CN110210230A - Improve method, apparatus, electronic equipment and the storage medium of security of system - Google Patents
Improve method, apparatus, electronic equipment and the storage medium of security of system Download PDFInfo
- Publication number
- CN110210230A CN110210230A CN201910397806.1A CN201910397806A CN110210230A CN 110210230 A CN110210230 A CN 110210230A CN 201910397806 A CN201910397806 A CN 201910397806A CN 110210230 A CN110210230 A CN 110210230A
- Authority
- CN
- China
- Prior art keywords
- file
- coded format
- decoding
- format
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
This disclosure relates to which a kind of method and device, electronic equipment and storage medium for improving security of system, belongs to technical field of information processing.The method for improving security of system, including the first file of the first coded format uploaded received from the first client;The first coded format is based on to the first file to be decoded to obtain decoding file;Decoding file is encoded based on the second coded format for being different from the first coded format, generates the second file;In response to the file acquisition request of the second client, the second file is sent to the second client.The present invention can reduce or loophole is avoided to be utilized risk.
Description
Technical field
This disclosure relates to which technical field of information processing, in particular to a kind of method for improving security of system, is improved
Device, electronic equipment and the computer readable storage medium of security of system.
Background technique
With the development of computer technology and Internet technology, the problem of how improving security of system, becomes increasingly conspicuous.
In general, putting into operation generating loophole since a program development to program, loophole exists always.And vulnerability exploit
Person can search loophole by vulnerability mining, and be attacked using loophole system or other terminals.Under normal circumstances, loophole
The process for generating and utilizing includes program development, loophole generation, loophole discovery and vulnerability exploit etc..And program staff is in loophole
The appearance of loophole mainly is reduced to the greatest extent in program development link from the aspect of prevention, but which will receive many conditions
Limitation causes effect limited.
Accordingly, it is desirable to provide a kind of technical solution that can reduce or avoid loophole to be utilized risk.
It should be noted that information is only used for reinforcing the reason to the background of the disclosure disclosed in above-mentioned background technology part
Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
The disclosure is designed to provide a kind of method of raising security of system, improves device, the electricity of security of system
Sub- equipment and computer readable storage medium, and then the limitation and defect due to the relevant technologies is overcome at least to a certain extent
Caused by the risk that is utilized of loophole.
According to the disclosure in a first aspect, providing a kind of method for improving security of system, comprising:
Received from the first file that the first client uploads, first file is the first coded format;
The first coded format is based on to first file to be decoded, and obtains decoding file;
The second coded format is based on to the decoding file to encode, and generates the second file;Wherein, first coding
Format is different from second coded format;
In response to the file acquisition request of the second client, second file is sent to second client.
It is described that first file is solved based on the first coded format in a kind of exemplary embodiment of the disclosure
Code include:
First file is decoded by decoder corresponding with first coded format.
It is described that the decoding file is compiled based on the second coded format in a kind of exemplary embodiment of the disclosure
Code include
The decoding file is encoded by encoder corresponding with the second coded format.
In a kind of exemplary embodiment of the disclosure, first file includes in picture, audio, video and document
It is one or more.
In a kind of exemplary embodiment of the disclosure, first file includes picture, first coded format with
Second coded format is two different coded formats in JPG, JPEG, BMP, DDS, PNG, TIF and GIF.
In a kind of exemplary embodiment of the disclosure, the method for improving security of system further include:
It detects whether the decoder exception occurs when to first file decoding, then judges institute if there is abnormal
Stating system, there are loopholes.
In a kind of exemplary embodiment of the disclosure, the method for improving security of system further include:
It detects whether the decoder exception occurs when to first file decoding, then judges institute if there is abnormal
Stating the first file is malicious file.
According to the second aspect of the disclosure, a kind of device for improving security of system is provided, comprising:
Receiving module, the first file for uploading received from the first client, first file are the first coding lattice
Formula;
Decoder obtains decoding file for being decoded based on the first coded format to first file;
Encoder generates the second file for encoding based on the second coded format to the decoding file;Wherein,
First coded format is different from second coded format;
Second file is sent to described by sending module for the file acquisition request in response to the second client
Second client.
In a kind of exemplary embodiment of the disclosure, first file includes in picture, audio, video and document
It is one or more.
In a kind of exemplary embodiment of the disclosure, first file includes picture, first coded format with
Second coded format is two different coded formats in JPG, JPEG, BMP, DDS, PNG, TIF and GIF.
In a kind of exemplary embodiment of the disclosure, the device for improving security of system further include:
First detection module, for detecting whether the decoder exception occurs when to first file decoding, such as
Fruit appearance exception then judges the system, and there are loopholes.
In a kind of exemplary embodiment of the disclosure, the device for improving security of system further include:
Second detection module, for detecting whether the decoder exception occurs when to first file decoding, such as
There is exception and then judges first file for malicious file in fruit.
According to the third aspect of the disclosure, a kind of electronic equipment is provided, comprising: processor;And memory, for storing
The executable instruction of the processor;Wherein, the processor is configured to above-mentioned to execute via the executable instruction is executed
Method described in any one.
According to the fourth aspect of the disclosure, a kind of computer readable storage medium is provided, computer program is stored thereon with,
The computer program realizes method described in above-mentioned any one when being executed by processor.
Disclosure exemplary embodiment can have it is following partly or entirely the utility model has the advantages that
The method that security of system is improved provided by this example embodiment can be based on the file received corresponding
Coded format is decoded, and is then encoded again based on the newly encoded format for being different from original encoding format, to realize format
Transformation.On the one hand, document analysis and format, which are converted, carries out in server-side, the contact path of user has been cut off, to conceal
The analysis environment of loophole, the person that avoids vulnerability exploit are directed to the environmental analysis of loophole.To prevent vulnerability exploit, person analyzes leakage
Hole reason and analysis vulnerability exploit method;On the other hand, during format is converted, if there is leakage in received file
The assembly instruction code using loophole that hole user hides, then the sequence of the assembly instruction code is during format conversion
It can be changed, so as to cause the failure of assembly instruction code, to successfully avoid loophole by malicious exploitation.In another aspect, right
Received file only carries out format conversion, the usage experience without will affect file, to be utilized risk reducing loophole
It ensure that the Quality of experience of user simultaneously.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.It should be evident that the accompanying drawings in the following description is only the disclosure
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is shown can be using a kind of the exemplary of the method and device of raising security of system of the embodiment of the present disclosure
The schematic diagram of system architecture;
Fig. 2 shows the structural schematic diagrams of the computer system of the electronic equipment suitable for being used to realize the embodiment of the present disclosure;
Fig. 3 diagrammatically illustrates the flow chart of the method for the raising security of system according to one embodiment of the disclosure;
Fig. 4 diagrammatically illustrates user-defined file transfer in the related technology and shows process flow diagram;
Fig. 5 is diagrammatically illustrated using the custom images file upload of the method for raising security of system in the disclosure
One application scenarios;
Fig. 6 diagrammatically illustrates user-defined file transfer in one embodiment according to the disclosure and shows process flow diagram;
Fig. 7 diagrammatically illustrates making by oneself using the method for improving security of system in one embodiment according to the disclosure
Adopted file uploads flow chart;
Fig. 8 diagrammatically illustrates the block diagram of the device of the raising security of system according to one embodiment of the disclosure.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Described feature, knot
Structure or characteristic can be incorporated in any suitable manner in one or more embodiments.In the following description, it provides perhaps
More details fully understand embodiment of the present disclosure to provide.It will be appreciated, however, by one skilled in the art that can
It is omitted with technical solution of the disclosure one or more in the specific detail, or others side can be used
Method, constituent element, device, step etc..In other cases, be not shown in detail or describe known solution to avoid a presumptuous guest usurps the role of the host and
So that all aspects of this disclosure thicken.
In addition, attached drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.Identical attached drawing mark in figure
Note indicates same or similar part, thus will omit repetition thereof.Some block diagrams shown in the drawings are function
Energy entity, not necessarily must be corresponding with physically or logically independent entity.These function can be realized using software form
Energy entity, or these functional entitys are realized in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
Fig. 1 is shown can be using a kind of the exemplary of the method and device of raising security of system of the embodiment of the present disclosure
The schematic diagram of system architecture.
As shown in Figure 1, system architecture 100 may include one or more of terminal device 101,102,103, network
104 and server 105.Network 104 between terminal device 101,102,103 and server 105 to provide communication link
Medium.Network 104 may include various connection types, such as wired, wireless communication link or fiber optic cables etc..Terminal is set
Standby 101,102,103 can be the various electronic equipments with display screen, including but not limited to desktop computer, portable computing
Machine, smart phone and tablet computer etc..It should be understood that the number of terminal device, network and server in Fig. 1 is only to show
Meaning property.According to needs are realized, any number of terminal device, network and server can have.For example server 105 can be with
It is the server cluster etc. of multiple server compositions.
The method that security of system is improved provided by the embodiment of the present disclosure is generally executed by server 105, correspondingly, is mentioned
The device of high security of system is generally positioned in server 105.But it will be readily appreciated by those skilled in the art that the disclosure is real
Applying the method that security of system is improved provided by example can also be executed by terminal device 101,102,103, correspondingly, improving system
The device of system safety also can be set in terminal device 101,102,103, and it is special not do in the present exemplary embodiment to this
It limits.
Fig. 2 shows the structural schematic diagrams of the computer system of the electronic equipment suitable for being used to realize the embodiment of the present disclosure.
It should be noted that Fig. 2 shows the computer system 200 of electronic equipment be only an example, should not be to this public affairs
The function and use scope for opening embodiment bring any restrictions.
As shown in Fig. 2, computer system 200 includes central processing unit (CPU) 201, it can be read-only according to being stored in
Program in memory (ROM) 202 or be loaded into the program in random access storage device (RAM) 203 from storage section 208 and
Execute various movements appropriate and processing.In RAM 203, it is also stored with various programs and data needed for system operatio.CPU
201, ROM 202 and RAM 203 is connected with each other by bus 204.Input/output (I/O) interface 205 is also connected to bus
204。
I/O interface 205 is connected to lower component: the importation 206 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 207 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 208 including hard disk etc.;
And the communications portion 209 of the network interface card including LAN card, modem etc..Communications portion 209 via such as because
The network of spy's net executes communication process.Driver 210 is also connected to I/O interface 205 as needed.Detachable media 211, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 210, in order to read from thereon
Computer program be mounted into storage section 208 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer below with reference to the process of flow chart description
Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communications portion 209, and/or from detachable media
211 are mounted.When the computer program is executed by central processing unit (CPU) 201, execute in the present processes and device
The various functions of limiting.
It should be noted that computer-readable medium shown in the disclosure can be computer-readable signal media or meter
Calculation machine readable storage medium storing program for executing either the two any combination.Computer readable storage medium for example can be --- but not
Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or any above combination.Meter
The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, just of one or more conducting wires
Taking formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type may be programmed read-only storage
Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device,
Or above-mentioned any appropriate combination.In the disclosure, computer readable storage medium can be it is any include or storage journey
The tangible medium of sequence, the program can be commanded execution system, device or device use or in connection.And at this
In open, computer-readable signal media may include in a base band or as the data-signal that carrier wave a part is propagated,
Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By the use of instruction execution system, device or device or program in connection.Include on computer-readable medium
Program code can transmit with any suitable medium, including but not limited to: wireless, electric wire, optical cable, RF etc. are above-mentioned
Any appropriate combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the disclosure, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule
The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
Being described in unit involved in the embodiment of the present disclosure can be realized by way of software, can also be by hard
The mode of part realizes that described unit also can be set in the processor.Wherein, the title of these units is in certain situation
Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer readable storage medium, the computer-readable storage mediums
Matter can be included in electronic equipment described in above-described embodiment;It is also possible to individualism, and without the supplying electricity
In sub- equipment.Above-mentioned computer readable storage medium carries one or more program, when said one or multiple programs
When being executed by the electronic equipment, so that method described in electronic equipment realization as the following examples.For example, described
Such as Fig. 3~each step shown in Fig. 7 may be implemented in electronic equipment.
The technical solution of the embodiment of the present disclosure is described in detail below:
With the development of computer technology and Internet technology, the problem of how improving security of system, becomes increasingly conspicuous.
The case where for example, in game industry, that there are awareness of safety is inadequate by Part Development person, and loophole is caused frequently to be utilized.With certain company
For certain a game of exploitation, customized skin loophole was once broken out in 2018.Vulnerability exploit person is the evil constructed meticulously
Meaning skin file uploads to skin shop, once downloading and will trigger loophole using the skin, which causes normal player
The computer of players up to ten thousand is invaded.
Under normal conditions, the generation of loophole and the process utilized include program development, loophole generates, loophole is found and leakage
Hole utilizes.And program staff mainly uses direct ideation in terms of loophole prevention, consideration is most in program development link
Amount reduces the appearance of loophole, but which will receive many condition limitations and cause effect limited.
In application scenes, there are it is some can be by user's unrestricted choice, the file of autonomous control, i.e., customized text
Part.User-defined file may include for example customized head portrait or customized skin, and this document can be player from oneself computer
Select any one picture uploaded.User-defined file can also include that for example customized sound or music, this document can be
Player selects any a segment of audio file uploaded from oneself computer.Certainly, user-defined file can also include video and
Document etc., all files that can be independently selected by user and upload and show or download for other clients, can be with
In method or apparatus applied to the raising security of system of the disclosure, the disclosure does not do particular determination herein.
In the related technology, in user-defined file upload and downloading process, it will usually introduce document analysis loophole.With reference to figure
Shown in 4, in user-defined file upload procedure, such as customized head portrait or skin are uploaded, and user is uploaded a certain by customer end A
For user-defined file to the document storage server of server-side, customer end B shows the file Shi Huicong server-side that customer end A uploads
Document storage server directly pulls down, to parse in customer end B and show user-defined file.In the process, in customer end A
For the user-defined file of user-defined file and the customer end B downloading of biography there is no any change, the content and format of the two are complete
It is complete consistent, to ensure that vulnerability exploit sample is not destroyed.In addition, the software operation client and customer end B of customer end A
Software operation client is also completely the same, the two operation link having the same, to ensure that the two loophole having the same
Analyze environment.With this, vulnerability exploit person only needs to find in the client of oneself and loophole is successfully utilized, then vulnerability exploit sample
This also can successfully be utilized in other clients.
In view of the above-mentioned problems, this example embodiment provides firstly a kind of method for improving security of system.The raising
The method of security of system can be applied to above-mentioned server 105, also can be applied in above-mentioned terminal device 101,102,103
One or more, particular determination is not done to this in the present exemplary embodiment.Refering to what is shown in Fig. 3, the raising security of system
Method may comprise steps of:
The first file that step S310. is uploaded received from the first client, first file are the first coded format;
Step S320. is based on the first coded format to first file and is decoded, and obtains decoding file;
Step S330. is based on the second coded format to the decoding file and encodes, and generates the second file;Wherein, institute
It is different from second coded format to state the first coded format;
Step S340. is requested in response to the file acquisition of the second client, and second file is sent to described second
Client.
In the method for improving security of system provided by this example embodiment, the file received can be based on
Corresponding encoded format is decoded, and is then encoded again based on the newly encoded format for being different from original encoding format, to realize
Format conversion.On the one hand, document analysis and format, which are converted, carries out in server-side, the contact path of user has been cut off, thus hidden
The analysis environment for having hidden loophole, the person that avoids vulnerability exploit are directed to the environmental analysis of loophole.To prevent vulnerability exploit, person divides
Analyse loophole reason and analysis vulnerability exploit method;On the other hand, during format is converted, if deposited in received file
In the assembly instruction code using loophole that vulnerability exploit person hides, then mistake of the sequence of the assembly instruction code in format conversion
Cheng Zhonghui is changed, so as to cause the failure of assembly instruction code, to successfully avoid loophole by malicious exploitation.Another side
Face, only carries out format conversion to received file, the usage experience without will affect file, to be utilized wind reducing loophole
It ensure that the Quality of experience of user while dangerous.
In the following, the above-mentioned steps for this example embodiment are described in more details.
The first file that step S310. is uploaded received from the first client, first file are the first coded format.
In this example embodiment, the first file, that is, foregoing user-defined file may include picture, audio, view
One of file of types such as frequency and document is a variety of.According to the difference of the first file type, corresponding first file can be with
There are a variety of coded formats.For example, when the first file be picture when, the coded format of picture may include JPG, JPEG, BMP,
DDS, PNG, TIF and GIF etc..When the first file is video, the coded format of video may include RM, RMVB, DMV, MP-
4, MPG and MPEG etc..Similarly, when the first file is the other types such as audio, document, the first file may include corresponding to
The type file a variety of coded formats, the disclosure do not do particular determination herein.
For example, when the first file is picture, the method for the raising security of system that the disclosure provides can be applied
The scenes such as customized head portrait, the upload of customized skin in the platforms such as game, social activity or forum.This example embodiment is to make by oneself
The method of the raising security of system is illustrated for adopted head portrait.It is played refering to what is shown in Fig. 5, being shown in figure in a certain game
Role's head portrait of family, player can upload the customized head portrait of player by setting head portrait button.When being arranged successfully other
Player is it is seen that the new head portrait that player is arranged.Wherein, the customized head portrait that player uploads can be picture, and coded format can
Think one of above-mentioned multiple coding of graphics formats.By taking the picture that player uploads is PNG format as an example, then in this step,
With reference to shown in Fig. 6, Fig. 7, server-side can receive and store the picture uploaded from customer end A, and the format of the picture is
PNG format.
Step S320. is based on the first coded format to first file and is decoded, and obtains decoding file.
In this example embodiment, after server-side receives the first file and determines the coded format of first file,
First file can be decoded for corresponding coded format, to obtain decoding file.
Specifically, server-side can be equipped with decoder, which can be directed to a certain coded format of the first file
It is decoded, to obtain the corresponding decoding file of the first file.Further, server-side can be equipped with one or more
Decoder, and each decoder can respectively be decoded each first file for a kind of coded format of each first file.
For example, server-side can be equipped with multiple sub-picture decoders when the first file is picture, it may include JPG decoding
Device, jpeg decoder, BMP decoder, DDS decoder, PNG decoder and GIF decoder etc..For another example when the first file
When for video, server-side can be equipped with multiple Video Decoders, may include RM decoder, RMVB decoder, DMV decoder,
MP-4 decoder, MPG decoder and mpeg decoder etc..In addition, when the first file is audio, document or other kinds of text
When part, server-side is also provided with the decoder of corresponding document type, and the quantity of decoder can be one or more, and each
Each coded format that decoder can correspond to each file is decoded file.
Further, in this step, during decoder is decoded the first file, once detect decoding
Device occur it is abnormal cause decoding process to collapse, then can pass through investigation and obtain two kinds of conclusions: one judgement system of conclusion there are loophole,
Conclusion two judges the first file for malicious file.Reason is to be related to running system in decoding process and by decoding file,
Once decoding process collapses, then it can speculate that there are problems for alternative one.And then it can be judged by detection and analysis: false
If decoded first file be normal file, there is no vulnerability exploit person hide using loophole assembly instruction code when,
It then may determine that there are loopholes for system, and system program can be confirmed by means such as code checks.And it is in confirmation
When system is without exception, the coding of the first file can be checked, once discovery malicious code, then can determine that this document is
Malicious file.In addition, there is also by investigation discovery system and file situation of problems, then need to the two simultaneously into
Row processing.
In this example embodiment, after the picture that server-side receives the PNG format uploaded from customer end A,
Server-side can be decoded the picture based on PNG coded format, to obtain decoding file.
Step S330. is based on the second coded format to the decoding file and encodes, and generates the second file;Wherein, institute
It is different from second coded format to state the first coded format.
In this example embodiment, after server-side obtains decoding file, server-side can be according to the original of the decoding file
File type determines format to be encoded, and the quantity of the format to be encoded can be one or more, and then server-side can lead to
Cross the second coded format for relatively determining and being different from the first coded format of original.
Specifically, server-side is also provided with encoder, which can be based on the decoding file of the first file
A certain coded format re-encodes it, to obtain the second file under the coded format.Further, server-side can be with
Equipped with one or more encoders, and each encoder can be respectively adopted a kind of coded format to the decoding file of the first file into
Row re-encoding, and multiple second files of different coding format can be generated.
For example, then server-side can be equipped with one or more image encoders when the first file is picture, may include
JPG encoder, jpeg coder, BMP encoder, DDS encoder, PNG encoder and GIF encoder etc..And server-side can
To be different from the second coded format of one or more of the first coded format of the first file by comparing determination, and then at one
Or the second coded format to be encoded is determined in multiple second coded formats.
In this example embodiment, in step s 320, PNG coded format is based in server-side, the picture is decoded
After obtaining decoding file, in step S330, server-side is by comparing and determining second coded format such as JPG to be encoded is compiled
Code format, and JPG encoder is called to re-encode decoding file, to generate the picture of JPG format.Further, join
According to shown in Fig. 6, after the picture for generating JPG format, server-side can store the picture file of the JPG format.
Step S340. is requested in response to the file acquisition of the second client, and second file is sent to described second
Client.
In this step, when customer end B and customer end A are in same scene or customer end B has issued in acquisition
State from customer end A upload picture request when, server-side can respond the request, by it is above-mentioned by format conversion generate
The picture file of JPG format is sent to customer end B, and then is shown in the picture file in customer end B.
In this example embodiment, customized picture file is for general on progress in the platforms such as game, social activity or forum
Property content show, the disclosure improve security of system method format has been carried out to the customized picture file that user uploads
Transformation, but the change of format will not influence the identification of human eye, show that function is uninfluenced, to ensure that the experience of user
Quality.
In addition, in other embodiments, the first file can also be correspondingly, above-mentioned including audio, video and document etc.
There are a variety of coded formats in several file types, can be carried out using the method for the raising security of system that the disclosure provides
The decoding and re-encoding of file, without the usage experience of influence user while improving security of system.
Compared with the prior art, the disclosure increases step S320 and step S330, i.e., in customer end A upload and client
The file decoding of server-side and the process of re-encoding are increased between B downloading.For example, using this method to a user
The custom images file of upload is handled, and detailed process is referred to shown in Fig. 7, and in step S710, customer end A is uploaded
The image file of one PNG format, i.e. the first file .PNG;In step S720, server-side is received and stored as the first text
Part .PNG;In step S730, server-side is decoded this document, if it find that decoding is abnormal, then may further judge,
In step S731, there are loopholes for the system;Or judgement, in step S732, which is malicious file;If solution
Code process is smooth, then generates decoding file in step S740;In step S750, decoding file is re-encoded, then is existed
The second file .JPG is generated in step S760 and is stored in server-side;In step S770, server-side responds another client
The downloading at end requests and the second file .JPG is sent to client;In step S780, client is in local to the second file
.JPG it is decoded;Abnormal if there is decoding, then client is collapsed in step S781;If decoding is smoothly, in step
In S790, client shows the image.Wherein, PNG and JPG etc. is common picture format, during format conversion,
There are a variety of operable technological means, the disclosure does not do particular determination herein.
In conclusion realizing document analysis during above-mentioned file decoding and re-encoding and format being converted.One
Aspect, above-mentioned document analysis and format, which are converted, to carry out in server-side, the contact path of user has been cut off, to conceal leakage
The analysis environment in hole, the person that avoids vulnerability exploit are directed to the environmental analysis of loophole.To prevent vulnerability exploit, person analyzes loophole
Reason and analysis vulnerability exploit method.On the other hand, during format is converted, if there are loopholes in received file
The assembly instruction code using loophole that user hides, the then sequence of assembly instruction code meeting during format conversion
It is changed, so as to cause the failure of assembly instruction code, to successfully avoid loophole by malicious exploitation.In another aspect, to institute
It receives file and only carries out format conversion, the usage experience without will affect file, to be utilized the same of risk reducing loophole
When ensure that the Quality of experience of user.
Further, in this example embodiment, a kind of device for improving security of system is additionally provided.The raising system
The device of safety can be applied to a server or terminal device.Refering to what is shown in Fig. 8, the device of the raising security of system
800 may include receiving module 810, decoder 820, encoder 830 and sending module 840.Wherein:
Receiving module 810 can be used for the first file uploaded received from the first client, and first file is first
Coded format;Decoder 820 can be used for being decoded first file based on the first coded format, obtain decoding text
Part;Encoder 830 can be used for encoding the decoding file based on the second coded format, generate the second file;Wherein,
First coded format is different from second coded format;Sending module 840 can be used in response to the second client
File acquisition request, is sent to second client for second file.
In a kind of exemplary embodiment of the disclosure, the first file may include in picture, audio, video and document
It is one or more.
In a kind of exemplary embodiment of the disclosure, the first file may include picture, first coded format with
Second coded format is two different coded formats in JPG, JPEG, BMP, DDS, PNG, TIF and GIF.
In a kind of exemplary embodiment of the disclosure, the device 800 for improving security of system can also include the
One detection module, first detection module can be used for detecting the decoder whether occur when to first file decoding it is different
Often, if there is the system is then judged extremely, there are loopholes.
In a kind of exemplary embodiment of the disclosure, the device 800 for improving security of system can also include the
Two detection modules, the second detection module can be used for detecting the decoder whether occur when to first file decoding it is different
Often, then judge first file for malicious file if there is abnormal.
The detail of each module is in corresponding raising security of system in the device of above-mentioned raising security of system
Method in be described in detail, therefore details are not described herein again.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description
Member, but this division is not enforceable.In fact, according to embodiment of the present disclosure, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following
Claim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.
Claims (10)
1. a kind of method for improving security of system characterized by comprising
Received from the first file that the first client uploads, first file is the first coded format;
The first coded format is based on to first file to be decoded, and obtains decoding file;
The second coded format is based on to the decoding file to encode, and generates the second file;Wherein, first coded format
It is different from second coded format;
In response to the file acquisition request of the second client, second file is sent to second client.
2. the method according to claim 1 for improving security of system, which is characterized in that described to the first file base
It is decoded in the first coded format and includes:
First file is decoded by decoder corresponding with first coded format.
3. the method according to claim 2 for improving security of system, which is characterized in that described to the decoding file base
Carrying out coding in the second coded format includes
The decoding file is encoded by encoder corresponding with the second coded format.
4. the method according to claim 3 for improving security of system, which is characterized in that first file includes figure
One of piece, audio, video and document are a variety of.
5. the method according to claim 3 for improving security of system, which is characterized in that first file includes figure
Piece, first coded format and the second coded format are two kinds of differences in JPG, JPEG, BMP, DDS, PNG, TIF and GIF
Coded format.
6. the method according to claim 2 for improving security of system, which is characterized in that the raising security of system
Method further include:
It detects whether the decoder exception occurs when to first file decoding, then judges the system if there is abnormal
There are loopholes for system.
7. the method according to claim 4 or 5 for improving security of system, which is characterized in that the raising system safety
The method of property further include:
It detects whether the decoder exception occurs when to first file decoding, then judges described the if there is abnormal
One file is malicious file.
8. a kind of device for improving security of system characterized by comprising
Receiving module, the first file for uploading received from the first client, first file are the first coded format;
Decoder obtains decoding file for being decoded based on the first coded format to first file;
Encoder generates the second file for encoding based on the second coded format to the decoding file;Wherein, described
First coded format is different from second coded format;
Second file is sent to described second for the file acquisition request in response to the second client by sending module
Client.
9. a kind of electronic equipment characterized by comprising
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to require 1-7 described in any item via executing the executable instruction and carry out perform claim
Method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
Claim 1-7 described in any item methods are realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910397806.1A CN110210230B (en) | 2019-05-14 | 2019-05-14 | Method and device for improving system security, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910397806.1A CN110210230B (en) | 2019-05-14 | 2019-05-14 | Method and device for improving system security, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110210230A true CN110210230A (en) | 2019-09-06 |
| CN110210230B CN110210230B (en) | 2021-10-22 |
Family
ID=67787079
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910397806.1A Active CN110210230B (en) | 2019-05-14 | 2019-05-14 | Method and device for improving system security, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110210230B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050117056A1 (en) * | 2002-01-18 | 2005-06-02 | Koninklijke Philips Electronics, N.V. | Audio coding |
| CN101394402A (en) * | 2008-10-13 | 2009-03-25 | 邓学锋 | Method for fast code changing in large range to audio information to break virus |
| US20110113230A1 (en) * | 2009-11-12 | 2011-05-12 | Daniel Kaminsky | Apparatus and method for securing and isolating operational nodes in a computer network |
| CN104537307A (en) * | 2014-12-23 | 2015-04-22 | 北京奇虎科技有限公司 | Method and system for detecting website vulnerability |
| CN105897684A (en) * | 2015-12-14 | 2016-08-24 | 乐视云计算有限公司 | Malicious attack detection method and device of transcoding system |
| CN108683900A (en) * | 2018-05-30 | 2018-10-19 | 北京奇艺世纪科技有限公司 | A kind of image processing method and device |
| CN108809921A (en) * | 2017-07-31 | 2018-11-13 | 北京视联动力国际信息技术有限公司 | A kind of audio-frequency processing method regards networked server and regards networked terminals |
| CN109117642A (en) * | 2018-08-16 | 2019-01-01 | 北京梆梆安全科技有限公司 | A kind of the file reading leak detection method and device of application program |
-
2019
- 2019-05-14 CN CN201910397806.1A patent/CN110210230B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050117056A1 (en) * | 2002-01-18 | 2005-06-02 | Koninklijke Philips Electronics, N.V. | Audio coding |
| CN101394402A (en) * | 2008-10-13 | 2009-03-25 | 邓学锋 | Method for fast code changing in large range to audio information to break virus |
| US20110113230A1 (en) * | 2009-11-12 | 2011-05-12 | Daniel Kaminsky | Apparatus and method for securing and isolating operational nodes in a computer network |
| CN104537307A (en) * | 2014-12-23 | 2015-04-22 | 北京奇虎科技有限公司 | Method and system for detecting website vulnerability |
| CN105897684A (en) * | 2015-12-14 | 2016-08-24 | 乐视云计算有限公司 | Malicious attack detection method and device of transcoding system |
| CN108809921A (en) * | 2017-07-31 | 2018-11-13 | 北京视联动力国际信息技术有限公司 | A kind of audio-frequency processing method regards networked server and regards networked terminals |
| CN108683900A (en) * | 2018-05-30 | 2018-10-19 | 北京奇艺世纪科技有限公司 | A kind of image processing method and device |
| CN109117642A (en) * | 2018-08-16 | 2019-01-01 | 北京梆梆安全科技有限公司 | A kind of the file reading leak detection method and device of application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110210230B (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200312327A1 (en) | Method and system for processing comment information | |
| US10650829B2 (en) | Operating a voice response system in a multiuser environment | |
| CN110505141A (en) | Processing method, device, readable medium and the electronic equipment of instant communication information | |
| KR101680948B1 (en) | Transcoding detection and adjustment of content for optimal display | |
| CN106027608B (en) | A kind of picture upload method, client and server | |
| KR101903142B1 (en) | Methods, systems, and media for remote rendering of web content on a television device | |
| US11343545B2 (en) | Computer-implemented event detection using sonification | |
| US11551474B2 (en) | Fake video detection | |
| EP4340377A2 (en) | Fake video detection using block chain | |
| CN109145813B (en) | Image matching algorithm testing method and device | |
| US20230291772A1 (en) | Filtering video content items | |
| CN109934142A (en) | Method and apparatus for generating the feature vector of video | |
| CN109766319A (en) | Compression duty processing method, device, storage medium and electronic equipment | |
| CN110909241B (en) | Information recommendation method, user identification recommendation method, device and equipment | |
| US9094702B2 (en) | Customizing language and content of media for an announcement | |
| CN109241344A (en) | Method and apparatus for handling information | |
| CN106937127B (en) | Display method and system for intelligent search preparation | |
| CN110210230A (en) | Improve method, apparatus, electronic equipment and the storage medium of security of system | |
| US11183186B2 (en) | Operating a voice response system | |
| US20210117690A1 (en) | Fake video detection using video sequencing | |
| CN115810353A (en) | Method for detecting keywords in voice and storage medium | |
| US11276418B2 (en) | Acoustic signature generation by embedding user sentiments | |
| US11700285B2 (en) | Filtering video content items | |
| CN108459833A (en) | Mthods, systems and devices for display text | |
| EP4049174A1 (en) | Fake video detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |