1 / 22

Anti-Phishing in CNNIC

Anti-Phishing in CNNIC. Wang Wei Wangwei@cnnic.cn. Outline. 1. CNNIC and APAC. Outline. 2. CNNIC Anti-phishing Technology. 3. CNNIC Anti-phishing System. Overview. Anti-Phishing Alliance of China(APAC ) was founded on 2008-07-18.

mmoy
Télécharger la présentation

Anti-Phishing in CNNIC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anti-Phishing in CNNIC Wang Wei Wangwei@cnnic.cn

  2. Outline 1. CNNICand APAC Outline 2. CNNICAnti-phishing Technology 3. CNNIC Anti-phishing System

  3. Overview Anti-Phishing Alliance of China(APAC ) was founded on 2008-07-18. APAC has 143 member units, including banking institutions, e-commerce sites, domain name registry, domain name registration, etc. The mission of APAC is to fight against phishing and spam attacks whose aims are identity theft and fraud crimes. In China, APAC is the only authority organization to solve the phishing problems. APAC has built a fast phishing domain names suspension process. The secretariat of APAC is located at CNNIC.

  4. The organization of APAC

  5. Phishing on Beijing Olympic Games • During 2007-2008, numerous phishing sites counterfeited official tickets sales, such as www.beijingticketing.com, www.beijing-tickets2008.com and www.beijingticketing.com. The scam is alleged to garner more than $50 million in this manner. • According to their Whois information, we retrieved all the related CN registration data, and found no related fhishing domain.

  6. Phishing on donation sites • Both Wenchuan earthquake in 2008 and Yushu earthquake in 2010 become targets of phishing attacks. • Most of this attacks counterfeit official donation websites, for example, Red Cross sites. • http://cctv-t2.com/jk/index.htm • http://jk.ez.to • http://www.688tx.com/ • http://www.qq.com.indexq.cn/news/news.qq.com/a/20080512/index.htm

  7. Domain Name Suspension Process The Alliance has established a procedure on reporting, confirming and taking down phishing sites. .CN domain Not .CN domain and registered in china Not .CN domain and registered out of china In the last 3 years, this procedure are very effective efficient in wiping out .CN phishing sites The technician in Alliance are also actively doing research in anti-phishing technologies, like using phishing heuristics and pattern recognize methodology, in order to make the procedure more efficient. System Detection Member Public Partner APWG, CERT, 123221, etc

  8. The examples for browser blocking tips • MS IE • Firefox • Chrome • Opera • Maxthon

  9. Till Oct,2011,APAC has handled 68,925 Phishing websites.

  10. CN Whois Accuracy Policy

  11. For more monthly reports, please visit http://www.apac.org.cn/gzdt/index.html 2010 2008-2009 2011.09 2011.11

  12. E-commerce sites are main targets of phishing attack in China

  13. Outline 1. CNNICand APAC Outline 2. CNNICAnti-phishing Technology 3. CNNIC Anti-phishing System

  14. CNNIC Anti-phishing Technology(1) The feature of phishing sites English Domain taobao.com VS taoboo.com Levenshtein distance IDN 康师傅.中国 VS 康帅博.中国 pixel array distance • Over 84% of phishing URLs have simulate behaviors in their domains toward their target brands. • Domain similarity detection can be an entry to discover phishing sites. Domain Similarity Detection Technology

  15. CNNIC Anti-phishing Technology(3) Phishing URL Construction Process In the past 12 months, the phishing detection system has found 4931 phishing URLs and 30.6% of them, which is 1509 phishing URLs are generated by combination method.

  16. CNNIC Anti-phishing Technology(2) Discovering Phishing Sites in an Active Way Recursive DNS data analyzing combined with phishing reports knowledge DNS to find suspicious phishing URLs fast. Domain similarity detecting Digging DNS logs Statistics analysis of phishing reports Phishing URL constructing IPreverse lookup Determining Phishing Sites • Determining phishing sites using hybrid methods. • Webpage content analyzing • Domain registration information analyzing • The third part information analyzing (search engine, etc) • Other features

  17. Outline 1. CNNICand APAC Outline 2. CNNICAnti-phishing Technology 3. CNNIC Anti-phishing System

  18. Flow Chart of CNNIC Anti-phishing System DNS Query Logs Pre-process Phishing Hosts Retrieval Suspicious Phishing Host Phishing URL Construction Phishing Repository Phishing Path Frequency Compute Phishing Paths TOP N Domain Register Information PhishingURL Third Part Information Filtering URL Existence Detection APAC

  19. System Features

  20. Deployment & Running Auto-analyze phishing reports to refresh phishing paths’ frequency. Receiving and processing logs at 1:00 PM each day. Suspicious phishing hosts are auto-pushed Phishing web pages’ screenshot are auto-stored as evidences.

  21. System Detection Result • Difference between social engineering and system detection • Local DNS log limitation • Need more data source

  22. Thanks! 北京市海淀区中关村南四街四号中科院软件园 邮编: 100190 www.cnnic.cn

More Related