CN113347022A - Civil aircraft airborne information system network security capability detection system and method - Google Patents

Civil aircraft airborne information system network security capability detection system and method Download PDF

Info

Publication number
CN113347022A
CN113347022A CN202110525738.XA CN202110525738A CN113347022A CN 113347022 A CN113347022 A CN 113347022A CN 202110525738 A CN202110525738 A CN 202110525738A CN 113347022 A CN113347022 A CN 113347022A
Authority
CN
China
Prior art keywords
security
gateway
avionic
information
capability detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110525738.XA
Other languages
Chinese (zh)
Other versions
CN113347022B (en
Inventor
张双
万欣宇
孔德岐
刘绚
王辰娇
王元勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Aeronautics Computing Technique Research Institute of AVIC
Original Assignee
Xian Aeronautics Computing Technique Research Institute of AVIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Aeronautics Computing Technique Research Institute of AVIC filed Critical Xian Aeronautics Computing Technique Research Institute of AVIC
Priority to CN202110525738.XA priority Critical patent/CN113347022B/en
Publication of CN113347022A publication Critical patent/CN113347022A/en
Application granted granted Critical
Publication of CN113347022B publication Critical patent/CN113347022B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/42Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for mass transport vehicles, e.g. buses, trains or aircraft
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a civil aircraft airborne information system network security capability detection system and a method. The system comprises an avionic security capability detection case set, an avionic security capability detection module, an information security gateway security capability detection case set, an information security gateway security capability detection module, a security gateway security log analysis module and an airborne information system security capability detection main control module; by executing the security log monitoring, the avionic security capability detection and the information security gateway security capability detection method, the purpose of detecting the network security capability of the airborne information system of the tested equipment is realized while the network security robustness test and the vulnerability test are executed.

Description

Civil aircraft airborne information system network security capability detection system and method
Technical Field
The invention relates to a civil aircraft airborne information system network security capability detection system and a method.
Background
With the popularization and application of the digital aviation concept, the airborne information system develops towards the direction of realizing information sharing of a control center, a flight operation center, a passenger cabin, an airport and an airplane. The airborne information system can acquire airplane parameter information, audio and video information in real time and send the information to the ground, so that the real-time monitoring of the airplane on the ground is realized; the state information of the airplane equipment can be collected and analyzed, and the airplane operation and maintenance are supported; the airplane system can be rapidly updated through the electronic transmission and loading functions; an electronic flight manual and a tool can be provided to reduce the workload of the flight set; the video data of a passenger cabin, a cargo hold and the like can be provided, and the capability of the flight unit for sensing the internal and external environments of the airplane is improved; the data required by the flight such as weather can be provided; the flight experience of passengers can be improved by providing services such as video, online shopping and online; the information of each interest relevant party can be wirelessly transmitted, and the integration of the air and ground information is realized.
The civil aircraft airborne information system integrates functions of airline information service, network management, WiFi-based air-ground wireless communication and the like. The airborne information system also faces the problems of heterogeneous integration and security network threats brought by the need of fusing different suppliers, different devices, different networks and different information processing, such as network interruption, data leakage or stealing, data tampering and the like, while improving the economy of the civil passenger plane. Meanwhile, the information technology is applied to integrate and optimize a plurality of airborne information, and new system functions, system architectures and airborne network security environments can be generated. Conventional system detection techniques do not support the detection of this new type of system. Particularly, the detection of the airborne network security function requires both the utilization of the traditional internet information security testing technology and the consideration of special network security verification requirements in an airborne environment.
In the network security function detection process of the airborne information system, a network security robustness test and a vulnerability test are executed, and meanwhile, whether the security function of the tested equipment works effectively is verified, and the network security capability of the tested equipment is detected to realize the network security function detection, but at present, no solution for detecting the network security protection capability of the airborne information system exists.
Disclosure of Invention
The invention provides a civil aircraft airborne information system network security capability detection system and method, which achieve the purpose of detecting the network security capability of a tested equipment airborne information system while executing a network security robustness test and a vulnerability test.
The technical scheme of the invention is to provide a civil aircraft airborne information system network security capability detection system, which is characterized in that: the safety protection capability detection system comprises an avionic safety gateway safety protection capability detection case set, an avionic safety gateway safety protection capability detection module, an information safety gateway safety protection capability detection case set, an information safety gateway safety protection capability detection module, a safety gateway safety protection log analysis module and an airborne information system safety protection capability detection main control module;
the avionic security gateway security capability detection case set is a set of avionic security capability detection cases;
the avionic security gateway security capability detection module is used for reading and sequentially executing detection cases in the avionic security capability detection case set, receiving response messages of the tested equipment and detecting the working state of the avionic domain security function of the avionic security gateway in the tested equipment in real time by analyzing the response messages;
the information security gateway security capability detection case set is a set of information security gateway security capability detection cases;
the information security gateway security capability detection module is used for calling and executing detection cases in the information security gateway security capability detection case set, receiving response messages of the tested equipment and detecting the working state of the information domain security function of the information security gateway in the tested equipment in real time by analyzing the response messages;
the safety gateway security log analysis module is used for receiving security logs sent by an avionic safety gateway and an information safety gateway in the tested equipment in real time and judging the working state of the avionic security function of the avionic safety gateway in the tested equipment and the working state of the information domain security function of the information safety gateway by analyzing the content of the security logs;
the security capability detection main control module of the onboard information system is used for controlling the execution of the security capability detection module of the avionic security gateway, the security capability detection module of the information security gateway and the security log analysis module of the security gateway and providing a human-computer interface for operation and interaction.
Furthermore, a detection case set for the security protection capability of the avionic security gateway defines request message sending logic, response message receiving logic and judgment logic in the detection case according to the security protection function of the avionic security gateway;
the security protection capability detection module of the avionic security gateway is used for: firstly, calling request message sending logic of a security capability detection case set of the avionic security gateway to send a request message to tested equipment; then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with a response message corresponding to the request message in the detection case, considering that the received response message is a correct response message, and then judging that the working state of the avionic domain security function of the avionic security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message; otherwise, judging the abnormal condition, and recording the content and the occurrence time of the abnormal response message for manually analyzing the abnormal reason.
Furthermore, the information security gateway security capability detection case set defines request message sending logic, response message receiving logic and judgment logic in the detection case according to the information security gateway security function;
the information security gateway security capability detection module is used for: firstly, calling request message sending logic of an information security gateway security capability detection case set to send a request message to a tested device; and then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with a response message corresponding to the request message in the detection case, determining that the received response message is a correct response message, judging that the working state of the information domain security function of the information security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message, otherwise, judging that the working state is abnormal, and recording the content and occurrence time of the abnormal response message for manually analyzing the reason of the abnormality.
Further, the security log analysis module analyzes the content of the security log, and if the content of the field of the record type in the security log is 'error', the security working state of the security function of the corresponding security gateway in the tested device is abnormal, and the content and the occurrence time of the log are recorded.
The invention also provides a detection method based on the civil aircraft airborne information system network security capability detection system, which is characterized by comprising the following steps:
step 1, monitoring a security log;
step 1.1, starting a security log analysis module of a security gateway by a security capability detection main control module of an airborne information system;
step 1.2, a security log analysis module of the security gateway receives security log messages sent by an avionic security gateway and an information security gateway in the tested equipment in real time;
step 1.3, a security log analysis module of the security gateway analyzes the content of the security log;
step 1.4, a security log analysis module of the security gateway judges whether the working state of the avionic domain security function of the avionic security gateway of the tested equipment and the working state of the information domain security function of the information security gateway are normal or not according to the type of the security log and the message content of the security log; if the data is normal, the step 1.6 is carried out, otherwise, the step 1.5 is carried out;
step 1.5, a security gateway security log analysis module records the content and occurrence time of an abnormal security log;
step 1.6, the security capability detection main control module of the airborne information system judges whether the test is finished, if so, the step 1.7 is carried out, and if not, the step 1.2 is carried out;
step 1.7, stopping the security log analysis module of the security gateway by the security capability detection master control module of the airborne information system, and ending the test;
step 2, detecting security protection capability of the avionic security gateway;
step 2.1, starting a security capability detection module of the avionic security gateway by a security capability detection main control module of the airborne information system;
step 2.2, the security protection capability detection module of the avionic security gateway reads detection cases in the security protection capability detection case set of the avionic security gateway;
step 2.3, sequentially executing detection cases in the avionic security capability detection case set by the avionic security gateway security capability detection module;
step 2.4, the security protection capability detection module of the avionic security gateway receives and analyzes response messages sent by the tested equipment in the execution of the detection case;
step 2.5, the security protection capability detection module of the avionic security gateway judges whether the response message is correct, if so, the step 2.7 is carried out, and if not, the step 2.6 is carried out;
step 2.6, the security protection capability detection module of the avionic security gateway records the content and the occurrence time of the abnormal message;
step 2.7: the security protection capability detection module of the avionic security gateway judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 2.3 is carried out;
step 3, detecting the security capability of the information security gateway;
step 3.1, starting an information security gateway security capability detection module by an airborne information system security capability detection main control module;
3.2, the information security gateway security capability detection module calls a detection case in the information security gateway security capability detection case set;
3.3, sequentially executing detection cases in the information security gateway security capability detection case set by the information security gateway security capability detection module;
step 3.4, the security capability detection module of the information security gateway receives and analyzes a response message sent by the tested equipment in the execution of the detection case;
step 3.5, the security capability detection module of the information security gateway judges whether the response message is correct; if the result is correct, the step 3.7 is carried out, otherwise, the step 3.6 is carried out;
step 3.6, the security capability detection module of the information security gateway records the content and the occurrence time of the abnormal message;
step 3.7; the information security gateway security capability detection module judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 3.3 is carried out.
Further, step 2.3 specifically includes:
the avionic security gateway security capability detection module calls request message sending logic of the avionic security capability detection case set to send a request message to the tested equipment;
the step 2.5 is specifically as follows:
if the avionic security gateway security capability detection module receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the avionic security function of the avionic security gateway of the tested device is judged to be normal by using the judgment logic corresponding to the request message, the step 2.7 is carried out, otherwise, the step 2.6 is carried out if the working state is judged to be abnormal.
Further, step 3.3 specifically includes:
an information security gateway security capability detection module calls request message sending logic of an information security gateway security capability detection case set 104 to send a request message to the tested equipment;
the step 3.5 is specifically as follows:
if the information security gateway security capability detection module receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the judgment logic corresponding to the request message is used for judging that the working state of the information domain security function of the information security gateway of the tested device is normal, the step 3.7 is carried out, otherwise, the step 3.6 is carried out.
Further, step 1.4 specifically includes:
the security log analysis module of the security gateway judges the working states of the avionic security gateway and the information security gateway in the tested equipment by analyzing the content of the security log: and if the content of the record type field in the security log is 'error', the working state of the security function of the corresponding security gateway in the tested equipment is abnormal, the step 1.5 is carried out, and if the working state is normal, the step 1.6 is carried out.
The present invention also provides a computer-readable storage medium having a computer program stored thereon, characterized in that: which when executed by a processor implements the above-described method.
The present invention also provides a terminal, comprising: at least one processor, at least one memory, and a communication interface, characterized in that: the communication interface, the at least one memory, and the at least one processor are coupled; the terminal communicates with other devices via the communication interface, and the at least one memory stores a computer program such that, when executed by the at least one processor, the computer program implements the method described above.
The invention has the beneficial effects that:
1. the network security capability detection system of the civil aircraft airborne information system comprises an avionic security gateway security capability detection module, an avionic security gateway security capability detection case set, an information security gateway security capability detection module, an information security gateway security capability detection case set, a security gateway security log analysis module and an airborne information system security capability detection main control module.
2. In the security log monitoring execution flow of the method, the running state of the security function of the security gateway in the tested equipment can be detected by receiving and analyzing the log of the security gateway of the tested equipment.
3. In the security protection capability detection execution flow of the avionic security gateway in the method, the avionic security gateway security protection capability detection module and the avionic security gateway security protection capability detection case are executed in a centralized combination manner, so that the communication interface effectiveness and the protection function effectiveness of the avionic security gateway security protection function can be simultaneously detected when a network security test is executed.
4. In the information security gateway security capability detection execution flow in the method, the information security gateway security capability detection module and the information security gateway security capability detection case set are combined and executed, and the communication interface validity and the protection function validity of the information security gateway security function can be detected simultaneously when a network security test is executed.
Drawings
FIG. 1 is a system configuration of the present invention.
FIG. 2 is a flow chart of security log monitoring execution according to the present invention.
Fig. 3 is a security capability detection process of the avionic security gateway.
Fig. 4 is a security capability detection flow of the information security gateway of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the network security capability detection system of the civil aircraft airborne information system of the present invention includes the following modules: the system comprises an avionic security gateway security capability detection module 101, an avionic security gateway security capability detection case set 102, an information security gateway security capability detection module 103, an information security gateway security capability detection case set 104, a security gateway security log analysis module 105 and an airborne information system security capability detection main control module 106.
The avionic security gateway security capability detection case set 102 is a set of avionic security capability detection cases, and request message sending logic, response message receiving logic and judgment logic are defined in the cases according to the avionic security gateway security function. Such as avionics request message sending logic, response message receiving logic, and decision logic, may be implemented using Python scripting programming language.
The avionic security gateway security capability detection module 101 is responsible for detecting the effectiveness of the communication interface and the effectiveness of the protection function of the avionic security gateway security function in real time, and detecting the working state of the avionic domain security function of the avionic security gateway. The avionic security gateway security capability detection module 101 calls the avionic security gateway security capability detection case set 102, sequentially executes detection cases, and receives a response message of the tested device. The avionic security gateway security capability detection module 101 detects the working state of the avionic domain security function of the avionic security gateway in the device under test by analyzing the response message of the device under test. For example, the avionic security gateway security capability detection module 101 first calls a request message sending logic of the avionic security gateway security capability detection case set 102 to send a request message to the device under test; then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with a response message corresponding to the request message in the detection case, considering that the received response message is a correct response message, and then judging that the working state of the avionic domain security function of the avionic security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message; otherwise, the judgment is abnormal. And recording the content and the occurrence time of the abnormal response message for manually analyzing the abnormal reason.
The information security gateway security capability detection use case set 104 is a set of information security gateway security capability detection use cases, and request message sending logic, response message receiving logic and judgment logic are defined in the use cases according to the information security gateway security function. Such as the message sending request message logic, the response message receiving logic and the judgment logic, may be implemented using Python scripting programming language.
The information security gateway security capability detection module 103 is responsible for detecting the validity of the communication interface and the validity of the protection function of the information security gateway security function in real time, and detecting the working state of the information domain security function of the information security gateway. The information security gateway security capability detection module 103 calls the information security gateway security capability detection case set 104, sequentially executes detection cases, and receives a response message of the device to be detected. The information security gateway security capability detection module 103 detects the working state of the information domain security function of the information security gateway in the device under test by analyzing the response message of the device under test. For example, first, a request message sending logic of the information security gateway security capability detection use case set 104 is called to send a request message to a device to be tested; and then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with a response message corresponding to the request message in the detection case, determining that the received response message is a correct response message, judging that the working state of the information domain security function of the information security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message, otherwise, judging that the working state is abnormal, and recording the content and occurrence time of the abnormal response message for manually analyzing the reason of the abnormality.
The security gateway security log analysis module 105 is responsible for receiving security logs sent by an avionic security gateway and an information security gateway in the tested device in real time, analyzing the received log contents, wherein the value range of a record type field in a log message has { operation, notification, warning and error }, and when the value of the field is 'error', the security function of the security gateway is abnormal. Log content and time of occurrence are recorded.
The airborne information system security capability detection main control module 106 is responsible for controlling the execution of the avionic security gateway security capability detection module 101, the information security gateway security capability detection module 103 and the security gateway security log analysis module 105, and providing a human-computer interface for operation and interaction.
Detection is achieved by the following process:
1) monitoring a security log:
the security log monitoring process is shown in fig. 2.
Step 1.1: after the test is started, the security capability detection main control module 106 of the airborne information system starts the security log analysis module 105 of the security gateway.
Step 1.2: the security gateway security log analysis module 105 receives log messages of the device under test in real time.
And 1.3, analyzing the log by a security gateway security log analysis module 105.
Step 1.4: the security gateway security log analysis module 105 judges whether the security function of the tested device is normal or not according to the log type and the message content. And if the content of the record type field in the security log is 'error', the abnormal working state of the security function of the corresponding security gateway in the tested equipment is shown, the step 1.5 is carried out, and if the abnormal working state is shown, the step 1.6 is carried out.
Step 1.5: the security gateway security log analysis module 105 records the content and occurrence time of the abnormal log message.
Step 1.6: the airborne information system security capability detection main control module 106 judges whether the test is completed. If the process is finished, the process goes to step 1.7, and if the process is not finished, the process goes to step 1.2.
Step 1.7: the security capability detection main control module 106 of the airborne information system stops the security log analysis module 105, and the test is finished.
2) Security capability detection of the avionic security gateway:
the security capability detection flow of the avionic security gateway is shown in figure 3.
Step 2.1: after the test is started, the airborne information system security capability detection main control module 106 starts the avionic security gateway security capability detection module 101.
Step 2.2: the security capability detection module 101 reads detection cases in the security capability detection case set 102.
Step 2.3: the avionic security gateway security capability detection module 101 sequentially executes detection cases in the avionic security capability detection case set 102. Such as: and calling request message sending logic of the avionic security gateway security capability detection case set 102 to send a request message to the tested device.
Step 2.4: the avionic security gateway security capability detection module 101 receives and analyzes a response message sent by the device under test during the execution of the detection use case.
Step 2.5: if the avionic security gateway security capability detection module 101 receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the avionic security function of the avionic security gateway of the tested device is judged to be normal by using the judgment logic corresponding to the request message, and the step 2.7 is executed, otherwise, the step 2.6 is executed if the working state is judged to be abnormal.
Step 2.6: the security capability detection module 101 of the avionic security gateway records the content and the occurrence time of the abnormal message.
Step 2.7: the security capability detection module 101 of the avionic security gateway determines whether all detection cases are executed completely. If the test is finished, and if the test is not finished, the step 2.3 is carried out.
3) Detecting security capability of the information security gateway:
the security capability detection flow of the information security gateway is shown in figure 4.
Step 3.1: after the test is started, the airborne information system security capability detection main control module 106 starts the information security gateway security capability detection module 103.
Step 3.2: the information security gateway security capability detection module 103 reads the information security gateway security capability detection case set 104.
Step 3.3: the information security gateway security capability detection module 103 sequentially executes the information security gateway security capability detection use cases. Such as: and calling request message sending logic of the information security gateway security capability detection case set 104 to send a request message to the tested device.
Step 3.4: the information security gateway security capability detection module 103 receives and analyzes a response message sent by the device under test during the execution of the detection use case.
Step 3.5: if the information security gateway security capability detection module 103 receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the information domain security function of the information security gateway of the device under test is judged to be normal by using the judgment logic corresponding to the request message, the step 3.7 is switched, otherwise, the step 3.6 is switched.
Step 3.6: the information security gateway security capability detection module 103 records the content and occurrence time of the abnormal message.
Step 3.7: the information security gateway security capability detection module 103 determines whether all detection cases are executed. If the test is finished, and if the test is not finished, the step 3.3 is carried out.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are all or partially generated upon loading and execution of computer program instructions on a computer.
In the above embodiments, the computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable devices. The computer program may use any programming language and be in the form of source code, object code or intermediate code between source code and object code, such as partially compiled form or in any other form necessary to implement the method according to the invention. The program may be downloaded into the base station via a communication network such as the internet.
In the above embodiments, the computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.).
In the embodiments described above, the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more servers, data centers, and the like that may be integrated with the medium. The available media may be any entity or device capable of storing the program. For example, the medium may comprise a storage medium, such as a ROM, e.g. a CD ROM or a microelectronic circuit ROM, or a USB key, or a magnetic recording medium, e.g. a hard disk, on which the computer program according to the invention is recorded.

Claims (10)

1. The utility model provides a civil aircraft machine carries information system network security ability detecting system which characterized in that: the safety protection system comprises an avionic safety gateway safety protection capability detection case set (102), an avionic safety gateway safety protection capability detection module (101), an information safety gateway safety protection capability detection case set (104), an information safety gateway safety protection capability detection module (103), a safety gateway safety protection log analysis module (105) and an airborne information system safety protection capability detection main control module (106);
the avionic security gateway security capability detection case set (102) is a set of avionic security capability detection cases;
the avionic security gateway security capability detection module (101) is used for reading and sequentially executing detection cases in the avionic security capability detection case set (102), receiving response messages of the tested equipment and detecting the working state of an avionic domain security function of the avionic security gateway in the tested equipment in real time by analyzing the response messages;
the information security gateway security capability detection use case set (104) is a set of information security gateway security capability detection use cases;
the information security gateway security capability detection module (103) is used for calling and executing detection use cases in the information security gateway security capability detection use case set (104), receiving response messages of the tested equipment, and detecting the working state of the information domain security function of the information security gateway in the tested equipment in real time by analyzing the response messages;
the safety gateway security log analysis module (105) is used for receiving security logs sent by an avionic safety gateway and an information safety gateway in the tested equipment in real time, and judging the working state of the avionic security function of the avionic safety gateway in the tested equipment and the working state of the information domain security function of the information safety gateway by analyzing the content of the security logs;
the airborne information system security capability detection main control module (106) is used for controlling execution of the avionic security gateway security capability detection module (101), the information security gateway security capability detection module (103) and the security gateway security log analysis module (105), and providing a human-computer interface for operation interaction.
2. The civil aircraft airborne information system network security capability detection system of claim 1, wherein: a detection case set (102) of security capability of the avionic security gateway defines request message sending logic, receiving logic and judgment logic of response messages in a detection case according to the security function of the avionic security gateway;
the security protection capability detection module (101) of the avionic security gateway is used for: firstly, calling request message sending logic of a security capability detection case set (102) of an avionic security gateway to send a request message to a tested device; then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with a response message corresponding to the request message in the detection case, considering that the received response message is a correct response message, and then judging that the working state of the avionic domain security function of the avionic security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message; otherwise, judging the abnormal condition, and recording the content and the occurrence time of the abnormal response message.
3. The civil aircraft airborne information system network security capability detection system of claim 1 or 2, characterized in that: an information security gateway security capability detection case set (104) defines request message sending logic, response message receiving logic and judgment logic in a detection case according to the information security gateway security function;
the information security gateway security capability detection module (103) is used for: firstly, calling request message sending logic of an information security gateway security capability detection case set (104) to send a request message to a tested device; and then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with the response message corresponding to the request message in the detection case, determining that the received response message is a correct response message, judging that the working state of the information domain security function of the information security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message, otherwise, judging that the working state is abnormal, and recording the content and the occurrence time of the abnormal response message.
4. The civil aircraft airborne information system network security capability detection system of claim 3, wherein: the security log analysis module (105) analyzes the security log content, if the content of the 'record type' field in the security log is 'error', the security working state of the security function of the corresponding security gateway in the tested device is abnormal, and the log content and the occurrence time are recorded.
5. A detection method of a civil aircraft onboard information system network security capability detection system based on any one of claims 1 to 4 is characterized by comprising the following steps:
step 1, monitoring a security log;
step 1.1, a security protection capability detection main control module (106) of an airborne information system starts a security protection log analysis module (105) of a security gateway;
step 1.2, a security log analysis module (105) receives security log messages sent by an avionic security gateway and an information security gateway in the tested equipment in real time;
step 1.3, a security log analysis module (105) analyzes the security log content;
step 1.4, a security gateway security log analysis module (105) judges whether the working state of the avionic domain security function of the avionic security gateway of the tested equipment and the working state of the information domain security function of the information security gateway are normal or not according to the type of the security log and the content of the security log message; if the data is normal, the step 1.6 is carried out, otherwise, the step 1.5 is carried out;
step 1.5, a security gateway security log analysis module (105) records the content and occurrence time of an abnormal security log;
step 1.6, the security capability detection main control module (106) of the airborne information system judges whether the test is finished, if so, the step 1.7 is carried out, and if not, the step 1.2 is carried out;
step 1.7, stopping a security log analysis module (105) of the security gateway by a security capability detection main control module (106) of the airborne information system, and ending the test;
step 2, detecting security protection capability of the avionic security gateway;
step 2.1, starting a security protection capability detection module (101) of an avionic security gateway by a security protection capability detection main control module (106) of the airborne information system;
step 2.2, a security protection capability detection module (101) of the avionic security gateway reads detection cases in the security protection capability detection case set (102) of the avionic security gateway;
step 2.3, the security protection capability detection module (101) of the avionic security gateway sequentially executes detection cases in the security protection capability detection case set (102) of the avionic security gateway;
step 2.4, a security protection capability detection module (101) of the avionic security gateway receives and analyzes a response message sent by the tested equipment in the execution of the detection case;
step 2.5, the security protection capability detection module (101) of the avionic security gateway judges whether the response message is correct, if so, the step 2.7 is carried out, and if not, the step 2.6 is carried out;
step 2.6, the security protection capability detection module (101) of the avionic security gateway records the content and the occurrence time of the abnormal message;
step 2.7: the security protection capability detection module (101) of the avionic security gateway judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 2.3 is carried out;
step 3, detecting the security capability of the information security gateway;
3.1, starting an information security gateway security capability detection module (103) by an airborne information system security capability detection main control module (106);
3.2, the information security gateway security capability detection module (103) calls detection cases in the information security gateway security capability detection case set (104);
3.3, sequentially executing detection cases in the information security gateway security capability detection case set (104) by an information security gateway security capability detection module (103);
step 3.4, the information security gateway security capability detection module (103) receives and analyzes a response message sent by the tested device in the execution of the detection case;
step 3.5, the security capability detection module (103) of the information security gateway judges whether the response message is correct; if the result is correct, the step 3.7 is carried out, otherwise, the step 3.6 is carried out;
step 3.6, the security protection capability detection module (103) of the information security gateway records the content and the occurrence time of the abnormal message;
step 3.7; the information security gateway security capability detection module (103) judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 3.3 is carried out.
6. The detection method according to claim 5, characterized in that:
the step 2.3 is specifically as follows:
the security protection capability detection module (101) calls request message sending logic of the security protection capability detection case set (102) of the avionic security gateway to send a request message to the tested equipment;
the step 2.5 is specifically as follows:
if the avionic security gateway security capability detection module (101) receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the avionic security function of the avionic security gateway of the tested device is judged to be normal by using the judgment logic corresponding to the request message, the step 2.7 is carried out, otherwise, the step 2.6 is carried out.
7. The detection method according to claim 6, characterized in that:
step 3.3 is specifically:
an information security gateway security capability detection module (103) calls a request message sending logic of an information security gateway security capability detection case set (104) to send a request message to a tested device;
the step 3.5 is specifically as follows:
if the information security gateway security capability detection module (103) receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the judgment logic corresponding to the request message is used for judging that the working state of the information domain security function of the information security gateway of the tested device is normal, the step 3.7 is carried out, otherwise, the step 3.6 is carried out.
8. The detection method according to claim 7, characterized in that:
the step 1.4 is specifically as follows:
the safety gateway security log analysis module (105) judges the working states of the avionic safety gateway and the information safety gateway in the tested equipment by analyzing the security log content: and if the content of the record type field in the security log is 'error', the working state of the security function of the corresponding security gateway in the tested equipment is abnormal, the step 1.5 is carried out, and if the working state is normal, the step 1.6 is carried out.
9. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when executed by a processor, implements the method of any of claims 5-8.
10. A terminal, comprising: at least one processor, at least one memory, and a communication interface, characterized in that: the communication interface, the at least one memory, and the at least one processor are coupled; the terminal communicating with other devices via the communication interface, the at least one memory storing a computer program such that the computer program when executed by the at least one processor implements the method of any one of claims 5-8.
CN202110525738.XA 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method Active CN113347022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110525738.XA CN113347022B (en) 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110525738.XA CN113347022B (en) 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method

Publications (2)

Publication Number Publication Date
CN113347022A true CN113347022A (en) 2021-09-03
CN113347022B CN113347022B (en) 2022-11-11

Family

ID=77469679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110525738.XA Active CN113347022B (en) 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method

Country Status (1)

Country Link
CN (1) CN113347022B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080086554A1 (en) * 2006-10-06 2008-04-10 Royalty Charles D Methods and systems for network failure reporting
US20100122345A1 (en) * 2008-11-07 2010-05-13 Chunghwa Telecom Co., Ltd. Control system and protection method for integrated information security services
JP2017126978A (en) * 2016-01-08 2017-07-20 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Abnormality detection method, abnormality detection device and abnormality detection system
CN107888599A (en) * 2017-11-17 2018-04-06 中国航空工业集团公司西安航空计算技术研究所 Intercommunication system and method between a kind of avionics height secure network domain
CN108270716A (en) * 2016-12-30 2018-07-10 绵阳灵先创科技有限公司 A kind of audit of information security method based on cloud computing
CN111130922A (en) * 2019-11-28 2020-05-08 中国航空工业集团公司西安航空计算技术研究所 Airborne information safety automatic test method and test platform
EP3716073A1 (en) * 2019-03-29 2020-09-30 Thales On-board system on board an aircraft for detecting and responding to incidents with storage of logs
CN112785750A (en) * 2019-11-04 2021-05-11 福特全球技术公司 Secure log capture

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080086554A1 (en) * 2006-10-06 2008-04-10 Royalty Charles D Methods and systems for network failure reporting
US20100122345A1 (en) * 2008-11-07 2010-05-13 Chunghwa Telecom Co., Ltd. Control system and protection method for integrated information security services
JP2017126978A (en) * 2016-01-08 2017-07-20 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Abnormality detection method, abnormality detection device and abnormality detection system
CN108270716A (en) * 2016-12-30 2018-07-10 绵阳灵先创科技有限公司 A kind of audit of information security method based on cloud computing
CN107888599A (en) * 2017-11-17 2018-04-06 中国航空工业集团公司西安航空计算技术研究所 Intercommunication system and method between a kind of avionics height secure network domain
EP3716073A1 (en) * 2019-03-29 2020-09-30 Thales On-board system on board an aircraft for detecting and responding to incidents with storage of logs
CN112785750A (en) * 2019-11-04 2021-05-11 福特全球技术公司 Secure log capture
CN111130922A (en) * 2019-11-28 2020-05-08 中国航空工业集团公司西安航空计算技术研究所 Airborne information safety automatic test method and test platform

Also Published As

Publication number Publication date
CN113347022B (en) 2022-11-11

Similar Documents

Publication Publication Date Title
CN110149298B (en) Hijacking detection method and device
CN112953971B (en) Network security flow intrusion detection method and system
CN110324416B (en) Download path tracking method, device, server, terminal and medium
CN111130922A (en) Airborne information safety automatic test method and test platform
GB2589399A (en) Systems and methods for automatically recording interactivity and anomaly data at a vehicle
CN103297266B (en) A kind of system access management method based on utility integration bus
CN111754653A (en) Embedded system on an aircraft for detecting and responding to incidents using logging
CN113824686A (en) GNSS time service defense system, method, device and computer readable storage medium
CN113347022B (en) Civil aircraft airborne information system network security capability detection system and method
CN110807184B (en) Method for intelligently recording screen and acquiring behavior data of computer and mobile terminal user
CN113395260B (en) Network security verification system and method for civil aircraft airborne information system
CN115563618A (en) Penetration testing method and device based on central computing platform
CN114416507A (en) Communication behavior monitoring method and device, computer equipment and storage medium
CN113778709A (en) Interface calling method, device, server and storage medium
CN107991904B (en) Simulated wireless block center message generator
CN113761306A (en) Vehicle-end data processing method and device
CN113364740A (en) Network security test system and method for civil aircraft airborne information system
CN114884993B (en) Virtualized android system for enhancing data security
US20240195680A1 (en) Script discrimination apparatus, script discrimination method and script discrimination system
CN114978737B (en) Comprehensive management system for Doppler weather radar data
CN114328140A (en) Operation behavior alarm method and device and related equipment
CN118041758A (en) Service flow limiting method, device, equipment and medium
CN115185840A (en) Test verification method and device, electronic equipment and computer storage medium
CN113254113A (en) Vehicle safety defect verification method and system
CN117997566A (en) Security system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant