E-Commerce Network Security Based on Big Data in Cloud Computing Environment

College of Computer Engineering and Applied Mathematics, Changsha University, Changsha 410022, Hunan, China Hunan Province Key Laboratory of Industrial Internet Technology and Security, Changsha University, Changsha 410022, Hunan, China School of Accounting, Hunan Vocational College of Commerce, Changsha 410205, Hunan, China School of Computer Science, Hunan University of Technology and Business, Changsha 410205, Hunan, China


Introduction
Cloud computing platform, also known as cloud platform, refers to services based on hardware resources and software resources, providing computing, network, and storage capabilities. In the implementation platform of cloud computing, two are currently more popular. One is Google's own MapReduce, Bigtable, and GFS; the other is a Hadoop system, implemented by borrowing Google's technology, including the corresponding MapReduce, Hbase, and HDFS. e realization of cloud computing relies on software and hardware platforms that can realize virtualization, automatic load balancing, and on-demand. e providers in this eld are mainly traditional leading software and hardware manufacturers, such as EMC's VMware, RedHat, Oracle, IBM, HP, and Intel. e main features of these companies' products are exible and stable cluster solutions and standardized, inexpensive hardware products.
erefore, e-commerce security is not only a network security issue, but also a commercial security issue [1,2]. E-commerce security is a multidisciplinary discipline that includes not only technologies related to cybersecurity, but also technologies related to commercial security [3]. With big data and cloud computing becoming the mainstream of information technology [4,5], researching e-commerce security in big data and cloud computing environments has become an urgent academic task [6,7]. e main concern of commercial transaction security is the various security issues arising [8,9], which are virtually inseparable and complementary. Without the foundation of cybersecurity, the security of commercial transactions is like a castle in the air; there is nothing to talk about [10,11]. Commercial transactions are not secure, and even if the network itself is more secure, it cannot meet the special security requirements of e-commerce [12]. is article mainly discusses the network security of e-commerce based on big data in the cloud computing environment and aims to make certain contributions to the network security of e-commerce.
Liu et al. built an economic model that considered the trade-off between system availability and client security constraints. When a brand-building company is a pioneer, both companies have higher security restrictions on their clients. In the mixed market, each company's manager n checks the user's emphasis on security and availability. He believes that with restrictions, users begin to pay more attention to security; managers of companies with lower levels of security restrictions should increase client security restrictions [13,14]. Bing is increasingly important for activities related to reputation and integrity. erefore, he proposed an electronic identity (eID)-based cloud service platform architecture [15,16]. Pop believes that managing large amounts of data processed in distributed systems consisted of data centers that have a significant impact on end users. erefore, he can effectively implement the management process of such a system by using a unified overlay network interconnected by a secure and efficient routing protocol [17,18]. Chen et al. believe that providing a highly secured critical infrastructure system should develop scalable [19,20]. e innovations of this article are as follows: (1) e indicator system, on which the evaluation is based, is analyzed. (2) Corresponding new security policies are formulated for more serious risk locations. (3) A security risk assessment model including asset analysis module, security knowledge base module, and risk assessment calculation module is constructed.

E-Commerce
eory. e basic characteristics of e-commerce are universality, convenience, integrity, security, and coordination. In general, therefore, e-commerce security is not only a network security issue but also a business security issue; e-commerce security is an interdisciplinary discipline that includes not only technologies related to network security but also technologies related to business security. E-commerce business model refers to how electronic enterprises use information technology and the Internet to operate their enterprises, applications on the Internet, and on the basis of network security, how to ensure the smooth progress of e-commerce [21]. e value of e-commerce is that consumers shop and pay online through the Internet, which saves time and space for customers and enterprises and greatly improves transaction efficiency. Especially for busy office workers, it also saves a lot of precious time. at is to achieve the confidentiality, integrity, authentication, and forgery of e-commerce. Without the security of the network as the basis, the security of commercial transactions is like a castle in the air. Commercial transactions are not secure, and even if the network itself is no longer secure, it cannot meet the special security requirements or sort out security issues, including related technologies, protocols, architecture, software, and solutions, especially the latest research results of e-commerce security issues. On this basis, the e-commerce security issues in big data and cloud computing environments are analyzed. Among them, the type of e-commerce refers to the classification of e-commerce, and there are five kinds in total; business-to-consumer (B2C), business-to-business (B2B), business process, consumer-to-consumer (C2C), business-togovernment (B2G), and consumer-to-government (C2G).
Security issues are an important factor that constrains them. Since e-commerce, security issues have disappeared like ghosts. Broadly speaking, e-commerce security should include information. In order security, there must be a corresponding technology to meet specific security needs. e security issues of e-commerce are mainly manifested in three aspects: information security, transaction security, and property security. Its source code has four levels: hardware level, software level, application level, and environment level. Various measures should be taken to address security challenges and promote the further development of e-commerce in China [22]. Traditional network security consists of three elements: confidentiality, integrity (ensuring that content is not compromised or tampered with, and only authorized individuals identify it), and availability; with the development of services such as online e-commerce, a new element has been added: antirefusal mechanism, that is, documents or transactions signed by individuals on the network cannot be rejected to ensure the normal development of online business. As shown in Figure 1, it is a more complete e-commerce transactional information security application. Among them, there are four elements of e-commerce: shopping malls, consumers, products, and logistics.

Big Data.
Big data refers to the collection of data whose content cannot be captured, managed, and processed by conventional software tools within a certain period of time.
e most notable feature of big data is the large scale of data. Internet of ings are rapidly emerging, and cloud computing has arrived. Whether it is instant messaging tools, cloud platforms, or social networks, you can generate large amounts of data anywhere, making the security situation more complex than traditional security. Data integrity challenges and the ability to prevent data loss, theft, and destruction have some technical problems, and traditional security tools are no longer effective. On the other hand, collecting and centrally storing large amounts of corporate data, user data, personal privacy, and user behavior records increases the risk of data breaches. If these data are abused, it will threaten the information security of the enterprise and even personal safety. Analysis of massive data helps information security service providers better describe anomalous behavior on the network to identify risk points in the data [23]. Combine real-time security defenses to analyze business data, identify phishing attacks, prevent fraud, and prevent hackers. Traces left by cyber-attacks are often the attack.

Cloud Computing.
Cloud computing is a type of distributed computing. It refers to decomposing the huge data computing processing program into countless small programs through the network "cloud and then processing and analyzing these small programs through a system composed of multiple servers to obtain the results and return them to the user. Cloud computing is the commercial implementation of computing resources. It is essentially a producer-consumer model. Cloud services are considered to be a valuable commodity economy, and cloud users can provide products to consumers according to their own needs. Suppliers and points are purchased from suppliers worldwide based on certain payment methods. In the short term, the impact of cloud computing on individuals is relatively small. Perhaps many of the previous technologies introduced cloud computing to enterprises first, especially, which are the most direct changes: they will be worrying. Whether it will eventually expand individuals remains to be seen [24]. e characteristics of cloud computing are ultralarge scale, high reliability, versatility, and high odd scalability. With the rise of an environment, a new trend in the application of cloud computing services the economic, business, management, and e-commerce fields. It is an electronic outsourcing based on cloud computing technology. Enterprises only need to access the e-commerce cloud service provider, established by the software library, to obtain the required management procedures and business database information. ere is no investment to establish a complete set of internal software and procedures. e cost is relatively low, and only a certain rent is required. When the enterprise's existing IT resources can meet the business needs, uninterrupted business and the enterprise do not need to invest in new equipment or pay high cloud. Any idle IT resources in IT can help with this task. In fact, the business operation mode of the enterprise is to use the cloud computing platform to virtually establish various resources distributed throughout the country and realize resource sharing at the application layer. Businesses do not need sharing. Cloud computing has a wide range of applications, including cloud IoT, cloud security, cloud storage, private cloud, cloud gaming, and cloud education.

Risk Assessment Model.
After asset analysis, it is necessary to separately examine the threats and vulnerabilities faced by individual assets, so that the risk of integrating all assets can be obtained from them. e theoretical model of risk assessment is shown in Figure 2.
Regardless of the size of the enterprise, when operating an e-commerce system, a series of security controls are preconfigured to prevent potential security risks or to improve control measures against security attacks that have occurred. Existing control measures improve the results of systemic risk assessments by reducing the likelihood of threats occurring and reducing the destructive effects of threat impacts. In the risk assessment process, the actual existing security measures need to be included in the risk calculation, so as to obtain the risk value that is most consistent with the information assets in the current tense. e risk assessment result information of a single information asset is stored in a unified database, and the comprehensive risk assessment module in the evaluation model performs effective reasoning according to certain inference rules, and combines the object. Get the overall risk profile of the system and explain the results accordingly. e following is a breakdown of the identification of threats and  Mobile Information Systems vulnerabilities in a single asset risk, the impact of existing security strategies, and the classification of risk levels, combined with qualitative and quantitative methods.

Estimation of the Events.
Under the influence of existing security measures, the probability of a threat event is affected by four factors: whether the asset is attractive, whether the asset is easier to convert into compensation, the technical size of the threat, and whether the vulnerable points are easy to be used and threatened. e probability of defining the occurrence of threat T is P(T). From the above four factors, we can define four factors as P(A), P(B), P(C), and P(V). e threat event P(T) and is as follows: Since P(A) and P(B) are directly related to asset attributes, P(C) and P(V) are directly related to the attributes of the vulnerable points. We can combine these four items, respectively.
where P(A) is the correction factor associated with the asset and P(V) is the probability that the vulnerable point is utilized. erefore, the probability of estimating the probability of a threat event is to determine the correction factor associated with the asset and the probability that the vulnerability is exploited. e set of vulnerable points corresponding to a threat Ti (i � 1, 2, . . ., n) is defined as Vi � Vi1, Vi2, . . . , Vim { }, and the probability of any vulnerable point being utilized is an independent probability event, that is, the probability that at least one event that can be utilized in a set of vulnerable points corresponding to a threat at a certain moment occurs Taking into account the information asset factor, the probability formula for a threat event can be written as

Estimation of the Extent of the reat.
In the risk assessment, the quantification of the degree of impact on the system after the threat event has been a difficult problem. A threat may have different levels of impact on e-commerce systems. Common threats such as "cannot perform critical operations," "system outages," "transaction information disclosure," "loss of revenue," "damage to corporate image," and "harm the public safety" are shown. e size of a single impact attribute generated by a particular threat is not consistent, and different system platforms take different levels of attention when encountering these hazards. In order to make a better quantitative measurement of the degree of influence on Weibula, this article refers to the existing risk assessment method research and introduces the concept of multiattribute and influence degree, that is, a certain specific rib and influence on different levels of the system. It is called a certain rib and consequence attribute. Each different rib and consequence attribute is given a corresponding weight value. e weight value depends on the importance of the threat and the system's ability to withstand. erefore, it is necessary to confirm the threats that will cause security damage to the e-commerce system based on the actual situation of the system being evaluated. When assessing the degree of influence, it weighs different consequence attributes in order to obtain the level of risk that is consistent with the actual situation. e consequence attribute set that threatens T i can be defined as X: t � 1, 2, . . . , s { }, and the corresponding consequence attribute value set is D: d n |i � 1, 2, . . . , n; t � 1, 2, . . . , s}, where x 1 and d n , respectively, represent the tth consequence attribute of threat T i and the possible influence value on the consequence attribute, s is the number of types of consequence attributes; the weight set corresponding to the threat consequence attribute is defined as W w 1 |t � 1, 2, . . . , s , which weighs consequence attribute.
Since the impact of threats on e-commerce systems is multifaceted, different consequence attributes have different dimensions and cannot be measured directly with uniform standards. Value attribute values of each consequence are dimensionless, and the relative consequence attribute value D * : d * it |i � 1, 2, . . . , n; t � 1, 2, . . . , s is obtained, where d * it is the dimensionless value, indicating the relative influence value of threat T iw on the consequence attribute x t .
According to previous section, combined with the value of the multidimensional threat consequence attribute and its weight, the formula for the degree of influence of the threat can be   Mobile Information Systems Combine formula (4) to get

Impact of Existing Security Policies.
Regardless of the size of the enterprise, when operating an e-commerce system, a series of security controls are preconfigured to prevent potential security risks or to improve control measures against security attacks that have occurred. Existing control measures improve the results of systemic risk assessment by reducing the threat, the likelihood of occurrence, and reducing the destructive effects of the ribs and impacts. For complexity, in order to simplify the evaluation work, we consider the impact of existing security measures from each dimension. Assume that a security measure S � S 1 , S 2 , . . . , S 1 is implemented for an asset A iw enterprise, and the impact of reducing the possibility of T i occurrence is Sa ik (k � 0, 1, 2, . . . , 1), which reduces the damaging and destructive impact of Sb ik (k � 0, 1, 2, . . . , 1). We define the range of Sa ik and Sb ik to be 0-1, 0 for complete influence and 1 for no effect. Influence of events and events are expressed as

Risk Level Division.
After obtaining the risk profile of a single asset, it is necessary to synthesize the risk values of all assets risk faced by. Assuming that there are N items in the asset, the risk value of each asset is dimensionlessly processed, and the risk ranking of each asset is obtained. e asset pricing strategy is based on the asset's confidentiality, integrity, and usability value of the entire system. erefore, the weight of the assets A i on the system can be obtained according to the value of the asset, and the value of all assets is normalized to obtain the weight of the importance of the entire system δ e overall risk of the entire e-commerce system is

Experimental Design.
Combined with the risk assessment framework of this article, the design of the questionnaire content for the actual investigation of enterprises needs to start from the basic security status of the system. Basic information of the enterprise includes the basic situation of the enterprise, the information assets and the overview of the e-commerce system. e information assets include hardware and software asset content, service asset content, cloud asset status, personnel assets, and document assets. e e-commerce system overview includes system network topology map, system bearer service status, system network structure, outbound lines, and network boundary conditions. Business data, data backup, and security incidents occur within one year. Security status surveys are conducted from security management organizations, security management systems, system construction and operation maintenance management, physical security, network security, equipment and host security, application and data security, emergency response and disaster recovery technologies, and personnel security management.
Using the results of the questionnaire to conduct risk assessment, experts also need to conduct statistical analysis on the collected data to determine the basic situation of the system and the main risks. ese risk generation risk sets can be entered into the security knowledge base for storage to provide a reference for real-time risk monitoring. e factual data collected through the questionnaire needs to be formalized before the risk calculation, in order to make the obtained raw data meet the needs of the evaluation model. ere are three types of factual data that need to be formalized: subjective indicator data, objectiveness indicator data, and objective nonindicator data.
Subjective indicator data is the subjective evaluation of some indicators by the respondents, such as the subjective cognition of the employees in the questionnaire on the overall security status of the e-commerce platform. is type of data can be evaluated by adding credibility. e degree of deviation between the score of each evaluator and the last evaluation result is the credibility of the index value, and the credibility range is between 0 and 1. e objective indicator data is the value of an indicator that can be read directly from the system, such as the time the terminal server has been used or whether a firewall is configured (which is indicated as true). e "fuzzification" of this type of data does not need to refer to other samples, and can be directly set to a reliability of 1.
is article establishes a model-based risk assessment tool by analyzing the composition and security elements of the system. e models of information system risk factors established by these tools are usually quantified or semiquantitatified, and the results are based on the information Mobile Information Systems 5 collected. For example, @RISK, CORA, Buddy System, etc., are risk assessment tools that combine qualitative and quantitative assessments.

Data Collection.
is article analyzes the data of a part of the enterprise that deploys e-commerce in an application. Management framework and indicator system are also based on this article, the e-commerce system is investigated, and the system-related information assets and threats are identified. Risk factor such as data vulnerability is avoided. For the convenience of recording and calculation, it is used to classify the asset data under investigation. Based on the space, only some assets in the system and some threats and vulnerabilities identified are analyzed.

Analysis of Hidden Dangers of Property Security.
According to the assets, threats, and vulnerability information collected in this article, the questionnaire results are combined with the expert scores to assign corresponding risk factors, and the asset value table shown in Table 1 is obtained.
e system has set some security measures in advance when deploying the cloud-based e-commerce platform. Combined with the impact of existing security measures, the risk analysis is first performed on individual information assets. As shown in Table 2, the threats to assets are listed: the degree of vulnerability, the consequences of the threat attribute value, and the degree of impact of security measures.
As shown in Figure 3, it is a data graph of the influencing factors. According to formula (11), the comprehensive risk value of the system is R � N i�1 δ i R(A i ) � 4.4. And 9-10 is the extra high risk. According to this, the risk faced by the system is at a risk corresponding to the hardware and is most serious, indicating that the physical security of the e-commerce system, system permissions, and data backup control have urgent problems to be solved. e risks reflected by cloud data security and the configuration of security managers cannot be ignored.

Analysis of Hidden Dangers of Transaction Security.
Transaction security refers to various insecurities in the e-commerce transaction process, including being enlarged. As shown in Figure 4, for the proportion of cases reported in the network case, it can be seen from the figure that the proportion of online shopping cases accounts for 38%. As we all know, the security risks of online e-commerce transactions cannot be underestimated. ere are many transaction security issues in reality, for example, the seller uses the advantage of information to fake the buyer with inferior information; the identity of the of the to enter, and does not comply when providing the service, the fee charged is not the service or not enough services. Of course, the opposite is true.

Analysis of Hidden Dangers of Information Security.
As shown in Figures 5 and 6, the network information is stolen and the ratio chart is taken. Illegal deletion of transaction information and the loss of transaction information may cause economic disputes and economic losses to one or more parties to the transaction. e most common information risk is the illegal theft and disclosure of information. It often causes a chain reaction and creates a follow-up risk. is is also the biggest concern for businesses and individuals. e typical manifestation of information  (A)  1  3  4  5  2  4  3  2  3  2  4  4  4  3  3  2  5  4  2  1  6  5  4  2  7  3  3  2  8  4  2  4  9  2  3  5  3  10  2  6 2 5  risk is cyber fraud. Cyber fraud brings huge economic losses to manufacturers and consumers.

Analysis of Hidden Dangers of Network Security.
Cyber security is the measure taken to prevent the theft of such information and commercial competition.

Conclusions
Cloud computing is a computing method based on the Internet. In this way, shared hardware and software resources and information can be provided to computers and other devices on demand. Users no longer need to know the details of the infrastructure in the "cloud," nor do they have the corresponding expertise, nor do they need direct control. Whether it is e-commerce, in era economic networking information, it has a pivotal position. e combination of the three is the mainstream in the future. In the process of combining the three, how to avoid various risks and create a safe and stable network environment is a new topic facing enterprises and scholars. It is also based on this purpose, the author of the "risk assessment as a service" idea integrate big data security, cloud computing security, e-commerce security, risk assessment four major content, and research in the enterprise to deploy e-commerce system in cloud computing in the environment; in order to solve various security problems faced, a security risk assessment model needs to be established. e article analyzes the patterns of e-commerce in big data and cloud environments and the specific practical problems such as the reliability of supplier services, storage risks, service continuity, and the concealment of viruses and hacker attacks, establishing a cyclical risk. In the cycle of risk assessment, information such as information assets, threats, risks, and security policies are continuously enriched to form a security knowledge base. By migrating the security knowledge base to the cloud, a risk management cloud can be generated. When the e-commerce enterprise operates the system platform, the risk management cloud can dynamically monitor and manage the system security in real time, and realize the idea of "security as a service." e framework theoretically realizes the dynamic in systems under and cloud environments. e product of the fusion of traditional computer and network technology development such as load balancing, by distributing computing on a large number of distributed computers, rather than wooden computers or remote servers, the operation of enterprise data centers will be more similar to the Internet.
is enables businesses to switch resources to the applications they need, accessing computers and storage systems on demand. Typical cloud computing providers often provide general network business applications, allowing us to access software and data stored on servers through software such as browsers or other Web services. In this article, the risk assessment model established for realizing the dynamic management of e-commerce system security risk under big data and cloud environment has not been tested by the actual network environment. e validity and practicability of the model need to be tested by  Mobile Information Systems practice and continuously improved and strengthened. At the same time, the model established in this article needs to be further strengthened in the quantification of the system after the threat event occurs and the improvement of the security knowledge base. Solving the security risks faced by e-commerce under big data and cloud environment to promoting the even national economy. It is hoped that there will be an effective model with dynamics under big data and cloud environment. e risk assessment problem promotes the consistent and steady development of big data, cloud computing, and e-commerce. However, due to the limitations of time and technology, we have not conducted indepth research on e-commerce network security under the combination of cloud computing and big data.

Data Availability
Data sharing is not applicable to this article as no new data were created or analyzed in this study.

Conflicts of Interest
e author states that this article have no conflicts of interest.