CN106488320B - A kind of TV set-top box security auditing research method and system - Google Patents

A kind of TV set-top box security auditing research method and system Download PDF

Info

Publication number
CN106488320B
CN106488320B CN201611029438.8A CN201611029438A CN106488320B CN 106488320 B CN106488320 B CN 106488320B CN 201611029438 A CN201611029438 A CN 201611029438A CN 106488320 B CN106488320 B CN 106488320B
Authority
CN
China
Prior art keywords
app
top box
url
downloading
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611029438.8A
Other languages
Chinese (zh)
Other versions
CN106488320A (en
Inventor
赵煜
高勇
宋江静
李盛葆
孙志猛
魏斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network And Information Security Management Center Shandong Branch
Original Assignee
National Computer Network And Information Security Management Center Shandong Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network And Information Security Management Center Shandong Branch filed Critical National Computer Network And Information Security Management Center Shandong Branch
Priority to CN201611029438.8A priority Critical patent/CN106488320B/en
Publication of CN106488320A publication Critical patent/CN106488320A/en
Application granted granted Critical
Publication of CN106488320B publication Critical patent/CN106488320B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/4508Management of client data or end-user data
    • H04N21/4516Management of client data or end-user data involving client characteristics, e.g. Set-Top-Box type, software version or amount of memory available
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/443OS processes, e.g. booting an STB, implementing a Java virtual machine in an STB or power management in an STB

Abstract

The present invention relates to a kind of TV set-top box security auditings to study system, it includes: data acquisition unit, for downloading APP;APP file structure inspection unit removes incomplete APP, retains complete APP for carrying out integrity checking to APP file;APP studies and judges analytical unit, and for carrying out the extraction of App essential information to set-top box APP, App internal information is extracted, static decompiling, and output APP, MD5, user apply URL;Set-top box APP behavioural characteristic library, including feature are established in set-top box APP behavioural characteristic library: using URL, downloading URL, MD5 feature;Monitoring Rules execution unit issues APP set-top box behavioural characteristic for receiving platform side, and realize the source of set-top box APP and whereabouts log acquisition in network pipeline: then set-top box name, downloading IP, User IP data record are uploaded to platform.

Description

A kind of TV set-top box security auditing research method and system
Technical field
The invention belongs to network security applied technical fields, and in particular to a kind of TV set-top box security auditing research Method and system.
Background technique
In the prior art, TV set-top box safety problem has become domestic or even global network safety filed the most One of harm of concern.
With the fast development of IPTV service and popularizing for TV box, more and more families pass through network machine top box and receive It listens and watches network audio-video, Web broadcast TV programme, provide more choices for the culture life of people.
The following safety problem also highlights therewith, and set-top box is as intelligent terminal, except intelligent terminal is generally existing Outside safety problem, some set-top box applications APP relates to Huang and relates to probably, or even has " climbing over the walls " ability, propagates porns, gambling and drugs and reactionary letter wantonly Breath, the normal rating order of very disruptive.This is in place of the deficiencies in the prior art.
Therefore, in view of the above-mentioned drawbacks in the prior art, provide and design a kind of TV set-top box security auditing research Method and system;It is necessary to solve the above technical problems.
Summary of the invention
It is an object of the present invention to design a kind of TV set-top box peace in view of the above-mentioned drawbacks of the prior art, providing Full monitoring analysis and research method and system, to solve the above technical problems.
To achieve the above object, the present invention provides following technical scheme:
A kind of TV set-top box security auditing research method, includes the following steps:
Step 1) downloads TV set-top box client end AP P;The TV set-top box client end AP P includes TV set-top box APP installation kit, downloading URL;
Step 2) carries out data integrity inspection to APP packet, removes incomplete APP installation kit, retain complete APP Installation kit;
Step 3) extracts APP installation kit essential information, including APP title, MD5, user are using URL;
Step 4) establishes set-top box characterized by step 1) and downloading URL, MD5 of step 3) acquisition, user are using URL Downloading URL, MD5, user are issued to the outlet of Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) using URL feature by APP behavioural characteristic library The compacted monitoring device of deadlock wood disposed, realization obtain the source of set-top box APP and whereabouts log: set-top box name, downloading IP, User IP information.
Further, in the step 1), it is based on crawler system, is realized according to downloading URL under set-top box APP It carries, the set-top box APP of downloading includes: TV set-top box APP installation kit, downloading URL.
Further, in the step 2), classes.dex is signed and verified using detection, verifies entire apk.
Further, it in the step 3), using static analysis method, realizes and App essential information is extracted, in App Portion's information extraction, static decompiling, output APP, MD5, user apply URL, establish set-top box Monitoring Rules feature database.
Further, in the step 4), APP behavioural characteristic is issued, i.e., downloading URL, MD5, user are special using URL Sign, until the compacted monitoring device of deadlock wood that provincial capital's Metropolitan Area Network (MAN) outlet in Telecom Carriers side has been disposed, the stiff compacted monitoring device of wood pass through DPI Technology carries out depth analysis to Internet service, agreement, behavior, content, Monitoring Rules match, and realizes to the source set-top box APP And the contents extraction of whereabouts, it specifically includes: set-top box APP, set-top box downloading IP, User IP.
A kind of TV set-top box security auditing research system, it includes:
Data acquisition unit, for downloading APP;The APP are as follows: TV set-top box APP installation kit, downloading URL;
APP file structure inspection unit removes incomplete APP, retains for carrying out integrity checking to APP file Complete APP;
APP studies and judges analytical unit, for being extracted to set-top box APP progress App essential information extraction, App internal information, Static decompiling, output APP, MD5, user apply URL;
Set-top box APP behavioural characteristic library, including feature are established in set-top box APP behavioural characteristic library: using URL, downloading URL, MD5 feature;
Monitoring Rules execution unit issues APP set-top box behavioural characteristic for receiving platform side, i.e., using URL, downloading URL, MD5 feature realize the source of set-top box APP and whereabouts log acquisition in network pipeline: set-top box name, downloading IP, user IP data record, is then uploaded to platform.
Preferably, the acquisition unit, including crawler server and interchanger are set up, realize the downloading of APP.
Preferably, the APP studies and judges analytical unit, studies and judges analytical technology principle based on static state, mentions to App essential information It takes, the extraction of App internal information, static decompiling, output APP, MD5, user apply URL.
Preferably, the Monitoring Rules execution unit passes through DPI(deep packet analytic technique first) capturing internet pipe Original data stream in road restores set-top box APP, parses relevant downloading URL, using URL, MD5 value, then with received The monitoring feature rule arrived carries out relevant matches, the corelation behaviour data of output set top box APP;It specifically includes: set-top box APP's It downloads IP, propagate IP, set-top box name behavioral data.
The beneficial effects of the present invention are utilize established set-top box APP row this invention takes after above scheme Deadlock wood compacted monitoring device (the existing network safety for being characterized library and having been disposed by the outlet of Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) Monitoring means), depth recognition and analysis can be carried out for set-top box source and whereabouts user behaviors log, so as to accomplish from net The overall monitor to website and these APP spread scopes where illegal TV set-top box APP is realized in network side, contains network machine top Trend is spread unchecked in the propagation of box illegal application, builds healthy and orderly network environment.In addition, design principle of the present invention is reliable, structure letter It is single, there is very extensive application prospect.
It can be seen that compared with prior art, the present invention have substantive distinguishing features outstanding and it is significant ground it is progressive, implementation Beneficial effect be also obvious.
Detailed description of the invention
Fig. 1 is a kind of business process map of TV set-top box security auditing research method provided by the invention
Fig. 2 is a kind of data flowchart of TV set-top box security auditing research method provided by the invention.
Fig. 3 is a kind of structural schematic diagram of TV set-top box security auditing research system provided by the invention.
Specific embodiment
The present invention will be described in detail with reference to the accompanying drawing and by specific embodiment, and following embodiment is to the present invention Explanation, and the invention is not limited to following implementation.
As illustrated in fig. 1 and 2, a kind of TV set-top box security auditing research method of offer of the invention, including such as Lower step:
Step 1) downloads TV set-top box client end AP P;The TV set-top box client end AP P includes TV set-top box APP installation kit, downloading URL;
Step 2) carries out data integrity inspection to APP packet, removes incomplete APP installation kit, retain complete APP Installation kit;
Step 3) extracts APP installation kit essential information, including APP title, MD5, user are using URL;
Step 4) establishes set-top box characterized by step 1) and downloading URL, MD5 of step 3) acquisition, user are using URL Downloading URL, MD5, user are issued to the outlet of Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) using URL feature by APP behavioural characteristic library The compacted monitoring device of deadlock wood disposed, realization obtain the source of set-top box APP and whereabouts log: set-top box name, downloading IP, User IP information.
In the present embodiment, in the step 1), it is based on crawler system, is realized according to downloading URL under set-top box APP It carries, the set-top box APP of downloading includes: TV set-top box APP installation kit, downloading URL.
In the step 2), classes.dex is signed and verified using detection, verifies entire apk.
In the step 3), using static analysis method, realizes and the extraction of App essential information, App internal information are mentioned It takes, static decompiling, output APP, MD5, user apply URL, establish set-top box Monitoring Rules feature database.
In the step 4), APP behavioural characteristic is issued, i.e., downloading URL, MD5, user apply URL feature, until telecommunications is transported The compacted monitoring device of deadlock wood that the outlet of battalion's enterprise side provincial capital's Metropolitan Area Network (MAN) has been disposed, the stiff compacted monitoring device of wood is by DPI technology to interconnection Network service, agreement, behavior, content carry out depth analysis, Monitoring Rules matching, realize in the source set-top box APP and whereabouts Hold and extract, specifically include: set-top box APP, set-top box downloading IP, User IP.
As shown in figure 3, a kind of TV set-top box security auditing provided by the invention studies system, it includes:
Data acquisition unit, for downloading APP;The APP are as follows: TV set-top box APP installation kit, downloading URL;
APP file structure inspection unit removes incomplete APP, retains for carrying out integrity checking to APP file Complete APP;
APP studies and judges analytical unit, for being extracted to set-top box APP progress App essential information extraction, App internal information, Static decompiling, output APP, MD5, user apply URL;
Set-top box APP behavioural characteristic library, including feature are established in set-top box APP behavioural characteristic library: using URL, downloading URL, MD5 feature;
Monitoring Rules execution unit issues APP set-top box behavioural characteristic for receiving platform side, i.e., using URL, downloading URL, MD5 feature realize the source of set-top box APP and whereabouts log acquisition in network pipeline: set-top box name, downloading IP, user IP data record, is then uploaded to platform.
In the present embodiment, the acquisition unit, including crawler server and interchanger are set up, realize the downloading of APP.
The APP studies and judges analytical unit, studies and judges analytical technology principle based on static state, extracts to App essential information, App Internal information extraction, static decompiling, output APP, MD5, user apply URL.
The Monitoring Rules execution unit passes through DPI(deep packet analytic technique first) it is former in capturing internet pipeline Beginning data flow restores set-top box APP, parses relevant downloading URL, using URL, MD5 value, then with received prison It surveys characterization rules and carries out relevant matches, the corelation behaviour data of output set top box APP;It specifically includes: the downloading of set-top box APP IP, IP, set-top box name behavioral data are propagated.
Disclosed above is only the preferred embodiment of the present invention, but the present invention is not limited to this, any this field What technical staff can think does not have creative variation, and without departing from the principles of the present invention made by several improvement and Retouching, should all be within the scope of the present invention.

Claims (9)

1. a kind of TV set-top box security auditing research method, includes the following steps:
Step 1) downloads TV set-top box client end AP P;The TV set-top box client end AP P includes TV set-top box APP peace Dress packet, downloading URL;
Step 2) carries out data integrity inspection to APP packet, removes incomplete APP installation kit, retains complete APP installation Packet;
Step 3) extracts APP installation kit essential information, including APP title, MD5, user are using URL;
Step 4) establishes set-top box APP row characterized by step 1) and downloading URL, MD5 of step 3) acquisition, user are using URL It is characterized library, downloading URL, MD5, user are issued to Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) outlet portion using URL feature The compacted monitoring device of deadlock wood of administration, realization obtain the source of set-top box APP and whereabouts log: set-top box name, is used downloading IP Family IP information.
2. a kind of TV set-top box security auditing research method according to claim 1, it is characterised in that: described In step 1), it is based on crawler system, realizes the downloading to set-top box APP according to downloading URL, the set-top box APP of downloading includes: electricity Depending on set-top box APP installation kit, downloading URL.
3. a kind of TV set-top box security auditing research method according to claim 1 or 2, it is characterised in that: institute In the step 2) stated, classes.dex is signed and verified using detection, verifies entire apk.
4. a kind of TV set-top box security auditing research method according to claim 3, it is characterised in that: described In step 3), using static analysis method, realize to the extraction of App essential information, the extraction of App internal information, static decompiling, it is defeated APP out, MD5, user apply URL, establish set-top box Monitoring Rules feature database.
5. a kind of TV set-top box security auditing research method according to claim 4, it is characterised in that: described In step 4), APP behavioural characteristic is issued, i.e., downloading URL, MD5, user apply URL feature, until Telecom Carriers side provincial capital city The compacted monitoring device of deadlock wood that domain net outlet has been disposed, the stiff compacted monitoring device of wood is by DPI technology to Internet service, agreement, row Depth analysis, Monitoring Rules matching are carried out for, content, realizes the contents extraction to the source set-top box APP and whereabouts, it is specific to wrap It includes: set-top box APP, set-top box downloading IP, User IP.
6. a kind of TV set-top box security auditing studies system, it includes: data acquisition unit, for downloading APP;It is described APP are as follows: TV set-top box APP installation kit, downloading URL;APP file structure inspection unit, for carrying out integrality to APP file It checks, removes incomplete APP, retain complete APP;APP studies and judges analytical unit, basic for carrying out App to set-top box APP Information extraction, the extraction of App internal information, static decompiling, output APP, MD5, user apply URL;Set-top box APP behavior Feature database establishes set-top box APP behavioural characteristic library, including feature: using URL, downloading URL, MD5 feature;Monitoring Rules execute Unit issues APP set-top box behavioural characteristic for receiving platform side, i.e., using URL, downloading URL, MD5 feature, realizes network pipe The source of set-top box APP and whereabouts log acquisition in road: then set-top box name, downloading IP, User IP data record are uploaded to flat Platform.
7. a kind of TV set-top box security auditing according to claim 6 studies system, it is characterised in that: described Acquisition unit, including crawler server and interchanger are set up, realize the downloading of APP.
8. a kind of TV set-top box security auditing according to claim 6 or 7 studies system, it is characterised in that: institute The APP stated studies and judges analytical unit, studies and judges analytical technology principle based on static state, extracts to App essential information, App internal information mentions It takes, static decompiling, output APP, MD5, user apply URL.
9. a kind of TV set-top box security auditing according to claim 8 studies system, it is characterised in that: described Monitoring Rules execution unit passes through original data stream in DPI capturing internet pipeline first, restores set-top box APP, parses Relevant downloading URL, using URL, MD5 value, then carry out relevant matches with received monitoring feature rule, export machine top The corelation behaviour data of box APP;It specifically includes: the downloading IP of set-top box APP, propagating IP, set-top box name behavioral data.
CN201611029438.8A 2016-11-22 2016-11-22 A kind of TV set-top box security auditing research method and system Active CN106488320B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611029438.8A CN106488320B (en) 2016-11-22 2016-11-22 A kind of TV set-top box security auditing research method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611029438.8A CN106488320B (en) 2016-11-22 2016-11-22 A kind of TV set-top box security auditing research method and system

Publications (2)

Publication Number Publication Date
CN106488320A CN106488320A (en) 2017-03-08
CN106488320B true CN106488320B (en) 2019-04-12

Family

ID=58274131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611029438.8A Active CN106488320B (en) 2016-11-22 2016-11-22 A kind of TV set-top box security auditing research method and system

Country Status (1)

Country Link
CN (1) CN106488320B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113868193A (en) * 2020-06-30 2021-12-31 北京奇虎科技有限公司 Method, system, storage medium and computer equipment for verifying application source in forensics process

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003308397A (en) * 2002-04-15 2003-10-31 Ntt Docomo Inc Content acquiring state reporting method, management device, program and storage medium
CN102938789A (en) * 2012-11-19 2013-02-20 江苏省公用信息有限公司 Download combination analysis method and device for mobile internet mobile phone applications
CN103312887A (en) * 2012-12-28 2013-09-18 武汉安天信息技术有限责任公司 Mobile phone application tampering recognition system, method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003308397A (en) * 2002-04-15 2003-10-31 Ntt Docomo Inc Content acquiring state reporting method, management device, program and storage medium
CN102938789A (en) * 2012-11-19 2013-02-20 江苏省公用信息有限公司 Download combination analysis method and device for mobile internet mobile phone applications
CN103312887A (en) * 2012-12-28 2013-09-18 武汉安天信息技术有限责任公司 Mobile phone application tampering recognition system, method and device

Also Published As

Publication number Publication date
CN106488320A (en) 2017-03-08

Similar Documents

Publication Publication Date Title
CN104123493B (en) The safety detecting method and device of application program
Vadrevu et al. What you see is not what you get: Discovering and tracking social engineering attack campaigns
CN104715196B (en) The Static Analysis Method and system of smart mobile phone application program
CN110365996A (en) Management method, live streaming management platform, electronic equipment and storage medium is broadcast live
Bashir et al. How tracking companies circumvented ad blockers using websockets
Hu et al. Dating with scambots: Understanding the ecosystem of fraudulent dating applications
CN103607413B (en) Method and device for detecting website backdoor program
CN104598218B (en) For merging and reusing the method and system of gateway information
CN105577528B (en) A kind of wechat public platform collecting method and device based on virtual machine
CN104951675B (en) A kind of method and system for identifying pirate application
CN105915494A (en) Anti-stealing-link method and system
CN102622365B (en) Judging system and judging method for web page repeating
CN103186637A (en) Method and device for analyzing user behavior of BOSS database
CN102662966A (en) Method and system for obtaining subject-oriented dynamic page content
CN104301304A (en) Vulnerability detection system based on large ISP interconnection port and method thereof
CN106155882B (en) A kind of path cognitive method in Android software dynamic behaviour analysis
CN106488320B (en) A kind of TV set-top box security auditing research method and system
CN103823833B (en) The collecting method and browser device of multi-medium data in webpage
CN103678527B (en) A kind of video filtering method and system based on video title and content
KR101560716B1 (en) Contents monitoring system for checking the integrity of digital contents
CN105207842A (en) Android plug-in characteristic detection method and system
CN103152347B (en) A kind of method that microblogging sham publicity is pointed out
CN109992737A (en) Third party's web page contents checking method, device and electronic equipment
CN106779675A (en) A kind of Mobile banking's safety of payment method for monitoring and analyzing and system
CN103377207A (en) Method for acquiring microblog user relationships on basis of script engines

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant