【作者】 程明智；

【导师】 杨义先；

【作者基本信息】 北京邮电大学 ， 密码学， 2010， 博士

【摘要】 在电子商务应用飞速发展的今天,电子商务环境中的安全问题研究具有现实的经济及社会意义。通过对电子商务环境中计算机系统层面、电子商务应用层面以及内容安全层面等层面的安全威胁进行整理和分析,并重点分析电子商务在实际应用过程中会存在的安全问题,包括B2B应用模式中信息交互的实时性要求为电子商务应用带来的信息安全加解密速度问题；作为商业交易的虚拟社区,电子商务环境中的企业关注的用户消费行为分析、第三方运营商关注的用户恶意评论控制以及政府关心的反洗钱等信息内容安全问题。最终定位出本文的研究重点,即电子商务环境中加解密快速实现方法和网络用户反馈信息的挖掘分析算法实现。本文的主要工作包括：1、提出了一种有限域乘法快速实现方法。对于电子商务B2B应用模式中用户之间信息交互实时性强和安全性高的需求,虽然通过使用ECC和AES进行对称密码和非对称密码混合加密的方法,即利用ECC进行会话密钥加密,但是实际应用发现,当信息交互实时性要求高的应用场景下,ECC的模乘速度依然是影响实际应用效率的重要因素。为提高椭圆曲线密码应用系统中有限域上乘法计算速度,在Ⅱ类最优正规基的基础上,本文提出了一种改进的基域乘法实现算法,完成一次基域乘法,只需要进行2m+1次循环移位和1.5m次的向量XOR和m+1次向量AND运算。通过软件仿真及FPGA工程实践表明,与现有的算法相比,使用本算法能够显著提高模乘算法的效率。本算法成功用于某B2B电子商务网站的实际应用中；2、提出了一种基于随机游走的文本情感分类方法(SCG)。针对电子商务环境中Web用户的反馈信息管理,特别是恶意舆论的管理问题,文本情感分类技术具有重要的应用价值。本文提出了一种自动标注文本中词语的情感倾向性算法,该算法首先根据文本训练集,比如产品评价,建立词语的依赖关系图,图中的每个节点对应一个词,如果两个节点之间存在边,则表示相连的两个词在同一个句子中出现；然后利用随机游走算法一次性计算出图中所有词的情感倾向值；最后在得到的词的情感倾向值的基础上,用于计算实际文本集的情感类别。通过真实数据集进行实验表明,SCG这种对于文本情感分类的新算法比传统SVM以及SO-PMI算法具有更好的效果；3、提出了一种对混合数据进行聚类分析的新算法(E-ROCK)。针对电子商务B2C应用模式中客户挽留、个性化产品推荐的问题,一般的做法是通过对用户的行为信息进行聚类分析,以实现个性化服务的目的。但是目前的聚类算法研究主要都集中在对数值型数据或者分类型数据进行聚类分析,而不能准确地处理包括用户ID、访问时间、用户访问网页的URL链接、交易记录、商品类型以及消费数量等在内的混合数据。通过对现有聚类算法进行综述和对比分析,ROCK算法虽然只能处理分类型数据,但是其效率及适应性存在优势,在ROCK算法的基础上进行扩展,提出了一种能够同时处理数值型数据和分类型数据的混合数据聚类分析的新算法(E-ROCK算法),实验结果表明新算法对真实的用户数据具有很好的聚类效果。最后,介绍了分别采用SCG算法和E-ROCK算法的用户反馈分析系统和产品推荐系统在实际B2C电子商务平台中的应用结构。更多还原

【Abstract】 Along with rapid development of Electronic Commerce today, the study on the security technology in E-Commerce environment is absolutely necessary and significant.The security threat in E-Commerce environment is revieweded from the point of view of computer system level, E-Commerce application level and content security level. The security issue in the process of real application of E-Commerce is emphatically analyzed. It includes the fast information encryption issue base on the high real-time performance in the application of B2B E-Commerce model; the analysis of customer behavior in the E-Commerce environment which is concerned by enterprise in the application of B2C E-Commerce model; the other content security issues, such as the management of the malicious comment from web user which is concerned by the third-part carrier of E-Commerce applications platform, the anti-money laundering issue which is concerned by government. At the end, studying on the technology of fast information encryption and content security management in E-Commerce envirment is located as the study points.The attributions of the paper are:(1) An implementation method of fast modular multiplication in finite fields is proposed. With the requirement of high real-time performance and security during the information is exchanged in the application of B2B E-Commerce model, the hybrid encryption of AES and ECC usually is adopted for the application. In this solution, ECC is used to management the session key. When the real-time performance is especially emphasized, the process of real application in B2B E-Commerce model see the efficiency of ECC process is the key influencing factor. To improve the efficiency of ECC process, a faster modular multiplication in finite fields is requested. An improved algorithm base on the optimal normal basis (ONB) of type II is proposed in this paper. The proposed multiplier only requires (2m+1) cyclic shift operations,15m XOR gates and (m+1) AND gates to vectors.The results of stimulation with software and implementation on hardware show that the proposed method highly improves the modular multiplication efficiency compared with existing methods. The prospoed method was used in the process of real application of B2B E-Commerce model successfully;(2) A random walk method for sentiment classification (SCG) is presented. With the management of feedback information, especially those malicious comments, from web user in the E-Commerce environment, the technology of sentiment classification is very useful in many applications. In this paper, a novel method to tag words sentiment automatically is proposed. In this method, a word association graph is firstly constructed from text corpus, i.e. product reviews, in which each node is a word and if there is an edge between two words, it means the two words co-occur in the same sentence. And then, with a random walk algorithm, the sentiment score is calculated for all the words in the graph at one time. To show the effectiveness of our method, the sentiment tagging results are then used for sentiment classification on real data set. The experimental results show that the sentiment classification results with SCG are better than the compared methods, such ad SVM and SO-PMI;(3) A clustering method (E-ROCK) based on mixed data for customer behavior pattern discovering is presented. To deal with the issue of retaining customers and product recommendation in the application of B2C E-Commerce model, clustering is a reliable and efficient technology which used to discover customer behavior pattern and improve the personalization of E-Commerce systems. However, current research on clustering algorithm usually based on numeric data or categorical data, and is not suitable for mixed data set which including both numeric data and categorical data, such as the user ID, access time, the customer visited pages’URL, record of trades, commodity type, consumption etc..According the analysis of those current mainstream clustering methods, ROCK is choosed as the prototype algorithm in the research. As ROCK is only suitable for handling categorical data, to analysis customer behavior, mixed data set must be handled. With extending the ROCK algorithm, a novel method (E-ROCK) to deal with mixed data set is proposed in this paper. Experiment with real application data shows the E-ROCK algorithm is efficient and successful. At the end, the framework of a real existing B2C E-Commerce platform is introduced. The platform include two background sub-systems, feedback information analysis system and product recommendation system, where the SCG algorithm and E-ROCK algorithm are applied.更多还原