Abstract

The concept of exchanging goods and services over the Internet has seen an exponential growth in popularity over the years. The Internet has been a major breakthrough of online transactions, leaping over the hurdles of currencies and geographic locations. However, the anonymous nature of the Internet does not promote an idealistic environment for transactions to occur. The increase in online transactions has been added with an equal increase in the number of attacks against security of online systems.

Auction sites and e-commerce web applications have seen an increase in fraudulent transactions. Some of these fraudulent transactions that are executed in e-commerce applications happen due to successful computer intrusions on these web sites. Although a lot of awareness has been raised about these facts, there has not yet been an effective solution to adequately address the problem of application-based attacks in e-commerce.

This paper proposes a fraud detection system that uses different anomaly detection techniques to predict computer intrusion attacks in e-commerce web applications. The system analyses queries that are generated when requesting server-side code on an e-commerce site, and create models for different features when information is extracted from these queries. Profiles associated with the e-commerce application are automatically derived from a training dataset.