## <center>2019-05-08 12:05 DDoS攻击检测报告</center> ## - **MME ID**: 1123424 - **DDoS攻击类型**:具有合法身份频繁断网入网导致的DDoS - **攻击发生时段**:2019-05-08 12:00~2019-05-08 12:05 - **威胁等级**: **<span style="color:red">高</span>** - **恶意UE群体检出数量**: 100万 ### <center>MME RU单元CPU占用率情况</center> ### <center>![RU CPU](./pictures/cpu_stat.png "RU CPU")</center>
<center>网元MME ID 各RU CPU趋势图</center> - **CPU异常的RU单元**: RU_1234 - **CPU异常数值**: 93% ### <center>MME 信令流程计数情况</center> ### <center>![RU CPU](./pictures/t.png "RU CPU")</center> <center>网元MME ID信令流程计数趋势图</center> - **MME信令流程计数预测值**: 10212225 - **MME信令流程计数实际值**: 145200222(超出预测值**<span style="color:red">900%</span>**) ### <center>信令流程计数增量排序详情</center> ### <center>
<table style="border-collapse: collapse;">
<tr>
<th>序号</th>
<th>信令类型</th>
<th>信令增量</th>
<th>占比</th>
</tr>
<tr>
<td>1</td>
<td>A(attach)</td>
<td>123,432</td>
<td>50%</td>
</tr>
<tr>
<td>2</td>
<td>B(detach)</td>
<td>123,432</td>
<td>50%</td>
</tr>
</table>
</center> ### <center>恶意UE检出详情</center> ### <table style="border-collapse: collapse;">
<tr>
<th>IMSI</th>
<th>信令流程序列</th>
</tr>
<tr>
<td>IMSI1231331</td>
<td>A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)->A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)->A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)->A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)</td>
</tr>
<tr>
<td>IMSI324543456</td>
<td>A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)->A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)->A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)->A(attach, 12:03:59)->B(12:04:00)->C(detach,12:05:01)</td>
</tr>
</table>
其中,直接使用table是为了解决markdown pad2免费版不支持报表问题。同时加入style为了去掉默认丑陋表格的边框。