CN113992980A - Generation method, device and equipment of attack code stream - Google Patents

Generation method, device and equipment of attack code stream Download PDF

Info

Publication number
CN113992980A
CN113992980A CN202010658872.2A CN202010658872A CN113992980A CN 113992980 A CN113992980 A CN 113992980A CN 202010658872 A CN202010658872 A CN 202010658872A CN 113992980 A CN113992980 A CN 113992980A
Authority
CN
China
Prior art keywords
code stream
attack
preset
target position
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010658872.2A
Other languages
Chinese (zh)
Other versions
CN113992980B (en
Inventor
张龙
黄凡夫
陈喆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN202010658872.2A priority Critical patent/CN113992980B/en
Publication of CN113992980A publication Critical patent/CN113992980A/en
Application granted granted Critical
Publication of CN113992980B publication Critical patent/CN113992980B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4402Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving reformatting operations of video signals for household redistribution, storage or real-time display
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a method, a device and equipment for generating an attack code stream, wherein the method comprises the following steps: acquiring a code stream sample to be processed; analyzing the acquired code stream sample to obtain information of at least one key position of the code stream sample; and carrying out conversion processing on the code stream sample according to a preset code stream generation strategy and the obtained information of the key position to obtain an attack code stream. The embodiment of the application realizes the generation of the attack code stream on the basis of not paying attention to the source, the packaging format and the like of the code stream sample; the generated attack code stream has universality and can be applied to safety tests of various multimedia products, so that the test effect is closer to real attack, and the safety and stability of the corresponding multimedia products can be improved.

Description

Generation method, device and equipment of attack code stream
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method, an apparatus, and a device for generating an attack code stream.
Background
With the rapid development of the internet and the internet of things, multimedia data will become the main media type of network transmission, and especially after the commercialized application of the 5G network is fully landed, the multimedia application will become more and more abundant, such as live broadcast, telemedicine, online education, unmanned, instant messaging, and the like. However, some current multimedia products have low security and stability, so that attack events of the multimedia products occur occasionally. Therefore, how to improve the security and stability of multimedia products becomes an urgent problem to be solved.
Disclosure of Invention
The embodiment of the application aims to provide a method, a device and equipment for generating an attack code stream, so that the generated attack code stream is applied to a security test of a multimedia product, and the problem of low security and stability of a media product is solved.
In order to solve the above technical problem, the embodiment of the present application is implemented as follows:
in a first aspect, an embodiment of the present application provides a method for generating an attack code stream, including:
acquiring a code stream sample to be processed;
analyzing the code stream sample to obtain information of at least one key position of the code stream sample;
and performing conversion processing on the code stream sample according to a preset code stream generation strategy and the information of the key position to obtain an attack code stream.
In a second aspect, an embodiment of the present application provides an apparatus for generating an attack code stream, including:
the acquisition module is used for acquiring a code stream sample to be processed;
the analysis module is used for analyzing the code stream sample to obtain information of at least one key position of the code stream sample;
and the generating module is used for converting the code stream sample according to a preset code stream generating strategy and the information of the key position to obtain an attack code stream.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory complete mutual communication through a bus; a memory for storing a computer program; and the processor is used for executing the program stored in the memory and realizing the steps of the generation method of the attack code stream.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method for generating an attack code stream are implemented.
In the embodiment of the application, the information of at least one key position of the code stream sample is obtained by analyzing the code stream sample to be processed, and the code stream sample is transformed according to a preset code stream generation strategy and the obtained information of the key position to obtain the attack code stream. Therefore, the generation of the attack code stream is realized on the basis that the code stream generation strategy is configurable, the source of the code stream sample does not need to be concerned, the packaging format of the code stream sample does not need to be concerned, and the like; the generated attack code stream has universality, can be applied to safety tests of various multimedia products, not only enables the test effect to be closer to real attack, but also can improve the safety and stability of the corresponding multimedia products, thereby solving the problem that the safety and stability of the current multimedia products are lower.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a first flowchart of a method for generating an attack code stream according to an embodiment of the present disclosure;
fig. 2 is a second flowchart of a method for generating an attack code stream according to an embodiment of the present disclosure;
FIG. 3 is a first flowchart illustrating a third operation provided by an embodiment of the present disclosure;
FIG. 4 is a second flowchart illustrating a third operation provided by embodiments of the present disclosure;
FIG. 5 is a third flowchart illustrating a third operation provided by embodiments of the present disclosure;
fig. 6 is a third flowchart illustrating a method for generating an attack code stream according to an embodiment of the present disclosure;
fig. 7 is a schematic diagram of a module composition of an attack code stream generation apparatus provided in an embodiment of the present specification;
fig. 8 is a schematic composition diagram of an electronic device provided in an embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a schematic flow diagram of a method for generating an attack code stream according to one or more embodiments of the present specification, and referring to fig. 1, the method may specifically include the following steps:
102, acquiring a code stream sample to be processed;
the execution main body of the method for generating an attack code stream provided in the embodiment of the present specification may be a device or a device for generating an attack code stream, and the following description will take the execution main body as a device for generating an attack code stream as an example. Optionally, the generating device of the attack code stream is in a networking state, and obtains a code stream sample played in real time from a network, for example, a video code stream played in real time in the network. Or, the generating device of the attack code stream obtains a pre-stored code stream sample from a local designated location, and the locally stored code stream sample has no real-time property compared with the code stream sample played in real time in the network, so that the locally stored code stream sample can be called a historical code stream sample, for example, a pre-stored audio code stream. Or, the generation device of the attack code stream receives historical code stream samples uploaded by the user, and the like. In this specification, the source of the code stream sample is not specifically limited, and may be set by itself as needed in practical application.
Step 104, analyzing the code stream sample to obtain information of at least one key position of the code stream sample;
specifically, the acquired code stream sample is analyzed according to a code stream pattern defined in a multimedia related protocol, so as to obtain information of at least one key position of the code stream sample. Wherein, the key position includes a data packet where the decoding parameter set is located, a data packet where the key frame is located, the encapsulation data, the coded data, and the like; information of the key position, such as a data packet identifier of a data packet where the key frame is located; multimedia related protocols such as ISO/IEC 14496-12 and the like.
And 106, converting the code stream sample according to a preset code stream generation strategy and the obtained information of the key position to obtain an attack code stream.
Specifically, a target position is selected from the key positions according to a preset code stream generation strategy and the obtained information of the key positions, and code stream data of the target position is transformed to obtain an attack code stream. The code stream generation strategy can be set according to requirements in practical application.
In the embodiment of the application, at least one key position of a code stream sample is obtained by analyzing the code stream sample to be processed, and the code stream sample is transformed according to a preset code stream generation strategy and the obtained key position to obtain an attack code stream. Therefore, the generation of the attack code stream is realized on the basis that the code stream generation strategy is configurable, the source of the code stream sample does not need to be concerned, the packaging format of the code stream sample does not need to be concerned, and the like; the generated attack code stream has universality, can be applied to safety tests of various multimedia products, not only enables the test effect to be closer to real attack, but also can improve the safety and stability of the corresponding multimedia products, thereby solving the problem that the safety and stability of the current multimedia products are lower.
Considering that there is a difference between the real-time code stream and the historical code stream, for example, for the real-time code stream, the part of the code stream that has not been played cannot be known, and thus, the information of the complete code stream, such as the total number of data packets, the data packet where the end frame is located, and the like, cannot be known. For the historical code stream, the information of the complete code stream can be obtained because the historical code stream is the complete code stream. Based on this, in order to ensure that high-quality attack code streams can be generated no matter the code stream samples are real-time code stream samples or historical code stream samples, in one or more embodiments of the present specification, different code stream generation strategies are adopted for different types of code stream samples. Specifically, as shown in fig. 2, step 106 may include:
step 106-2, determining the type of the code stream sample, if the code stream sample is a real-time code stream sample, executing step 106-4, and if the code stream sample is a historical code stream sample, executing step 106-6;
step 106-4, carrying out conversion processing on a code stream sample according to a preset first code stream generation strategy and the obtained key position information to obtain an attack code stream;
and step 106-6, carrying out conversion processing on the code stream sample according to a preset second code stream generation strategy and the obtained information of the key position to obtain an attack code stream.
Specifically, in step 106-4, a bitstream sample is transformed according to a preset first bitstream generation policy and the obtained information of the key location, including performing at least one of the following operations according to a preset first transformation parameter:
the method comprises the steps of firstly, selecting a first target position from key positions of a code stream sample according to obtained key position information and a first preset mode, and carrying out interrupt processing on a data packet at the first target position;
secondly, selecting a second target position from the key positions of the code stream sample according to the obtained information of the key positions and a first preset mode, and retransmitting the data packet at the second target position;
and thirdly, selecting a third target position from the key positions of the code stream samples according to the obtained information of the key positions and a second preset mode, and performing replacement processing on the data packet at the third target position.
Interrupting processing, namely discarding the data packet of the first target position; retransmission processing, namely copying the data packet at the second target position; the replacement processing, that is, the replacement processing of the same length for the packet at the third destination position, may also be falsification processing. The first transformation parameter may include a transformation number, which is a total number of times of transforming the bitstream samples. When the conversion times is one time, randomly selecting one operation from the three operations and executing the operation; if the conversion times are multiple times, one operation is selected from the three operations in sequence, after the selected operation is executed, the current accumulated conversion times are counted, if the accumulated conversion times are determined to be smaller than the preset conversion times, one operation is selected from the three operations continuously and executed until the accumulated conversion times are equal to the preset conversion times.
Further, for the first operation and the second operation, in order to have a better test effect when performing a security test on a multimedia product by using an attack code stream in the following, in one or more embodiments of the present specification, a probability that each key position is selected may be preset according to an importance degree of a data packet of each key position; here, the higher the importance degree is, the higher the influence degree of the packet of the key position on the standard of the code stream sample is, and thus the higher the probability that it is selected can be set. Correspondingly, in the first operation, according to the obtained information of the key positions and the set selected probability, a first target position is selected from the key positions of the code stream sample, the data packet of the first target position is interrupted, namely, the data packet of the first target position is discarded, and the code stream sample with the discarded data packet is determined as an attack code stream. In operation two, according to the obtained information of the key positions, according to the set selected probability, a second target position is selected from the key positions of the code stream sample, and the data packet at the second target position is retransmitted, that is, the data packet at the second target position is copied, and the code stream sample including the copied data packet is determined as an attack code stream. The first target position and the second target position may be the same or different, and the specific data value of the probability that each key position is selected may be set as required in actual application.
As an example, the code stream sample includes a data packet 1, a data packet 2, a data packet 3, a data packet 4, and a data packet 5, and if the first target position is the data packet 3, the attack code stream obtained by performing the interrupt processing includes the data packet 1, the data packet 2, the data packet 4, and the data packet 5; if the second target position is the data packet 4, the attack code stream obtained by performing retransmission processing includes the data packet 1, the data packet 2, the data packet 3, the data packet 4, and the data packet 5.
For the third operation, the key positions include an encapsulation layer and an encoding layer of the codestream sample, i.e., encapsulation data and encoding data. The packaging data comprises a format identification field, a syntax structure identification field, a key syntax parameter field, a non-key syntax parameter field and the like, and the coded data comprises key coded data, non-key coded data and the like. In order to ensure that the attack code stream obtained by the replacement process maintains the original format characteristics of the code stream sample, that is, to ensure that the format type and the key grammar are not completely destroyed, in one or more embodiments of the present specification, according to the influence degree of each field included in the package data and the encoded data on the code stream sample, the probability of each field being selected is preset, and the influence degree is also high, and the probability of being selected is lower; and quantifying the influence degree of each field on the code stream sample, and expressing by adopting the attack weight, wherein the larger the attack weight, the larger the influence on the original code stream sample, the stronger the attack degree. Thus, the greater the attack weight, the lower the probability of being selected. Generally, the format identification field plays an important role in analyzing the code stream, and in order to ensure that the code stream can be normally analyzed when the attack code stream is subsequently adopted to carry out security test on the multimedia product, the probability of selecting the format identification field can be set as low probability, and the attack weight can be set as high weight; the format identification field is, for example, "FLV", which is 0x464C56, for FLV (flash video) format start. The number of the grammar structure identification fields is generally small, the selected probability can be properly improved relative to the format identification fields, and the attack weight is properly reduced; the syntax structure identifies a field such as "LIST" in AVI (Audio Video Interleaved) format, i.e., 0x 495354. A key syntax parameter field, which is a main test object for performing a security test of a multimedia product, so that a probability of being selected can be set to a high probability; key syntax parameter fields such as the wide high byte in MP4 format moov/trak/tkhd. The non-key syntax parameter field has fewer safety problems generally, so that the selected probability is set to be a medium probability; non-critical syntax parameter fields such as the creation time field in MP4 format moov/trak/tkhd. The key coding field is also important in the security test of the multimedia product and is used for testing the stability and the security of the multimedia product on decoding and rendering, so that the selected probability can be set to be a medium-high probability; a key encoding field such as I frame data of H264 data. Non-critical coded data, the probability of being selected can be set to be low probability to reduce resource consumption due to the large data volume and high occurrence frequency; non-key coded data such as P frames in H264 data.
For example, the probability and attack weight of the fields are selected as follows:
Figure BDA0002577761490000061
it should be noted that the data in the above table is only used for example and is not limited, and the specific selected probability and attack weight may be set as needed in practical applications.
In the generation process of the attack code stream by adopting the operation III, the replacement parameters of the replacement processing are preset. Optionally, the permutation parameter includes an attack weight, and accordingly, as shown in fig. 3, the third operation may include:
step 202, selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
step 204, performing data replacement operation with the same length on the code stream data of the selected third target position;
specifically, the data length of the code stream data at the third target position is determined, the code stream data with the determined data length is randomly intercepted from a preset code stream sample to be replaced, and the code stream data at the third target position is replaced by the intercepted code stream data. Or determining the data length of the code stream data at the third target position, intercepting the code stream data with the determined data length from any position except the third target position in the current code stream sample, and replacing the code stream data at the third target position with the intercepted code stream data.
Step 206, determining the attack weight corresponding to the selected third target position;
specifically, according to the third target position, a corresponding attack weight is obtained from a preset corresponding relationship between the key position and the attack weight.
Step 208, determining the current cumulative attack weight according to the attack weight;
specifically, the cumulative attack weight is initialized to be 0 and recorded as W0, and when the attack weight corresponding to the third target position is determined to be W1 after the first replacement operation is performed, the cumulative attack weight is updated from W0 to W1; after the second replacement operation is performed, if the attack weight corresponding to the third target position is determined to be W2, the cumulative attack weight is updated from W1 to W1+ W2, and so on.
And step 210, determining whether the current accumulated attack weight is smaller than a preset attack weight, if so, returning to the step 202, otherwise, ending.
The preset attack weight is, for example, 40%, which can be set in practical applications as needed. It should be noted that, each time a replacement operation is performed, a corresponding attack code stream is obtained, and when the accumulated attack weight is smaller than the preset attack weight, the effect of performing a security test on the multimedia product by using the corresponding attack code stream is not optimal; when the accumulated attack weight is not less than the preset attack weight, the effect of performing the security test on the multimedia product by adopting the corresponding attack code stream is better.
Therefore, by presetting the attack weight and carrying out replacement operation based on the attack weight corresponding to the selected third target position, the finally obtained attack code stream is ensured to keep the original format characteristic of the code stream sample, and effective safety test can be carried out on the multimedia product based on the finally obtained attack code stream.
In the generation process of the attack code stream by using the third operation, optionally, the replacement parameter includes an attack frequency, and accordingly, as shown in fig. 4, the third operation may include:
step 302, selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
step 304, performing data replacement operation with the same length on the data of the selected third target position;
the specific manner of the conversion operation can be referred to the related description, and the repeated description is omitted here.
Step 306, counting the current accumulated replacement times;
specifically, the initial accumulated replacement frequency is 0, and after each replacement operation, 1 is added to the accumulated replacement frequency.
And 308, determining whether the current accumulated replacement times are smaller than the preset replacement times, if so, returning to the step 302, and if not, ending.
The preset replacement times can be set automatically according to requirements in practical application. It should be noted that, each time a replacement operation is performed, a corresponding attack code stream is obtained, and when the accumulated replacement times are smaller than the preset replacement times, the effect of performing a security test on the multimedia product by using the corresponding attack code stream is not optimal; when the accumulated replacement times are not less than the preset attack times, the effect of performing the security test on the multimedia product by adopting the corresponding attack code stream is better.
Therefore, by presetting the replacement times, counting the accumulated replacement times and executing the replacement operation based on the preset replacement times and the counted accumulated replacement times, the finally obtained attack code stream is ensured to keep the original format characteristics of the code stream sample, and the effective safety test can be carried out on the multimedia product based on the finally obtained attack code stream.
In the generation process of the attack code stream by using the third operation, optionally, the replacement parameter includes an attack weight and an attack frequency, and accordingly, as shown in fig. 5, the third operation may include:
step 402, selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
step 404, performing data replacement operation with the same length on the data of the selected third target position;
step 406, determining an attack weight corresponding to the selected third target position;
step 408, determining the current cumulative attack weight according to the attack weight, and counting the current cumulative replacement times;
in step 410, if it is determined that the cumulative attack weight is smaller than the predetermined attack weight and the cumulative replacement number is smaller than the predetermined replacement number, the process returns to step 402.
Specifically, determining whether the accumulated attack weight is smaller than a preset attack weight, and if not, ending; if yes, determining whether the accumulated replacement times is smaller than the preset replacement times, if not, ending, and if yes, returning to the step 402.
It should be noted that, for specific implementation of steps 404 to 408, reference may be made to the foregoing related description, and repeated details are not described here.
Therefore, the replacement processing is carried out based on the preset attack weight and the replacement frequency, so that the finally obtained attack code stream is ensured to keep the original format characteristic of the code stream sample, and the effective safety test can be carried out on the multimedia product based on the finally obtained attack code stream.
It should be noted that, in one or more embodiments of the present specification, the first transformation parameter may further include a total attack weight, and the attack weights corresponding to different key positions in the first operation and the second operation are preset, and transformation processing is performed by counting the accumulated transformation times and the accumulated total attack weight; for example, the above process of performing the replacement processing according to different replacement parameters may be referred to, and will not be described herein again.
In summary, when the code stream sample is a real-time code stream sample, based on a preset first transformation parameter, any one or more of interrupt processing, retransmission processing, and replacement processing is performed on the code stream sample to obtain an attack code stream; the method not only ensures that the finally obtained attack code stream keeps the original format characteristic of the code stream sample, but also can carry out effective safety test on the multimedia product based on the finally obtained attack code stream.
Further, in the foregoing step 106-6, according to a preset second code stream generation policy and the obtained information of the key location, the code stream samples are transformed, including performing at least one of the following according to a preset second transformation parameter:
selecting a third target position from the key positions of the code stream samples according to a second preset mode, and performing replacement processing on the data packet at the third target position;
adding code stream data with any length in a first preset length range at any position of a code stream sample;
and fifthly, deleting the code stream data with any length in the second preset length range at any position of the code stream sample.
The second transformation parameter may be the same as or different from the first transformation parameter. When the second transformation parameter comprises the total transformation times and the transformation times are one time, randomly selecting one operation from the three operations of operation three, operation four and operation five, and executing corresponding processing; if the number of times of conversion is multiple, one operation is selected from three operations of operation three, operation four and operation five in sequence, and corresponding processing is executed. Further, the specific manner of the operation three can be referred to the related description, and is not described herein again. In the fourth operation, in order to ensure that the attack code stream after adding the code stream data maintains the original format characteristic of the code stream sample, a first preset length range is preset. Similarly, in operation five, a second preset length range is preset. The first preset length range and the second preset length range may be the same or different. It should be noted that the code stream data added in operation four may be code stream data intercepted from a code stream sample, or code stream data intercepted from preset code stream data.
Therefore, when the code stream sample is a historical code stream sample, the attack code stream is obtained by performing any one or more of the operations of adding code stream data, deleting code stream data and replacing the code stream sample on the basis of the preset second conversion parameter, so that the finally obtained attack code stream is ensured to keep the original format characteristic of the code stream sample, and the effective safety test can be performed on the multimedia product on the basis of the finally obtained attack code stream.
After obtaining the attack code stream, the security test processing may be performed on the multimedia product based on the attack code stream, specifically, as shown in fig. 6, after step 106, the method further includes:
and 108, carrying out safety test processing on the multimedia product to be tested according to the obtained attack code stream.
Specifically, the obtained attack code stream is input to a multimedia product to be tested to test whether the multimedia product can normally play the attack code stream. The input mode of the attack code stream may be a network transmission mode, and may also be a mode of opening a local file.
In the embodiment of the application, at least one key position of a code stream sample is obtained by analyzing the code stream sample to be processed, and the code stream sample is transformed according to a preset code stream generation strategy and the obtained key position to obtain an attack code stream. Therefore, the generation of the attack code stream is realized on the basis that the code stream generation strategy is configurable, the source of the code stream sample does not need to be concerned, the packaging format of the code stream sample does not need to be concerned, and the like; the generated attack code stream has universality, can be applied to safety tests of various multimedia products, enables the test effect to be closer to real attack, can improve the safety and stability of the corresponding multimedia products, and solves the problem that the safety and stability of the current multimedia products are lower.
Based on the same technical concept, one or more embodiments of the present specification further provide a device for generating an attack code stream, and fig. 7 is a schematic diagram of module composition of the device for generating an attack code stream, provided in one or more embodiments of the present specification, as shown in fig. 7, the device includes:
an obtaining module 501, configured to obtain a code stream sample to be processed;
an analyzing module 502, configured to analyze the code stream sample to obtain information of at least one key position of the code stream sample;
the generating module 503 is configured to perform transform processing on the code stream sample according to a preset code stream generation policy and the information of the key position, so as to obtain an attack code stream.
Optionally, the generating module 503 is specifically configured to:
determining the type of the code stream sample;
if the code stream sample is a real-time code stream sample, carrying out conversion processing on the code stream sample according to a preset first code stream generation strategy and the information of the key position to obtain an attack code stream;
and if the code stream sample is a historical code stream sample, performing conversion processing on the code stream sample according to a preset second code stream generation strategy and the information of the key position to obtain an attack code stream.
Optionally, the generating module 503 is further specifically configured to, according to a preset first transformation parameter, perform at least one of the following operations:
according to the information of the key position, selecting a first target position from the key position of the code stream sample according to a first preset mode, and carrying out interrupt processing on a data packet at the first target position;
according to the information of the key position, selecting a second target position from the key position of the code stream sample according to the first preset mode, and retransmitting the data packet at the second target position;
and selecting a third target position from the key positions of the code stream samples according to the information of the key positions and a second preset mode, and performing replacement processing on the data packet at the third target position.
Optionally, the generating module 503 is further specifically configured to perform at least one of the following operations according to a preset second transformation parameter:
adding code stream data with any length in a first preset length range at any position of the code stream sample;
deleting code stream data with any length in a second preset length range at any position of the code stream sample;
and selecting a third target position from the key positions of the code stream samples according to the information of the key positions and a second preset mode, and performing replacement processing on the data packet at the third target position.
Optionally, the generating module 503 is further specifically configured to:
selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
performing data replacement operation with the same length on the selected code stream data of the third target position;
determining the attack weight corresponding to the selected third target position;
determining the current cumulative attack weight according to the attack weight;
and if the accumulated attack weight is determined to be smaller than the preset attack weight, continuing to execute the replacement processing.
Optionally, the generating module 503 is further specifically configured to:
selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
performing data replacement operation with the same length on the selected data of the third target position;
counting the current accumulated replacement times;
and if the accumulated replacement times are determined to be less than the preset replacement times, continuing to execute the replacement processing.
Optionally, the generating module 503 is further specifically configured to:
selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
performing data replacement operation with the same length on the selected data of the third target position;
determining the attack weight corresponding to the selected third target position;
determining the current cumulative attack weight according to the attack weight, and counting the current cumulative replacement times;
and if the accumulated attack weight is determined to be smaller than the preset attack weight and the accumulated replacement frequency is determined to be smaller than the preset replacement frequency, continuing to execute the replacement processing.
Optionally, the apparatus further comprises: a test module;
and the test module is used for carrying out safety test processing on the multimedia product to be tested according to the attack code stream.
The device for generating an attack code stream provided in the embodiment of the present specification obtains at least one key position of a code stream sample by analyzing a code stream sample to be processed, and performs transform processing on the code stream sample according to a preset code stream generation policy and the obtained key position to obtain the attack code stream. Therefore, the generation of the attack code stream is realized on the basis that the code stream generation strategy is configurable, the source of the code stream sample does not need to be concerned, the packaging format of the code stream sample does not need to be concerned, and the like; the generated attack code stream has universality, can be applied to safety tests of various multimedia products, enables the test effect to be closer to real attack, can improve the safety and stability of the corresponding multimedia products, and solves the problem that the safety and stability of the current multimedia products are lower.
In addition, for the above device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to partial description of the method embodiment. Further, it should be noted that, among the respective components of the apparatus of the present invention, the components thereof are logically divided according to the functions to be realized, but the present invention is not limited thereto, and the respective components may be newly divided or combined as necessary.
Fig. 8 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure, and referring to fig. 8, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may also include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the access limiting window adjusting device on the logic level. Of course, besides the software implementation, the present application does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
The network interface, the processor and the memory may be interconnected by a bus system. The bus may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 8, but that does not indicate only one bus or one type of bus.
The memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both read-only memory and random access memory, and provides instructions and data to the processor. The Memory may include a Random-Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory.
The processor is used for executing the program stored in the memory and specifically executing:
acquiring a code stream sample to be processed;
analyzing the code stream sample to obtain information of at least one key position of the code stream sample;
and performing conversion processing on the code stream sample according to a preset code stream generation strategy and the information of the key position to obtain an attack code stream.
The method executed by the device for generating the attack code stream disclosed by the embodiment of fig. 8 of the present application may be applied to a processor, or implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
Based on the same technical concept, embodiments of the present application further provide a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and when the one or more programs are executed by an electronic device including a plurality of application programs, the electronic device is caused to execute the method for generating an attack code stream provided in any one of fig. 1 to 6.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A method for generating an attack code stream is characterized by comprising the following steps:
acquiring a code stream sample to be processed;
analyzing the code stream sample to obtain information of at least one key position of the code stream sample;
and performing conversion processing on the code stream sample according to a preset code stream generation strategy and the information of the key position to obtain an attack code stream.
2. The method according to claim 1, wherein the transforming the code stream sample according to a preset code stream generation strategy and the information of the key position to obtain an attack code stream comprises:
determining the type of the code stream sample;
if the code stream sample is a real-time code stream sample, carrying out conversion processing on the code stream sample according to a preset first code stream generation strategy and the information of the key position to obtain an attack code stream;
and if the code stream sample is a historical code stream sample, performing conversion processing on the code stream sample according to a preset second code stream generation strategy and the information of the key position to obtain an attack code stream.
3. The method according to claim 2, wherein the transforming the code stream samples according to the preset first code stream generation policy and the information of the key location includes performing at least one of the following operations according to a preset first transformation parameter:
according to the information of the key position, selecting a first target position from the key position of the code stream sample according to a first preset mode, and carrying out interrupt processing on a data packet at the first target position;
according to the information of the key position, selecting a second target position from the key position of the code stream sample according to the first preset mode, and retransmitting the data packet at the second target position;
and selecting a third target position from the key positions of the code stream samples according to the information of the key positions and a second preset mode, and performing replacement processing on the data packet at the third target position.
4. The method according to claim 2, wherein the transforming the code stream samples according to the preset second code stream generation policy and the information of the key location includes performing at least one of the following operations according to a preset second transformation parameter:
adding code stream data with any length in a first preset length range at any position of the code stream sample;
deleting code stream data with any length in a second preset length range at any position of the code stream sample;
and selecting a third target position from the key positions of the code stream samples according to the information of the key positions and a second preset mode, and performing replacement processing on the data packet at the third target position.
5. The method according to claim 3 or 4, wherein the selecting a third target position from the key positions of the codestream samples according to a second preset manner, and performing replacement processing on a data packet at the third target position includes:
selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
performing data replacement operation with the same length on the selected code stream data of the third target position;
determining the attack weight corresponding to the selected third target position;
determining the current cumulative attack weight according to the attack weight;
and if the accumulated attack weight is determined to be smaller than the preset attack weight, continuing to execute the replacement processing.
6. The method according to claim 3 or 4, wherein the selecting a third target position from the key positions of the codestream samples according to a second preset manner, and performing replacement processing on a data packet at the third target position includes:
selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
performing data replacement operation with the same length on the selected code stream data of the third target position;
counting the current accumulated replacement times;
and if the accumulated replacement times are determined to be less than the preset replacement times, continuing to execute the replacement processing.
7. The method according to claim 3 or 4, wherein the selecting a third target position from the key positions of the codestream samples according to a second preset manner, and performing replacement processing on a data packet at the third target position includes:
selecting a third target position from the key positions of the code stream sample according to the preset probability that each key position is selected;
performing data replacement operation with the same length on the selected code stream data of the third target position;
determining the attack weight corresponding to the selected third target position;
determining the current cumulative attack weight according to the attack weight, and counting the current cumulative replacement times;
and if the accumulated attack weight is determined to be smaller than the preset attack weight and the accumulated replacement frequency is determined to be smaller than the preset replacement frequency, continuing to execute the replacement processing.
8. The method of claim 1, wherein after obtaining the attack code stream, the method further comprises:
and carrying out safety test processing on the multimedia product to be tested according to the attack code stream.
9. An attack code stream generation device, comprising:
the acquisition module is used for acquiring a code stream sample to be processed;
the analysis module is used for analyzing the code stream sample to obtain information of at least one key position of the code stream sample;
and the generating module is used for converting the code stream sample according to a preset code stream generating strategy and the information of the key position to obtain an attack code stream.
10. The apparatus of claim 9, wherein the generation module is specifically configured to:
determining the type of the code stream sample;
if the code stream sample is a real-time code stream sample, carrying out conversion processing on the code stream sample according to a preset first code stream generation strategy and the information of the key position to obtain an attack code stream;
and if the code stream sample is a historical code stream sample, performing conversion processing on the code stream sample according to a preset second code stream generation strategy and the information of the key position to obtain an attack code stream.
CN202010658872.2A 2020-07-09 2020-07-09 Method, device and equipment for generating attack code stream Active CN113992980B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010658872.2A CN113992980B (en) 2020-07-09 2020-07-09 Method, device and equipment for generating attack code stream

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010658872.2A CN113992980B (en) 2020-07-09 2020-07-09 Method, device and equipment for generating attack code stream

Publications (2)

Publication Number Publication Date
CN113992980A true CN113992980A (en) 2022-01-28
CN113992980B CN113992980B (en) 2023-05-26

Family

ID=79731279

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010658872.2A Active CN113992980B (en) 2020-07-09 2020-07-09 Method, device and equipment for generating attack code stream

Country Status (1)

Country Link
CN (1) CN113992980B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6718121B1 (en) * 1998-11-13 2004-04-06 Victor Company Of Japan, Limited Information signal processing apparatus using a variable compression rate in accordance with contents of information signals
WO2012094916A1 (en) * 2011-01-11 2012-07-19 中兴通讯股份有限公司 Method for encapsulating and transmitting streaming media packet, and device for processing streaming media
CN102754446A (en) * 2010-02-03 2012-10-24 汤姆逊许可证公司 Valid replacement data in encoded video
CN103152608A (en) * 2013-02-28 2013-06-12 广东技术师范学院 Method for realizing digital fingerprint encrypted video multicast transmission
CN104113538A (en) * 2014-07-09 2014-10-22 重庆大学 Network safety protection scheme for detecting attack behaviors of internal users
GB2552376A (en) * 2016-07-22 2018-01-24 Canon Kk Method and device for efficiently generating, based on a video flow, a plurality of video streams required by modules of a video surveillance system
US20180146261A1 (en) * 2015-04-20 2018-05-24 Zte Corporation Message Sending Method and Device, Code Stream Processing Method and Device
CN108696713A (en) * 2018-04-27 2018-10-23 苏州科达科技股份有限公司 Safety detecting method, device and the test equipment of code stream
US20190222845A1 (en) * 2016-05-23 2019-07-18 David Scott Taubman Method and apparatus for image compression
CN110611815A (en) * 2019-09-26 2019-12-24 深圳市半冬科技有限公司 Video output method and device and storage device
US20200019481A1 (en) * 2018-07-13 2020-01-16 International Business Machines Corporation Test program data key generation

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6718121B1 (en) * 1998-11-13 2004-04-06 Victor Company Of Japan, Limited Information signal processing apparatus using a variable compression rate in accordance with contents of information signals
CN102754446A (en) * 2010-02-03 2012-10-24 汤姆逊许可证公司 Valid replacement data in encoded video
WO2012094916A1 (en) * 2011-01-11 2012-07-19 中兴通讯股份有限公司 Method for encapsulating and transmitting streaming media packet, and device for processing streaming media
CN103152608A (en) * 2013-02-28 2013-06-12 广东技术师范学院 Method for realizing digital fingerprint encrypted video multicast transmission
CN104113538A (en) * 2014-07-09 2014-10-22 重庆大学 Network safety protection scheme for detecting attack behaviors of internal users
US20180146261A1 (en) * 2015-04-20 2018-05-24 Zte Corporation Message Sending Method and Device, Code Stream Processing Method and Device
US20190222845A1 (en) * 2016-05-23 2019-07-18 David Scott Taubman Method and apparatus for image compression
GB2552376A (en) * 2016-07-22 2018-01-24 Canon Kk Method and device for efficiently generating, based on a video flow, a plurality of video streams required by modules of a video surveillance system
CN108696713A (en) * 2018-04-27 2018-10-23 苏州科达科技股份有限公司 Safety detecting method, device and the test equipment of code stream
US20200019481A1 (en) * 2018-07-13 2020-01-16 International Business Machines Corporation Test program data key generation
CN110611815A (en) * 2019-09-26 2019-12-24 深圳市半冬科技有限公司 Video output method and device and storage device

Also Published As

Publication number Publication date
CN113992980B (en) 2023-05-26

Similar Documents

Publication Publication Date Title
CN110032880B (en) Screen recording evidence obtaining method and system based on block chain and electronic equipment
CN111917777B (en) Network data analysis method and device and electronic equipment
CN113840012B (en) Block chain-based screen recording evidence obtaining method and system and electronic equipment
US10476928B2 (en) Network video playback method and apparatus
TWI527467B (en) Apparatus and method for storing and reading a file having a media data container and a metadata container
CN112584231B (en) Video live broadcast method and device, edge device of CDN (content delivery network) and user terminal
CN112261377B (en) Web edition monitoring video playing method, electronic equipment and storage medium
CN110554890A (en) Video evidence obtaining method, terminal equipment and storage medium
CN110087142A (en) A kind of video segment method, terminal and storage medium
CN113992980B (en) Method, device and equipment for generating attack code stream
US20070002860A1 (en) Method and system for a digital home network trace and debug tool
CN108012085B (en) Multimedia information processing method, server and storage medium
CN111064717B (en) Data encoding method, data decoding method, related terminal and device
CN110868610B (en) Streaming media transmission method, device, server and storage medium
CN108966041A (en) A kind of audio and video playing buries point methods and device
CN113452735B (en) Narrow-band transmission method and equipment based on block chain
CN108093258A (en) Coding/decoding method, computer installation and the computer readable storage medium of bit stream data
US11463493B2 (en) Method and apparatus for playing media file
CN109462496B (en) Data processing method and device for video network terminal
US10554573B2 (en) Streaming media data transmission method and apparatus
CN115942000B (en) H.264 format video stream transcoding method, device, equipment and medium
CN116668542B (en) Service execution method based on heterogeneous resource binding under enhanced service architecture
CN109495793B (en) Bullet screen writing method, device, equipment and medium
CN113691813B (en) Transcoding card using method, system, storage medium and device
CN108900863A (en) A kind of generation method of video image, device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant