互联网现状安全性:媒体行业遭受攻击.pdf
º ó©C/½ 第 5 卷,特别版Â8<% sþ “ cÀ ZVÓcM¥þ ¥B oYWeb ¨ñ½þ oZEÁ 1 2 4 9 15 171V 2018 M 1 2019 M 6 Akamai : c ÑV 610 aQ oÇ kÑV 40 aQ Web ¨ñ½þ b ù+Yñuº ó©C/½ váÏ á Ì×Ä1ÿ Ú S/a j Ô Â8Î Á< dë¹ Â8 S/<¥ b Øñ<+¬ îµ oþ ¥ 35%# Akamai 18 ñá ù =_©¥ Web ¨ñ½þ 9 ¥ÿ 17%bá Ì¥sV ü Øñ<°< îî¹×çBÁ¥þ ÷ðyµ ññ ¦ < b% sþ ¥ Ö EܼkULs0¬ æ¨Õ Ö ª©bYV°¤ æ¨ Web ¨ñ½þ ULs0¬ Q |Z¼: c æ¨ sþ ¥ .l0i - 9 PULs0þ , r<¥Ènîb oþ ö æ¨% sþ ¥ Ö # Z¼ PULs0 ? |ñ ¦ <'Á1  Â8 3Á Öb概览Web þ ü% 2018 M 1 À 2019 M 6 Web ¨ñ½þ 9 4,068,741,948 Ú S/609,117,260 j Ô Â8143,308,490 Î Á51,464,909þ Ë SQL ÿ Æ (SQLi)69.7% '¹Óqc (LFI)21.6% t_Ä'þ (XSS)3.5%º ó©C/½ Â8<% sþ » 5 +YñM¥þ ¥B oYJaspal Jandu “v CISO DAZNüULs0¨ þ ³a<l ³ Â8<¥'þ ZE7ý<l ³ Â8< Ä?û 듸 ð< î ë¥Mþ ZEbtþ ó Â8 ³ ¥BF ' á Ì¥¬b v <l ³º ?lL« “7 O A¶ç5½ ¥ HW4 AÈ j« “ H/ ¥BГ -Yá Ì¥BM1Meb ÂTµ © y ÍÏ L H. 5#p V ? þ Ø#p'È Ù5q#pb Û“ ÂÂ_¿ IP ¥È j (IP TV) OTT Â8MB|A÷9F7 O5 Ø 9÷F¯b ýB Bñz¥ è0 ª ü Y fM¤ ¯b W¸.d<l C?Zî¹Èq ³b t f / ±Å 1 Â$ !' (IaaS) PÕVM¤÷F ¾bÕ¦ 9 <l ³CA¶5 e¥÷» ØZ» ¹ZBbÐ E M -M1 BÕ© ¥ öf Hvs<l ýû ®ÜVÇ k© kas<l ³ g e¥<l$ ! ±b<l ³K¥BñÙ5 o àp - îµ4Ù A¥û bâ à bV½ ¥ A<l ³CA¶ I n¥ ýB ¿º ó©¥þ 1 Âs T ' (DDoS) ©btBXÁ µ©<Ïi E Mb¥°l IP TV ÌâÏ ov Â8 = ¸¨°lhn TiÅ“ V¨¥ © þ û V ?ÁC¨¼ =Ù5Y<á l Æi®| îÿ¤éS ¥+ qb°lÈ j Àµ»=Qöb4Ù¬ ¥Ù5 - <l ³¥ 2ã| sYbÂ8<ÎA¶S5Z ë¥v ÓÄMêb÷ C ¸<l ³ “S¥bÇ ¹ 9F l jz-9 ¹ Ùs ðö L¹4Ù4÷ M1¥8bhn ¥E < P¨ÐÑ V¤ s P¨S¶WidÈ ´¥¸K Bñi9 Es üA¥KÅb Â8 ë “¥G Bñ¨¼1 p7-Î Áö¥ÌâÏ Â Ü7³ p 2E?Á 3¥Bb 2º ó©C/½ Â8<% sþ » 5 +YñÓÄMêª Äñ³1 ¹ 3'Á¥ <ûë “/ ? Ù5bG¿Ùs/ ¥½ < ¦ô ð ̳1 ³  Р§£M¥Ìâ/î¥BW |¤ Üb¸½ < ¦ôÜü¯¿ µ <v?Ìâ¥<è © 4 a÷ 2¥Ìâb b# ª ü+ç %¦V ?7</î¥B 4v Blüµ V ?ö´QE?1 pbÂ8<µBñdÈÿ+¥²Böµ 'ªa¯¥ö 3ªT´LÔb<l ³Â8Ù¥4Ä AE µ×vYb Ù ¿ I¹ ´LÔ I ¹ ´LÔip¥´LÔ7/L 4O¥o 'æýp¥ ? ïó< ×v¯btý µYÊ ²T¥? ïi ? oS¶ =Å/µ¥s Äbö åÊ ©¥#á Ì ³Û¶ W¸¥ Z Tb CòñSE/¹ u á M1ÿ<l ³ Â8y¹ ð Ìi M ñ Ì VYCî¥ ä£4ÙbÇ YVÁ 3²¥<l Ü ûÎYV¸<l ³ Â8 P¨¥ Â8 Ü ûbV ô MÏÀ ? 3V Â8<¥÷ SE/ ¹ u)þ à èb © Â8<¥Ã À1×1b¿hn ©Á3¯¥Ç á ̳ %X©B¥ ÎÎ á Ìtÿ+B¥Z T ϸB E M-ô'ibá Ì©¡1) Øt¯³1É×v¥ÓÄM7 O “ - Àµ¥ a/ ? Éb f ö y? 3MÄ À Cá Ì|?Ã ë “Gá ÌC ë “¥B/î¥Y V?1á ÌX¥÷vbJaspal ' '½ < ¦ Vµ 20 M¥¶Üb ðV E Mö11ÿ Â8 5×b ð Â8 ³ î ë “¥Bµ“ ' Y¥n³) ØV¾ 5×¥BtKÚ)Y¥þ b 'ÓÏVr¥4Ä T¥4ÄiBçQ Akamai ¥4Äb3º ó©C/½ Â8<% sþ » 5 +YñWeb 应用程序攻击4º ó©C/½ Â8<% sþ » 5 +Yñ5Ú S/ 5×¥þ Â8 S/ 5×Ï4³¥vsþ Âm 1 î UbÚ S/ 5× ! ÈqÅ/#/ 4 1  a MîaȵLÈ j bM1/Î Á<¥þ û×ç 2018 M 9 22 °C BQdÈA÷¥ÚbÎ Á< = ¸4 a<l ³aª ùÅTa = ¸ 7?aùîs© 5×¥ ³b j Ô Â8<°< s?±#È<9%Û ×ç¥þ tþ Û“ HW¥wM79Fi 2019 M»=1r +QÚbBÁ¥ V ü Â8 S/< ULÜ6Bñ µ ï¥ “Sbñ ¦B L V r7 < V¨¿ ðþ bþ 9 V P¨M¥ Q | Â8 = ¸8â × YÏ Ènb“ µ åÊ¥ ULs0öçç<l ° ù- Q |ð S = ¸òÕUL gÆ rb¿ç?¥ Èq³$ t 0 Ú$ë¹o å³Èqp EsÈn H9ö ÁÈb2018 M 9 ¥þ Ú¥ Bñ© S= Ö Ç SQL ÿ Æ (SQLi) þ b Ù b#ULs0Nþ ùW¥ “¥ SQLi ªª Ý ð ¥°¤þ bBñ©_ÛÕ <¥ ï SQLi þ iÈn9id?Z b 2018 M 11 Ú S/<¥»=oþ Ú Bñ÷µ ¥Ã èbNþ ¥ 6Bñ© Ö - 8 I n/¥ÚN´ “SbULs0|¾ ³ûµ¥ùËT¹ “SbNþ '¹Óqc (LFI) (82.3%)aPHP ÿ Æ (9.3%)a 7ÿ Æ (7.6%) SQLi (0.7%) Ç kb Â8<°<¥ Ä ° Web ¨ñ½þ 2018 M 1 À 2019 M 6 m 1 - 1 2018 M/ö M ¨ñ½þ Ü å A÷9É - á Ìç9|?à û¥ t 2018 M 9 22 °5,263,3832018 M 11 19 °7,509,91302 ä£4 ä£6 ä£8 ä£2018 M 2 2018 M 4 2018 M 6 2018 M 8 2018 M 10 2018 M 12 2019 M 2 2019 M 4 2019 M 6 þ Q ä£Ú S/j Ô Â8Î Áº ó©C/½ Â8<% sþ » 5 +Yñ6 º ó©C/½ Â8<% sþ » 5 +YñSQLi 18 ñ =B° Kö1¥þ Z T ÑV 70% ¥þ Q '¹Óqc (LFI) (19.3%)at_Ä'þ (XSS) (3.9%)aPHP ÿ Æ (3.3%)a ùñÓqc (RFI) ®¿ 1%bSQLi þ ¬¤ Ý a: c ³ V ?i% oÏ¥ © ð = ¸¥ULs0¥ nÊþ m b Âm 2 î Uÿ Æþ 98 Â8 S/<¥þ ¥ 98% b ÿ Æþ SQLiaLFIaRFI XSS BÕþ Ë¥Y¨ ÔÕþ Pþ ?|0i ¬ ƨñ½Ï Ûª$³ ðZ T³bÐ 7ÿ Æþ y¹ULs0 P¨¥ 1-¥ b M1/ 7ÿ Æþ Ï “SÇK¿¨ñ½¥ ªÿ ?b© ÿ Æþ ¥1o “Sû¿$ n5®¿ý 1îÄ ñ ̹ CÚ)/ ?¥ULs04 ®¥ Æ Êjbtþ svË¥»=ñðy ñ Ì EsµrbV oS¶ = 4³ îµ<°<¥ Web þ ÷ ÅS?à »B Q S£Sb Â8 S/<þ ¥ n1 “S9 ÅSES »=b Y L Âm 3 î U 18 ñ¥ HWAkamai ?C ÅS¥ îµþ ϵ 18.63% Â8 S/<¥þ b´¤ÿi¥ I n Â8 S/<°< ð ÅSE/¹ u - 10 ¥þ “SÏbES (34.78%)a °' (22.96%)a£S (11.09%) (10.55%) Ê -ôbо “í1 Esµ ¥64% bS ³? ¥þ ¥ Â8 ³bm 3 - Í 20% ÅS¥þ ¥ Â8 S/<°<¨ñ½þ - ö1 “S“S u× Â8<°< îµ<°< îµ<°<¥ o ÅS636,551,596 3,416,411,545 1ES27,995,960 80,501,396 8°'25,417,099 110,691,972 6£S16,896,288 152,341,265 315,116,167 143,323,371 4 §12,968,664 52,918,175 11bS11,007,413 17,307,359 18Ïv æð10,837,898 61,597,371 10S7,662,747 243,559,654 2ÏSPÖ+Y u6,503,057 27,502,462 157º ó©C/½ Â8<% sþ » 5 +Yñ8Ç I n Â8 S/<°<Ï¥þ ÷SE/ ¹ uþ H ÅSQ »B m 4b § (31.23%) »=ùù ª¿ ÅSb K 7 ¦Ùñ¥ u æ%á ù = »Øbu æ%ÇÇ987ý þ ¥» 11 v ÷ Ï 68% ¥þ ¥ Â8 S/<bÉBt-¥Ø°ª?CBÚ »¬Ð 2019 M » 1 1 s Æ S¥ ISP ® µ1b+ñÏULs0 Æ S Z¼ !i ¯¨ L5z C© 7 eÅ (C2)b ª t $¨¿? þ bSpamhaus KÍ¥uz C© ¯áv|u æ%¥ ISP Æ z C© C2 5a% s Æ S¥ ©_ Ï¥ - 20bSpamhaus ádÂ¥ ° ùÐ Akamai u æ%?C¥0i ´M¦û á Ì¥² bm 4 - ®¿u æ%¥ ñ½M1î9¾Sþ ÷ b » ØÊ Web þ Z ë98Ê » 11 ʨñ½þ - ö1 ÷÷ u× Â8<°< îµ<°<îµ<°<¥ o ÅS177,678,990 1,041,639,431 1 §90,602,359 290,096,974 3u æ%71,054,852 103,372,849 11,®54,058,380 822,468,109 2ÏS51,751,691 240,602,133 440,352,673 173,637,873 7£S28,651,918 147,644,005 8¹: §28,172,199 82,245,577 13é X §19,804,493 181,211,429 6ES16,400,882 128,396,046 9 oþ ü% 2018 M 1 À 2019 M 6 0i¨ cÇ k9 61,192,394,742 j Ô Â813,760,213,425 Ú S/7,533,980,169 Î Á77,292,308Äñ·Bö¥ Ü (0i¨ cQ SQL ÿ Æ (SQLi)69.7% '¹Óqc (LFI)21.6% t_Ä'þ (XSS)3.5% îµ0i¨ cÏÍ 35% ? 3 Â8 S/<º ó©C/½ Â8<% sþ » 5 +Yñ
