CN111845853A - Train control vehicle-mounted system based on active defense - Google Patents

Train control vehicle-mounted system based on active defense Download PDF

Info

Publication number
CN111845853A
CN111845853A CN202010622321.0A CN202010622321A CN111845853A CN 111845853 A CN111845853 A CN 111845853A CN 202010622321 A CN202010622321 A CN 202010622321A CN 111845853 A CN111845853 A CN 111845853A
Authority
CN
China
Prior art keywords
output
subsystem
train control
input
control vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010622321.0A
Other languages
Chinese (zh)
Inventor
胡浩
刘昱
龚明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRRC Industry Institute Co Ltd
Original Assignee
CRRC Industry Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRRC Industry Institute Co Ltd filed Critical CRRC Industry Institute Co Ltd
Priority to CN202010622321.0A priority Critical patent/CN111845853A/en
Publication of CN111845853A publication Critical patent/CN111845853A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
    • B61L15/0018Communication with or on the vehicle or vehicle train
    • B61L15/0027Radio-based, e.g. using GSM-R
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L25/00Recording or indicating positions or identities of vehicles or vehicle trains or setting of track apparatus
    • B61L25/02Indicating or recording positions or identities of vehicles or vehicle trains
    • B61L25/021Measuring and recording of train speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The embodiment of the invention provides a train control vehicle-mounted system based on active defense, wherein an input judgment subsystem determines input parameters input to a safety computer in each train control vehicle-mounted subsystem according to module output results of all function modules realizing the same function, and an output judgment subsystem determines a final output result of the train control vehicle-mounted system according to output parameters of the safety computer in each train control vehicle-mounted subsystem. The input arbitration subsystem determines input parameters input to the safety computer according to the plurality of functional modules, and the output arbitration subsystem determines a final output result according to the output parameters of the plurality of safety computers. When a few functional modules or a few security computers are attacked by a network, correct input to the security computers and correct output parameters output by the security computers cannot be influenced, so that when the network attack occurs to a few network nodes, the functional operation of the whole system can be ensured to be normal.

Description

Train control vehicle-mounted system based on active defense
Technical Field
The invention relates to the technical field of train control, in particular to a train control vehicle-mounted system based on active defense.
Background
With the rapid development and application of a new generation of information technology, the mutual interconnection brings great convenience to the production and life of people, and meanwhile, the interconnection and intercommunication also brings potential security threats, and the information security threats are not only reflected in the traditional open internet field, but also are rapidly expanding to wider fields such as a closed industrial control network and the like. As a typical industrial control network system, an urban rail transit train control system has many information security incidents in recent years, which interfere with normal operation, and the information security problem of urban rail transit has attracted high attention of all circles.
The active defense is a network security technology which appears recently, and means that before an intrusion behavior affects an information system, an accurate early warning can be timely carried out, an elastic defense system is built in real time, and risks faced by the information system are avoided, transferred and reduced. Aiming at the origin of the problems of unknown security loopholes, software and hardware backdoors and the like, the technology makes the existing attack means and methods such as scanning detection, loophole utilization, backdoor setting, virus injection, Trojan horse implantation and APT (android Package) and the like difficult to play expected roles and effects.
The existing train control vehicle-mounted system mainly processes the network attack through methods such as a firewall, a secure transmission protocol and the like, and can ensure the functional safety of the train control system to a certain extent, namely, prevent software and hardware from generating functional operation obstacles due to system faults. However, the existing method can cause the functional operation obstacle of the whole system once the network attack occurs.
Disclosure of Invention
The embodiment of the invention provides a train control vehicle-mounted system based on active defense, which is used for solving the problem that once a network attack occurs in the conventional method, the functional operation of the whole system is obstructed.
In view of the above technical problems, an embodiment of the present invention provides a train control onboard system based on active defense, which includes an input arbitration subsystem, an output arbitration subsystem, and three or more sets of train control onboard subsystems; each train control vehicle-mounted subsystem comprises at least one functional module; the at least one functional module comprises a speed measuring and positioning unit, a locomotive interface unit, a wireless communication unit, a track information receiving unit, a man-machine interface unit, a transponder receiving module and a safety computer;
the safety computers in different groups of train control sub-systems adopt differential configuration; the configuration form of the safety computer in any group of train control vehicle subsystem adopts at least one of the following forms: COTS computer host equipment, a virtual machine and an embedded system;
the function realization modes of the functional modules for realizing the same function in different groups of train control vehicle-mounted subsystems are different;
for the functional modules which are used for realizing the same function in each train control vehicle-mounted subsystem, the input arbitration subsystem determines the input parameters which are input into the safety computer in each train control vehicle-mounted subsystem according to the module output results of each functional module which realizes the same function;
And the output arbitration subsystem determines the final output result of the train control vehicle-mounted system according to the output parameters of the safety computer in each train control vehicle-mounted subsystem.
Optionally, the system further comprises an input fault monitoring subsystem and an output fault monitoring subsystem;
the input fault monitoring subsystem is used for monitoring faults of all functional modules realizing the same function; the input fault monitoring subsystem determines whether the functional module has a fault according to the first monitoring information; the first monitoring information includes at least one of the following information: the method comprises the following steps that an operation log of a functional module, alarm information of the functional module and test data fed back by the functional module to a first preset test instruction are obtained;
the output fault monitoring subsystem is used for monitoring faults of the safety computers in the train control vehicle subsystem; the output fault monitoring subsystem determines whether the safety computer has a fault or not according to the second monitoring information; the second monitoring information includes at least one of the following information: the safety computer comprises an operation log of the safety computer, alarm information of the safety computer and test data fed back by the safety computer to a second preset test instruction.
Optionally, the method further comprises:
Determining the output result of the main flow module by the input arbitration subsystem according to the module output result of each functional module realizing the same function; the output result of the main stream system is the output result of a module with the ratio larger than a first preset ratio in the output results of the modules of all the functional modules realizing the same function;
and the input arbitration subsystem takes the determined output result of the main flow module as an input parameter input to a safety computer in each train control vehicle subsystem.
Optionally, the input arbitration subsystem is further configured to:
for any functional module which realizes the same function and has a module output result which is not the output result of the main flow module, acquiring first fault monitoring information whether any functional module has a fault according to the input fault monitoring subsystem;
if the first fault monitoring information indicates that no fault exists in any functional module, sending first prompt information that any functional module is suspected to be under network attack;
and if the first fault monitoring information indicates that any functional module has a fault, sending second prompt information for troubleshooting of any functional module.
Optionally, the method further comprises:
the output arbitration subsystem determines a main stream output parameter according to the output parameter of the safety computer in each train control vehicle-mounted subsystem; the main flow output parameters are output parameters with the proportion larger than a second preset proportion in the output parameters of the safety computer in each train control vehicle subsystem;
and the output arbitration subsystem takes the determined main flow output parameters as the final output result of the train control vehicle-mounted system.
Optionally, the output arbitration subsystem is further configured to:
for any safety computer of which the output parameter is not the main stream output parameter in the safety computers of the train control vehicle-mounted subsystems, acquiring second fault monitoring information of whether any safety computer has a fault or not according to the output fault monitoring subsystem;
if the second fault monitoring information indicates that no fault exists in any one safety computer, sending third prompt information that any safety computer is suspected to be under network attack;
and if the second fault monitoring information indicates that any one safety computer has a fault, sending fourth prompt information for carrying out fault troubleshooting on any safety computer.
Optionally, the method further comprises:
And if the input arbitration subsystem judges that the module output results of the functional modules realizing the same function are the same, the input arbitration subsystem sends a fifth prompt message that the functional modules realizing the same function do not have network attack currently.
Optionally, the method further comprises:
and if the output judgment subsystem judges that the output parameters of the safety computers in the train control vehicle-mounted subsystems are the same, the output judgment subsystem sends out sixth prompt information that the safety computers in the train control vehicle-mounted subsystems do not have network attacks currently.
The embodiment of the invention provides a train control vehicle-mounted system based on active defense, wherein an input judgment subsystem determines input parameters input to a safety computer in each train control vehicle-mounted subsystem according to module output results of all function modules realizing the same function, and an output judgment subsystem determines a final output result of the train control vehicle-mounted system according to the output parameters of the safety computer in each train control vehicle-mounted subsystem. The input arbitration subsystem determines input parameters input to the safety computer according to the plurality of functional modules, and the output arbitration subsystem determines a final output result according to the output parameters of the plurality of safety computers. When a few functional modules or a few security computers are attacked by a network, correct input to the security computers and correct output parameters output by the security computers cannot be influenced, so that when the network attack occurs to a few network nodes, the functional operation of the whole system can be ensured to be normal.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a block diagram of a train control onboard system based on active defense provided in this embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The rail transit train control system adopts the modes such as a firewall, a safe transmission protocol and the like to ensure the safety of the urban rail train control system, and the measures are not enough to ensure the information safety of the urban rail train control system. In addition, the network structure is convenient, the train control system adopts structures such as two-out-of-two, three-out-of-two, two-by-two-out-of-two, and the like, the structures mainly ensure the functional safety of the train control system, namely, the functional operation obstacle of software and hardware caused by system faults is prevented, and the structure can play a certain role in information safety protection to a certain extent, but has a limited effect. In order to solve the technical problem, fig. 1 is a block diagram of a train control onboard system based on active defense provided in the present embodiment, and referring to fig. 1, the train control onboard system based on active defense includes an input arbitration subsystem, an output arbitration subsystem, and three or more sets of train control onboard subsystems (fig. 1 shows three sets of train control onboard subsystems, which are a train control onboard subsystem 1, a train control onboard subsystem 2, and a train control onboard subsystem 3, respectively); each train control vehicle-mounted subsystem comprises at least one functional module; the at least one functional module comprises a speed measuring and positioning unit, a locomotive interface unit, a wireless communication unit, a track information receiving unit, a man-machine interface unit, a transponder receiving module and a safety computer;
The safety computers in different groups of train control sub-systems adopt differential configuration; the configuration form of the safety computer in any group of train control vehicle subsystem adopts at least one of the following forms: COTS (Commercial Off-The-Shelf, or technology) computer host equipment, virtual machines, embedded systems;
the function realization modes of the functional modules for realizing the same function in different groups of train control vehicle-mounted subsystems are different;
for the functional modules which are used for realizing the same function in each train control vehicle-mounted subsystem, the input arbitration subsystem determines the input parameters which are input into the safety computer in each train control vehicle-mounted subsystem according to the module output results of each functional module which realizes the same function;
and the output arbitration subsystem determines the final output result of the train control vehicle-mounted system according to the output parameters of the safety computer in each train control vehicle-mounted subsystem.
The virtual machine is a set or a part of virtual hardware resources, such as a CPU, a memory, an i/O device, and the like, used for running and calculating related software, abstractly simulated by using a virtual technology on the basis of existing computer hardware resources, and currently, there are mainly technical means such as vmware and the like, and a container (docker) technology can also be used in this category.
The embedded system replaces computer hardware with an embedded processor such as ARM, FPGA and the like to run and calculate related software.
The speed and distance measuring unit, the train interface unit, the transponder information receiving module, the man-machine interface unit, the wireless communication unit and other functional units adopt modes with the same function and different structures or modes. For example, the speed measuring and positioning unit adopts different speed measuring methods, the wireless communication unit adopts different transmission protocols, and the like.
The train control subsystem comprises a plurality of groups of train control subsystem functional modules, wherein the train control subsystem comprises a plurality of groups of train control subsystem functional modules, and the train control subsystem comprises a plurality of groups of train control subsystem functional modules. For example, the wireless communication units in different sets of train control subsystem may respectively adopt WLAN, 4G, 5G, and other functional implementations. The speed and distance measuring units in different train control vehicle-mounted subsystems can respectively adopt the functional realization modes of a pulse rotating speed sensor, a Doppler radar and the like.
Before each group of safety computers receives more than 3 groups of input signals, an input arbitration subsystem is arranged to compare, arbitrate and output the signals. When the output results of a plurality of groups of functional modules are consistent, the output results of the modules are output to a safety computer for relevant data processing; and when the module output results of the plurality of groups of functional modules are inconsistent, outputting the most consistent module output results to the safety computer, and simultaneously recording the current relevant information for subsequent analysis.
The output arbitration system is a set of software and hardware system, and has the functions of comparing, arbitrating and outputting output parameters (namely output results of safety technical machines) of safety computers in different groups of train control vehicle subsystem. When the output results of the plurality of groups of safety computers are consistent, outputting the results to the train interface unit for executing the related instructions; and when the output results of the multiple groups of safety computers are inconsistent, outputting the most consistent results, and simultaneously recording the current relevant information for subsequent analysis.
Each group of vehicle-mounted control subsystems is independently networked, and different network topological structures including bus type, ring type, ladder type and the like are adopted.
The vehicle-mounted control subsystems are arranged at two ends and relevant positions of the urban rail train marshalling.
The embodiment provides a train control vehicle-mounted system based on active defense, an input arbitration subsystem determines input parameters input to a safety computer in each train control vehicle-mounted subsystem according to module output results of all functional modules realizing the same function, and an output arbitration subsystem determines a final output result of the train control vehicle-mounted system according to output parameters of the safety computer in each train control vehicle-mounted subsystem. The input arbitration subsystem determines input parameters input to the safety computer according to the plurality of functional modules, and the output arbitration subsystem determines a final output result according to the output parameters of the plurality of safety computers. When a few functional modules or a few security computers are attacked by a network, correct input to the security computers and correct output parameters output by the security computers cannot be influenced, so that when the network attack occurs to a few network nodes, the functional operation of the whole system can be ensured to be normal.
Further, on the basis of the above embodiment, the system further comprises an input fault monitoring subsystem and an output fault monitoring subsystem;
the input fault monitoring subsystem is used for monitoring faults of all functional modules realizing the same function; the input fault monitoring subsystem determines whether the functional module has a fault according to the first monitoring information; the first monitoring information includes at least one of the following information: the method comprises the following steps that an operation log of a functional module, alarm information of the functional module and test data fed back by the functional module to a first preset test instruction are obtained;
the output fault monitoring subsystem is used for monitoring faults of the safety computers in the train control vehicle subsystem; the output fault monitoring subsystem determines whether the safety computer has a fault or not according to the second monitoring information; the second monitoring information includes at least one of the following information: the safety computer comprises an operation log of the safety computer, alarm information of the safety computer and test data fed back by the safety computer to a second preset test instruction.
In order to improve the accuracy of identifying the network attack, the present embodiment adds an input fault monitoring subsystem and an output fault monitoring subsystem, where the input fault monitoring subsystem is used to perform fault monitoring on each function module in each train control vehicle-mounted subsystem, and the output fault monitoring subsystem is used to perform fault monitoring on the safety computer in each train control vehicle-mounted subsystem.
When the output result of a certain functional module is inconsistent with the output result of other functional modules which realize the same function, the input fault monitoring subsystem can be used for judging whether the output result of the functional module is inconsistent due to faults or not, so that the inconsistency of the output result of the module due to the faults is eliminated, and the accuracy of network attack identification is improved. Similarly, when the output parameters of a certain safety computer are inconsistent with those of other safety computers, whether the safety computer with inconsistent output results has a fault or not can be judged through the output fault monitoring subsystem, if so, the possibility that the safety computer is attacked by the network is eliminated, and therefore the accuracy of network attack identification on the safety computer is improved.
The input fault monitoring subsystem judges whether the functional module has faults or not through the operation log, the alarm information or the preset test instruction, and the output fault monitoring subsystem judges whether the safety computer has faults or not through the operation log, the alarm information or the preset test instruction. For example, the input fault monitoring subsystem and the output fault monitoring subsystem may determine whether the functional module or the security computer has a fault by whether there is specific alarm information in the alarm information, and the embodiment does not specifically limit how to determine whether the fault occurs.
According to the embodiment, whether the functional module breaks down or not is judged through the input fault monitoring subsystem, whether the safety computer breaks down or not is judged through the output fault monitoring subsystem, the phenomenon that the output result caused by the fault is inconsistent and is mistaken for network attack is avoided, and the accuracy of network attack identification is improved.
Further, on the basis of the above embodiments, the method further includes:
determining the output result of the main flow module by the input arbitration subsystem according to the module output result of each functional module realizing the same function; the output result of the main stream system is the output result of a module with the ratio larger than a first preset ratio in the output results of the modules of all the functional modules realizing the same function;
and the input arbitration subsystem takes the determined output result of the main flow module as an input parameter input to a safety computer in each train control vehicle subsystem.
The first predetermined ratio is predetermined, for example, the first predetermined ratio is 50%.
For example, for the speed measurement positioning unit 1, the speed measurement positioning unit 2, and the speed measurement positioning unit 3, if the module output results of the speed measurement positioning unit 2 and the speed measurement positioning unit 3 are consistent, and the module output result of the speed measurement positioning unit 1 is inconsistent with the module output results of the speed measurement positioning unit 2 and the speed measurement positioning unit 3, the input arbitration subsystem takes the module output result of the speed measurement positioning unit 2 or the speed measurement positioning unit 3 as the main stream module output result, and inputs the main stream module output result into the safety computers of the train control vehicle subsystem, so that the safety computers perform subsequent calculation processes.
According to the embodiment, the data input into the safety computer is safely filtered through the input arbitration subsystem, so that the correctness of the data input into the safety computer is ensured, and the safety of the train control system is improved.
Further, on the basis of the foregoing embodiments, the input arbitration subsystem is further configured to:
for any functional module which realizes the same function and has a module output result which is not the output result of the main flow module, acquiring first fault monitoring information whether any functional module has a fault according to the input fault monitoring subsystem;
if the first fault monitoring information indicates that no fault exists in any functional module, sending first prompt information that any functional module is suspected to be under network attack;
and if the first fault monitoring information indicates that any functional module has a fault, sending second prompt information for troubleshooting of any functional module.
If the module output results of the functional modules realizing the same function are different, the module output result of each functional module is not the output result of the main flow module, and for any functional module in the functional modules realizing the same function, the module output result of which is not the output result of the main flow module, the input fault monitoring subsystem acquires first fault monitoring information whether any functional module has a fault or not;
If the module output result of each functional module realizing the same function is the functional module of the output result of the main flow module, acquiring first fault monitoring information whether any functional module has a fault according to the input fault monitoring subsystem for any functional module in each functional module realizing the same function, wherein the module output result is not any functional module of the output result of the main flow module.
The first prompt message and the second prompt message may be displayed through a pop-up window, or may be sent to a mobile phone or a mailbox of a relevant worker, which is not limited in this embodiment.
In the embodiment, whether the function module with inconsistent module output results is due to the network attack or not is checked by combining the first fault monitoring information monitored by the input fault monitoring subsystem, so that the accuracy of identifying the network attack is improved.
Further, on the basis of the above embodiments, the method further includes:
the output arbitration subsystem determines a main stream output parameter according to the output parameter of the safety computer in each train control vehicle-mounted subsystem; the main flow output parameters are output parameters with the proportion larger than a second preset proportion in the output parameters of the safety computer in each train control vehicle subsystem;
And the output arbitration subsystem takes the determined main flow output parameters as the final output result of the train control vehicle-mounted system.
The second predetermined ratio is predetermined, for example, the second predetermined ratio is 50%.
For example, if the output parameters of the security computer 2 and the security computer 3 are consistent with each other and the output parameters of the security computer 1 are inconsistent with the output parameters of the security computer 2 and the security computer 3, the output arbitration subsystem takes the output parameters of the security computer 2 or the security computer 3 as the main stream output parameters and inputs the main stream output parameters into the train interface unit to control the train operation.
In the embodiment, the data input into the train interface unit is safely filtered through the output arbitration subsystem, so that the correctness of the data input into the train interface unit is ensured, and the safety of the train control system is improved.
Further, on the basis of the foregoing embodiments, the output arbitration subsystem is further configured to:
for any safety computer of which the output parameter is not the main stream output parameter in the safety computers of the train control vehicle-mounted subsystems, acquiring second fault monitoring information of whether any safety computer has a fault or not according to the output fault monitoring subsystem;
If the second fault monitoring information indicates that no fault exists in any one safety computer, sending third prompt information that any safety computer is suspected to be under network attack;
and if the second fault monitoring information indicates that any one safety computer has a fault, sending fourth prompt information for carrying out fault troubleshooting on any safety computer.
If the output parameters of the safety computers of the train control vehicle-mounted subsystems are not consistent, the output parameters of the safety computers of the train control vehicle-mounted subsystems are not mainstream output parameters, and for any safety computer of which the output parameters are not the mainstream output parameters in the safety computers of the train control vehicle-mounted subsystems, second fault monitoring information of whether any safety computer has a fault or not is obtained according to the output fault monitoring subsystem;
and if the output parameters of the safety computers of the train control vehicle-mounted subsystems have the functional modules of the main stream output parameters, acquiring second fault monitoring information of whether any safety computer has a fault or not according to the output fault monitoring subsystem for any safety computer of which the output parameters are not the main stream output parameters in the safety computers of the train control vehicle-mounted subsystems.
The third prompt message and the fourth prompt message may be displayed through a pop-up window, or may be sent to a mobile phone or a mailbox of a relevant worker, which is not limited in this embodiment.
In the embodiment, whether the safety computers with inconsistent output parameters in the safety computers of the train control vehicle subsystem are subjected to network attack or not is checked by combining the second fault monitoring information monitored by the output fault monitoring subsystem, so that the accuracy of identifying the network attack is improved.
Further, on the basis of the above embodiments, the method further includes:
and if the input arbitration subsystem judges that the module output results of the functional modules realizing the same function are the same, the input arbitration subsystem sends a fifth prompt message that the functional modules realizing the same function do not have network attack currently.
For example, if the input arbitration subsystem determines that the output results of the speed measurement positioning unit 1, the speed measurement positioning unit 2, and the speed measurement positioning unit 3 are consistent, the fifth prompt message may prompt the operator that the speed measurement positioning units in the train control vehicle subsystem are not under network attack or fail.
Further, on the basis of the above embodiments, the method further includes:
And if the output judgment subsystem judges that the output parameters of the safety computers in the train control vehicle-mounted subsystems are the same, the output judgment subsystem sends out sixth prompt information that the safety computers in the train control vehicle-mounted subsystems do not have network attacks currently.
For example, if the output arbitration subsystem determines that the output parameters of the security computer 1, the security computer 2, and the security computer 3 are consistent, the sixth prompt message may prompt the operator that the security computers in the train control subsystem are not under network attack or fail.
The fifth prompt message and the sixth prompt message may be displayed through pop windows, or may be sent to a mobile phone or a mailbox of a relevant worker, which is not limited in this embodiment.
In the embodiment, the situation that three functional modules realizing the same function are all normal and the situation that three safety computers are all normal are prompted through the fifth prompt message and the sixth prompt message.
Different groups of security computers should have different software and hardware configurations, including CPU, operating system, and execution software. For example, different configurations of the CPU adopt X86, ARM or virtual machine and different versions thereof, different configurations of the operating system adopt Windows, Linux and different versions, and the execution software is compiled differently and diversely according to different operating environments.
In summary, the train control onboard system based on active defense provided by the embodiment can effectively improve the safety protection level of the urban rail train control system.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (8)

1. A train control vehicle-mounted system based on active defense is characterized by comprising an input arbitration subsystem, an output arbitration subsystem and three or more than three train control vehicle-mounted subsystems; each train control vehicle-mounted subsystem comprises at least one functional module; the at least one functional module comprises a speed measuring and positioning unit, a locomotive interface unit, a wireless communication unit, a track information receiving unit, a man-machine interface unit, a transponder receiving module and a safety computer;
The safety computers in different groups of train control sub-systems adopt differential configuration; the configuration form of the safety computer in any group of train control vehicle subsystem adopts at least one of the following forms: COTS computer host equipment, a virtual machine and an embedded system;
the function realization modes of the functional modules for realizing the same function in different groups of train control vehicle-mounted subsystems are different;
for the functional modules which are used for realizing the same function in each train control vehicle-mounted subsystem, the input arbitration subsystem determines the input parameters which are input into the safety computer in each train control vehicle-mounted subsystem according to the module output results of each functional module which realizes the same function;
and the output arbitration subsystem determines the final output result of the train control vehicle-mounted system according to the output parameters of the safety computer in each train control vehicle-mounted subsystem.
2. The active defense based train control onboard system of claim 1, further comprising an input fault monitoring subsystem and an output fault monitoring subsystem;
the input fault monitoring subsystem is used for monitoring faults of all functional modules realizing the same function; the input fault monitoring subsystem determines whether the functional module has a fault according to the first monitoring information; the first monitoring information includes at least one of the following information: the method comprises the following steps that an operation log of a functional module, alarm information of the functional module and test data fed back by the functional module to a first preset test instruction are obtained;
The output fault monitoring subsystem is used for monitoring faults of the safety computers in the train control vehicle subsystem; the output fault monitoring subsystem determines whether the safety computer has a fault or not according to the second monitoring information; the second monitoring information includes at least one of the following information: the safety computer comprises an operation log of the safety computer, alarm information of the safety computer and test data fed back by the safety computer to a second preset test instruction.
3. The active defense-based train control onboard system of claim 2, further comprising:
determining the output result of the main flow module by the input arbitration subsystem according to the module output result of each functional module realizing the same function; the output result of the main stream system is the output result of a module with the ratio larger than a first preset ratio in the output results of the modules of all the functional modules realizing the same function;
and the input arbitration subsystem takes the determined output result of the main flow module as an input parameter input to a safety computer in each train control vehicle subsystem.
4. The active defense-based train control onboard system of claim 3, wherein the input arbitration subsystem is further configured to:
For any functional module which realizes the same function and has a module output result which is not the output result of the main flow module, acquiring first fault monitoring information whether any functional module has a fault according to the input fault monitoring subsystem;
if the first fault monitoring information indicates that no fault exists in any functional module, sending first prompt information that any functional module is suspected to be under network attack;
and if the first fault monitoring information indicates that any functional module has a fault, sending second prompt information for troubleshooting of any functional module.
5. The active defense-based train control onboard system of claim 2, further comprising:
the output arbitration subsystem determines a main stream output parameter according to the output parameter of the safety computer in each train control vehicle-mounted subsystem; the main flow output parameters are output parameters with the proportion larger than a second preset proportion in the output parameters of the safety computer in each train control vehicle subsystem;
and the output arbitration subsystem takes the determined main flow output parameters as the final output result of the train control vehicle-mounted system.
6. The active defense-based train control onboard system of claim 5, wherein the output arbitration subsystem is further configured to:
for any safety computer of which the output parameter is not the main stream output parameter in the safety computers of the train control vehicle-mounted subsystems, acquiring second fault monitoring information of whether any safety computer has a fault or not according to the output fault monitoring subsystem;
if the second fault monitoring information indicates that no fault exists in any one safety computer, sending third prompt information that any safety computer is suspected to be under network attack;
and if the second fault monitoring information indicates that any one safety computer has a fault, sending fourth prompt information for carrying out fault troubleshooting on any safety computer.
7. The active defense-based train control onboard system of claim 1, further comprising:
and if the input arbitration subsystem judges that the module output results of the functional modules realizing the same function are the same, the input arbitration subsystem sends a fifth prompt message that the functional modules realizing the same function do not have network attack currently.
8. The active defense-based train control onboard system of claim 1, further comprising:
And if the output judgment subsystem judges that the output parameters of the safety computers in the train control vehicle-mounted subsystems are the same, the output judgment subsystem sends out sixth prompt information that the safety computers in the train control vehicle-mounted subsystems do not have network attacks currently.
CN202010622321.0A 2020-06-30 2020-06-30 Train control vehicle-mounted system based on active defense Pending CN111845853A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010622321.0A CN111845853A (en) 2020-06-30 2020-06-30 Train control vehicle-mounted system based on active defense

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010622321.0A CN111845853A (en) 2020-06-30 2020-06-30 Train control vehicle-mounted system based on active defense

Publications (1)

Publication Number Publication Date
CN111845853A true CN111845853A (en) 2020-10-30

Family

ID=72989444

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010622321.0A Pending CN111845853A (en) 2020-06-30 2020-06-30 Train control vehicle-mounted system based on active defense

Country Status (1)

Country Link
CN (1) CN111845853A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102193799A (en) * 2011-03-25 2011-09-21 上海磁浮交通发展有限公司 Safety intermediate system for safety computer communication
CN105083332A (en) * 2015-03-20 2015-11-25 北京交通大学 Train control vehicle-mounted system
CN109558729A (en) * 2018-11-28 2019-04-02 河北省科学院应用数学研究所 A kind of intelligent system of defense of network attack
CN110177084A (en) * 2019-04-04 2019-08-27 上海红阵信息科技有限公司 Distributed memory system meta-service structure, construction method and system architecture for defending against network attacks
CN110535765A (en) * 2019-08-26 2019-12-03 上海宽带技术及应用工程研究中心 Mimicry defending against network system and its defence method based on Segment routing
CN110581852A (en) * 2019-09-11 2019-12-17 河南信大网御科技有限公司 Efficient mimicry defense system and method
CN110901693A (en) * 2019-10-15 2020-03-24 北京交通大学 Train operation control system based on 5G and cloud computing technology
US20200145382A1 (en) * 2018-05-15 2020-05-07 Cylus Cyber Security Ltd. Cyber security anonymizer

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102193799A (en) * 2011-03-25 2011-09-21 上海磁浮交通发展有限公司 Safety intermediate system for safety computer communication
CN105083332A (en) * 2015-03-20 2015-11-25 北京交通大学 Train control vehicle-mounted system
US20200145382A1 (en) * 2018-05-15 2020-05-07 Cylus Cyber Security Ltd. Cyber security anonymizer
CN109558729A (en) * 2018-11-28 2019-04-02 河北省科学院应用数学研究所 A kind of intelligent system of defense of network attack
CN110177084A (en) * 2019-04-04 2019-08-27 上海红阵信息科技有限公司 Distributed memory system meta-service structure, construction method and system architecture for defending against network attacks
CN110535765A (en) * 2019-08-26 2019-12-03 上海宽带技术及应用工程研究中心 Mimicry defending against network system and its defence method based on Segment routing
CN110581852A (en) * 2019-09-11 2019-12-17 河南信大网御科技有限公司 Efficient mimicry defense system and method
CN110901693A (en) * 2019-10-15 2020-03-24 北京交通大学 Train operation control system based on 5G and cloud computing technology

Similar Documents

Publication Publication Date Title
Wu et al. A survey of intrusion detection for in-vehicle networks
US10992495B2 (en) Means and methods for regulating CAN communication
Zhang et al. Intrusion detection system using deep learning for in-vehicle security
Rajabli et al. Software verification and validation of safe autonomous cars: A systematic literature review
Waszecki et al. Automotive electrical and electronic architecture security via distributed in-vehicle traffic monitoring
Koopman et al. Credible autonomy safety argumentation
CN112204578A (en) Detecting data anomalies on a data interface using machine learning
CN109857087B (en) Hardware-in-loop test system for urban rail area controller system
Perez et al. Codesign and simulated fault injection of safety-critical embedded systems using SystemC
CN111665849B (en) Automatic driving system
CN110325410B (en) Data analysis device and storage medium
Akowuah et al. Physical invariant based attack detection for autonomous vehicles: Survey, vision, and challenges
CN112600839A (en) Method and device for constructing security threat association view based on Internet of vehicles platform
Han et al. Towards verifying safety properties of real-time probabilistic systems
Zhang et al. An intrusion detection method of data tampering attack in communication-based train control system
Werquin et al. Automated fuzzing of automotive control units
Katsikeas et al. VehicleLang: A probabilistic modeling and simulation language for modern vehicle IT infrastructures
Jha et al. Exploiting temporal data diversity for detecting safety-critical faults in AV compute systems
CN112822684B (en) Vehicle intrusion detection method and defense system
Buerkle et al. Fault-tolerant perception for automated driving a lightweight monitoring approach
Dutta et al. Quantifying trust in autonomous system under uncertainties
CN111845853A (en) Train control vehicle-mounted system based on active defense
Kondeva et al. On computer-aided techniques for supporting safety and security co-engineering
US11706192B2 (en) Integrated behavior-based infrastructure command validation
JP7273875B2 (en) Determination device, moving body, determination method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination