el sistema, así como las posibles pérdidas económicas. Así, la seguridad ha de ser concebida como una parte integral del desarrollo de sistemas y como una necesidad singular de lo que el sistema debe realizar (es decir, un requisito no funcional del sistema). Así pues, al diseñar sistemas críticos es fundamental estudiar los ataques que se pueden producir y planificar cómo reaccionar frente a ellos, con el fin de mantener el cumplimiento de requerimientos funcionales y no funcionales del sistema. A pesar de que los problemas de seguridad se consideren, también es necesario tener en cuenta los costes incurridos para garantizar un determinado nivel de seguridad en sistemas críticos. De hecho, los costes de seguridad puede ser un factor muy relevante ya que puede abarcar diferentes dimensiones, como el presupuesto, el rendimiento y la fiabilidad. Muchos de estos sistemas críticos que incorporan técnicas de tolerancia a fallos (sistemas FT) para hacer frente a las cuestiones de seguridad son sistemas complejos, que utilizan recursos que pueden estar comprometidos (es decir, pueden fallar) por la activación de los fallos y/o errores provocados por posibles ataques. Estos sistemas pueden ser modelados como sistemas de eventos discretos donde los recursos son compartidos, también llamados sistemas de asignación de recursos. Esta tesis se centra en los sistemas FT con recursos compartidos modelados mediante redes de Petri (Petri nets, PN). Estos sistemas son generalmente tan grandes que el cálculo exacto de su rendimiento se convierte en una tarea de cálculo muy compleja, debido al problema de la explosión del espacio de estados. Como resultado de ello, una tarea que requiere una exploración exhaustiva en el espacio de estados es incomputable (en un plazo prudencial) para sistemas grandes. Las principales aportaciones de esta tesis son tres. Primero, se ofrecen diferentes modelos, usando el Lenguaje Unificado de Modelado (Unified Modelling Language, UML) y las redes de Petri, que ayudan a incorporar las cuestiones de seguridad y tolerancia a fallos en primer plano durante la fase de diseño de los sistemas, permitiendo así, por ejemplo, el análisis del compromiso entre seguridad y rendimiento. En segundo lugar, se proporcionan varios algoritmos para calcular el rendimiento (también bajo condiciones de fallo) mediante el cálculo de cotas de rendimiento superiores, evitando así el problema de la explosión del espacio de estados. Por último, se proporcionan algoritmos para calcular cómo compensar la degradación de rendimiento que se produce ante una situación inesperada en un sistema con tolerancia a fallos

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Modeling and Analyzing User Behavior Risks in Online Shopping Processes Based on Data-Driven and Petri-Net Methods

With the rapid spread of e-commerce and e-payment, the increasing number of people choose online shopping instead of traditional buying way. However, the malicious user behaviors have a significant influence on the security of users’ accounts and property. In order to guarantee the security of shopping environment, a method based on Complex Event Process (CEP) and Colored Petri nets (CPN) is proposed in this paper. CEP is a data-driven technology that can correlate and process a large amount of data according to Event Patterns, and CPN is a formal model that can simulate and verify the specifications of the online shopping processes. In this work, we first define the modeling scheme to depict the user behaviors and Event Patterns of online shopping processes based on CPN. The Event Patterns can be constructed and verified by formal methods, which guarantees the correctness of Event Patterns. After that, the Event Patterns are translated into Event Pattern Language (EPL) according to the corresponding algorithms. Finally, the EPLs can be inserted into the complex event processing engine to analyze the users’ behavior flows in real-time. In this paper, we validate the effectiveness of the proposed method through case studies

Computational Enterprise Modeling and Simulation: Enabling Enterprise Performance Improvement, Modernization and Transformation

Lean Advancement Initiative Annual Conference presentatio