CN106488320B - A kind of TV set-top box security auditing research method and system - Google Patents
A kind of TV set-top box security auditing research method and system Download PDFInfo
- Publication number
- CN106488320B CN106488320B CN201611029438.8A CN201611029438A CN106488320B CN 106488320 B CN106488320 B CN 106488320B CN 201611029438 A CN201611029438 A CN 201611029438A CN 106488320 B CN106488320 B CN 106488320B
- Authority
- CN
- China
- Prior art keywords
- app
- top box
- url
- downloading
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/4508—Management of client data or end-user data
- H04N21/4516—Management of client data or end-user data involving client characteristics, e.g. Set-Top-Box type, software version or amount of memory available
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/443—OS processes, e.g. booting an STB, implementing a Java virtual machine in an STB or power management in an STB
Abstract
The present invention relates to a kind of TV set-top box security auditings to study system, it includes: data acquisition unit, for downloading APP;APP file structure inspection unit removes incomplete APP, retains complete APP for carrying out integrity checking to APP file;APP studies and judges analytical unit, and for carrying out the extraction of App essential information to set-top box APP, App internal information is extracted, static decompiling, and output APP, MD5, user apply URL;Set-top box APP behavioural characteristic library, including feature are established in set-top box APP behavioural characteristic library: using URL, downloading URL, MD5 feature;Monitoring Rules execution unit issues APP set-top box behavioural characteristic for receiving platform side, and realize the source of set-top box APP and whereabouts log acquisition in network pipeline: then set-top box name, downloading IP, User IP data record are uploaded to platform.
Description
Technical field
The invention belongs to network security applied technical fields, and in particular to a kind of TV set-top box security auditing research
Method and system.
Background technique
In the prior art, TV set-top box safety problem has become domestic or even global network safety filed the most
One of harm of concern.
With the fast development of IPTV service and popularizing for TV box, more and more families pass through network machine top box and receive
It listens and watches network audio-video, Web broadcast TV programme, provide more choices for the culture life of people.
The following safety problem also highlights therewith, and set-top box is as intelligent terminal, except intelligent terminal is generally existing
Outside safety problem, some set-top box applications APP relates to Huang and relates to probably, or even has " climbing over the walls " ability, propagates porns, gambling and drugs and reactionary letter wantonly
Breath, the normal rating order of very disruptive.This is in place of the deficiencies in the prior art.
Therefore, in view of the above-mentioned drawbacks in the prior art, provide and design a kind of TV set-top box security auditing research
Method and system;It is necessary to solve the above technical problems.
Summary of the invention
It is an object of the present invention to design a kind of TV set-top box peace in view of the above-mentioned drawbacks of the prior art, providing
Full monitoring analysis and research method and system, to solve the above technical problems.
To achieve the above object, the present invention provides following technical scheme:
A kind of TV set-top box security auditing research method, includes the following steps:
Step 1) downloads TV set-top box client end AP P;The TV set-top box client end AP P includes TV set-top box
APP installation kit, downloading URL;
Step 2) carries out data integrity inspection to APP packet, removes incomplete APP installation kit, retain complete APP
Installation kit;
Step 3) extracts APP installation kit essential information, including APP title, MD5, user are using URL;
Step 4) establishes set-top box characterized by step 1) and downloading URL, MD5 of step 3) acquisition, user are using URL
Downloading URL, MD5, user are issued to the outlet of Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) using URL feature by APP behavioural characteristic library
The compacted monitoring device of deadlock wood disposed, realization obtain the source of set-top box APP and whereabouts log: set-top box name, downloading
IP, User IP information.
Further, in the step 1), it is based on crawler system, is realized according to downloading URL under set-top box APP
It carries, the set-top box APP of downloading includes: TV set-top box APP installation kit, downloading URL.
Further, in the step 2), classes.dex is signed and verified using detection, verifies entire apk.
Further, it in the step 3), using static analysis method, realizes and App essential information is extracted, in App
Portion's information extraction, static decompiling, output APP, MD5, user apply URL, establish set-top box Monitoring Rules feature database.
Further, in the step 4), APP behavioural characteristic is issued, i.e., downloading URL, MD5, user are special using URL
Sign, until the compacted monitoring device of deadlock wood that provincial capital's Metropolitan Area Network (MAN) outlet in Telecom Carriers side has been disposed, the stiff compacted monitoring device of wood pass through DPI
Technology carries out depth analysis to Internet service, agreement, behavior, content, Monitoring Rules match, and realizes to the source set-top box APP
And the contents extraction of whereabouts, it specifically includes: set-top box APP, set-top box downloading IP, User IP.
A kind of TV set-top box security auditing research system, it includes:
Data acquisition unit, for downloading APP;The APP are as follows: TV set-top box APP installation kit, downloading URL;
APP file structure inspection unit removes incomplete APP, retains for carrying out integrity checking to APP file
Complete APP;
APP studies and judges analytical unit, for being extracted to set-top box APP progress App essential information extraction, App internal information,
Static decompiling, output APP, MD5, user apply URL;
Set-top box APP behavioural characteristic library, including feature are established in set-top box APP behavioural characteristic library: using URL, downloading URL,
MD5 feature;
Monitoring Rules execution unit issues APP set-top box behavioural characteristic for receiving platform side, i.e., using URL, downloading
URL, MD5 feature realize the source of set-top box APP and whereabouts log acquisition in network pipeline: set-top box name, downloading IP, user
IP data record, is then uploaded to platform.
Preferably, the acquisition unit, including crawler server and interchanger are set up, realize the downloading of APP.
Preferably, the APP studies and judges analytical unit, studies and judges analytical technology principle based on static state, mentions to App essential information
It takes, the extraction of App internal information, static decompiling, output APP, MD5, user apply URL.
Preferably, the Monitoring Rules execution unit passes through DPI(deep packet analytic technique first) capturing internet pipe
Original data stream in road restores set-top box APP, parses relevant downloading URL, using URL, MD5 value, then with received
The monitoring feature rule arrived carries out relevant matches, the corelation behaviour data of output set top box APP;It specifically includes: set-top box APP's
It downloads IP, propagate IP, set-top box name behavioral data.
The beneficial effects of the present invention are utilize established set-top box APP row this invention takes after above scheme
Deadlock wood compacted monitoring device (the existing network safety for being characterized library and having been disposed by the outlet of Telecom Carriers side provincial capital's Metropolitan Area Network (MAN)
Monitoring means), depth recognition and analysis can be carried out for set-top box source and whereabouts user behaviors log, so as to accomplish from net
The overall monitor to website and these APP spread scopes where illegal TV set-top box APP is realized in network side, contains network machine top
Trend is spread unchecked in the propagation of box illegal application, builds healthy and orderly network environment.In addition, design principle of the present invention is reliable, structure letter
It is single, there is very extensive application prospect.
It can be seen that compared with prior art, the present invention have substantive distinguishing features outstanding and it is significant ground it is progressive, implementation
Beneficial effect be also obvious.
Detailed description of the invention
Fig. 1 is a kind of business process map of TV set-top box security auditing research method provided by the invention
Fig. 2 is a kind of data flowchart of TV set-top box security auditing research method provided by the invention.
Fig. 3 is a kind of structural schematic diagram of TV set-top box security auditing research system provided by the invention.
Specific embodiment
The present invention will be described in detail with reference to the accompanying drawing and by specific embodiment, and following embodiment is to the present invention
Explanation, and the invention is not limited to following implementation.
As illustrated in fig. 1 and 2, a kind of TV set-top box security auditing research method of offer of the invention, including such as
Lower step:
Step 1) downloads TV set-top box client end AP P;The TV set-top box client end AP P includes TV set-top box
APP installation kit, downloading URL;
Step 2) carries out data integrity inspection to APP packet, removes incomplete APP installation kit, retain complete APP
Installation kit;
Step 3) extracts APP installation kit essential information, including APP title, MD5, user are using URL;
Step 4) establishes set-top box characterized by step 1) and downloading URL, MD5 of step 3) acquisition, user are using URL
Downloading URL, MD5, user are issued to the outlet of Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) using URL feature by APP behavioural characteristic library
The compacted monitoring device of deadlock wood disposed, realization obtain the source of set-top box APP and whereabouts log: set-top box name, downloading
IP, User IP information.
In the present embodiment, in the step 1), it is based on crawler system, is realized according to downloading URL under set-top box APP
It carries, the set-top box APP of downloading includes: TV set-top box APP installation kit, downloading URL.
In the step 2), classes.dex is signed and verified using detection, verifies entire apk.
In the step 3), using static analysis method, realizes and the extraction of App essential information, App internal information are mentioned
It takes, static decompiling, output APP, MD5, user apply URL, establish set-top box Monitoring Rules feature database.
In the step 4), APP behavioural characteristic is issued, i.e., downloading URL, MD5, user apply URL feature, until telecommunications is transported
The compacted monitoring device of deadlock wood that the outlet of battalion's enterprise side provincial capital's Metropolitan Area Network (MAN) has been disposed, the stiff compacted monitoring device of wood is by DPI technology to interconnection
Network service, agreement, behavior, content carry out depth analysis, Monitoring Rules matching, realize in the source set-top box APP and whereabouts
Hold and extract, specifically include: set-top box APP, set-top box downloading IP, User IP.
As shown in figure 3, a kind of TV set-top box security auditing provided by the invention studies system, it includes:
Data acquisition unit, for downloading APP;The APP are as follows: TV set-top box APP installation kit, downloading URL;
APP file structure inspection unit removes incomplete APP, retains for carrying out integrity checking to APP file
Complete APP;
APP studies and judges analytical unit, for being extracted to set-top box APP progress App essential information extraction, App internal information,
Static decompiling, output APP, MD5, user apply URL;
Set-top box APP behavioural characteristic library, including feature are established in set-top box APP behavioural characteristic library: using URL, downloading URL,
MD5 feature;
Monitoring Rules execution unit issues APP set-top box behavioural characteristic for receiving platform side, i.e., using URL, downloading
URL, MD5 feature realize the source of set-top box APP and whereabouts log acquisition in network pipeline: set-top box name, downloading IP, user
IP data record, is then uploaded to platform.
In the present embodiment, the acquisition unit, including crawler server and interchanger are set up, realize the downloading of APP.
The APP studies and judges analytical unit, studies and judges analytical technology principle based on static state, extracts to App essential information, App
Internal information extraction, static decompiling, output APP, MD5, user apply URL.
The Monitoring Rules execution unit passes through DPI(deep packet analytic technique first) it is former in capturing internet pipeline
Beginning data flow restores set-top box APP, parses relevant downloading URL, using URL, MD5 value, then with received prison
It surveys characterization rules and carries out relevant matches, the corelation behaviour data of output set top box APP;It specifically includes: the downloading of set-top box APP
IP, IP, set-top box name behavioral data are propagated.
Disclosed above is only the preferred embodiment of the present invention, but the present invention is not limited to this, any this field
What technical staff can think does not have creative variation, and without departing from the principles of the present invention made by several improvement and
Retouching, should all be within the scope of the present invention.
Claims (9)
1. a kind of TV set-top box security auditing research method, includes the following steps:
Step 1) downloads TV set-top box client end AP P;The TV set-top box client end AP P includes TV set-top box APP peace
Dress packet, downloading URL;
Step 2) carries out data integrity inspection to APP packet, removes incomplete APP installation kit, retains complete APP installation
Packet;
Step 3) extracts APP installation kit essential information, including APP title, MD5, user are using URL;
Step 4) establishes set-top box APP row characterized by step 1) and downloading URL, MD5 of step 3) acquisition, user are using URL
It is characterized library, downloading URL, MD5, user are issued to Telecom Carriers side provincial capital's Metropolitan Area Network (MAN) outlet portion using URL feature
The compacted monitoring device of deadlock wood of administration, realization obtain the source of set-top box APP and whereabouts log: set-top box name, is used downloading IP
Family IP information.
2. a kind of TV set-top box security auditing research method according to claim 1, it is characterised in that: described
In step 1), it is based on crawler system, realizes the downloading to set-top box APP according to downloading URL, the set-top box APP of downloading includes: electricity
Depending on set-top box APP installation kit, downloading URL.
3. a kind of TV set-top box security auditing research method according to claim 1 or 2, it is characterised in that: institute
In the step 2) stated, classes.dex is signed and verified using detection, verifies entire apk.
4. a kind of TV set-top box security auditing research method according to claim 3, it is characterised in that: described
In step 3), using static analysis method, realize to the extraction of App essential information, the extraction of App internal information, static decompiling, it is defeated
APP out, MD5, user apply URL, establish set-top box Monitoring Rules feature database.
5. a kind of TV set-top box security auditing research method according to claim 4, it is characterised in that: described
In step 4), APP behavioural characteristic is issued, i.e., downloading URL, MD5, user apply URL feature, until Telecom Carriers side provincial capital city
The compacted monitoring device of deadlock wood that domain net outlet has been disposed, the stiff compacted monitoring device of wood is by DPI technology to Internet service, agreement, row
Depth analysis, Monitoring Rules matching are carried out for, content, realizes the contents extraction to the source set-top box APP and whereabouts, it is specific to wrap
It includes: set-top box APP, set-top box downloading IP, User IP.
6. a kind of TV set-top box security auditing studies system, it includes: data acquisition unit, for downloading APP;It is described
APP are as follows: TV set-top box APP installation kit, downloading URL;APP file structure inspection unit, for carrying out integrality to APP file
It checks, removes incomplete APP, retain complete APP;APP studies and judges analytical unit, basic for carrying out App to set-top box APP
Information extraction, the extraction of App internal information, static decompiling, output APP, MD5, user apply URL;Set-top box APP behavior
Feature database establishes set-top box APP behavioural characteristic library, including feature: using URL, downloading URL, MD5 feature;Monitoring Rules execute
Unit issues APP set-top box behavioural characteristic for receiving platform side, i.e., using URL, downloading URL, MD5 feature, realizes network pipe
The source of set-top box APP and whereabouts log acquisition in road: then set-top box name, downloading IP, User IP data record are uploaded to flat
Platform.
7. a kind of TV set-top box security auditing according to claim 6 studies system, it is characterised in that: described
Acquisition unit, including crawler server and interchanger are set up, realize the downloading of APP.
8. a kind of TV set-top box security auditing according to claim 6 or 7 studies system, it is characterised in that: institute
The APP stated studies and judges analytical unit, studies and judges analytical technology principle based on static state, extracts to App essential information, App internal information mentions
It takes, static decompiling, output APP, MD5, user apply URL.
9. a kind of TV set-top box security auditing according to claim 8 studies system, it is characterised in that: described
Monitoring Rules execution unit passes through original data stream in DPI capturing internet pipeline first, restores set-top box APP, parses
Relevant downloading URL, using URL, MD5 value, then carry out relevant matches with received monitoring feature rule, export machine top
The corelation behaviour data of box APP;It specifically includes: the downloading IP of set-top box APP, propagating IP, set-top box name behavioral data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611029438.8A CN106488320B (en) | 2016-11-22 | 2016-11-22 | A kind of TV set-top box security auditing research method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611029438.8A CN106488320B (en) | 2016-11-22 | 2016-11-22 | A kind of TV set-top box security auditing research method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106488320A CN106488320A (en) | 2017-03-08 |
CN106488320B true CN106488320B (en) | 2019-04-12 |
Family
ID=58274131
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611029438.8A Active CN106488320B (en) | 2016-11-22 | 2016-11-22 | A kind of TV set-top box security auditing research method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106488320B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113868193A (en) * | 2020-06-30 | 2021-12-31 | 北京奇虎科技有限公司 | Method, system, storage medium and computer equipment for verifying application source in forensics process |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003308397A (en) * | 2002-04-15 | 2003-10-31 | Ntt Docomo Inc | Content acquiring state reporting method, management device, program and storage medium |
CN102938789A (en) * | 2012-11-19 | 2013-02-20 | 江苏省公用信息有限公司 | Download combination analysis method and device for mobile internet mobile phone applications |
CN103312887A (en) * | 2012-12-28 | 2013-09-18 | 武汉安天信息技术有限责任公司 | Mobile phone application tampering recognition system, method and device |
-
2016
- 2016-11-22 CN CN201611029438.8A patent/CN106488320B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003308397A (en) * | 2002-04-15 | 2003-10-31 | Ntt Docomo Inc | Content acquiring state reporting method, management device, program and storage medium |
CN102938789A (en) * | 2012-11-19 | 2013-02-20 | 江苏省公用信息有限公司 | Download combination analysis method and device for mobile internet mobile phone applications |
CN103312887A (en) * | 2012-12-28 | 2013-09-18 | 武汉安天信息技术有限责任公司 | Mobile phone application tampering recognition system, method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106488320A (en) | 2017-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104123493B (en) | The safety detecting method and device of application program | |
Vadrevu et al. | What you see is not what you get: Discovering and tracking social engineering attack campaigns | |
CN104715196B (en) | The Static Analysis Method and system of smart mobile phone application program | |
CN110365996A (en) | Management method, live streaming management platform, electronic equipment and storage medium is broadcast live | |
Bashir et al. | How tracking companies circumvented ad blockers using websockets | |
Hu et al. | Dating with scambots: Understanding the ecosystem of fraudulent dating applications | |
CN103607413B (en) | Method and device for detecting website backdoor program | |
CN104598218B (en) | For merging and reusing the method and system of gateway information | |
CN105577528B (en) | A kind of wechat public platform collecting method and device based on virtual machine | |
CN104951675B (en) | A kind of method and system for identifying pirate application | |
CN105915494A (en) | Anti-stealing-link method and system | |
CN102622365B (en) | Judging system and judging method for web page repeating | |
CN103186637A (en) | Method and device for analyzing user behavior of BOSS database | |
CN102662966A (en) | Method and system for obtaining subject-oriented dynamic page content | |
CN104301304A (en) | Vulnerability detection system based on large ISP interconnection port and method thereof | |
CN106155882B (en) | A kind of path cognitive method in Android software dynamic behaviour analysis | |
CN106488320B (en) | A kind of TV set-top box security auditing research method and system | |
CN103823833B (en) | The collecting method and browser device of multi-medium data in webpage | |
CN103678527B (en) | A kind of video filtering method and system based on video title and content | |
KR101560716B1 (en) | Contents monitoring system for checking the integrity of digital contents | |
CN105207842A (en) | Android plug-in characteristic detection method and system | |
CN103152347B (en) | A kind of method that microblogging sham publicity is pointed out | |
CN109992737A (en) | Third party's web page contents checking method, device and electronic equipment | |
CN106779675A (en) | A kind of Mobile banking's safety of payment method for monitoring and analyzing and system | |
CN103377207A (en) | Method for acquiring microblog user relationships on basis of script engines |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |