CN106845219A - A kind of intrusion detection smart machine for multiple types of data - Google Patents

A kind of intrusion detection smart machine for multiple types of data Download PDF

Info

Publication number
CN106845219A
CN106845219A CN201710028126.3A CN201710028126A CN106845219A CN 106845219 A CN106845219 A CN 106845219A CN 201710028126 A CN201710028126 A CN 201710028126A CN 106845219 A CN106845219 A CN 106845219A
Authority
CN
China
Prior art keywords
interface
backboard
data
digital
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710028126.3A
Other languages
Chinese (zh)
Other versions
CN106845219B (en
Inventor
解仑
张雷
周育武
王志良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yingtan Zhihui Internet Of Things Application Research Institute Co ltd
Original Assignee
University of Science and Technology Beijing USTB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB filed Critical University of Science and Technology Beijing USTB
Priority to CN201710028126.3A priority Critical patent/CN106845219B/en
Publication of CN106845219A publication Critical patent/CN106845219A/en
Application granted granted Critical
Publication of CN106845219B publication Critical patent/CN106845219B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Small-Scale Networks (AREA)
  • Bus Control (AREA)

Abstract

The present invention provides a kind of intrusion detection smart machine for multiple types of data, and multiple types of data can be performed intrusion detection.The equipment includes:Backboard, mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board and power module;Wherein, the backboard supports compact PCI agreements;The rear input/output interface board, for providing polytype input/output interface, wherein, polytype input/output interface includes:Encryption and decryption card interface, network interface, RS232 serial line interfaces, USB interface, CAN interface, AD interfaces and digital I/O interface, each type of input/output interface, the data for obtaining respective type in real time;The mainboard module, for according to default inbreak detection rule, the data to obtaining to be performed intrusion detection;The encryption and decryption card, for the data do not invaded to be carried out with encryption and decryption and digital authentication processing.The present invention is applied to modern industry control and field of information security technology.

Description

A kind of intrusion detection smart machine for multiple types of data
Technical field
The present invention relates to modern industry control and field of information security technology, particularly relate to a kind of for multiple types of data Intrusion detection smart machine.
Background technology
In recent years, the smart machine and the interconnection of industrial information controlling network for realizing multiple types of data intrusion detection have turned into The important component of modern industry system, Intelligent Measurement possesses the function of multiple types communication interface with communication equipment.Periphery letter When breath network realizes interconnection with the controlling network of intelligent communication device, due to the uncertainty and uncontrollability of network, how to protect The data safety and machine instruction for demonstrate,proving industrial stokehold network have reformed into safely a problem for sternness.Especially for steel The production such as iron metallurgy, petrochemical industry, electricity power, cement industry and infrastructure industry, they are to quantity-produced security There is high requirement with reliability, and if necessary to the interconnection between open network and industrial control network, it is just suitable The danger attacked is faced in controlling network is directly exposed into information network.And it is special due to industrial field device Property, once breaking down will produce destructive very strong manpower and materials property loss, and produce very harmful social influence.
In modern industry and data communication, intelligence degree more and more higher is various by intelligently equipping the communication that constitutes Categorical data control system be widely applied to Aero-Space, Engineering Control, environment, power network, Medical Devices, communication and In daily life work.Wherein, controller local area network (Controller Area Network, CAN), technical grade The CAN data transmit-receive of CAN cards is completed by CAN controller and CAN transceiver.The function card of this interface is in automobile and other industries In be widely used, and quickly grown in fields such as Industry Control, robot, medicine equipment, sensors.AD Signals collecting functions Also it is widely used in reality with data signal I O function, in order to gather the much information of industrial field device, for example, collection AD Signal voltage data, digital IO parameter, the communication of serial UART signal, and integrated level CAN higher is used, together When also need to be encrypted decryption processing, under many circumstances, these functions need to be integrated in an equipment, but, it is existing In technology, also without the equipment of a kind of integrated CAN interface, AD interfaces, digital I/O interface and encrypting and decrypting function.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of intrusion detection smart machine for multiple types of data, with Solve the equipment without a kind of integrated CAN interface, AD interfaces, digital I/O interface and encrypting and decrypting function existing for prior art Problem.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of intrusion detection intelligence for multiple types of data Equipment, including:Backboard, the mainboard module being attached with the backboard, CAN&AD cards, digital I/O card, encryption and decryption card, rear input Output interface plate and power module;Wherein, the backboard supports compact PCI agreements;
The rear input/output interface board, for providing polytype input/output interface, wherein, the polytype Input/output interface include:Encryption and decryption card interface, network interface, RS232 serial line interfaces, USB interface, CAN interface, AD interface sums Word I/O interface, each type of input/output interface, the data for obtaining respective type in real time;
The CAN&AD cards, for being communicated with the CAN interface, AD interfaces by the backboard;
The digital I/O card, for being communicated with the digital I/O interface by the backboard;
The mainboard module, for according to default inbreak detection rule, the data to obtaining to be performed intrusion detection;
The encryption and decryption card, for the data do not invaded to be carried out with encryption and decryption and digital authentication processing;
The power module, for being powered for the backboard.
Further, the mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board and electricity Source module carries out being connected to slotting by pin connector and the backboard;
Wherein, the mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card and power module are located at the backboard Front side, the rear input/output interface board is located at the rear side of the backboard.
Further, polytype input/output interface includes:1 tunnel secrecy card interface, 2 road networks mouthful, 2 tunnels RS232 serial line interfaces, 6 road USB interfaces, 2 road CAN interfaces, 10 road AD interfaces, 24 railway digital I/O interfaces.
Further, the CAN&AD cards include:First modular converter and first interface expansion module;
First modular converter, for pci bus to be converted into local bus, wherein, the local bus with it is described First interface expansion module is connected;
The first interface expansion module, for expanding multichannel CAN signal and multi-channel A/D signal, wherein, the multichannel CAN signal and multi-channel A/D signal are connected on the rear input/output interface board by the backboard, by the rear input and output Interface board provides multichannel CAN interface and multi-channel A/D interface.
Further, the digital I/O card includes:Second modular converter and second interface expansion module;
Second modular converter, for pci bus to be converted into local bus, wherein, the local bus with it is described Second interface expansion module is connected;
The second interface expansion module, for expanding multichannel I/O signal, wherein, the multichannel I/O signal is by described Backboard is connected on the rear input/output interface board, and multi-path digital I/O interface is provided by the rear input/output interface board;
Wherein, the every railway digital I/O interface in the multi-path digital I/O interface can separate configurations be output interface or input connect Mouthful.
Further, the equipment also includes:The first network interface expansion module for being connected with the backboard and with described first The connected net mouth transformer of network interface expansion module;
The first network interface expansion module and the net mouth transformer being connected with the first network interface expansion module, for extending Go out first via network interface;
The first via network interface, for input and output network data.
Further, the equipment also includes:The second network interface expansion module being connected with the backboard;
The second network interface expansion module, for expanding the second road network mouthful;
Second road network mouthful, for input and output network data.
Further, the equipment also includes:The alternating current filter being connected with the backboard;
The alternating current filter, for being filtered treatment to 220V alternating currents.
Further, polytype input/output interface also includes:Display mouth;
The display mouth, for accessing liquid crystal display.
Further, the equipment also includes:The standby board being connected with the backboard;Wherein,
The standby board includes:RS232 serial interface cards, video/audio synthesis card, 1553B bus cards, based on compact One or more in the 3U boards of type pci bus, the 6U boards based on compact pci bus.
Above-mentioned technical proposal of the invention has the beneficial effect that:
In such scheme, network interface, RS232 serial line interfaces based on the offer of rear input/output interface board, USB interface, CAN connect Mouth, AD interfaces and digital I/O interface, can in real time obtain polytype data such as AD, CAN, digital quantity, and according to default The polytype data for obtaining are performed intrusion detection by inbreak detection rule in real time using mainboard module;And solved using adding Close card carries out encryption and decryption and digital authentication processing to the data do not invaded, it is achieved thereby that the diversity of data, it is ensured that number According to security and reliability.
Brief description of the drawings
Fig. 1 is the structural representation of the intrusion detection smart machine for multiple types of data provided in an embodiment of the present invention Figure;
Fig. 2 is that the detailed construction of the intrusion detection smart machine for multiple types of data provided in an embodiment of the present invention is shown It is intended to;
Fig. 3 is intrusion detection smart machine functional cards general principle figure provided in an embodiment of the present invention;
Fig. 4 is PCI9054 chips inside and outside catenation principle figure provided in an embodiment of the present invention;
Fig. 5 is digital quantity I O board card function realizing circuit block diagram provided in an embodiment of the present invention;
Fig. 6 is that intrusion detection smart machine peripheral system provided in an embodiment of the present invention connects block diagram.
Specific embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and tool Body embodiment is described in detail.
The present invention is for a kind of existing no integrated CAN interface, AD interfaces, digital I/O interface and encrypting and decrypting function A kind of problem of equipment, there is provided intrusion detection smart machine for multiple types of data.
As shown in figure 1, the intrusion detection smart machine for multiple types of data provided in an embodiment of the present invention, including: Backboard, the mainboard module being attached with the backboard, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board And power module;Wherein, the backboard supports compact PCI agreements;
The rear input/output interface board, for providing polytype input/output interface, wherein, the polytype Input/output interface include:Encryption and decryption card interface, network interface, RS232 serial line interfaces, USB interface, CAN interface, AD interface sums Word I/O interface, each type of input/output interface, the data for obtaining respective type in real time;
The CAN&AD cards, for being communicated with the CAN interface, AD interfaces by the backboard;
The digital I/O card, for being communicated with the digital I/O interface by the backboard;
The mainboard module, for according to default inbreak detection rule, the data to obtaining to be performed intrusion detection;
The encryption and decryption card, for the data do not invaded to be carried out with encryption and decryption and digital authentication processing;
The power module, for being powered for the backboard.
The intrusion detection smart machine for multiple types of data described in the embodiment of the present invention, is connect based on rear input and output Network interface, RS232 serial line interfaces, USB interface, CAN interface, AD interfaces and digital I/O interface that oralia is provided, can obtain in real time Polytype data such as AD, CAN, digital quantity, and according to default inbreak detection rule, it is many to what is obtained using mainboard module The data of type are performed intrusion detection in real time;And encryption and decryption and numeral are carried out to the data do not invaded using encryption and decryption card Authentication processing, it is achieved thereby that the diversity of data, it is ensured that the security and reliability of data.
In the present embodiment, the backboard, mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input and output connect Oralia all support and use compact PCI agreements, wherein, CAN&AD cards can be technical grade CAN&AD cards.In the present embodiment, such as Shown in Fig. 1, Fig. 2, the intrusion detection smart machine provides multiple draw-in grooves, wherein, the draw-in groove includes:System groove, equipment Groove, power slot, system groove are used to insert the mainboard module, and equipment slots are used to insert CAN&AD cards, digital I/O card, encryption and decryption Card, power slot is used to insert power module.
In the present embodiment, the mainboard module can be COM-E (COM Express) core board, the COM-E core boards On can run the kylin linux system of customization, the kylin linux system of the customization is for multiple types of data invasion Detected rule is rationally cut to former kylin linux kernel system, both ensure that the stabilization of the kylin linux system after cutting Property, reliability, hardware low-power consumption, there is the transport communication protocols such as CAN, USB, AD and IO of polymorphic type again, realize data reliability, Efficient transmission, and support that various communications protocols are changed;Wherein, the CPU of the COM-E core boards is(Yin Te You) i7-4650U processors, run dominant frequency and reach as high as 3.3GHz, reachable -40 DEG C -+95 DEG C of temperature range of operation meets special Under the conditions of, the industry spot storage larger environment of the temperature difference;The CPU of the COM-E core boards is furnished with 16GB DDR3 internal memories;Mainboard Support plate butt connector uses 440pin paster modes in module;The mainboard module, CAN&AD cards, digital I/O card, encryption and decryption Card, rear input/output interface board and power supply module are the peripheral expansion interface boards for realizing the COM-E core boards.
In the present embodiment, the intrusion detection smart machine can support RS232, RS485, CAN, AD, Digital I/O, USB Etc. plurality of communication schemes, can simultaneous communications EtherCAT, UDP, NetBEUI agreement and RS232, RS485, CAN, AD and Digital I/O Signal;Comprising the input/output interface of the various protocols such as EtherCAT, UDP, NetBEUI on the rear input/output interface board; The input/output interface can be included but is not limited to:1 tunnel encryption and decryption card interface, the network interface of 2 road optical fiber 10,000,000,000,2 road RS232 are serial Interface, 6 road USB interfaces, 2 road CAN interfaces, 10 road AD interfaces and 24 railway digital I/O interfaces;Based on the rear input/output interface Polytype input/output interface on plate can obtain different types of data, and the intrusion detection smart machine can be right The all types of data for obtaining are performed intrusion detection, full-featured.
In the present embodiment, due to having CAN interface, AD interfaces, digital I/O interface and net on the intrusion detection smart machine Mouthful, other equipment (for example, industrial field device and/or host computer) can be by CAN signal line, AD holding wires, I/O signal line And/or netting twine is attached with the intrusion detection smart machine and communicates, for example, the intrusion detection smart machine can pass through ISOEM-U5-P2-O7 isolators and AD7328BRUZ-TSSOP20 chips realize AD signal acquisitions of the data such as DC voltage, double The collection of road CAN signal, can realize the input and output (IO) of digital quantity via digital I/O card again.
In the present embodiment, the intrusion detection smart machine and other equipment are (for example, industrial field device and/or upper Machine) system can be constituted.
In the present embodiment, the data can be the polytype number produced by the behavior of inside and outside user and system activity According to the specific steps that the data of described pair of acquisition are performed intrusion detection can include:By the mainboard module analyze and The defect and fragility of the multiple types of data produced by the behavior of detection inside and outside user and system activity, analytical equipment or system Property, specify aimed detection rule with reference to protocol characteristic;According to Snort detected rules identification attack, abnormal behaviour, go forward side by side Row response;Controlling model to other equipment and other equipment carries out system resource and data integrity assessment, monitoring system day Will, storage accesses record and attacks footprint.Then, encryption and decryption to the data do not invaded is carried out by encryption and decryption card and numeral is recognized Card treatment, so as to realize the safe transmission of data, by network interface, CAN interface, USB3.0 interfaces, AD interfaces and digital I/O interface Realize the diversity of data.
In the present embodiment, there is fpga chip on the encryption and decryption board, undertake the calculating task of enciphering and deciphering algorithm, realize Hardware enciphering and deciphering is operated, so that encryption and decryption operation is substantially not take up cpu resource on mainboard module, and be ensure that such as direct current The encryption/decryption speed of the multiple types of data such as voltage, electric current, torque, rotating speed.
In the present embodiment, when the encryption and decryption card carries out encryption and decryption and digital authentication processing to the data do not invaded, and The method of not single use pure software carries out encryption and decryption and digital authentication processing to the data do not invaded, specifically, during input, The encryption and decryption card is encrypted and digital authentication processing by AES to the data being input into, during output, the encryption and decryption AES corresponding decipherment algorithm in Cali's is decrypted and digital authentication processing to data;Wherein, the encryption and decryption card can So that comprising Datang Telecom's encryption chip and fpga chip, the encryption and decryption card supports compact PCI agreements, and compact has abandoned biography The golden finger connected mode of system type and use pin hole connector plugging pattern, possess high density and high reliability.
In the present embodiment, the mainboard module can also update the enciphering and deciphering algorithm in the encryption and decryption card, so as to enter one Step has ensured the security of technical grade multiple types of data communication.
In the present embodiment, if the input/output interface includes the network interface of 2 road optical fiber 10,000,000,000,2 road RS232 serial line interfaces, 6 tunnels USB interface, 2 road CAN interfaces, 10 road AD interfaces and 24 railway digital I/O interfaces, then the intrusion detection smart machine can be simultaneously To the network interface of 2 road optical fiber 10,000,000,000,2 road RS232 serial line interfaces, 6 road USB interfaces, 2 road CAN interfaces, 10 road AD interfaces and 24 railway digitals The data of I/O interface are performed intrusion detection and stored.
In the present embodiment, the backboard supports compact PCI agreements, and compact has abandoned traditional golden finger connection side Formula and use pin hole connector plugging pattern, possess high density and high reliability;Because the backboard supports compact PCI associations View, the backboard is properly termed as compact PCI backboards, according to compact PCI agreements, the functional cards (example before the backboard Such as, mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card) on only realize function without external interface, when externally output During signal, all signals are exported after backboard relay transmission through the external interface on the input/output interface board after, with CAN mouthfuls of act Example, the CAN&AD cards include:CAN cards and AD cards, wherein, the CAN cards realize two-way CAN signal by extended chip, Relayed through backboard, it is necessary to input/output interface board sets CAN mouthfuls of two-way after.
In the present embodiment, in order to extend the function of CAN, devise and assisted with Magnetic isolation CAN interface and compact PCI The CAN cards of view, CAN cards can realize Magnetic isolation technology using ADM-3053 and CTM1051A-3.3V chips, and CAN cards are collected The information of each node in CAN, is transmitted to host computer, and can by the order of host computer and data be transmitted to each node with And complete to the part monitoring of the custom system in CAN and management work.
In the present embodiment, CAN clamps carry two CAN controllers, and two CAN controllers that CAN clamps are carried are placed on CAN cards Diverse location, two CAN controllers can be simultaneously independently executed in controller local area network;It is real between two CAN controllers Existing Magnetic isolation, the two-way Magnetic isolation CAN cards of realization are the controller local area networks that connection ability is provided for computer, and it possesses certainly Dynamic transmission repeat function, there is provided bus arbitration and error detection ability, this can be greatly reduced the probability of data degradation, and ensure The reliability of system.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board and power module is stated to connect by pin Connect device carries out being connected to slotting with the backboard;
Wherein, the mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card and power module are located at the backboard Front side, the rear input/output interface board is located at the rear side of the backboard.
In the present embodiment, the mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card and power module are located at described The front side of backboard, is the crucial board for realizing intrusion detection, and the board on front side of the backboard is properly termed as front side board;Institute Rear side of the rear input/output interface board positioned at the backboard is stated, the board on rear side of the backboard is properly termed as rear side board; Backboard is the relaying of front side board and rear side board, and the relay connection with front side board, rear side board is realized by backboard, and complete Protocol conversion and data transfer into interface;Backboard and front side, rear side each board pass through pin in intrusion detection smart machine Female connector forms rectilinear plug relation;For example, the mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card and electricity Source module can realize that front mutual-inserting type is connected by two millimeters high of intensive European pin hole connector with backboard, realize board Between power supply and signal intercommunication;Backboard passes through these three connectors of J1/J4, J2/J5, J3 and rear input/output interface board from backboard The back side to insert connection.Signal is produced by each board above, is connected through backboard and relayed, by rear input/output interface board The corresponding interface output, so, in intrusion detection smart machine by high density, high reliability European pin hole connector interconnect Mode realizes the transmission and connection of power supply and signal, it is possible to increase the reliability of whole equipment.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating CAN&AD cards includes:First modular converter and first interface expansion module;
First modular converter, for pci bus to be converted into local bus, wherein, the local bus with it is described First interface expansion module is connected;
The first interface expansion module, for expanding multichannel CAN signal and multi-channel A/D signal, wherein, the multichannel CAN signal and multi-channel A/D signal are connected on the rear input/output interface board by the backboard, by the rear input and output Interface board provides multichannel CAN interface and multi-channel A/D interface.In the present embodiment, the CAN&AD cards include:First modular converter and First interface expansion module, that is to say, that first modular converter and first interface expansion module are the parts of CAN&AD cards, The CAN&AD cards are converted into local bus using the first modular converter just pci bus, and (local bus are referred to as: Local bus), first modular converter can include:PCI9054 chips and eeprom chip, wherein, the PCI9054 cores Piece is used to for pci bus to be converted into local bus, and longer-term storage PCI9054 chips matches somebody with somebody after the eeprom chip solidification instruction Confidence ceases;(wherein, the first interface expansion module can be the local bus connection first interface expansion module STM32F207ZGT6 chips) and 10 road AD signals and 2 tunnel CAN signals are expanded, the 10 road AD signals for expanding and 2 road CAN believe After number being connected to after backboard on input/output interface board, 10 road AD interfaces and 2 tunnels are externally provided by rear input/output interface board CAN interface, wherein, STM32F207ZGT6 chips need to carry out program Solidification with J-Link instruments and Keil5.0 softwares.
In the present embodiment, as shown in figure 3, pci bus are by circuit conversion, and by the logic on local bus and board Control is connected completion interface with process circuit to the control of board and the input and output of signal, logic control and process circuit realization Board functional requirement, completes the functions such as address decoding, Data Format Transform, logic control, while carrying out to peripheral functional circuit The input and output of control and signal with drive circuit, wherein, logic control and process circuit can be by FPGA devices Realize.
As shown in figure 4, compact pci bus interface control logic realizes PCI9054 chips and 64bit, 66.6MHz PCI The interface of bus;The realization of local bus interface control logic is connected with PCI9054 chips.The internal resource of PCI9054 chips Including PCI configurations internal register, local bus control logic and a pair of read-write FIFO, for configuring system, and it is total to connect PCI Line and local bus.The internal logic of PCI9054 chips is made up of serial EEPROM controller and FIFO control logic, Qian Zheyong To be loaded from optional external series EEPROM the value of configuration register, the latter control read-write FIFO coordinates compact pci bus And local bus.Jtag interface is come debug circuit, by this interface by program Solidification by Keil5.0 softwares and program To in the board of invention.
Wherein, PCI9054 chips part/local bus have two kinds of mode of operations (MODE):Non-multiplexed pattern and many Road multiplexer mode.Under non-multiplexed pattern, in the case that MODE inputs are low, PCI9054 uses non-multiplexed pattern, Conversely, when MODE inputs are high, using multiplexing modes.Under multiplexing modes, LA [27:2] for transmitting address, LAD[63:32] it is 64 bit address/data-reusing bus;Under non-multiplexed pattern, LA [27:2] it is address bus, LD [63: 32] it is data/address bus.
In order to more fully understand the present embodiment, compact pci bus signal is illustrated:
Compact pci bus signal completes the timing conversion of bus, intrusion detection smart machine is controlled each component The functional circuit of (mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board and power module).This Embodiment adds the interface scheme of FPGA and designs completing CAN&AD cards and digital I/O card using PCI9054 chips.By PLX companies The PCI9054 chips of production are written and read logical sum compact PCI and expand as pci controller, using the FPGA of altera corp Exhibition Functional Design.
In the present embodiment, the PCI9054 is 32/64, the interface chip of frequency 33/66MHz, can make pci signal most Fast transmission speed reaches 264MB/s;Local bus multiplexing and the bit address of non-multiplexed 32/64 or data protocol are supported, And dynamic local bus 8,16 and 32 bit manipulations are supported, local clock reaches as high as 66.6MHz;Support 5 PCI to locally Address space mappinD, each space allows individually to program wait state, highway width and sudden transmission function;Support compact PCI power management v2.2 Version Specs;Support that the PCI of Vita product data (Vital Product Data, be abbreviated as VPD) expands Exhibition and PCI target pre-read patterns, can increase bandwidth and reduce reading delay;PCI9054 chips have 9 general programmable mesh I/O, multiple use can be used in;Support that compact PCI's is hot-swappable;Its power supply supports the fault-tolerant behaviour of DC3.3V and 5V voltages Make, and with optional serial eeprom interface.
The excellent performance of compact pci bus, using European pin hole connector, can quickly transmit multiple types of data, its Interface logic has depth very much, bus initial stage of development to realized with FPGA be it is relatively difficult, and reliability compared with Low, in general, the interface function that compact PCI is realized using special pci interface chip is one highly effective, reliable Design implementation method.
In the present embodiment, the FPGA device and its development environment and instrument QUARTUS of ALTERA company of the U.S are used II 12.0, this be it is a kind of can by user according to the requirement of designed digital display circuit, using scene definition, configuration it is highly dense Degree special digital integrated circuit.Design module can be realized containing extensive gate under the support of FPGA development system softwares The design of digital display circuit.
The major advantage of FPGA can be summarized as following three part:
The characteristic of user's field-programmable of FPGA substantially reduces the design cycle, can be in the shorter time, by setting Meter person scene provides the quick model realized.
FPGA can provide many effective logical capacity density bigger than EPLD and CPLD devices, not only greatly reduce printing The space of circuit board, greatly reduces system power dissipation, while substantially increasing the technique realizability and product of system design Reliability.
FPGA device can heat it is erasable, program repeatedly, and can Straight simulation on stream, without the loss that technique is realized.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating digital I/O card includes:Second modular converter and second interface expansion module;
Second modular converter, for pci bus to be converted into local bus, wherein, the local bus with it is described Second interface expansion module is connected;
The second interface expansion module, for expanding multichannel I/O signal, wherein, the multichannel I/O signal is by described Backboard is connected on the rear input/output interface board, and multi-path digital I/O interface is provided by the rear input/output interface board;
Wherein, the every railway digital I/O interface in the multi-path digital I/O interface can separate configurations be output interface or input connect Mouthful.
In the present embodiment, pci bus are converted into local bus, described by the digital I/O card using the second modular converter Two modular converters can include:PCI9054 chips and eeprom chip, wherein, the PCI9054 chips are used for pci bus Local bus are converted into, the configuration information of longer-term storage PCI9054 chips after the eeprom chip solidification instruction;It is described local (wherein, the second interface expansion module can be onboard for digital I/O card for bus connection second interface expansion module EP1C3T144C8N chips) and 24 tunnel I/O signals are expanded, the 24 tunnel I/O signals for expanding are input into defeated after being connected to after backboard On outgoing interface plate, 24 railway digital I/O interfaces are externally provided by rear input/output interface board, wherein, digital I/O card is onboard EP1C3T144C8N chips load and use software translating FPGA programs, it is necessary to USB Blaster emulators and QuartusII12.0 softwares carry out program Solidification.
In the present embodiment, the 24 railway digital I/O interface is used to provide 24 road TTL digital quantity input and output I/O ports, every group I/O port can separate configurations be output port or input port.
In the present embodiment, the Functional Circuit Diagram of digital I/O card is illustrated in figure 5,10MHz optocouplers use HCPL2631 devices Part, drive circuit uses SG2003J/883b.High pressure will be pulled to 26VDC, the electricity of 26V by digital output through overdrive circuit Source is provided by peripheral dc source.Application program set certain all the way output signal when, by this road pair of driving interface function setup The register answered, FPGA can export corresponding signal according to the arranges value of register, then be changed into 26VDC signals after overdrive circuit Or 0VDC signals.
In the present embodiment, the input of digital quantity by accessing to 10MHz optocoupler HCPL2631 chips after current-limiting resistance, when defeated When entering signal voltage for direct current 14.9V~26.1V, optocoupler conducting can export one High state of correspondence, when input signal is straight During stream 0V~0.81V, optocoupler is not turned on, and now exports corresponding another kind Low states, and the output line of optocoupler is to be connected to FPGA devices Part EP2C8Q208C8N's, FPGA internal logics are High the or Low shapes that can determine that input signal according to the two states of optocoupler State, by the input state corresponding register of placement of this railway digital amount.When application program will read the state on this road, it is necessary to Driving interface function is called, by chip ULN2803AFWG and technical grade relay JRC-089M-002-05-II, numeral is realized Amount high-speed switch and State Transferring, driving interface function can return to the state of this railway digital amount input signal, the state for returning Acquisition software is passed to, after parsing and process via software, the function of digital I/O card is realized.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating equipment also includes:The first network interface expansion module being connected with the backboard and the net being connected with the first network interface expansion module Mouth transformer;
The first network interface expansion module and the net mouth transformer being connected with the first network interface expansion module, for extending Go out first via network interface;
The first via network interface, for input and output network data.
In the present embodiment, the first network interface expansion module that is connected with the backboard can beICH9M networks Chip, the net mouth transformer can be IMG M1801IG chips;ICH9M network chips connect net mouth transformer IMG M1801IG simultaneously expand out network interface all the way, wherein, the network interface can be optical networking mouthful.
In the present embodiment, can realize that the Ethernet of network data rapidly inputs and exports by two-way optical fiber network interface, prop up Ethernet and Internet transmission standards are held, and signal transmission supports TCP/IP, EtherCAT and udp protocol of standard.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating equipment also includes:The second network interface expansion module being connected with the backboard;
The second network interface expansion module, for expanding the second road network mouthful;
Second road network mouthful, for input and output network data.
In the present embodiment, the second network interface expansion module goes out another road optical fiber network interface with a PCIE X4 signal extension, So, can realize that the Ethernet of network data rapidly inputs and exports by two-way optical fiber network interface, support Ethernet and Internet transmission standards, and signal transmission supports TCP/IP, EtherCAT and udp protocol of standard.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating equipment also includes:The alternating current filter being connected with the backboard;
The alternating current filter, for being filtered treatment to 220V alternating currents.
In the present embodiment, as shown in Fig. 2 the equipment also includes:The alternating current filter being connected with the backboard;Civil power 220V alternating currents are by, through introducing power module by backboard, service-strong is European on power module after alternating current filter filtering process Power connector female, is connected with European power connector male on backboard to inserting.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating polytype input/output interface also includes:Display mouth;
The display mouth, for accessing liquid crystal display.
In the present embodiment, as shown in Fig. 2 the input/output interface of intrusion detection smart machine includes:Encryption and decryption card interface, Network interface, RS232 serial line interfaces, USB interface, CAN interface, AD interfaces and digital I/O interface, as shown in fig. 6, the intrusion detection Smart machine can access 10,000,000,000 interchangers, keyboard, mouse, fire wall and realize it to external by the input/output interface Mouthful.Stored to intrusion detection intelligence after signal or digital I/O signal that the data such as external voltage, industrial CAN device send are acquired In the embedded hard disk of the mainboard module of equipment, and operation can be written and read to data by upper computer software.
In the present embodiment, polytype input/output interface can also include:1 display mouth, wherein, it is described aobvious Show that mouth can be used for accessing liquid crystal display.
In the foregoing specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating equipment also includes:The standby board being connected with the backboard;Wherein,
The standby board includes:RS232 serial interface cards, video/audio synthesis card, 1553B bus cards, based on compact One or more in the 3U boards of type pci bus, the 6U boards based on compact pci bus.
In the present embodiment, the equipment also includes:The standby board being connected with the backboard, the standby plate is positioned in institute State the front side of backboard;The standby board can be extended according to actual conditions, the function to the equipment, for example, described Standby board includes:RS232 serial interface cards, video/audio synthesis card, 1553B bus cards, the 3U based on compact pci bus One or more in board, the 6U boards based on compact pci bus, as shown in Fig. 2 can insert standby by standby draw-in groove With board, so that the functional performance of intrusion detection smart machine is further enriched, wherein, 6U board slots may be inserted into 3U plates Card, with very strong compatibility;Compact pci bus have abandoned the golden finger form of traditional PCI bus, using reliable and stable Pin hole connector form, possesses high density and high reliability, while equipment supports the warm connection function of board, realizes that polymorphic type is assisted View, multi-functional board it is integrated.
In the present embodiment, the backboard, mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input and output connect Oralia, standby board all using meeting the electronic component of aviation-grade or army's grade, and using meeting compact PCI standards, outer Graceful structural member is seen, internal board can be protected and chip and component are not damaged by external stress thereon.
The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art For, on the premise of principle of the present invention is not departed from, some improvements and modifications can also be made, these improvements and modifications Should be regarded as protection scope of the present invention.

Claims (10)

1. a kind of intrusion detection smart machine for multiple types of data, it is characterised in that including:Backboard, with the backboard Mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board and the power module being attached;Its In, the backboard supports compact PCI agreements;
The rear input/output interface board, for providing polytype input/output interface, wherein, it is described polytype defeated Entering output interface includes:Encryption and decryption card interface, network interface, RS232 serial line interfaces, USB interface, CAN interface, AD interfaces and Digital I/O Interface, each type of input/output interface, the data for obtaining respective type in real time;
The CAN&AD cards, for being communicated with the CAN interface, AD interfaces by the backboard;
The digital I/O card, for being communicated with the digital I/O interface by the backboard;
The mainboard module, for according to default inbreak detection rule, the data to obtaining to be performed intrusion detection;
The encryption and decryption card, for the data do not invaded to be carried out with encryption and decryption and digital authentication processing;
The power module, for being powered for the backboard.
2. the intrusion detection smart machine for multiple types of data according to claim 1, it is characterised in that the master Plate module, CAN&AD cards, digital I/O card, encryption and decryption card, rear input/output interface board and power module pass through pin connector Carry out being connected to slotting with the backboard;
Wherein, the mainboard module, CAN&AD cards, digital I/O card, encryption and decryption card and power module are located at the front side of the backboard, The rear input/output interface board is located at the rear side of the backboard.
3. the intrusion detection smart machine for multiple types of data according to claim 1, it is characterised in that described many The input/output interface of type includes:1 tunnel secrecy card interface, 2 road networks mouthful, 2 road RS232 serial line interfaces, 6 road USB interfaces, 2 Road CAN interface, 10 road AD interfaces, 24 railway digital I/O interfaces.
4. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating CAN&AD cards includes:First modular converter and first interface expansion module;
First modular converter, for pci bus to be converted into local bus, wherein, the local bus and described first Interfacing expansion module is connected;
The first interface expansion module, for expanding multichannel CAN signal and multi-channel A/D signal, wherein, the multichannel CAN letters Number and multi-channel A/D signal be connected on the rear input/output interface board by the backboard, by the rear input/output interface board Multichannel CAN interface and multi-channel A/D interface are provided.
5. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating digital I/O card includes:Second modular converter and second interface expansion module;
Second modular converter, for pci bus to be converted into local bus, wherein, the local bus and described second Interfacing expansion module is connected;
The second interface expansion module, for expanding multichannel I/O signal, wherein, the multichannel I/O signal passes through the backboard It is connected on the rear input/output interface board, multi-path digital I/O interface is provided by the rear input/output interface board;
Wherein, the every railway digital I/O interface in the multi-path digital I/O interface can separate configurations be output interface or input interface.
6. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating equipment also includes:The first network interface expansion module being connected with the backboard and the net being connected with the first network interface expansion module Mouth transformer;
The first network interface expansion module and the net mouth transformer being connected with the first network interface expansion module, for expanding Network interface all the way;
The first via network interface, for input and output network data.
7. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating equipment also includes:The second network interface expansion module being connected with the backboard;
The second network interface expansion module, for expanding the second road network mouthful;
Second road network mouthful, for input and output network data.
8. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating equipment also includes:The alternating current filter being connected with the backboard;
The alternating current filter, for being filtered treatment to 220V alternating currents.
9. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating polytype input/output interface also includes:Display mouth;
The display mouth, for accessing liquid crystal display.
10. the intrusion detection smart machine for multiple types of data according to claim 1 or 3, it is characterised in that institute Stating equipment also includes:The standby board being connected with the backboard;Wherein,
The standby board includes:RS232 serial interface cards, video/audio synthesis card, 1553B bus cards, based on compact PCI One or more in the 3U boards of bus, the 6U boards based on compact pci bus.
CN201710028126.3A 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data Active CN106845219B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710028126.3A CN106845219B (en) 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710028126.3A CN106845219B (en) 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data

Publications (2)

Publication Number Publication Date
CN106845219A true CN106845219A (en) 2017-06-13
CN106845219B CN106845219B (en) 2019-05-10

Family

ID=59124637

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710028126.3A Active CN106845219B (en) 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data

Country Status (1)

Country Link
CN (1) CN106845219B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107656889A (en) * 2017-08-04 2018-02-02 上海航天电子有限公司 A kind of aerospace electronic product universal detection device
CN108021125A (en) * 2017-12-28 2018-05-11 深圳市永达电子信息股份有限公司 Industrial system signal of communication detecting system
CN108809727A (en) * 2018-06-15 2018-11-13 北京科技大学 A kind of intrusion prevention system of DC motor control system
CN109766301A (en) * 2018-12-25 2019-05-17 北京航天晨信科技有限责任公司 For infusing the bus apparatus of the signal communication of key function
CN113110395A (en) * 2021-04-30 2021-07-13 西安热工研究院有限公司 Multi-bus testing device and method for high-temperature gas cooled reactor control system
CN113204804A (en) * 2021-04-25 2021-08-03 山东英信计算机技术有限公司 Security module, server mainboard and server
CN113242214A (en) * 2021-04-19 2021-08-10 国电南瑞科技股份有限公司 Encryption authentication device, system and method between power secondary equipment board cards
CN113253263A (en) * 2021-06-22 2021-08-13 湖南华诺星空电子技术有限公司 Three-dimensional through-wall radar system
CN113472964A (en) * 2021-06-05 2021-10-01 山东英信计算机技术有限公司 Image processing device and system
CN115847451A (en) * 2022-12-26 2023-03-28 江西洪都航空工业集团有限责任公司 Distributed intelligent robot control system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223320A (en) * 2011-03-31 2011-10-19 华车(北京)交通装备有限公司 CANOPEN-HDLC gateway based on ARM 7
CN103491530A (en) * 2013-09-11 2014-01-01 辽源市信长城信息技术研发有限公司 Intelligent PAD with information safety mechanism
CN204884126U (en) * 2015-07-30 2015-12-16 国家电网公司 Intrusion detection information acquisition communication equipment
CN205283601U (en) * 2016-01-15 2016-06-01 成都智扬易方软件有限公司 Take intrusion detection's network security isolated system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223320A (en) * 2011-03-31 2011-10-19 华车(北京)交通装备有限公司 CANOPEN-HDLC gateway based on ARM 7
CN103491530A (en) * 2013-09-11 2014-01-01 辽源市信长城信息技术研发有限公司 Intelligent PAD with information safety mechanism
CN204884126U (en) * 2015-07-30 2015-12-16 国家电网公司 Intrusion detection information acquisition communication equipment
CN205283601U (en) * 2016-01-15 2016-06-01 成都智扬易方软件有限公司 Take intrusion detection's network security isolated system

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107656889A (en) * 2017-08-04 2018-02-02 上海航天电子有限公司 A kind of aerospace electronic product universal detection device
CN108021125A (en) * 2017-12-28 2018-05-11 深圳市永达电子信息股份有限公司 Industrial system signal of communication detecting system
CN108809727A (en) * 2018-06-15 2018-11-13 北京科技大学 A kind of intrusion prevention system of DC motor control system
CN108809727B (en) * 2018-06-15 2020-08-07 北京科技大学 Intrusion prevention system of direct current motor control system
CN109766301A (en) * 2018-12-25 2019-05-17 北京航天晨信科技有限责任公司 For infusing the bus apparatus of the signal communication of key function
CN113242214A (en) * 2021-04-19 2021-08-10 国电南瑞科技股份有限公司 Encryption authentication device, system and method between power secondary equipment board cards
CN113242214B (en) * 2021-04-19 2022-09-23 国电南瑞科技股份有限公司 Device, system and method for encryption authentication between boards of power secondary equipment
CN113204804A (en) * 2021-04-25 2021-08-03 山东英信计算机技术有限公司 Security module, server mainboard and server
CN113204804B (en) * 2021-04-25 2022-03-22 山东英信计算机技术有限公司 Security module, server mainboard and server
CN113110395A (en) * 2021-04-30 2021-07-13 西安热工研究院有限公司 Multi-bus testing device and method for high-temperature gas cooled reactor control system
CN113472964A (en) * 2021-06-05 2021-10-01 山东英信计算机技术有限公司 Image processing device and system
CN113472964B (en) * 2021-06-05 2024-04-16 山东英信计算机技术有限公司 Image processing device and system
CN113253263A (en) * 2021-06-22 2021-08-13 湖南华诺星空电子技术有限公司 Three-dimensional through-wall radar system
CN113253263B (en) * 2021-06-22 2021-10-15 湖南华诺星空电子技术有限公司 Three-dimensional through-wall radar system
CN115847451A (en) * 2022-12-26 2023-03-28 江西洪都航空工业集团有限责任公司 Distributed intelligent robot control system

Also Published As

Publication number Publication date
CN106845219B (en) 2019-05-10

Similar Documents

Publication Publication Date Title
CN106845219B (en) A kind of intrusion detection smart machine for multiple types of data
CN101840387B (en) USB (Universal Serial Bus) Key device and method for realizing smart card communications using USB interface
CN206712810U (en) A kind of high speed password card based on PCI E buses
CN112329038B (en) Data encryption control system and chip based on USB interface
US9965405B2 (en) Initial enumeration of empty endpoint slots using endpoint emulation
CN109471824A (en) Data transmission system and method based on AXI bus
CN103399830B (en) The Apparatus and method for of computer physics internal memory is read by PCI Express bus
CN107194257A (en) A kind of trusted system based on domestic TCM chips
CN110460646A (en) A kind of imperfect network protocol communications board and working method based on FPGA
Sung et al. USB transceiver with a serial interface engine and FIFO queue for efficient FPGA-to-FPGA communication
CN113014385B (en) Double-network-port hardware network data encryption system
CN104461796B (en) JTAG debugging modules and adjustment method for embedded 8051CPU
CN110515879A (en) A kind of asynchronous transmission device and its transmission method
CN111737178B (en) Method and equipment for obtaining evidence in computer memory and memory evidence analysis system
CN206505415U (en) A kind of encryption authentication device based on PCIE
CN102253875A (en) Field programmable gate array (FPGA) logic module debugging and data acquisition method based on PicoBlaze embedded soft core processor
CN107743117A (en) Gateway and the method and apparatus of control data transmission
CN209358570U (en) A kind of isolated device suitable for electric network information safety
CN207677773U (en) A kind of network data hardware encryption treatment system based on double netcard
CN210402342U (en) Data encryption and decryption structure based on ZYNQ
Szecówka et al. USB receiver/transmitter for FPGA implementation
CN107770228B (en) 1-Wire communication system and method based on CPCI master control
US8949105B2 (en) Hardware interface board for connecting an emulator to a network
CN101593167B (en) Bridge device of system on chip and method thereof
CN210573778U (en) Hardware encryption function circuit for intelligent traffic guidance terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200708

Address after: Room 608, block a, building 1, liantai Times Plaza, 699 Shimao Road, Honggutan New District, Nanchang City, Jiangxi Province

Patentee after: Nanchang Minshun Technology Co., Ltd

Address before: 100083 Haidian District, Xueyuan Road, No. 30,

Patentee before: University OF SCIENCE AND TECHNOLOGY BEIJING

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200819

Address after: Room 1411, Juneng building, high tech Industrial Development Zone, Yingtan City, Jiangxi Province

Patentee after: Yingtan Zhihui Internet of things Application Research Institute Co.,Ltd.

Address before: Room 608, block a, building 1, liantai Times Plaza, 699 Shimao Road, Honggutan New District, Nanchang City, Jiangxi Province

Patentee before: Nanchang Minshun Technology Co., Ltd