SYSTEM AND METHOD FOR MONITORING AND VERIFYING SOFTWARE BEHAVIOR

    公开(公告)号:US20190163925A1

    公开(公告)日:2019-05-30

    申请号:US16245212

    申请日:2019-01-10

    申请人: TONGJI UNIVERSITY

    IPC分类号: G06F21/62 G06Q20/40

    摘要: The present invention discloses a method and system configured for monitoring and verifying software behavior, comprising: receiving, by a software behavior verification system based on a physical hardware system, legal user behavior data containing user activities performed during legal electronic transactions and storing the legal user behavior data as a software behavior model; monitoring, by a software behavior monitor, data packets transmitted in a transaction, and sending data packets to the software behavior verification system; retrieving, by the behavior verification system, expected key sequences and information in the data packets; comparing the key sequences and information retrieved from the data packets with that of the software behavior model; if the key sequences and information retrieved from the data packets does not consistence with the software behavior model, it is determined that the transaction is an illegal electronic transactions, and the transaction is closed.

    SOFTWARE BEHAVIOR MONITORING AND VERIFICATION SYSTEM
    2.
    发明申请
    SOFTWARE BEHAVIOR MONITORING AND VERIFICATION SYSTEM 审中-公开
    软件行为监测和验证系统

    公开(公告)号:US20160171494A1

    公开(公告)日:2016-06-16

    申请号:US14441115

    申请日:2014-06-23

    申请人: TONGJI UNIVERSITY

    IPC分类号: G06Q20/40 H04L29/06 G06Q20/38

    摘要: The present invention relates to a software behavior monitoring and verification system, which is composed of three parts including a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system. The software behavior certificate is formed according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform; the three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform, and the user client; after receiving data packets of interaction information in the transaction that are respectively submitted by the three-party monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets, and compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors such as disorder and identity spoofing. By using key parameters such as URL exchanged among the three parties, a legal normal interaction process in the transaction of the three parties is defined, and a software behavior certificate is provided.

    摘要翻译: 本发明涉及一种软件行为监控和验证系统,由软件行为证书,三方软件行为监控器和实时软件行为验证系统三部分组成。 在用户,电子商务网站和第三方支付平台之间的正确交易过程中,根据三方通信数据包形成软件行为证书; 三方软件行为监控器是安装在电子商务网站,第三方支付平台和用户客户端上的数据包监视器; 实时软件行为验证系统在收到由三方监控者分别提交的交易中的交互信息数据包后,将数据包中的密钥序列和信息进行提取和整合,并将用户行为交互序列与 软件行为模型根据全球唯一的订单号实时实时发送,并在诸如无序和身份欺骗等非法行为的情况下发送报警并终止交易。 通过使用三方之间交换的URL等关键参数,定义了三方交易中的合法正常交互过程,并提供了软件行为证书。