Evolution of Ctrip's Risk Defense Systems: From .NET Era to the Ares Platform

With the OTA market in China expanding dramatically—reaching 130.12 billion CNY in Q1 2016 and attracting sophisticated black‑market operations—Ctrip’s security team has had to continuously evolve its risk‑defense mechanisms.

1.0 Era (Real‑time .NET System) – The original .NET‑based platform consisted of data collection, rule engine, and blacklist services, handling scenarios such as login frequency control, registration limits, SMS throttling, and coupon distribution. Advantages included real‑time rule configuration and easy blacklist imports; however, dual DB/Redis writes caused performance bottlenecks, the tightly coupled preprocessing limited extensibility, and asynchronous result delivery reduced immediate blocking effectiveness.

1.5 Era (Risk‑Library System) – To overcome the rigidity of the rule engine, a new risk‑library was introduced that performs offline, SQL‑driven statistical analysis and feeds results back to the existing blacklist service. This allowed complex, long‑term rules (e.g., multi‑year bans for abusive accounts) and higher detection precision, but introduced new drawbacks: heavy DB load, slower rule updates due to the need for releases, and limited real‑time responsiveness.

2.0 Era (Ares Platform) – Combining real‑time and offline data, the Ares platform restructures the architecture into four layers: data collection/cleaning, rule‑engine processing, analysis‑modeling, and application services. It delivers risk scores via a unified API, improves scalability, supports both rule‑based and model‑based detection, and enables richer user risk profiling. The platform has already been adopted across multiple Ctrip departments and is slated to support comprehensive account‑risk imaging.

Conclusion – While each iteration addressed specific limitations of its predecessor, the battle against evolving black‑market tactics remains ongoing; continuous innovation and integration of both rule‑based and AI‑driven models are essential for future security resilience.