SLIDE 1
Improving Domain Names Utilization
June 27, 2017 Ning Kong
Q & A Anti-Phishing Alliance of China (APAC) Status Quo of Chinese Phishing Websites
Content
Suggestions for Improving Domain Names Utilization
Improving Domain Names Utilization Ning Kong June 27, 2017 Content - - PowerPoint PPT Presentation
Improving Domain Names Utilization Ning Kong June 27, 2017 Content - - PowerPoint PPT Presentation
Improving Domain Names Utilization Ning Kong June 27, 2017 Content Status Quo of Chinese Phishing Websites Anti-Phishing Alliance of China (APAC) Suggestions for Improving Domain Names Utilization Q & A Status Quo of Chinese Phishing
SLIDE 2
SLIDE 3
Status Quo of Chinese Phishing Websites
In 2016, The total amount of Chinese phishing websites is 147,211, which is 2.5 times bigger than that of 2015. Phishing attacks become more rampant and governance situation become more severe.
35176 76 70483 83 61017 17 58660 60 14721 211 20 2000 000 40 4000 000 60 6000 000 80 8000 000 10 1000 0000 00 12 1200 0000 00 14 1400 0000 00 16 1600 0000 00 2012 2012 2013 2013 2014 2014 2015 2015 2016 2016
SLIDE 4
Status Quo of Chinese Phishing Websites
Distribution of Industries
Payment Transaction 45.70% Financial Secutity 27.76% E-commerce 5.21% Telecommunication 20.55% Others 0.79%
SLIDE 5
Status Quo of Chinese Phishing Websites
Distribution of TLDs
.com 64.24% .cc 14.95% .pw 6.09% .net 2.98% .cn 1.39% .tk 1.03% .au 0.95% .top 0.85% .br 0.80% .cl 0.67%
- thers
6.04%
SLIDE 6
1 day 15.25% 2 days 19.83% 3 days 17.77% 4 days 11.71% 5 days 6.62% 6 days 3.89% 7 days 2.86% 8 days 1.71% 9 days 1.15% 10 days 1.17% 11 days 1.17% 12 days or more 16.87%
Status Quo of Chinese Phishing Websites
Distribution of Phishing Websites Life Duration
SLIDE 7
- Founded on July 18, 2008
- A nonprofit industry organization
- CNNIC assumes the duties of secretariat
- Official Website : www.apac.cn
- Reporting Email :jubao@apac.cn
Anti-Phishing Alliance of China (APAC)
SLIDE 8
APAC Members
APAC is mainly comprised of registries and registrars, financial agencies, e-commerce enterprises and cybersecurity companies. Up to the end of 2016, the number of APAC members increased to 523.
SLIDE 9
Organize and carry out investigation and research
- n anti-phishing, provide relevant business and
policy consultation services for members as well as
- ffer decision support for government
Perform international exchange and cooperation concerning legislation research, technical application and standard formulation Organize members in finding out, governing and preventing from phishing sites, share relevant information and promote construction
- f comprehensive governance system
APAC Duties
SLIDE 10
APAC Architecture
APAC
Expert Steering Committee
Responsible for carrying out guidance on operation of APAC Members’ Conference has the right to formulate and modify the Articles and make decisions on important matters Responsible for preservation and technical recognition for phishing webpages; and propose advices on technical recognition for phishing websites
Secretariat Members Third-Party Technical Recognition Institutions
Responsible for daily work of APAC, preparation of Members’ Conference and treatment of unexpected events
SLIDE 11
APAC Treatment Categories
APAC registries/registrars will suspend the resolution service APAC cybersecurity companies and browser makers will “tweet” warnings through theirs products when users visit phishing websites APAC registries/registrars will inform registrant to delete the phishing webpages For Domain Names registered outside China
If the website is totally fake
For Domain Names registered in China
If the website is partly fake
SLIDE 12
APAC Treatment Efficiency
In 2016, the APAC has identified and processed a total of 107,303 phishing websites, accumulatively up to 385,996.
1610 10316 23722 40219 26672 66296 51198 58660 107303
2008 2009 2010 2011 2012 2013 2014 2015 2016
SLIDE 13
Since 2009, CNNIC has been focusing on the anti-phishing technical research, the “Proactive Phishing Detection System” is an important achievement. The core of the system is based on the Big Data analysis for the machine learning of domain name utilization. The phishing websites can be monitored and tracked from the registration phase, and can be discovered and disposed when they online.
CNNIC’s Contributions---Proactive Phishing Detection System
SLIDE 14
CNNIC’s Contributions---Proactive Phishing Detection System
Title Domain Name Resolution
SLIDE 15
In 2016, the system identified and processed more than 40,000 phishing websites of 80 brands The life duration of phishing website detected by the system is 4.684 days, much shorter than the average number
Detection Capacity
CNNIC has published more than 10 academic papers and holds more than 10 anti-phishing patents “Technical Specifications of Data Exchange for Reporting Phishing Attacks”, the only anti-phishing industrial standard in China
Technical Achievements
CNNIC’s Contributions---Proactive Phishing Detection System
SLIDE 16
CNNIC’s Contribution---Reports & Briefings
APAC releases Briefing every month, analyzing the situation
- f phishing website treatment
The “Global Chinese Phishing Attack Trends Report” analyzes the phishing attacks targeting Chinese brands and users over the world
SLIDE 17
Technic Disposal Awareness Encourage registries, registrars, academic institutions to facilitate scientific research, data exchanging and technology sharing Promote standardization
- n identification, sharing
and disposal, and seek more cooperative chances with government agencies Capacity Building Enhance Supervision Strengthen Education Strengthen universal education for end users, and heighten their awareness of online risks
Suggestions for Improving Domain Names Utilization
SLIDE 18