CN106101100B - A kind of implementation method of the video content supervisory systems based on steganalysis - Google Patents

A kind of implementation method of the video content supervisory systems based on steganalysis Download PDF

Info

Publication number
CN106101100B
CN106101100B CN201610415213.XA CN201610415213A CN106101100B CN 106101100 B CN106101100 B CN 106101100B CN 201610415213 A CN201610415213 A CN 201610415213A CN 106101100 B CN106101100 B CN 106101100B
Authority
CN
China
Prior art keywords
video
supervision
steganalysis
data
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610415213.XA
Other languages
Chinese (zh)
Other versions
CN106101100A (en
Inventor
张登银
李先阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201610415213.XA priority Critical patent/CN106101100B/en
Publication of CN106101100A publication Critical patent/CN106101100A/en
Application granted granted Critical
Publication of CN106101100B publication Critical patent/CN106101100B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/302Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/083Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords

Abstract

The video data of certain unit integrated information platform is supervised in the invention discloses a kind of video content supervisory systems and method based on steganalysis, system realization.The system supervisory mode is divided into two kinds: static state supervision and dynamic supervision, video data is obtained respectively at unit integrated information platform former video data center and data access gateway, then steganalysis processing is carried out, the result of processing is analyzed and handled again, to realize that the video data to certain unit integrated information platform carries out static and dynamic dual effective supervision, the secure dissemination of video data has been ensured well.

Description

A kind of implementation method of the video content supervisory systems based on steganalysis
Technical field
The present invention relates to a kind of video content supervisory systems and method based on steganalysis belong to information security technology neck Domain.
Background technique
With the fast development of internet, huge numbers of families are come into, the network media especially video contains much information by feat of it, The advantages such as broad covered area and propagation information rate are fast, it has also become propagate the important medium of information.Internet era, the network media and Daily life is closely bound up, and emerge rapidly the major way for having become and propagating for information, while also affecting people's Cultural life.China Internet Network Information Center (CNNIC) publication " the 37th China Internet network state of development in 2016 Statistical report " in display, by December, 2015, up to 5.04 hundred million, network video user uses Chinese network video userbase Rate is 73.2%, increases 6.5 percentage points compared with the end of the year 2014.Wherein, mobile video userbase was 4.05 hundred million, with 2014 Bottom is compared and increases 92,280,000, growth rate 29.5%.Mobile phone network video utilization rate is 65.4%, is increased compared to the end of the year 2014 9.2 percentage point.Video is widely used in the service such as online browse, downloading, communication and sharing in network.
Video is equally with interactive the information of video transmission also more to be mixed since it is open double-edged sword, Often it has undesirable information and causes bad influence.Moreover, the network media also relates to safety problem, as between some business Spy, terrorist etc. may propagate hidden flame, or even plan certain using the redundancy implied in network video A little terrorist activities.There are many steganography software of multiplicity in internet, oneself can be wanted that the information propagated is embedded by steganography In media content, this technology is very hidden, usually can not distinguish and find information by naked eyes and the sense of hearing, and only sends out The person of sending and recipient know the transmission channel of this hidden information.Network security becomes more and more important, so there is an urgent need to reinforce at present Supervision to network video content.
Currently, being both at home and abroad passively operating mode mostly for the research of network video supervision, mainly in gateway It is filtered the supervision of formula, the analysis and processing to video content are still rare.And the also prematurity of video Steganalysis, base It is few few in the research that the video content of steganalysis is supervised.And the present invention can well solve problem above.
Summary of the invention
Present invention aims in view of the above shortcomings of the prior art, propose a kind of video content based on steganalysis Supervisory systems and method, this method acquire video data from original video file center and carry out steganalysis, to static state Video file is supervised.If user carries out real-time video interaction by unit integrated information platform, can be in data access Gateway transmits RTP video data, so acquire and identify RTP data packet in data access gateway, and by video data restoration into The processing of row steganalysis, dynamically supervises video content.To realize to the video data content of integrated information platform into Row effectively supervision, ensures the secure dissemination of video data.
The technical scheme adopted by the invention to solve the technical problem is that: a kind of video content supervision based on steganalysis The implementation method of system, this method comprises the following steps:
Step 1: unified identity authentication.System manager logs into video content supervision system by user name password authentification System;
Step 2: selecting the regulatory format of system.System is supported to realize static and dynamic supervision mode;
Step 3: video data acquiring.According to the difference of regulatory format, the process for acquiring data is also different.
It is that supervision video source is obtained from the video file central store system of integrated information platform under static regulatory format File;Be under dynamic supervision mode from data access gateway grab identification RTP data packet, and by RTP video data restoration at Video source file of the video data as supervision;
Step 4: video steganalysis.Steganalysis is carried out to collected video data, judges whether video file has Steganography operation;
Step 5: analysis processing.According to the difference of regulatory format, the analysis treatment process of supervision result is also different.
Static regulatory analysis processing: it if video file supervision is operated without steganography as the result is shown, marks and illustrates to regard Otherwise frequency file safety removes the video file for having steganography to operate to early warning library, be added to blacklist, cuts off this view of outer bound pair The access operation of frequency file.Later period can be tracked investigation to the harmful classified information source in video file that is embedded in.
Dynamic supervision analysis processing: if video file supervision is operated without steganography as the result is shown, with no treatment, Otherwise its source will be added to database.Information source is identified by IP and domain name, may be selected for the IP user to be added black List, the network communication of cutting and unit integrated information platform.
The video content supervisory systems based on steganalysis that the present invention also provides a kind of, the system include content monitoring and The big module of system administration two composition.Wherein content monitoring module includes video data acquiring, video steganalysis, analysis processing three A sub-function module composition.System management module includes two sub-function module compositions of user management and operational management.
The function of each module of present system includes:
Content monitoring module: major function is supervised to the video data of integrated information platform.Including video data Acquisition, video steganalysis, analysis three sub-function modules of processing.Video data acquiring sub-function module realizes that video data is adopted The function of collection;Video steganalysis sub-function module, which is realized, carries out feature selecting and extraction, feature to collected video data Fusion, the operation such as feature training and strategy fusion.Analysis processing sub-function module realize to the result of video steganalysis into Row analysis and processing, to the improvement after the video file supervision of integrated information platform.
System management module: major function is to be managed to the user of system, operation, and unite to supervision data Meter analysis.Including two sub-function modules of user management and operational management.User management sub-function module mainly adds including user Add, subscriber information management, the functions such as rights management and Role Management;Operational management sub-function module mainly include system configuration, The functions such as log management and cache management.
The utility model has the advantages that
1, the present invention is applied to the video content supervision based on steganalysis, may be implemented to certain unit integrated information platform Video data carry out static and dynamic dual effective supervision, to ensure the peace of the video file of unit integrated information platform Quan Xing.
2, the present invention realizes well effectively supervises the video data content of integrated information platform, ensures video The secure dissemination of data.
Detailed description of the invention
Fig. 1 is video content supervisory systems schematic network structure of the invention.
Fig. 2 is video content supervisory systems the functional block diagram of the invention.
Fig. 3 is static supervision flow diagram of the invention.
Fig. 4 is dynamic supervision workflow schematic diagram of the invention.
Fig. 5 is RTP identification of data packets workflow schematic diagram of the invention.
Fig. 6 is RTP video data restoration flow diagram of the invention.
Fig. 7 is video steganalysis workflow schematic diagram of the invention.
Specific embodiment
The invention is described in further detail with reference to the accompanying drawings of the specification.
The network structure of video content supervisory systems of the invention based on steganalysis as shown in Fig. 1, describes This system concrete application scene and operating mode.Detailed technical solution is that video content supervisory systems is embedded in integrated information Platform, the video data to video file central store and user carry out real-time, interactive communications by integrated information platform respectively Video data supervised.
As shown in Fig. 2 video content supervisory systems functional module of the invention.Sheet of the present invention passes through to video content The functional requirement of supervisory systems enters after long-term make thorough investigation and study, and fully considers application scenarios, designs the functional module of system It is divided into two main modulars, is video content administration module and system management module respectively.Video content administration module includes view Frequency handles three sub-function module compositions according to acquisition, video steganalysis and analysis.System management module mainly includes user Two sub-function module compositions of management and operational management.
As shown in Fig. 3 the static supervision process of video content supervisory systems of the invention.Detailed technical side Case is to obtain video file from video data file storage system first, and video steganography processing is then carried out to it, finally right It was found that the video file for having steganography to operate is analyzed and processed, this video file is removed to early warning library, is added to blacklist, cuts The access operation of disconnected outer this video file of bound pair.Later period can be tracked the harmful classified information source in video file that is embedded in Investigation, to achieve the purpose that static supervision.
As shown in Fig. 4 the dynamic supervision workflow of video content supervisory systems of the invention.Detailed technical side Case is to grab data packet from data access gateway first, identifies RTP data packet, and to RTP video data restoration at view Then frequency file is analyzed and processed the video file for having steganography to operate discovery.Its source is added to database.Information Source is identified by IP and domain name, may be selected that blacklist, the net of cutting and unit integrated information platform for the IP user is added Network communication, to achieve the purpose that dynamic supervision.
As shown in Fig. 5 to RTP data packet in the video data acquiring module of video content supervisory systems of the invention The detailed process of identification.The domain PT in the packet header RTP specifies load type, Real-time Transport Protocol allow in specific numberical range (96~ 127) PT value is dynamically specified for special data coding mode, given load of the present invention is the RTP of H.264 video data PT value in packet header is 97.When identifying RTP video bag, since the lower-layer protocols of RTP use UDP (User Datagram Protocol: User Datagram Protocol), and the RTP packet for only meeting RTPC3984 protocol encapsulation format is just eligible, in detail Technical solution be:
Step 1: judging whether data packet is UDP packet;
Step 2: judging that UDP wraps whether one agreement of layer is RTP;
Step 3: whether the load format for judging RTP packet is any in NAL unit encapsulation, STAP-A encapsulation or FU-A It is a kind of.
Differentiate whether data packet is UDP packet, need to only check the foot view thresholding in the packet header IP in data packet.If the domain 17, Illustrate that the packet is UDP packet, is not otherwise UDP packet.
Under the premise of the known packet is UDP packet, can judge whether the packet received is RTP packet in terms of six:
Step 1: judging whether the payload length of UDP packet is greater than 12 bytes.It is saved from 3.1.2, Rl, the fixation in the packet header P Length be 12 bytes, if therefore UDP packet payload length less than 12 bytes, which must not be RTP packet;
Step 2: judging whether corresponding v value is 2 in the load of UDP packet.Mountain is 2 in the v value of RTP packet, then observes UDP Whether two bits of head for wrapping the first character section of load are 01, if being then RTP packet;
Step 3: judging whether corresponding PT value is 97 in the load of UDP packet.Since given load is H.264 video counts According to the packet header RTP in PT value be 97, therefore can be judged by the condition;
Step 4: CC represents the number in contribution source in the packet header RTP, each contribution source CSRC accounts for 4 byte longs in packet header, then one A RTP packet can also meet following restriction relation:
CC value × the packet header 4+12≤RTP total length
If it is RTP that a UDP, which wraps layer, payload length is at least otherwise less than the length in the packet header RTP, therefore again There is following relationship:
CC value × 4+12≤UDP payload length
Therefore the UDP packet of above-mentioned relation is nor RTP packet;
Step 5: the SSRC value of RTP packet is answered identical in the same session.Therefore judgement detects adjacent UDP packet load In corresponding SSRC value it is whether identical;
Step 6: judgement continuously receive UDP packet load in corresponding position sequence number and Whether the size relation of timestamp is identical.If it was found that the sequence number of these packets and the numerical value in the domain timestarnp Corresponding relation with increase is identical, then may determine that the packet is RTP packet.The UDP packet that wherein adjacent order receipt arrives need to be by certain big Small interim memory preserves.
Judge whether RTP packet that oneself receives is any one in NAL unit encapsulation, STAP-A encapsulation or FU-A, only The type value in the load data head byte of the RTP packet need to be obtained.If the value range, between 1-23, which is NAL unit Packet;If value is 24, which is STAP-A packet;If value is 28, which is FU-A packet.Otherwise illustrate the Bao Buwei video counts According to packet.
As shown in Fig. 6 to RTP video counts in the video data acquiring module of video content supervisory systems of the invention According to the detailed process restored.The reduction of RTP video data will consider in terms of three: first, using which kind of effective storage Structure saves video data;Second, how to extract the H.264 video data in RTP packet;Third, how by the view of storage Frequency is according to being synthesized.Detailed technical solution is:
Step 1: the selection of storage organization
The selection of storage organization will generally consider in terms of two: complexity is asked when a.;B. space complexity.Due to network On there are a large amount of data packet, interception system must rapidly process data, otherwise one may cause due to processed slow in Packet in depositing overflows.A kind of effective data store organisation must be used at this time, can support the quick deposit and reading of video data It out, and can be with memory storage video data as much as possible as few as possible.It is required based on this two, it is single that there is employed herein storages First size is 1500 bytes, and length is the circle queue of 500 units to be stored, and total size is 50Ok or so.The structure The frequent insertion and deletion of support data, and do not need to carry out dynamic memory release and distribution, the memory of fixed size is empty Between can Reusability.It may wait for data reading when queue full;It may wait for the write-in of data when queue empty.From time complexity Consider all to be optimal storage organization with space complexity.
Due in the packet header RTP sequence number and timestamp value show the packet transmission sequence, The video data of RTP is ranked up using this feature herein.The test environment of this paper is data when transmission in local area network It is smaller to wrap the interference being subject to.Its adjacent serial number interval of the RTP packet being captured continuously does not exceed 10.Based on the premise, The wooden text uses direct insertion method to the sequence of data packet, i.e., for video data block to be sorted, first by its sequence number and tail Signified sequence number compares, and if more than the sequence number of tail meaning, is then directly inserted into data in tail of the queue, otherwise exchanges data, then Compared with the sequence No.1 at tail-1, the sequence number referred at tail-n is less than the sequence number to deposit data.Although inserting The time complexity for entering sequence is O (n in the worst cases2), but the invariant in insertion sort makes it when n is smaller, Relative to ordering by merging etc., other sequences one are said, when operation asks more faster.
Circle queue need to handle two kinds of situations of queue empty and queue full.Herein in designing system, tail pointer is by writing Data thread operation, head pointer is operated by read data line journey.When the excessive velocities of read data line journey, queue may result in In data be sky, at this moment system can make automatically read thread delay a period of time so that the data stored in queue reach certain Reading thread is continued to run when quantity;If the excessive velocities of write data line journey, it may result in data in queue and overflow, be at this moment System needs to make to write thread delay a period of time, when making that data are by reading a part in queue, continues to run and writes threading operation.
Step 2: the extraction of video data block
RTP packet is not stored in not instead of simply by the data being stored in circle queue, need to be by the H.264 view in RTP packet Frequency evidence extracts, then is deposited into.For the packet that load format is NALU unit, remove the packet header RTP, it directly will be remaining Data are stored in circle queue unit;If RTP packet is STAP-A format, after removing the packet header RTP, multiple NALU are extracted, then divide It is not stored in corresponding unit;If RTP packet is FU-A encapsulation, after removing the packet header RTP, the data extracted are the fragment of NALU. The fragment need to be marked in the position of entire NALU when storage.
Step 3: the synthesis of video data block
Due to the video data block being deposited into circle queue be it is sorted, then using head pointer read data When, it need to only read in order.During reading, if data are fragment NALU data, it is also necessary to be synthesized one A complete NALU;If a complete NALU, then it can be directly decoded using decoder or it sequentially saves as to one Video file.Data also need to consider at the time of reading whether adjacent orderly video data serial number differs as l, if not 1 illustrates The serial number of video data only relatively orderly, also needs to wait for the data write-in of missing.As shown in Fig. 7 in video of the invention Hold the specific workflow of the video steganalysis module of supervisory systems.Detailed technical solution is to sum up mainly include feature Selective extraction, Fusion Features, feature training and strategy fusion.Due to the video file enormous amount of video website, so that There are many video steganography method being related to, and want that reaching higher verification and measurement ratio requires more options are some to be as much as possible easy to steganography operation Feature, then extract.If feature comparison is more, some influences can be brought in this way, then can first be classified and then be added Enter into corresponding sub-classifier, carry out Fusion Features training, reduce the dimension of feature, is unlikely to too big.Feature will be extracted to deposit It stores up in feature database, with the continuous development of video steganalysis, new video steganography method also can constantly occur, so special New feature can be also continuously replenished in sign library, constantly improve.The training learning method of support vector machines is selected, so that by each son point Class device carries out steganalysis, then obtains a result, then carries out tactful fusion by majority voting method.Finally obtained fusion results In storage to policy library.

Claims (2)

1. a kind of implementation method of the video content supervisory systems based on steganalysis, which is characterized in that the method includes such as Lower step:
Step 1: unified identity authentication;System manager logs into video content supervisory systems by user name password authentification;
Step 2: selection regulatory format;The system is supported to realize static and dynamic supervision mode;
Step 3: video data acquiring;According to the difference of regulatory format, the process for acquiring data is also different;
It is that supervision view is obtained from the video file central store system of internal institution integrated information platform under static regulatory format Frequency source file;It is identification realtime transmission protocol RTP data packet to be grabbed from data access gateway, and incite somebody to action under dynamic supervision mode RTP data packet is reduced into video source file of the video data as supervision;
Step 4: video steganalysis;Steganalysis is carried out to collected video data, judges whether video file has steganography Operation;
Step 5: analysis processing;According to the difference of regulatory format, the analysis treatment process of supervision result is also different, is wrapped It includes:
Static regulatory analysis processing: it if video file supervision is operated without steganography as the result is shown, marks and illustrates video text Part safety, otherwise moves to early warning library for the video file for having steganography to operate, and is added to blacklist, cuts off unit external to this video The access operation of file;
Dynamic supervision analysis processing: if video file supervision is operated without steganography as the result is shown, with no treatment, otherwise Its source will be added to database, information source is identified by IP and domain name, by the IP user be added blacklist, cutting and The network communication of internal institution integrated information platform.
2. a kind of implementation method of video content supervisory systems based on steganalysis according to claim 1, feature It is, the method is applied to the video content supervisory systems based on steganalysis.
CN201610415213.XA 2016-06-14 2016-06-14 A kind of implementation method of the video content supervisory systems based on steganalysis Active CN106101100B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610415213.XA CN106101100B (en) 2016-06-14 2016-06-14 A kind of implementation method of the video content supervisory systems based on steganalysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610415213.XA CN106101100B (en) 2016-06-14 2016-06-14 A kind of implementation method of the video content supervisory systems based on steganalysis

Publications (2)

Publication Number Publication Date
CN106101100A CN106101100A (en) 2016-11-09
CN106101100B true CN106101100B (en) 2019-08-02

Family

ID=57845394

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610415213.XA Active CN106101100B (en) 2016-06-14 2016-06-14 A kind of implementation method of the video content supervisory systems based on steganalysis

Country Status (1)

Country Link
CN (1) CN106101100B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111246168A (en) * 2020-01-15 2020-06-05 深圳市网新新思软件有限公司 Video content batch supervision cluster system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005004493A1 (en) * 2003-06-25 2005-01-13 Thomson Licensing S.A. Decoding method and apparatus for detection of watermarks in a compressed video bitstream
CN104183244A (en) * 2014-08-18 2014-12-03 南京邮电大学 Steganography detection method based on evidence reasoning
CN104301733A (en) * 2014-09-06 2015-01-21 南京邮电大学 Video steganalysis method based on feature fusions

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005004493A1 (en) * 2003-06-25 2005-01-13 Thomson Licensing S.A. Decoding method and apparatus for detection of watermarks in a compressed video bitstream
CN104183244A (en) * 2014-08-18 2014-12-03 南京邮电大学 Steganography detection method based on evidence reasoning
CN104301733A (en) * 2014-09-06 2015-01-21 南京邮电大学 Video steganalysis method based on feature fusions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向网络媒体内容监管的视频隐写检测;施广帅;《中国优秀硕士学位论文全文数据库》;20150531;第61-65页

Also Published As

Publication number Publication date
CN106101100A (en) 2016-11-09

Similar Documents

Publication Publication Date Title
CN106921637A (en) The recognition methods of the application message in network traffics and device
CN102769549A (en) Network security monitoring method and device
CN104794170B (en) Network forensics content source tracing method and system based on the multiple Hash Bloom filter of fingerprint
US10652265B2 (en) Method and apparatus for network forensics compression and storage
CN103618733B (en) A kind of data filtering system and method for being applied to mobile Internet
US20110125748A1 (en) Method and Apparatus for Real Time Identification and Recording of Artifacts
CN102045305B (en) Method and system for monitoring and tracking multimedia resource transmission
CN103796183B (en) A kind of refuse messages recognition methods and device
CN110535831A (en) Cluster safety management method, device and storage medium based on Kubernetes and network domains
CN102833111B (en) A kind of visual HTTP data monitoring and managing method and device
CN106656577B (en) The user behavior statistical method and intelligent router of a kind of APP and browser
CN102567101A (en) Multi-process management system for recognizing and monitoring pornographic images of WAP (wireless application protocol) mobile phone media
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN107622064A (en) A kind of method for reading data and system
CN103490978A (en) Terminal, server and message monitoring method
CN102271331B (en) Method and system for detecting reliability of service provider (SP) site
CN103024819A (en) Data distribution method of third-generation mobile communication core network based on user terminal IP (Internet Protocol)
CN105407096A (en) Message data detection method based on stream management
CN107769992B (en) Message parsing and shunting method and device
CN106101100B (en) A kind of implementation method of the video content supervisory systems based on steganalysis
CN101321097A (en) Tencent network living broadcast business recognition method based on payload depth detection
CN110519177A (en) A kind of network flow identification method and relevant device
CN103067389A (en) High safety file transfer method based on short website
CN104618410B (en) Resource supplying method and apparatus
CN108345650A (en) Electronic invoice business monitors method for early warning and system in real time

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant