CN106845219B - A kind of intrusion detection smart machine for multiple types of data - Google Patents

A kind of intrusion detection smart machine for multiple types of data Download PDF

Info

Publication number
CN106845219B
CN106845219B CN201710028126.3A CN201710028126A CN106845219B CN 106845219 B CN106845219 B CN 106845219B CN 201710028126 A CN201710028126 A CN 201710028126A CN 106845219 B CN106845219 B CN 106845219B
Authority
CN
China
Prior art keywords
interface
card
data
backboard
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710028126.3A
Other languages
Chinese (zh)
Other versions
CN106845219A (en
Inventor
解仑
张雷
周育武
王志良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yingtan Zhihui Internet Of Things Application Research Institute Co ltd
Original Assignee
University of Science and Technology Beijing USTB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB filed Critical University of Science and Technology Beijing USTB
Priority to CN201710028126.3A priority Critical patent/CN106845219B/en
Publication of CN106845219A publication Critical patent/CN106845219A/en
Application granted granted Critical
Publication of CN106845219B publication Critical patent/CN106845219B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Small-Scale Networks (AREA)
  • Bus Control (AREA)

Abstract

The present invention provides a kind of intrusion detection smart machine for multiple types of data, can perform intrusion detection to multiple types of data.The equipment includes: backboard, mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board and power module;Wherein, the backboard supports compact PCI agreement;Input/output interface board after described, for providing a plurality of types of input/output interfaces, wherein, a plurality of types of input/output interfaces include: encryption and decryption card interface, network interface, RS232 serial line interface, USB interface, CAN interface, A D interface and digital I/O interface, each type of input/output interface, for obtaining the data of respective type in real time;The mainboard module, for being performed intrusion detection to the data of acquisition according to preset inbreak detection rule;The encryption and decryption card, for carrying out encryption and decryption and digital authentication processing to the data that do not invaded.The present invention is suitable for modern industry control and field of information security technology.

Description

A kind of intrusion detection smart machine for multiple types of data
Technical field
The present invention relates to modern industry control and field of information security technology, particularly relate to a kind of for multiple types of data Intrusion detection smart machine.
Background technique
In recent years, the smart machine and the industrial information control network interconnection for realizing multiple types of data intrusion detection have become The important component of modern industry system, intelligent measurement and communication equipment have the function of multiple types communication interface.Periphery letter When the control network implementations of breath network and intelligent communication device interconnects, due to the uncertainty and uncontrollability of network, how to protect The data safety and machine instruction for demonstrate,proving industrial stokehold network have reformed into safely a severe problem.Especially for steel The production such as iron metallurgy, petrochemical industry, electricity power, cement industry and infrastructure industry, they are to quantity-produced safety There is high requirement with reliability, and if necessary via the interconnection between open network and industrial control network, just quite It is directly exposed to information network in network will be controlled and faces the danger attacked.And it is special due to industrial field device Property, once destructive very strong manpower and material resources property loss will be generated by breaking down, and generate very harmful social influence.
In modern industry and data communication, intelligence degree is higher and higher, a variety of by intelligently equipping the communication constituted Categorical data control system be widely applied to aerospace, Engineering Control, environment, power grid, Medical Devices, communication and In daily life work.Wherein, controller local area network (Controller Area Network, CAN), technical grade The CAN bus data transmit-receive of CAN card is completed by CAN controller and CAN transceiver.The function card of this interface is in automobile and other industries In be widely used, and quickly grown in fields such as Industry Control, robot, medical instrument, sensors.AD Signals collecting function It is also widely used in reality with digital signal I O function, in order to acquire the much information of industrial field device, for example, acquisition AD Signal voltage data, digital IO parameter, the communication of serial UART signal, and the higher CAN bus of integrated level is used, together When also need to carry out encrypting and decrypting processing, in many cases, these functions need it is integrated on one device, it is still, existing In technology, there are no the equipment of a kind of integrated CAN interface, A D interface, digital I/O interface and encrypting and decrypting function.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of intrusion detection smart machine for multiple types of data, with It solves present in the prior art without the equipment of a kind of integrated CAN interface, A D interface, digital I/O interface and encrypting and decrypting function The problem of.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of intrusion detection intelligence for multiple types of data Equipment, comprising: backboard, the mainboard module being attached with the backboard, CAN&AD card, digital I/O card, encryption and decryption card, rear input Output interface plate and power module;Wherein, the backboard supports compact PCI agreement;
Input/output interface board after described, for providing a plurality of types of input/output interfaces, wherein the multiple types Input/output interface include: encryption and decryption card interface, network interface, RS232 serial line interface, USB interface, CAN interface, A D interface sum number Word I/O interface, each type of input/output interface, for obtaining the data of respective type in real time;
The CAN&AD card, for being communicated by the backboard with the CAN interface, A D interface;
The digital I/O card, for being communicated by the backboard with the digital I/O interface;
The mainboard module, for being performed intrusion detection to the data of acquisition according to preset inbreak detection rule;
The encryption and decryption card, for carrying out encryption and decryption and digital authentication processing to the data that do not invaded;
The power module, for powering for the backboard.
Further, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board and electricity Source module is carried out by pin connector and the backboard to slotting connection;
Wherein, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card and power module are located at the backboard Front side, the rear input/output interface board are located at the rear side of the backboard.
Further, a plurality of types of input/output interfaces include: 1 tunnel secrecy card interface, 2 road network mouths, 2 tunnels RS232 serial line interface, 6 road USB interfaces, 2 road CAN interfaces, 10 tunnel A D interfaces, 24 railway digital I/O interfaces.
Further, the CAN&AD card includes: the first conversion module and first interface expansion module;
First conversion module, for pci bus to be converted into local bus, wherein the local bus with it is described First interface expansion module is connected;
The first interface expansion module, for expanding multichannel CAN signal and multi-channel A/D signal, wherein the multichannel CAN signal and multi-channel A/D signal are connected on the rear input/output interface board by the backboard, by the rear input and output Interface board provides multichannel CAN interface and multichannel A D interface.
Further, the digital I/O card includes: the second conversion module and second interface expansion module;
Second conversion module, for pci bus to be converted into local bus, wherein the local bus with it is described Second interface expansion module is connected;
The second interface expansion module, for expanding multichannel I/O signal, wherein the multichannel I/O signal passes through described Backboard is connected on the rear input/output interface board, provides multi-path digital I/O interface by the rear input/output interface board;
Wherein, every railway digital I/O interface in the multi-path digital I/O interface can separate configurations be output interface or input connect Mouthful.
Further, the equipment further include: the first network interface expansion module for being connected with the backboard and with described first The connected net mouth transformer of network interface expansion module;
The first network interface expansion module and the net mouth transformer being connected with the first network interface expansion module, for extending First via network interface out;
The first via network interface is used for input and output network data.
Further, the equipment further include: the second network interface expansion module being connected with the backboard;
The second network interface expansion module, for expanding the second road network mouth;
The second road network mouth is used for input and output network data.
Further, the equipment further include: the alternating current filter being connected with the backboard;
The alternating current filter, for being filtered to 220V alternating current.
Further, a plurality of types of input/output interfaces further include: display port;
The display port, for accessing liquid crystal display.
Further, the equipment further include: the spare board being connect with the backboard;Wherein,
The spare board include: RS232 serial interface card, video/audio synthesis card, 1553B bus card, be based on it is compact One of the 3U board of type pci bus, 6U board based on compact pci bus are a variety of.
The advantageous effects of the above technical solutions of the present invention are as follows:
In above scheme, network interface, RS232 serial line interface, USB interface, the CAN provided based on rear input/output interface board is connect Mouth, A D interface and digital I/O interface, can obtain a plurality of types of data such as AD, CAN, digital quantity, and according to preset in real time Inbreak detection rule is performed intrusion detection in real time using a plurality of types of data of the mainboard module to acquisition;And it is solved using adding Close card, which carries out encryption and decryption and digital authentication processing to the data that do not invaded, ensure that number to realize the diversity of data According to safety and reliability.
Detailed description of the invention
Fig. 1 is the structural representation of the intrusion detection smart machine provided in an embodiment of the present invention for multiple types of data Figure;
Fig. 2 is that the detailed construction of the intrusion detection smart machine provided in an embodiment of the present invention for multiple types of data is shown It is intended to;
Fig. 3 is intrusion detection smart machine functional cards basic schematic diagram provided in an embodiment of the present invention;
Fig. 4 is PCI9054 chip provided in an embodiment of the present invention inside and outside catenation principle figure;
Fig. 5 is digital quantity I O board card function realizing circuit block diagram provided in an embodiment of the present invention;
Fig. 6 is that intrusion detection smart machine peripheral system provided in an embodiment of the present invention connects block diagram.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool Body embodiment is described in detail.
The present invention is for a kind of existing no integrated CAN interface, A D interface, digital I/O interface and encrypting and decrypting function The problem of equipment, provides a kind of intrusion detection smart machine for multiple types of data.
As shown in Figure 1, the intrusion detection smart machine provided in an embodiment of the present invention for multiple types of data, comprising: Backboard, the mainboard module being attached with the backboard, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board And power module;Wherein, the backboard supports compact PCI agreement;
Input/output interface board after described, for providing a plurality of types of input/output interfaces, wherein the multiple types Input/output interface include: encryption and decryption card interface, network interface, RS232 serial line interface, USB interface, CAN interface, A D interface sum number Word I/O interface, each type of input/output interface, for obtaining the data of respective type in real time;
The CAN&AD card, for being communicated by the backboard with the CAN interface, A D interface;
The digital I/O card, for being communicated by the backboard with the digital I/O interface;
The mainboard module, for being performed intrusion detection to the data of acquisition according to preset inbreak detection rule;
The encryption and decryption card, for carrying out encryption and decryption and digital authentication processing to the data that do not invaded;
The power module, for powering for the backboard.
It is directed to the intrusion detection smart machine of multiple types of data described in the embodiment of the present invention, is connect based on rear input and output Network interface, RS232 serial line interface, USB interface, CAN interface, A D interface and the digital I/O interface that oralia provides, can obtain in real time A plurality of types of data such as AD, CAN, digital quantity, and according to preset inbreak detection rule, using mainboard module to the more of acquisition The data of seed type perform intrusion detection in real time;And encryption and decryption and number are carried out to the data that do not invaded using encryption and decryption card Authentication processing ensure that the safety and reliability of data to realize the diversity of data.
In the present embodiment, the backboard, mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input and output are connect Oralia is all supported and uses compact PCI agreement, wherein CAN&AD card can be technical grade CAN&AD card.In the present embodiment, such as Shown in Fig. 1, Fig. 2, the intrusion detection smart machine provides multiple card slots, wherein the card slot includes: system slot, equipment Slot, power slot, system slot is for being inserted into the mainboard module, and equipment slots are for being inserted into CAN&AD card, digital I/O card, encryption and decryption Card, power slot is for being inserted into power module.
In the present embodiment, the mainboard module can be COM-E (COM Express) core board, the COM-E core board On can run the kylin linux system of customization, the kylin linux system of the customization is to invade for multiple types of data Detected rule rationally cuts former kylin linux kernel system, both ensure that the stabilization of the kylin linux system after cutting Property, reliability, hardware low-power consumption, and the transport communication protocols such as CAN, USB, AD and IO for having polymorphic type, realize data it is reliable, Efficient transmission, and various communications protocols is supported to convert;Wherein, the CPU of the COM-E core board is(Yin Te You) i7-4650U processor, it runs dominant frequency and reaches as high as 3.3GHz, reachable -40 DEG C -+95 DEG C of temperature range of operation, it is special to meet Under the conditions of, industry spot store the biggish environment of the temperature difference;The CPU of the COM-E core board is furnished with 16GB DDR3 memory;Mainboard Support plate docking connector uses 440pin patch mode in module;The mainboard module, CAN&AD card, digital I/O card, encryption and decryption Card, rear input/output interface board and power supply module are the peripheral expansion interface boards for realizing the COM-E core board.
In the present embodiment, the intrusion detection smart machine can support RS232, RS485, CAN, AD, Digital I/O, USB Etc. plurality of communication schemes, can simultaneous communications EtherCAT, UDP, NetBEUI agreement and RS232, RS485, CAN, AD and Digital I/O Signal;Input/output interface after described comprising various protocols such as EtherCAT, UDP, NetBEUI on input/output interface board; The input/output interface can include but is not limited to: 1 tunnel encryption and decryption card interface, 2 road optical fiber, 10,000,000,000 network interface, 2 road RS232 are serial Interface, 6 road USB interfaces, 2 road CAN interfaces, 10 tunnel A D interfaces and 24 railway digital I/O interfaces;Based on the rear input/output interface The available different types of data of a plurality of types of input/output interfaces on plate, the intrusion detection smart machine can be right The all types of data obtained perform intrusion detection, full-featured.
In the present embodiment, due to having CAN interface, A D interface, digital I/O interface and net on the intrusion detection smart machine Mouthful, other equipment (for example, industrial field device and/or host computer) can pass through CAN signal line, AD signal wire, I/O signal line And/or cable is attached with the intrusion detection smart machine and communicates, for example, the intrusion detection smart machine can pass through ISOEM-U5-P2-O7 isolator and AD7328BRUZ-TSSOP20 chip realize AD signal acquisitions of data such as DC voltage, double The acquisition of road CAN signal, and the input and output (IO) of digital quantity can be realized via digital I/O card.
In the present embodiment, the intrusion detection smart machine and other equipment are (for example, industrial field device and/or upper Machine) system can be formed.
In the present embodiment, the data can be multiple types number caused by the behavior of inside and outside user and system activity According to, the specific steps that perform intrusion detection of the data of described pair of acquisition may include: by mainboard module analysis and Multiple types of data caused by the behavior of detection inside and outside user and system activity, the defect and fragility of analytical equipment or system Property, specify aimed detection regular in conjunction with protocol characteristic;Attack, abnormal behaviour are identified according to Snort detected rule, are gone forward side by side Row response;System resource and data integrity assessment, monitoring system day are carried out to the Controlling model of other equipment and other equipment Will, storage access record and attack footprint.Then, encryption and decryption is carried out to the data that do not invaded by encryption and decryption card and number is recognized Card processing passes through network interface, CAN interface, USB3.0 interface, A D interface and digital I/O interface to realize the safe transmission of data Realize the diversity of data.
In the present embodiment, there is fpga chip on the encryption and decryption board, undertake the calculating task of enciphering and deciphering algorithm, realize Hardware enciphering and deciphering operation so that encryption and decryption operation be made substantially to be not take up cpu resource on mainboard module, and can guarantee such as direct current The encryption/decryption speed of the multiple types of data such as voltage, electric current, torque, revolving speed.
In the present embodiment, when the encryption and decryption card carries out encryption and decryption and digital authentication processing to the data that do not invaded, and The not single method using pure software carries out encryption and decryption and digital authentication processing to the data that do not invaded, specifically, when input, The encryption and decryption card carries out encryption and digital authentication processing by data of the Encryption Algorithm to input, when output, the encryption and decryption Data are decrypted with Encryption Algorithm corresponding decipherment algorithm for Cali and digital authentication processing;Wherein, the encryption and decryption card can With comprising Datang Telecom's encryption chip and fpga chip, the encryption and decryption card supports compact PCI agreement, and compact has abandoned biography The golden finger connection type of system type and use pin hole connector plugging mode, have high density and high reliability.
In the present embodiment, the mainboard module can also update the enciphering and deciphering algorithm in the encryption and decryption card, thus into one Step has ensured the safety of technical grade multiple types of data communication.
In the present embodiment, if the input/output interface includes 2 road optical fiber, 10,000,000,000 network interface, 2 road RS232 serial line interfaces, 6 tunnels USB interface, 2 road CAN interfaces, 10 tunnel A D interfaces and 24 railway digital I/O interfaces, then the intrusion detection smart machine can be simultaneously To 2 road optical fiber, 10,000,000,000 network interface, 2 road RS232 serial line interfaces, 6 road USB interfaces, 2 road CAN interfaces, 10 tunnel A D interfaces and 24 railway digitals The data of I/O interface are performed intrusion detection and are stored.
In the present embodiment, the backboard supports compact PCI agreement, and compact has abandoned traditional golden finger connection side Formula and use pin hole connector plugging mode, have high density and high reliability;Since the backboard supports compact PCI association View, the backboard is properly termed as compact PCI backboard, the functional cards (example according to compact PCI agreement, before the backboard Such as, mainboard module, CAN&AD card, digital I/O card, encryption and decryption card) on only realize function without external interface, when external output When signal, all signals, through the external interface output after on input/output interface board, are lifted after backboard relay transmission with CAN mouthfuls Example, the CAN&AD card includes: CAN card and AD card, wherein and the CAN card realizes two-way CAN signal by extended chip, It is relayed through backboard, needs to be arranged two-way CAN mouthfuls in rear input/output interface board.
In the present embodiment, in order to extend the function of CAN bus, devise with Magnetic isolation CAN interface and compact PCI association ADM-3053 and CTM1051A-3.3V chip can be used to realize Magnetic isolation technology in the CAN card of view, CAN card, and CAN card is collected The information of each node in CAN bus is transmitted to host computer, and the order and data of host computer can be transmitted to each node with And it completes to the part monitoring of the custom system in CAN bus and management work.
In the present embodiment, CAN snap-gauge carries two CAN controllers, and two CAN controllers that CAN snap-gauge carries are placed on CAN card Different location, two CAN controllers can be independently executed simultaneously in controller local area network;It is real between two CAN controllers Existing Magnetic isolation, the two-way Magnetic isolation CAN card of realization is that the controller local area network of connection ability is provided for computer, it has certainly Dynamic transmission repeat function, provides bus arbitration and error detection ability, the probability of data degradation can be greatly reduced in this, and ensures The reliability of system.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board and power module is stated to connect by pin It connects device and the backboard is carried out to slotting connection;
Wherein, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card and power module are located at the backboard Front side, the rear input/output interface board are located at the rear side of the backboard.
In the present embodiment, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card and power module are located at described The front side of backboard is the key that realize intrusion detection board, and the board on front side of the backboard is properly termed as front side board;Institute The rear side that rear input/output interface board is located at the backboard is stated, the board on rear side of the backboard is properly termed as rear side board; Backboard is the relaying of front side board and rear side board, realizes the relay connection with front side board, rear side board by backboard, and complete It is transmitted at the protocol conversion of interface and data;Backboard and front side, each board of rear side pass through needle in intrusion detection smart machine Female connector forms rectilinear plug relationship;For example, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card and electricity Source module can realize that front mutual-inserting type is connect with backboard by two millimeters high of the European pin hole connector of intensity, realize board Between power supply and signal intercommunication;Backboard passes through these three connectors of J1/J4, J2/J5, J3 and rear input/output interface board from backboard The back side to slotting connection.Signal is generated by each board of front, is connected and is relayed through backboard, by rear input/output interface board The corresponding interface output, in this way, in intrusion detection smart machine by high density, high reliability European pin hole connector interconnection Mode realizes the transmission and connection of power supply and signal, can be improved the reliability of whole equipment.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating CAN&AD card includes: the first conversion module and first interface expansion module;
First conversion module, for pci bus to be converted into local bus, wherein the local bus with it is described First interface expansion module is connected;
The first interface expansion module, for expanding multichannel CAN signal and multi-channel A/D signal, wherein the multichannel CAN signal and multi-channel A/D signal are connected on the rear input/output interface board by the backboard, by the rear input and output Interface board provides multichannel CAN interface and multichannel A D interface.In the present embodiment, the CAN&AD card include: the first conversion module and First interface expansion module, that is to say, that first conversion module and first interface expansion module are the components of CAN&AD card, The CAN&AD card using the first conversion module pci bus will be converted into local bus (local bus is referred to as: Local bus), first conversion module may include: PCI9054 chip and eeprom chip, wherein the PCI9054 core Piece is used to for pci bus being converted into local bus, and the eeprom chip stores matching for PCI9054 chip after solidifying instruction for a long time Confidence breath;(wherein, the first interface expansion module can be the local bus connection first interface expansion module STM32F207ZGT6 chip) and expand 10 road AD signals and 2 tunnel CAN signals, the 10 road AD signals expanded and 2 road CAN letter After number being connected to after backboard on input/output interface board, 10 tunnel A D interfaces and 2 tunnels are externally provided by rear input/output interface board CAN interface, wherein STM32F207ZGT6 chip needs to carry out program Solidification with J-Link tool and Keil5.0 software.
In the present embodiment, as shown in figure 3, pci bus passes through circuit conversion, and pass through the logic on local bus and board The completion interface that is connected with processing circuit is controlled to realize the control of board and the input and output of signal, logic control and processing circuit Board functional requirement is completed the functions such as address decoding, Data Format Transform, logic control, while being carried out to peripheral functional circuit Control and signal with driving circuit are output and input, wherein logic control and processing circuit can pass through FPGA device It realizes.
As shown in figure 4, compact pci bus interface control logic realizes PCI9054 chip and 64bit, 66.6MHz PCI The interface of bus;The realization of local bus interface control logic is connected with PCI9054 chip.The internal resource of PCI9054 chip Including PCI configuration internal register, local bus control logic and a pair of of read-write FIFO, for configuring system, and it is total to connect PCI Line and local bus.The internal logic of PCI9054 chip is made of serial EEPROM controller and fifo control logic, Qian Zheyong To load the value of configuration register from optional external series EEPROM, the latter controls read-write FIFO, coordinates compact pci bus And local bus.Jtag interface is by Keil5.0 software and program come debug circuit, by this interface by program Solidification Into the board of invention.
Wherein, PCI9054 chip part/local bus is there are two types of operating mode (MODE): non-multiplexed mode and more Road multiplexer mode.Under non-multiplexed mode, in the case that MODE input is low, PCI9054 uses non-multiplexed mode, On the contrary, when MODE input is high, using multiplexing modes.Under multiplexing modes, LA [27:2] is used to transmit address, LAD [63:32] is 64 bit address/data-reusing bus;Under non-multiplexed mode, LA [27:2] is address bus, LD [63: It 32] is data/address bus.
The present embodiment in order to better understand is illustrated compact pci bus signal:
Compact pci bus signal completes the timing sequence conversion of bus, and intrusion detection smart machine is made to can control various components The functional circuit of (mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board and power module).This Embodiment adds the interface scheme of FPGA using PCI9054 chip, to complete CAN&AD card and digital I/O card design.By PLX company The PCI9054 chip of production is written and read logic using the FPGA of altera corp and compact PCI expands as pci controller Open up Functional Design.
In the present embodiment, the PCI9054 is the interface chip of 32/64, frequency 33/66MHz, can make pci signal most Fast transmission speed reaches 264MB/s;Support local bus multiplexing and 32/64 bit address of non-multiplexed or data protocol, And dynamic local bus 8,16 and 32 bit manipulations, local clock is supported to reach as high as 66.6MHz;Support 5 PCI to locally Address space mappinD, each space allow individually programming wait state, highway width and sudden transmission function;Support compact PCI power management v2.2 Version Spec;The PCI of Vita product data (Vital Product Data, be abbreviated as VPD) is supported to expand Exhibition and PCI target pre-read mode can increase bandwidth and reduce reading delay;PCI9054 chip has 9 general programmable mesh I/O, multiple use can be used in;Support that compact PCI's is hot-swappable;Its power supply supports the fault-tolerant behaviour of DC3.3V and 5V voltage Make, and there is optional serial eeprom interface.
Compact pci bus is had excellent performance, and using European pin hole connector, can quickly transmit multiple types of data, Interface logic has depth very much, bus initial stage of development to realized with FPGA be it is relatively difficult, and reliability compared with It is low, in general, realize that the interface function of compact PCI is one highly effective, reliable using dedicated pci interface chip Design implementation method.
In the present embodiment, uses the FPGA device of ALTERA company of the U.S and its develop environment and tool QUARTUS II 12.0, this be it is a kind of can requirement by user according to designed digital display circuit, define in use site, configure it is highly dense Spend special digital integrated circuit.Design module can be realized under the support of FPGA development system software containing extensive logic gate The design of digital display circuit.
The major advantage of FPGA can be summarized as following three parts:
The characteristic of user's field-programmable of FPGA substantially reduces the design cycle, can in a short time, by setting Meter person scene provides the template fast implemented.
FPGA can provide the more effective logical capacity density bigger than EPLD and CPLD device, not only greatly reduce printing The space of circuit board greatly reduces system power dissipation, while substantially increasing the technique realizability and product of system design Reliability.
FPGA device can heat it is erasable, program repeatedly, and can Straight simulation in the process of development, the loss that no technique is realized.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute Stating digital I/O card includes: the second conversion module and second interface expansion module;
Second conversion module, for pci bus to be converted into local bus, wherein the local bus with it is described Second interface expansion module is connected;
The second interface expansion module, for expanding multichannel I/O signal, wherein the multichannel I/O signal passes through described Backboard is connected on the rear input/output interface board, provides multi-path digital I/O interface by the rear input/output interface board;
Wherein, every railway digital I/O interface in the multi-path digital I/O interface can separate configurations be output interface or input connect Mouthful.
In the present embodiment, pci bus is converted into local bus using the second conversion module by the digital I/O card, and described Two conversion modules may include: PCI9054 chip and eeprom chip, wherein the PCI9054 chip is used for pci bus It is converted into local bus, the eeprom chip solidifies the configuration information for storing PCI9054 chip after instruction for a long time;The local Bus connects second interface expansion module, and (wherein, the second interface expansion module can be onboard for digital I/O card EP1C3T144C8N chip) and 24 tunnel I/O signals are expanded, the 24 tunnel I/O signals expanded input defeated after being connected to after backboard On outgoing interface plate, 24 railway digital I/O interfaces are externally provided by rear input/output interface board, wherein digital I/O card is onboard EP1C3T144C8N chip loads and uses software translating FPGA program, need with USB Blaster emulator and QuartusII12.0 software carries out program Solidification.
In the present embodiment, the 24 railway digital I/O interface for provide 24 road TTL digital quantity input and output I/O ports, every group I/O port can separate configurations be output port or input port.
In the present embodiment, it is illustrated in figure 5 the Functional Circuit Diagram of digital I/O card, 10MHz optocoupler uses HCPL2631 device Part, driving circuit use SG2003J/883b.High pressure will be pulled to 26VDC, the electricity of 26V through overdrive circuit by digital output Source is provided by peripheral DC power supply.Application program be arranged certain all the way output signal when, pass through this road pair of driving interface function setup The register answered, FPGA can export corresponding signal according to the setting value of register, using becoming 26VDC signal after driving circuit Or 0VDC signal.
In the present embodiment, the input of digital quantity is by accessing to 10MHz optocoupler HCPL2631 chip after current-limiting resistance, when defeated When to enter signal voltage be direct current 14.9V~26.1V, optocoupler conducting can export a corresponding High state, when input signal is straight When flowing 0V~0.81V, optocoupler is not turned on, and output phase answers another Low state at this time, and the output line of optocoupler is to be connected to FPGA device Part EP2C8Q208C8N's, FPGA internal logic is High the or Low shape that can determine that input signal according to the two states of optocoupler State places the input state of this railway digital amount in corresponding register.When application program will read the state on this road, need Driving interface function is called, by chip ULN2803AFWG and technical grade relay JRC-089M-002-05-II, realizes number High-speed switch and state conversion are measured, driving interface function can return to the state of this railway digital amount input signal, the state of return Acquisition software is passed to, after parsing and handle via software, realizes the function of digital I/O card.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute State equipment further include: the first network interface expansion module being connected with the backboard and the net being connected with the first network interface expansion module Mouth transformer;
The first network interface expansion module and the net mouth transformer being connected with the first network interface expansion module, for extending First via network interface out;
The first via network interface is used for input and output network data.
In the present embodiment, the first network interface expansion module being connected with the backboard can beICH9M network Chip, the net mouth transformer can be IMG M1801IG chip;ICH9M network chip connects net mouth transformer IMG M1801IG simultaneously expands out network interface all the way, wherein the network interface can be optical network mouth.
It in the present embodiment, rapidly inputs and exports by the Ethernet that network data may be implemented in two-way optical fiber network interface, prop up Hold Ethernet and Internet transmission standard, and TCP/IP, EtherCAT and udp protocol of signal transmission support standard.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute State equipment further include: the second network interface expansion module being connected with the backboard;
The second network interface expansion module, for expanding the second road network mouth;
The second road network mouth is used for input and output network data.
In the present embodiment, the second network interface expansion module goes out another way optical fiber network interface with a PCIE X4 signal extension, In this way, rapidly input and export by the Ethernet that network data may be implemented in two-way optical fiber network interface, support Ethernet and Internet transmission standard, and TCP/IP, EtherCAT and udp protocol of signal transmission support standard.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute State equipment further include: the alternating current filter being connected with the backboard;
The alternating current filter, for being filtered to 220V alternating current.
In the present embodiment, as shown in Fig. 2, the equipment further include: the alternating current filter being connected with the backboard;Alternating current 220V alternating current passes through after being filtered by alternating current filter and introduces power module by backboard, and service-strong is European on power module Power connector female, with power connector male connector European on backboard to slotting connection.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute State a plurality of types of input/output interfaces further include: display port;
The display port, for accessing liquid crystal display.
In the present embodiment, as shown in Fig. 2, the input/output interface of intrusion detection smart machine include: encryption and decryption card interface, Network interface, RS232 serial line interface, USB interface, CAN interface, A D interface and digital I/O interface, as shown in fig. 6, the intrusion detection Smart machine can access 10,000,000,000 interchangers, keyboard, mouse, firewall by the input/output interface and realize it to external Mouthful.It stores after the signal or digital I/O signal that the data such as external voltage, industrial CAN device issue are acquired to intrusion detection intelligence In the embedded hard disk of the mainboard module of equipment, and data can be written and read by upper computer software.
In the present embodiment, a plurality of types of input/output interfaces can also include: 1 display port, wherein described aobvious Show that mouth can be used for accessing liquid crystal display.
In the aforementioned specific embodiment for the intrusion detection smart machine of multiple types of data, further, institute State equipment further include: the spare board connecting with the backboard;Wherein,
The spare board include: RS232 serial interface card, video/audio synthesis card, 1553B bus card, be based on it is compact One of the 3U board of type pci bus, 6U board based on compact pci bus are a variety of.
In the present embodiment, the equipment further include: the spare board connecting with the backboard, the standby plate are positioned in institute State the front side of backboard;The spare board can according to the actual situation be extended the function of the equipment, for example, described Spare board includes: RS232 serial interface card, video/audio synthesis card, 1553B bus card, the 3U based on compact pci bus One of board, 6U board based on compact pci bus are a variety of, as shown in Fig. 2, can be inserted by spare card slot standby With board, to further enrich the functional performance of intrusion detection smart machine, wherein 3U plate can be inserted in 6U board slot Card has very strong compatibility;Compact pci bus has abandoned the golden finger form of traditional PCI bus, using reliable and stable Pin hole connector form has high density and high reliability, while equipment supports the warm connection function of board, realizes polymorphic type association View, multi-functional board it is integrated.
In the present embodiment, the backboard, mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input and output are connect Oralia, spare board are all using meeting the electronic component of aviation-grade or army's grade, and use meets compact PCI standard, outside Graceful structural member is seen, internal board can be protected and chip and component are not damaged by external stress thereon.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications It should be regarded as protection scope of the present invention.

Claims (8)

1. a kind of intrusion detection smart machine for multiple types of data characterized by comprising backboard, with the backboard Mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board and the power module being attached;Its In, the backboard, mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board are all supported and are used Compact PCI agreement;The mainboard module is COM Express core board, runs linux system;
Input/output interface board after described, for providing a plurality of types of input/output interfaces, wherein described a plurality of types of defeated Entering output interface includes: encryption and decryption card interface, network interface, RS232 serial line interface, USB interface, CAN interface, A D interface and Digital I/O Interface, each type of input/output interface, for obtaining the data of respective type in real time;
The CAN&AD card, for being communicated by the backboard with the CAN interface, A D interface;
The digital I/O card, for being communicated by the backboard with the digital I/O interface;
The mainboard module, for being performed intrusion detection to the data of acquisition according to preset inbreak detection rule;
The encryption and decryption card, for carrying out encryption and decryption and digital authentication processing to the data that do not invaded;
The power module, for powering for the backboard;
Wherein, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card, rear input/output interface board and power module are logical Needle passing hole formula connector and the backboard are carried out to slotting connection;
Wherein, the mainboard module, CAN&AD card, digital I/O card, encryption and decryption card and power module are located at the front side of the backboard, Input/output interface board is located at the rear side of the backboard after described;
Wherein, a plurality of types of input/output interfaces include: 1 tunnel secrecy card interface, 2 road network mouths, 2 road RS232 serial interfaces Mouth, 6 road USB interfaces, 2 road CAN interfaces, 10 tunnel A D interfaces, 24 railway digital I/O interfaces.
2. the intrusion detection smart machine according to claim 1 for multiple types of data, which is characterized in that described CAN&AD card includes: the first conversion module and first interface expansion module;
First conversion module, for pci bus to be converted into local bus, wherein the local bus and described first Interfacing expansion module is connected;
The first interface expansion module, for expanding multichannel CAN signal and multi-channel A/D signal, wherein the multichannel CAN letter Number and multi-channel A/D signal by the backboard be connected to it is described after on input/output interface board, by the input/output interface board afterwards Multichannel CAN interface and multichannel A D interface are provided.
3. the intrusion detection smart machine according to claim 2 for multiple types of data, which is characterized in that the number Word IO card includes: the second conversion module and second interface expansion module;
Second conversion module, for pci bus to be converted into local bus, wherein the local bus and described second Interfacing expansion module is connected;
The second interface expansion module, for expanding multichannel I/O signal, wherein the multichannel I/O signal passes through the backboard It is connected on the rear input/output interface board, provides multi-path digital I/O interface by the rear input/output interface board;
Wherein, every railway digital I/O interface in the multi-path digital I/O interface can separate configurations be output interface or input interface.
4. the intrusion detection smart machine according to claim 1 for multiple types of data, which is characterized in that described to set It is standby further include: the first network interface expansion module being connected with the backboard and the network interface being connected with the first network interface expansion module become Depressor;
The first network interface expansion module and the net mouth transformer being connected with the first network interface expansion module, for expanding Network interface all the way;
The first via network interface is used for input and output network data.
5. the intrusion detection smart machine according to claim 1 for multiple types of data, which is characterized in that described to set It is standby further include: the second network interface expansion module being connected with the backboard;
The second network interface expansion module, for expanding the second road network mouth;
The second road network mouth is used for input and output network data.
6. the intrusion detection smart machine according to claim 1 for multiple types of data, which is characterized in that described to set It is standby further include: the alternating current filter being connected with the backboard;
The alternating current filter, for being filtered to 220V alternating current.
7. the intrusion detection smart machine according to claim 1 for multiple types of data, which is characterized in that described more The input/output interface of seed type further include: display port;
The display port, for accessing liquid crystal display.
8. the intrusion detection smart machine according to claim 1 for multiple types of data, which is characterized in that described to set It is standby further include: the spare board being connect with the backboard;Wherein,
The spare board includes: RS232 serial interface card, video/audio synthesis card, 1553B bus card, is based on compact PCI One of the 3U board of bus, 6U board based on compact pci bus are a variety of.
CN201710028126.3A 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data Active CN106845219B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710028126.3A CN106845219B (en) 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710028126.3A CN106845219B (en) 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data

Publications (2)

Publication Number Publication Date
CN106845219A CN106845219A (en) 2017-06-13
CN106845219B true CN106845219B (en) 2019-05-10

Family

ID=59124637

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710028126.3A Active CN106845219B (en) 2017-01-13 2017-01-13 A kind of intrusion detection smart machine for multiple types of data

Country Status (1)

Country Link
CN (1) CN106845219B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107656889A (en) * 2017-08-04 2018-02-02 上海航天电子有限公司 A kind of aerospace electronic product universal detection device
CN108021125A (en) * 2017-12-28 2018-05-11 深圳市永达电子信息股份有限公司 Industrial system signal of communication detecting system
CN108809727B (en) * 2018-06-15 2020-08-07 北京科技大学 Intrusion prevention system of direct current motor control system
CN109766301B (en) * 2018-12-25 2020-11-13 北京航天晨信科技有限责任公司 Bus device for signal communication of a keying function
CN113242214B (en) * 2021-04-19 2022-09-23 国电南瑞科技股份有限公司 Device, system and method for encryption authentication between boards of power secondary equipment
CN113204804B (en) * 2021-04-25 2022-03-22 山东英信计算机技术有限公司 Security module, server mainboard and server
CN113110395A (en) * 2021-04-30 2021-07-13 西安热工研究院有限公司 Multi-bus testing device and method for high-temperature gas cooled reactor control system
CN113472964B (en) * 2021-06-05 2024-04-16 山东英信计算机技术有限公司 Image processing device and system
CN113253263B (en) * 2021-06-22 2021-10-15 湖南华诺星空电子技术有限公司 Three-dimensional through-wall radar system
CN115847451A (en) * 2022-12-26 2023-03-28 江西洪都航空工业集团有限责任公司 Distributed intelligent robot control system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223320A (en) * 2011-03-31 2011-10-19 华车(北京)交通装备有限公司 CANOPEN-HDLC gateway based on ARM 7
CN103491530A (en) * 2013-09-11 2014-01-01 辽源市信长城信息技术研发有限公司 Intelligent PAD with information safety mechanism
CN204884126U (en) * 2015-07-30 2015-12-16 国家电网公司 Intrusion detection information acquisition communication equipment
CN205283601U (en) * 2016-01-15 2016-06-01 成都智扬易方软件有限公司 Take intrusion detection's network security isolated system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223320A (en) * 2011-03-31 2011-10-19 华车(北京)交通装备有限公司 CANOPEN-HDLC gateway based on ARM 7
CN103491530A (en) * 2013-09-11 2014-01-01 辽源市信长城信息技术研发有限公司 Intelligent PAD with information safety mechanism
CN204884126U (en) * 2015-07-30 2015-12-16 国家电网公司 Intrusion detection information acquisition communication equipment
CN205283601U (en) * 2016-01-15 2016-06-01 成都智扬易方软件有限公司 Take intrusion detection's network security isolated system

Also Published As

Publication number Publication date
CN106845219A (en) 2017-06-13

Similar Documents

Publication Publication Date Title
CN106845219B (en) A kind of intrusion detection smart machine for multiple types of data
CN101840387B (en) USB (Universal Serial Bus) Key device and method for realizing smart card communications using USB interface
CN114756869A (en) Data processing apparatus
CN103399830B (en) The Apparatus and method for of computer physics internal memory is read by PCI Express bus
CN105119849B (en) A kind of exchange board structure and the data managing method applied to exchange board structure
CN112329038B (en) Data encryption control system and chip based on USB interface
US7779194B2 (en) Data modification module
CN102479123A (en) System and method for testing chip operating system (COS)
CN107194257A (en) A kind of trusted system based on domestic TCM chips
CN107678997A (en) Hot-plug method, system, device and the readable storage medium storing program for executing of PCIE plug-in cards
CN113014385B (en) Double-network-port hardware network data encryption system
CN110502464A (en) A kind of hot-swappable processing method, device, equipment, system and readable storage medium storing program for executing
CN111737178B (en) Method and equipment for obtaining evidence in computer memory and memory evidence analysis system
CN206505415U (en) A kind of encryption authentication device based on PCIE
CN107743117A (en) Gateway and the method and apparatus of control data transmission
CN209358570U (en) A kind of isolated device suitable for electric network information safety
CN116340077A (en) Input-output device with debug controller
Scott Rhino: Reconfigurable hardware interface for computation and radio
CN216016884U (en) High-speed network isolation card based on FPGA integrated kilomega and tera optical port
CN107770228B (en) 1-Wire communication system and method based on CPCI master control
CN113158203B (en) SOC chip, circuit and external data read-write method of SOC chip
CN210573778U (en) Hardware encryption function circuit for intelligent traffic guidance terminal
CN210402342U (en) Data encryption and decryption structure based on ZYNQ
CN210983388U (en) Board card capable of converting one path to multiple paths of PCI-E and PCI bus interfaces
US8949105B2 (en) Hardware interface board for connecting an emulator to a network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200708

Address after: Room 608, block a, building 1, liantai Times Plaza, 699 Shimao Road, Honggutan New District, Nanchang City, Jiangxi Province

Patentee after: Nanchang Minshun Technology Co., Ltd

Address before: 100083 Haidian District, Xueyuan Road, No. 30,

Patentee before: University OF SCIENCE AND TECHNOLOGY BEIJING

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200819

Address after: Room 1411, Juneng building, high tech Industrial Development Zone, Yingtan City, Jiangxi Province

Patentee after: Yingtan Zhihui Internet of things Application Research Institute Co.,Ltd.

Address before: Room 608, block a, building 1, liantai Times Plaza, 699 Shimao Road, Honggutan New District, Nanchang City, Jiangxi Province

Patentee before: Nanchang Minshun Technology Co., Ltd

TR01 Transfer of patent right