ecx-the-data-correspondence-architecture
eCX’s data correspondence architecture serves the objective of mobilizing cybercrime machine event data of high reliability to the greatest degree possible in a purely voluntary exchange scenario. That incentivizing data exchange schema is framed in two important ways unique to APWG’s eCX clearance platform.
First, the eCX Data Sharing Agreement (DSA) establishes a best-efforts relationship between eCX users and the APWG to maximize the attention eCX users pay to data fidelity and categorization accuracy – without resorting to Service Level requirements that can make corporate counsel wary. The DSA strikes an important balance in that it non-coersively incentivizes accurate and complete data contributions.
At the same time. the eCX’s endogenous audit facility — allowing each member-contributed record with a marked confidence factor to be traced directly to an individual submitter — makes every contributing eCX user accountable by design for every data element that they enter into the eCX clearinghouse — the key incentive for users to attend to data accuracy and categorization fidelity in all their submissions.
In these elemental but crucial ways, eCX’s data correspondence architecture programmatically promotes high reliability data contributions at a scale that can be expanded to any conceivable degree in order to meet and confront the expansion of cybercrime’s ever expanding reach.
The APWG’s eCX archives five data types on the API’s endpoints:
Phishing: The eCX receives hundreds to thousands of new, unique phishing URLs every day. The listings include confidence scores and brand (target) tags, so you know the data’s reliable. Learn about new attacks against hundreds of companies across the Internet, including the ones you need to protect.
Report Phishing: a repository of reported phishing emails.
Malicious IPs: This feed contains IP addresses that have been recently observed as sources of malicious activity, such as fraudulent transactions and large-scale scanning attacks. Use the data to manage your reputation systems, firewalls, and more.
Malicious Domains: A feed of suspected and known malicious domain names, including fake stores and fraud/identity theft sites. Supporting data can be added and forwarded to registrar and registry operators, or other APWG members, to aid in takedowns.
Cryptocurrency: This repository of problematic virtual currency addresses can help you identify suspicious transactions and enrich your analytic tools. It’s high-value data for cryptocurrency exchanges, wallet providers, trading platforms, and investment funds who want to protect themselves and their customers against phishing and cybercrime. APWG members, to aid in takedowns.