网络流量异常行为分析系统 - yqfile.alicdn.com Hangover (2010-2013 ... ZTE...
Transcript of 网络流量异常行为分析系统 - yqfile.alicdn.com Hangover (2010-2013 ... ZTE...
-
APT
20167
-
ZTE Corporation. All rights reserved
2
APT
2009-2010
2007-2011
(2009)
2006-2010
Duqu(2007-2012)
2010-2012
2010-2011
2003-2013
TAO1998-2013
RSA2011
APT12009
2011-2012
2007-2013
Heartbeat2009-2012
2014-11
KBS2003-2013
2015.12
2004-2013
Winnti(2009-2013)
Safe2012-2013
Hangover2010-2013
Darkhotel APT2008
APT
\
-
ZTE Corporation. All rights reserved
3
\APT
APT
\
APT
-
ZTE Corporation. All rights reserved
4
ZTEAPTAPT
Internet
0%
10%
20%
30%
40%
50%
60%
0%
20%
40%
60%
80%
100%
+ + +
92%
-
ZTE Corporation. All rights reserved
5
APTAPT
IDC
IDCProvider
APT
-
ZTE Corporation. All rights reserved
6
AIDCProvider
Internet
2\3
2\3
Internet/
-
ZTE Corporation. All rights reserved
7
BIDCProvider
A
IDC/
-
ZTE Corporation. All rights reserved
8
C\
Internet
LOG
-
ZTE Corporation. All rights reserved
9
\
\
-
ZTE Corporation. All rights reserved
10
TCP
UDP
DNS
HTTP
DHCP
FTP
.
TTL .
.
-
ZTE Corporation. All rights reserved
11
APT
AA
ABC
A
B C
Internet
-
ZTE Corporation. All rights reserved
12
A
Internet
HTTP HTTP
B
TCP TCP
D1/D2/D3
DHCP Server
IP
E
IP
F
ABAWEB
A
IPD1\D2\D3EF
G,DHCP
D1\D2\D3
IPMAC
-
ZTE Corporation. All rights reserved
13
A->-
>3%
A
Login?ID=XXX
0.03
xxx.yyy.com
0.8 0.6 0.9 0.70.9
0.1 0.05 0.2 0.030.02
-
ZTE Corporation. All rights reserved
14
ZTEAPT
5000+PC20+4Gbps
30+
-
ZTE Corporation. All rights reserved
15
ZTEAPT
8+
>10
(Mcafee)
Virustotal(50