CN112073272A - Method and device for analyzing rail transit data based on index matching - Google Patents

Method and device for analyzing rail transit data based on index matching Download PDF

Info

Publication number
CN112073272A
CN112073272A CN202011251538.1A CN202011251538A CN112073272A CN 112073272 A CN112073272 A CN 112073272A CN 202011251538 A CN202011251538 A CN 202011251538A CN 112073272 A CN112073272 A CN 112073272A
Authority
CN
China
Prior art keywords
protocol
library
data
index value
layer protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011251538.1A
Other languages
Chinese (zh)
Other versions
CN112073272B (en
Inventor
任宁宁
曾勇明
庞涛
齐航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Mtr Construction Consultation Co ltd
Original Assignee
Beijing Mtr Construction Consultation Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Mtr Construction Consultation Co ltd filed Critical Beijing Mtr Construction Consultation Co ltd
Priority to CN202011251538.1A priority Critical patent/CN112073272B/en
Publication of CN112073272A publication Critical patent/CN112073272A/en
Application granted granted Critical
Publication of CN112073272B publication Critical patent/CN112073272B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/20Trackside control of safe travel of vehicle or train, e.g. braking curve calculation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/20Trackside control of safe travel of vehicle or train, e.g. braking curve calculation
    • B61L2027/204Trackside control of safe travel of vehicle or train, e.g. braking curve calculation using Communication-based Train Control [CBTC]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mechanical Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)
  • Communication Control (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)

Abstract

The invention provides a method and a device for analyzing rail transit data based on index matching, wherein the rail transit data is obtained by packaging based on a secure communication layer protocol and an application layer protocol, and the method comprises the following steps: setting a corresponding safety communication layer protocol resolver for each safety communication layer protocol, and setting a corresponding application layer protocol resolver for each application layer protocol; utilizing a protocol to carry out protocol encapsulation on preset data to obtain a data stream, and constructing a characteristic index value library corresponding to the protocol; setting a protocol analyzer library according to a protocol analyzer corresponding to each protocol and a characteristic index value library; matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result. The analysis efficiency of the rail transit data can be improved.

Description

Method and device for analyzing rail transit data based on index matching
Technical Field
The invention relates to the technical field of rail transit, in particular to a method and a device for analyzing rail transit data based on index matching.
Background
The development of a Communication Based Train Control (CBTC) system is greatly promoted by the continuous development of urban rail transit. Under the condition of good communication condition, the system can realize the rail transit data communication with two-way, continuous, large capacity and high resolution among a plurality of subsystems of the CBTC system, and provides necessary conditions for the real-time and efficient control of urban rail transit trains.
In the development and test process of the CBTC system, the rail transit data running among the subsystems needs to be collected, the collected rail transit data are analyzed according to the communication protocols formulated by the subsystems, the running performance of each subsystem is obtained according to the analysis results, faults in the running process of the CBTC system are processed and analyzed, the running state of a rail transit train is effectively monitored, and therefore the running safety of the rail transit train is guaranteed.
At present, in the process of developing and testing a CBTC system, developed network data analysis tools all perform application layer analysis for a protocol of a single subsystem, for example, after capturing rail transit data communicated between subsystems by using a packet capture tool, such as Wireshark, ipool, and the like, application layer data in the rail transit data is analyzed by an application layer protocol analyzer of each subsystem pre-stored in the CBTC system, so as to obtain an analysis result, and perform corresponding analysis based on the analysis result. However, in the method for analyzing the rail transit data, in order to improve the transmission security of the rail transit data in practical application, the CTBC application layer data is transmitted after being encapsulated by using the secure communication layer protocol, so that the current application layer protocol analyzer cannot correctly analyze the rail transit data obtained by encapsulating the CTBC application layer data based on the secure communication layer protocol and the application layer protocol, and the analysis efficiency of the rail transit data is not high.
Disclosure of Invention
In view of the above, the present invention provides a method and an apparatus for analyzing rail transit data based on index matching, so as to improve the analysis efficiency of rail transit data.
In a first aspect, an embodiment of the present invention provides a method for analyzing rail transit data based on index matching, where the rail transit data is obtained by encapsulating based on a secure communication layer protocol and an application layer protocol, and the method includes:
acquiring a secure communication layer protocol and an application layer protocol, setting a corresponding secure communication layer protocol resolver for each secure communication layer protocol, and setting a corresponding application layer protocol resolver for each application layer protocol;
aiming at each protocol in a secure communication layer protocol and an application layer protocol, carrying out protocol encapsulation on preset data by using the protocol to obtain a data stream, analyzing the format of the data stream, extracting each characteristic index value in the format of the data stream, and constructing a characteristic index value library corresponding to the protocol;
setting a protocol resolver library according to a protocol resolver and a characteristic index value library corresponding to each protocol, wherein the protocol resolver comprises a safety communication layer protocol resolver and a corresponding characteristic index value library which are set based on a safety communication layer protocol, and an application layer protocol resolver and a corresponding characteristic index value library which are set based on an application layer protocol;
receiving rail transit data transmitted after the initial analysis by the packet capturing tool, matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result.
With reference to the first aspect, an embodiment of the present invention provides a first possible implementation manner of the first aspect, where the feature index value library includes: RSSP-1 protocol characteristic index value library, RSSP-2 protocol characteristic index value library, basic CBTC protocol characteristic index value library and FAO protocol characteristic index value library, wherein,
the RSSP-1 protocol characteristic index value library comprises: length value, protocol interaction class value, frame type value and cyclic redundancy check value;
the RSSP-2 protocol characteristic index value library comprises: an automatic link establishment packet value and an N/R flag value;
the basic CBTC protocol characteristic index value library comprises: the method comprises the steps of checking an interface type value, a sender identification value, a receiver identification value and a data version check information value;
the FAO protocol characteristic index value library comprises: an interface type value, a sender identification value, a receiver identification value, and a data version check information value.
With reference to the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the method further includes:
and if the obtained matching degrees do not have the matching degrees exceeding a preset matching degree threshold value, selecting all protocol resolvers in a protocol resolver library for resolving the rail transit data.
With reference to the first aspect, the first or second possible implementation manner of the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the parsing the rail transit data according to the obtained protocol parser to obtain a parsing result, where the parsing includes:
calling a safety communication layer protocol analyzer in the obtained protocol analyzers to analyze the rail transit data to obtain safety communication data and application layer data;
calling an application layer protocol analyzer in the obtained protocol analyzers to analyze the data of the application layer to obtain application data;
and combining the safety communication data and the application data to obtain an analysis result of the rail transit data.
With reference to the third possible implementation manner of the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where invoking a secure communication layer protocol parser in the obtained protocol parsers includes:
and sequencing the matching degrees corresponding to the safety communication layer protocol analyzers in the obtained protocol analyzers according to the sequence of the matching degrees from high to low, and calling the safety communication layer protocol analyzers according to the sequence.
With reference to the first aspect and the first or second possible implementation manner of the first aspect, an embodiment of the present invention provides a fifth possible implementation manner of the first aspect, where a matching degree between the rail transit data and the characteristic index value library is calculated by using the following formula:
Figure 538439DEST_PATH_IMAGE001
in the formula (I), the compound is shown in the specification,
Figure 617254DEST_PATH_IMAGE002
for track traffic data and
Figure DEST_PATH_IMAGE003
matching degree of each feature index library;
Figure 52914DEST_PATH_IMAGE004
is as follows
Figure 762244DEST_PATH_IMAGE003
The number of characteristic indexes contained in each characteristic index library;
Figure DEST_PATH_IMAGE005
for track traffic data and
Figure 650566DEST_PATH_IMAGE006
the number of feature indexes matched with the feature indexes in the feature index library.
With reference to the first aspect, the first or second possible implementation manner of the first aspect, an embodiment of the present invention provides a sixth possible implementation manner of the first aspect, where the method further includes:
and pushing the analysis result to a preset user by using mobility information.
In a second aspect, an embodiment of the present invention further provides an apparatus for analyzing rail transit data based on index matching, where the rail transit data is obtained by encapsulating based on a secure communication layer protocol and an application layer protocol, and the apparatus includes:
the analyzer setting module is used for acquiring the secure communication layer protocols and the application layer protocols, setting a corresponding secure communication layer protocol analyzer for each secure communication layer protocol, and setting a corresponding application layer protocol analyzer for each application layer protocol;
the characteristic index value base construction module is used for carrying out protocol encapsulation on preset data by utilizing a protocol to obtain a data stream aiming at each protocol in a secure communication layer protocol and an application layer protocol, analyzing the format of the data stream, extracting each characteristic index value in the format of the data stream and constructing a characteristic index value base corresponding to the protocol;
the protocol analyzer library generation module is used for setting a protocol analyzer library according to a protocol analyzer and a characteristic index value library corresponding to each protocol, wherein the protocol analyzer comprises a safety communication layer protocol analyzer set based on a safety communication layer protocol and a corresponding characteristic index value library, and an application layer protocol analyzer set based on an application layer protocol and a corresponding characteristic index value library;
and the data analysis module is used for receiving the rail transit data transmitted after the packet capturing tool is preliminarily analyzed, matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result.
In a third aspect, an embodiment of the present application provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the steps of the above method when executing the computer program.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, performs the steps of the method described above.
According to the method and the device for analyzing the rail transit data based on the index matching, provided by the embodiment of the invention, the rail transit data is obtained by packaging based on the safe communication layer protocol and the application layer protocol, the safe communication layer protocol and the application layer protocol are obtained, a corresponding safe communication layer protocol analyzer is set for each safe communication layer protocol, and a corresponding application layer protocol analyzer is set for each application layer protocol; aiming at each protocol in a secure communication layer protocol and an application layer protocol, carrying out protocol encapsulation on preset data by using the protocol to obtain a data stream, analyzing the format of the data stream, extracting each characteristic index value in the format of the data stream, and constructing a characteristic index value library corresponding to the protocol; setting a protocol resolver library according to a protocol resolver and a characteristic index value library corresponding to each protocol, wherein the protocol resolver comprises a safety communication layer protocol resolver and a corresponding characteristic index value library which are set based on a safety communication layer protocol, and an application layer protocol resolver and a corresponding characteristic index value library which are set based on an application layer protocol; receiving rail transit data transmitted after the initial analysis by the packet capturing tool, matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result. Therefore, the analysis of the rail transit data encapsulated based on the secure communication layer protocol and the application layer protocol can be automatically realized, and the efficiency and the success rate of data analysis are improved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic flowchart illustrating a method for analyzing rail transit data based on index matching according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram illustrating an apparatus for analyzing rail transit data based on index matching according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a computer device 300 according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
The existing rail transit data analysis method provided in the development and test of the CBTC system can only analyze rail transit data packaged by an application layer protocol, and can not correctly analyze rail transit data obtained by packaging based on a safe communication layer protocol and the application layer protocol, so that the analysis efficiency and the analysis success rate of the rail transit data are not high. In the embodiment of the invention, a protocol analyzer library is set, the protocol analyzer library comprises a protocol analyzer and a characteristic index library mapped by the protocol analyzer, wherein the protocol analyzer comprises a safety communication layer protocol analyzer set based on a safety communication layer protocol and an application layer protocol analyzer set based on an application layer protocol, and the protocol analyzer used for analyzing the rail transit data to be analyzed is determined based on the matching degree of the rail transit data to be analyzed and each characteristic index library in the protocol analyzer library, so that the analysis of the rail transit data to be analyzed based on index matching and packaged based on the safety communication layer protocol and the application layer protocol is realized, and the data analysis efficiency and the analysis success rate are improved.
The embodiment of the invention provides a method and a device for analyzing rail transit data based on index matching, which are described by the following embodiments.
Fig. 1 is a schematic flowchart illustrating a method for analyzing rail transit data based on index matching according to an embodiment of the present invention. As shown in fig. 1, the rail transit data is obtained by encapsulating based on a secure communication layer protocol and an application layer protocol, and the method includes:
step 101, acquiring a secure communication layer protocol and an application layer protocol, setting a corresponding secure communication layer protocol resolver for each secure communication layer protocol, and setting a corresponding application layer protocol resolver for each application layer protocol;
in this embodiment of the present invention, as an optional embodiment, the secure communication layer protocol includes but is not limited to: EN50159 Safety Protocol, FSFB Safety Protocol, CSEE Safety Protocol, and Railway Signal Safety communication layer Protocol (RSSP), wherein the RSSP further comprises: RSSP-1 and RSSP-2, etc., for each protocol included in the secure communication layer protocol, a corresponding protocol resolver is provided, for example, a FSFB security protocol resolver is provided for the FSFB security protocol, a CSEE security protocol resolver is provided for the CSEE security protocol, a RSSP-1 protocol resolver is provided for the RSSP-1, etc. Wherein, the corresponding protocol resolver is set according to the protocol, which can be referred to the related technical literature specifically, and the detailed description is omitted here.
In this embodiment of the present invention, as an optional embodiment, the application layer protocol includes but is not limited to: the basic CBTC protocol, the I-CBTC protocol, and the FAO protocol. Among them, the basic CBTC protocol includes but is not limited to: ATS-VOBC protocol, VOBC-ZC protocol, ZC-ZC protocol, CI-CI protocol and the like. And setting a corresponding protocol resolver for each protocol in the application layer protocol, which is the same as the setting of the safe communication layer protocol resolver for the safe communication layer protocol.
In the embodiment of the present invention, as an optional embodiment, a protocol parser set for each protocol in the secure communication layer protocol may be packaged to form a secure communication layer protocol parsing library, and in a subsequent application, when a new secure communication layer protocol exists, a protocol parser corresponding to the new secure communication layer protocol is placed in the secure communication layer protocol parsing library, so that the protocol is convenient for extended application.
102, aiming at each protocol in a secure communication layer protocol and an application layer protocol, carrying out protocol encapsulation on preset data by using the protocol to obtain a data stream, analyzing the format of the data stream, extracting each characteristic index value in the format of the data stream, and constructing a characteristic index value library corresponding to the protocol;
in the embodiment of the invention, after the data is encapsulated by the protocol, the encapsulated data (byte stream) has a specific format, so that the rail transit data to be analyzed can be matched by using the specific format to determine the protocol adopted by the encapsulation.
In the implementation of the present invention, as an optional embodiment, for the RSSP-1 protocol parser, the characteristic index value library includes: a length value, a protocol interaction class value, a frame type value, and a Cyclic Redundancy Check (CRC) value;
for the RSSP-2 protocol parser, the characteristic index value library comprises: an Automatic Link Establishment (ALE) packet value and an N/R flag value;
for the base CBTC protocol parser, the characteristic index value library comprises: interface type value, sender identification value, receiver identification value, data version check information value, and the like.
For the FAO protocol parser, the characteristic index value library comprises: interface type value, sender identification value, receiver identification value, data version check information value, and the like.
In an embodiment of the present invention, a protocol corresponds to a protocol parser and a feature index value library, where feature index values in the feature index value library include a location value and an index value, for example, for an interface type value in the feature index value library of a basic CBTC protocol parser, the method specifically includes: the position value is the first two bytes of the byte stream, and the index value is nonzero, which is not limited in the embodiment of the invention. In the embodiment of the present invention, for a feature index value library corresponding to a certain protocol, functions of each feature index in the feature index value library in identifying the protocol adopted by the package may be different, and therefore, as an optional embodiment, the method further includes:
and setting corresponding characteristic weight coefficients for each characteristic index value in the characteristic index value library, wherein the sum of the characteristic weight coefficients is equal to 1.
In the embodiment of the present invention, as another optional embodiment, a regular expression may be further used to set a role played by each feature index in the feature index value library when identifying a protocol adopted by the package. For example, for the feature index value library corresponding to the basic CBTC protocol parser, a regular expression is set, if the feature index value library matches with the interface type value, the feature index value library continues to be matched with other feature index values in the feature index value library, and if the feature index value library does not match with the interface type value, the matching failure is directly displayed, and the matching is terminated.
103, setting a protocol resolver library according to a protocol resolver and a characteristic index value library corresponding to each protocol, wherein the protocol resolver comprises a safety communication layer protocol resolver and a corresponding characteristic index value library which are set based on a safety communication layer protocol, and an application layer protocol resolver and a corresponding characteristic index value library which are set based on an application layer protocol;
in the embodiment of the present invention, as an alternative embodiment, the protocol parser library composed of the protocol, the protocol parser and the feature index value library may be represented in a table form, for example, as shown in table 1.
TABLE 1
Protocol Protocol parser Characteristic index value library
RSSP-1 RSSP-1 protocol resolver RSSP-1 characteristic index value library
ATS-VOBC protocol ATS-VOBC protocol resolver ATS-VOBC characteristic index value library
And 104, receiving the rail transit data transmitted after the initial analysis by the packet capturing tool, matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result.
In the embodiment of the invention, the packet capturing tool captures rail transit data communicated among a plurality of subsystems of the CBTC system, analyzes the captured rail transit data according to a TCP/IP protocol, and transmits the analyzed rail transit data. As an alternative embodiment, the bale plucking means includes, but is not limited to: wireshark and IPtool, and the like.
In the embodiment of the invention, in the network communication process, the safety communication layer data and the CBTC application layer data are application data of a TCP/UDP data packet. The data of the application layer is obtained by encapsulating the data of the application layer by using an application layer protocol, and the data of the safety communication layer is obtained by encapsulating the data of the application layer by using a safety communication layer protocol.
In the embodiment of the invention, the TCP/UDP data packet comprises: various combinations exist between the secure communication layer data and the application layer data, and between the secure communication layer protocol and the application layer protocol, for example, the secure communication layer protocol is RSSP-1, and the application layer protocol is I-CBTC protocol or FAO protocol.
In the embodiment of the present invention, as an optional embodiment, the matching degree between the rail transit data and the characteristic index value library is calculated by using the following formula:
Figure DEST_PATH_IMAGE007
in the formula (I), the compound is shown in the specification,
Figure 470754DEST_PATH_IMAGE008
for track traffic data and
Figure 823238DEST_PATH_IMAGE006
matching degree of each feature index library;
Figure 703469DEST_PATH_IMAGE009
is as follows
Figure 141404DEST_PATH_IMAGE006
The number of characteristic indexes contained in each characteristic index library;
Figure 499704DEST_PATH_IMAGE005
for track traffic data and
Figure 972274DEST_PATH_IMAGE006
the number of feature indexes matched with the feature indexes in the feature index library.
In the embodiment of the invention, if a certain track traffic data is matched with five characteristic indexes in an RSSP-1 characteristic index value library, the number of successfully matched characteristic indexes is 3, the matching degree of the track traffic data and the RSSP-1 characteristic index value library is 0.6, the track traffic data is matched with eight characteristic indexes in an ATS-VOBC characteristic index value library, the number of successfully matched characteristic indexes is 3, the matching degree of the track traffic data and the ATS-VOBC characteristic index value library is 0.375, the track traffic data and six characteristic indexes in a FAO characteristic index value library are matched, the number of successfully matched characteristic indexes is 4, the matching degree of the track traffic data and the FAO characteristic index value library is 0.667, if a preset matching degree threshold value is 0.5, an RSSP-1 protocol resolver corresponding to the SP-1 characteristic index value library is obtained, and a FAO protocol resolver corresponding to the FAO characteristic index value library is obtained, and analyzing the rail transit data.
For example, the protocol parser library includes a protocol 1 parser, a protocol 2 parser, a protocol 3 parser, … … and a protocol n parser, each protocol parser has a corresponding id packet structure, each id packet structure has a plurality of feature indexes, the plurality of feature indexes of each protocol parser form a feature index value library of the protocol parser, a byte stream corresponding to the track traffic data is respectively matched with each feature index value library, and a matching degree between the byte stream and each feature index value library is calculated. As another alternative, the matching degree may also be calculated according to the feature weight coefficient of the feature index with which matching is successful. As a further alternative embodiment, the matching degree may also be calculated according to the regular expression, for example, in the embodiment of the present invention, taking a byte stream (16-ary) corresponding to the track traffic data as an example, the byte stream is:
00 00 EA 02 06 5A …
the byte stream is sequentially matched with the feature index values in each feature index library, for example, the byte stream is compared with the feature index library corresponding to the basic CBTC protocol parser, the first two bytes of the byte stream are 00, the interface type in the feature index library corresponding to the CBTC protocol parser corresponds to the CBTC protocol parser, and for the interface type in the feature index library corresponding to the CBTC protocol parser, the first two bytes of the byte stream are required to be non-00, so that the matching result is an illegal interface type value, and the matching degree is 0 according to a preset regular expression.
According to the matching degree of the rail transit data and each protocol analyzer, the protocol analyzer with the matching degree exceeding the preset matching degree threshold is used for analyzing the rail transit data.
In the embodiment of the invention, if the matching degree exceeding the preset matching degree threshold does not exist in the obtained matching degrees, as an optional embodiment, all protocol resolvers are selected for resolving the rail transit data, as another optional embodiment, the protocol resolvers without matching can be returned, and the resolution of the rail transit data is terminated.
In this embodiment of the present invention, as an optional embodiment, the analyzing the rail transit data according to the obtained protocol analyzer to obtain an analysis result includes:
a11, calling a safety communication layer protocol analyzer in the obtained protocol analyzers, analyzing the rail transit data, and obtaining safety communication data and application layer data;
in the embodiment of the invention, as an optional embodiment, the secure communication layer protocol resolvers in the obtained protocol resolvers are sequentially called to resolve the rail transit data, if the resolving is successful, the next secure communication layer protocol resolver does not need to be called, and if the resolving is unsuccessful, the next secure communication layer protocol resolver is called until the resolving is successful or all the secure communication layer protocol resolvers are called.
In this embodiment of the present invention, as an optional embodiment, the invoking a secure communication layer protocol parser in the obtained protocol parser includes:
and sequencing the matching degrees corresponding to the safety communication layer protocol analyzers in the obtained protocol analyzers according to the sequence of the matching degrees from high to low, and calling the safety communication layer protocol analyzers according to the sequence.
A12, calling an application layer protocol resolver in the obtained protocol resolvers to resolve the data of the application layer to obtain application data;
and A13, combining the safety communication data and the application data to obtain an analysis result of the rail transit data.
In the embodiment of the invention, the design is carried out according to urban rail transit and interconnection standards, the secondary development is carried out based on Wireshark, the protocol analyzer for analyzing rail transit data based on index matching is determined by using a fuzzy matching degree method through expanding a rail transit communication protocol analysis method, the rail transit data (network data) can be analyzed layer by layer until reaching a CBTC application layer, various rail transit data defined by the standards can be analyzed, the requirements of CBTC system test and communication data analysis are met, the full stack analysis of the network data is realized, and the analysis success rate and the analysis efficiency of the rail transit data are improved.
In the embodiment of the invention, the protocol resolver is determined by fuzzy matching, so that the resolution of the rail transit data encapsulated by protocols of different versions can be realized, for example, the protocol resolver in a protocol resolver library can be compatible with the situation of protocol version upgrading.
The method for analyzing the rail transit data based on the index matching has flexible expandability, the extensible parser is not limited to the application layer protocol parser interconnected and communicated by the CBTC, and can be any parser used in a rail transit system, and the protocol parser for analyzing the rail transit data based on the index matching is determined by utilizing the fuzzy matching degree method, so that the analysis of each level protocol can be realized.
In this embodiment of the present invention, as an optional embodiment, the method further includes:
and pushing the analysis result to a preset user by using mobility information.
In the embodiment of the invention, the analysis result is sent to the corresponding user through the mobility information, so that the user can acquire the analysis information in time, the operation of the CBTC system is monitored according to the analysis information, and the CBTC system is processed in time when the operation abnormity is found.
In the embodiment of the invention, a protocol analyzer is selected according to the matching degree, the rail transit data is analyzed, and the analysis result is displayed to a user. As an optional embodiment, the parsing result includes: and (4) all field meanings contained in the rail transit data to be analyzed and the value of each field.
In the embodiment of the invention, if the determined protocol analyzer can not analyze the rail transit data, the failure of analysis is displayed, and corresponding failure prompt information is given.
Fig. 2 is a schematic structural diagram illustrating an apparatus for analyzing track traffic data based on index matching according to an embodiment of the present invention. As shown in fig. 2, the rail transit data is obtained by encapsulating based on a secure communication layer protocol and an application layer protocol, and the apparatus includes:
the resolver setting module 201 is configured to obtain a secure communication layer protocol and an application layer protocol, set a corresponding secure communication layer protocol resolver for each secure communication layer protocol, and set a corresponding application layer protocol resolver for each application layer protocol;
in this embodiment of the present invention, as an optional embodiment, the secure communication layer protocol includes but is not limited to: EN50159 security protocol, FSFB security protocol, CSEE security protocol and RSSP.
A feature index value library construction module 202, configured to, for each protocol in a secure communication layer protocol and an application layer protocol, utilize the protocol to perform protocol encapsulation on preset data to obtain a data stream, analyze a format of the data stream, extract each feature index value in the format of the data stream, and construct a feature index value library corresponding to the protocol;
in this embodiment, as an optional embodiment, the feature index value library includes: RSSP-1 protocol characteristic index value library, RSSP-2 protocol characteristic index value library, basic CBTC protocol characteristic index value library and FAO protocol characteristic index value library, wherein,
the RSSP-1 protocol characteristic index value library comprises: length value, protocol interaction class value, frame type value and cyclic redundancy check value;
the RSSP-2 protocol characteristic index value library comprises: an automatic link establishment packet value and an N/R flag value;
the basic CBTC protocol characteristic index value library comprises: the method comprises the steps of checking an interface type value, a sender identification value, a receiver identification value and a data version check information value;
the FAO protocol characteristic index value library comprises: an interface type value, a sender identification value, a receiver identification value, and a data version check information value.
In the embodiment of the present invention, as an optional embodiment, a corresponding feature weight coefficient may be further set for each feature index value in the feature index value library, and the sum of the feature weight coefficients is equal to 1; or setting the role of each characteristic index in the characteristic index value library in identifying the protocol adopted by the package by using a regular expression.
A protocol parser library generation module 203, configured to set a protocol parser library according to a protocol parser and a feature index value library corresponding to each protocol, where the protocol parser includes a secure communication layer protocol parser set based on a secure communication layer protocol and a corresponding feature index value library, and an application layer protocol parser set based on an application layer protocol and a corresponding feature index value library;
the data analysis module 204 is configured to receive rail transit data transmitted after the initial analysis by the packet capturing tool, match a byte stream corresponding to the rail transit data with each feature index value library in the protocol parser library, obtain a protocol parser corresponding to the feature index value library with a matching degree exceeding a preset matching degree threshold, and parse the rail transit data according to the obtained protocol parser to obtain a parsing result.
In this embodiment of the present invention, as an optional embodiment, the analyzing the rail transit data according to the obtained protocol analyzer to obtain an analysis result includes:
calling a safety communication layer protocol analyzer in the obtained protocol analyzers to analyze the rail transit data to obtain safety communication data and application layer data;
calling an application layer protocol analyzer in the obtained protocol analyzers to analyze the data of the application layer to obtain application data;
and combining the safety communication data and the application data to obtain an analysis result of the rail transit data.
In this embodiment of the present invention, as an optional embodiment, the invoking a secure communication layer protocol parser in the obtained protocol parser includes:
and sequencing the matching degrees corresponding to the safety communication layer protocol analyzers in the obtained protocol analyzers according to the sequence of the matching degrees from high to low, and calling the safety communication layer protocol analyzers according to the sequence.
In the embodiment of the present invention, as an optional embodiment, the matching degree between the rail transit data and the characteristic index value library is calculated by using the following formula:
Figure 26336DEST_PATH_IMAGE007
in the formula (I), the compound is shown in the specification,
Figure 951567DEST_PATH_IMAGE008
for track traffic data and
Figure 113558DEST_PATH_IMAGE006
matching degree of each feature index library;
Figure 175055DEST_PATH_IMAGE009
is as follows
Figure 397089DEST_PATH_IMAGE006
The number of characteristic indexes contained in each characteristic index library;
Figure 747299DEST_PATH_IMAGE005
for track traffic data and
Figure 712981DEST_PATH_IMAGE006
the number of feature indexes matched with the feature indexes in the feature index library.
In this embodiment of the present invention, as an optional embodiment, the data parsing module 204 is further configured to:
and if the obtained matching degrees do not have the matching degrees exceeding a preset matching degree threshold value, selecting all protocol resolvers in a protocol resolver library for resolving the rail transit data.
In this embodiment of the present invention, as an optional embodiment, the apparatus further includes:
and a pushing module (not shown in the figure) for pushing the analysis result to a preset user with mobility information.
As shown in fig. 3, an embodiment of the present application provides a computer device 300, configured to execute the method for analyzing rail transit data based on index matching in fig. 1, where the device includes a memory 301, a processor 302, and a computer program stored on the memory 301 and executable on the processor 302, where the processor 302 implements the steps of the method for analyzing rail transit data based on index matching when executing the computer program.
Specifically, the memory 301 and the processor 302 can be general-purpose memory and processor, and are not limited to specific examples, and when the processor 302 runs a computer program stored in the memory 301, the method for analyzing the rail transit data based on the index matching can be performed.
Corresponding to the method for analyzing rail transit data based on index matching in fig. 1, an embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the method for analyzing rail transit data based on index matching.
Specifically, the storage medium can be a general-purpose storage medium, such as a removable disk, a hard disk, or the like, and when executed, the computer program on the storage medium can execute the method for analyzing the rail transit data based on index matching.
In the embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. The above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and there may be other divisions in actual implementation, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of systems or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments provided in the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus once an item is defined in one figure, it need not be further defined and explained in subsequent figures, and moreover, the terms "first", "second", "third", etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the present disclosure, which should be construed in light of the above teachings. Are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method for analyzing rail transit data based on index matching is characterized in that the rail transit data is obtained by packaging based on a secure communication layer protocol and an application layer protocol, and comprises the following steps:
acquiring a secure communication layer protocol and an application layer protocol, setting a corresponding secure communication layer protocol resolver for each secure communication layer protocol, and setting a corresponding application layer protocol resolver for each application layer protocol;
aiming at each protocol in a secure communication layer protocol and an application layer protocol, carrying out protocol encapsulation on preset data by using the protocol to obtain a data stream, analyzing the format of the data stream, extracting each characteristic index value in the format of the data stream, and constructing a characteristic index value library corresponding to the protocol;
setting a protocol resolver library according to a protocol resolver and a characteristic index value library corresponding to each protocol, wherein the protocol resolver comprises a safety communication layer protocol resolver and a corresponding characteristic index value library which are set based on a safety communication layer protocol, and an application layer protocol resolver and a corresponding characteristic index value library which are set based on an application layer protocol;
receiving rail transit data transmitted after the initial analysis by the packet capturing tool, matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result.
2. The method of claim 1, wherein the library of characterization indicator values comprises: RSSP-1 protocol characteristic index value library, RSSP-2 protocol characteristic index value library, basic CBTC protocol characteristic index value library and FAO protocol characteristic index value library, wherein,
the RSSP-1 protocol characteristic index value library comprises: length value, protocol interaction class value, frame type value and cyclic redundancy check value;
the RSSP-2 protocol characteristic index value library comprises: an automatic link establishment packet value and an N/R flag value;
the basic CBTC protocol characteristic index value library comprises: the method comprises the steps of checking an interface type value, a sender identification value, a receiver identification value and a data version check information value;
the FAO protocol characteristic index value library comprises: an interface type value, a sender identification value, a receiver identification value, and a data version check information value.
3. The method of claim 1, further comprising:
and if the obtained matching degrees do not have the matching degrees exceeding a preset matching degree threshold value, selecting all protocol resolvers in a protocol resolver library for resolving the rail transit data.
4. The method according to any one of claims 1 to 3, wherein the parsing the rail transit data according to the obtained protocol parser to obtain a parsing result includes:
calling a safety communication layer protocol analyzer in the obtained protocol analyzers to analyze the rail transit data to obtain safety communication data and application layer data;
calling an application layer protocol analyzer in the obtained protocol analyzers to analyze the data of the application layer to obtain application data;
and combining the safety communication data and the application data to obtain an analysis result of the rail transit data.
5. The method of claim 4, wherein invoking a secure communication layer protocol parser of the retrieved protocol parsers comprises:
and sequencing the matching degrees corresponding to the safety communication layer protocol analyzers in the obtained protocol analyzers according to the sequence of the matching degrees from high to low, and calling the safety communication layer protocol analyzers according to the sequence.
6. The method according to any one of claims 1 to 3, wherein the matching degree of the rail transit data with the characteristic index value library is calculated by using the following formula:
Figure 487092DEST_PATH_IMAGE001
in the formula (I), the compound is shown in the specification,
Figure 614448DEST_PATH_IMAGE002
for track traffic data and
Figure 514271DEST_PATH_IMAGE003
matching degree of each feature index library;
Figure 18065DEST_PATH_IMAGE004
is as follows
Figure 319733DEST_PATH_IMAGE003
The number of characteristic indexes contained in each characteristic index library;
Figure 617991DEST_PATH_IMAGE005
for track traffic data and
Figure 5110DEST_PATH_IMAGE006
the number of feature indexes matched with the feature indexes in the feature index library.
7. The method according to any one of claims 1 to 3, further comprising:
and pushing the analysis result to a preset user by using mobility information.
8. The device for analyzing the rail transit data based on the index matching is characterized in that the rail transit data is obtained by packaging based on a secure communication layer protocol and an application layer protocol, and comprises the following steps:
the analyzer setting module is used for acquiring the secure communication layer protocols and the application layer protocols, setting a corresponding secure communication layer protocol analyzer for each secure communication layer protocol, and setting a corresponding application layer protocol analyzer for each application layer protocol;
the characteristic index value base construction module is used for carrying out protocol encapsulation on preset data by utilizing a protocol to obtain a data stream aiming at each protocol in a secure communication layer protocol and an application layer protocol, analyzing the format of the data stream, extracting each characteristic index value in the format of the data stream and constructing a characteristic index value base corresponding to the protocol;
the protocol analyzer library generation module is used for setting a protocol analyzer library according to a protocol analyzer and a characteristic index value library corresponding to each protocol, wherein the protocol analyzer comprises a safety communication layer protocol analyzer set based on a safety communication layer protocol and a corresponding characteristic index value library, and an application layer protocol analyzer set based on an application layer protocol and a corresponding characteristic index value library;
and the data analysis module is used for receiving the rail transit data transmitted after the packet capturing tool is preliminarily analyzed, matching the byte stream corresponding to the rail transit data with each characteristic index value library in the protocol analyzer library, acquiring a protocol analyzer corresponding to the characteristic index value library with the matching degree exceeding a preset matching degree threshold, and analyzing the rail transit data according to the acquired protocol analyzer to obtain an analysis result.
9. A computer device, comprising: a processor, a memory and a bus, the memory storing machine readable instructions executable by the processor, the processor and the memory communicating over the bus when a computer device is running, the machine readable instructions when executed by the processor performing the steps of the method of resolving track traffic data based on metric matching according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method for resolving track traffic data on the basis of index matching according to one of claims 1 to 7.
CN202011251538.1A 2020-11-11 2020-11-11 Method and device for analyzing rail transit data based on index matching Active CN112073272B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011251538.1A CN112073272B (en) 2020-11-11 2020-11-11 Method and device for analyzing rail transit data based on index matching

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011251538.1A CN112073272B (en) 2020-11-11 2020-11-11 Method and device for analyzing rail transit data based on index matching

Publications (2)

Publication Number Publication Date
CN112073272A true CN112073272A (en) 2020-12-11
CN112073272B CN112073272B (en) 2021-02-26

Family

ID=73655801

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011251538.1A Active CN112073272B (en) 2020-11-11 2020-11-11 Method and device for analyzing rail transit data based on index matching

Country Status (1)

Country Link
CN (1) CN112073272B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114666424A (en) * 2022-03-24 2022-06-24 卡斯柯信号(成都)有限公司 Configurable railway signal communication data analysis method
CN115866077A (en) * 2023-02-23 2023-03-28 眉山环天智慧科技有限公司 Self-adaptive Internet of things TCP (Transmission control protocol) dynamic processing system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741908A (en) * 2009-12-25 2010-06-16 青岛朗讯科技通讯设备有限公司 Identification method for application layer protocol characteristic
CN102082762A (en) * 2009-11-30 2011-06-01 华为技术有限公司 Protocol identification method and device and system for same
KR20150123386A (en) * 2014-04-24 2015-11-04 현대로템 주식회사 CBTC signal system and handover method in the system
CN106375298A (en) * 2016-08-30 2017-02-01 湖南中车时代通信信号有限公司 Method for realizing configurable secure communication protocol
CN108062085A (en) * 2017-11-13 2018-05-22 北京全路通信信号研究设计院集团有限公司 Control method and control system
CN108134779A (en) * 2017-12-06 2018-06-08 交控科技股份有限公司 CBTC communication system protocols analytic method, protocol library management method and protocol library

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082762A (en) * 2009-11-30 2011-06-01 华为技术有限公司 Protocol identification method and device and system for same
CN101741908A (en) * 2009-12-25 2010-06-16 青岛朗讯科技通讯设备有限公司 Identification method for application layer protocol characteristic
KR20150123386A (en) * 2014-04-24 2015-11-04 현대로템 주식회사 CBTC signal system and handover method in the system
CN106375298A (en) * 2016-08-30 2017-02-01 湖南中车时代通信信号有限公司 Method for realizing configurable secure communication protocol
CN108062085A (en) * 2017-11-13 2018-05-22 北京全路通信信号研究设计院集团有限公司 Control method and control system
CN108134779A (en) * 2017-12-06 2018-06-08 交控科技股份有限公司 CBTC communication system protocols analytic method, protocol library management method and protocol library

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谢和欢: "LTE-M通信系统接口在线监测技术研究", 《铁路通信信号工程技术(RSCE)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114666424A (en) * 2022-03-24 2022-06-24 卡斯柯信号(成都)有限公司 Configurable railway signal communication data analysis method
CN114666424B (en) * 2022-03-24 2024-03-08 卡斯柯信号(成都)有限公司 Configurable railway signal communication data analysis method
CN115866077A (en) * 2023-02-23 2023-03-28 眉山环天智慧科技有限公司 Self-adaptive Internet of things TCP (Transmission control protocol) dynamic processing system and method

Also Published As

Publication number Publication date
CN112073272B (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN112104670B (en) Method and device for analyzing rail transit data based on link mapping
CN112073272B (en) Method and device for analyzing rail transit data based on index matching
KR100895102B1 (en) System and method detection of a file
CN112104669B (en) Method and device for analyzing rail transit data based on protocol extension
CN106254172A (en) Heterogeneous applications collecting method and device
CN103297267B (en) A kind of methods of risk assessment of network behavior and system
CN101764717A (en) Network management warning data checking method and system
CN111427796A (en) System testing method and device and electronic equipment
US10333803B2 (en) Relay apparatus and relay method
KR101619691B1 (en) Method and system for analyzing program error
JP5250505B2 (en) Mobile communication device test system and test method
CN114584619A (en) Equipment data analysis method and device, electronic equipment and storage medium
CN105843740B (en) Method and device for detecting code compiling result
CN110287700A (en) A kind of iOS application safety analytical method and device
CN108845995A (en) Data processing method, device, storage medium and electronic device
CN115952515B (en) Data security processing method and device based on big data
CN114007043B (en) Video decoding method, device and system based on video data fingerprint characteristics
CN105429982A (en) Method and device for analyzing communication content between client and server
CN104504029B (en) Data convert information processing method and device
CN113923189B (en) IP address record information checking method and device based on data flow
CN113037521B (en) Method for identifying state of communication equipment, communication system and storage medium
CN113868137A (en) Method, device and system for processing buried point data and server
CN110298018B (en) Text data processing method, device, computer equipment and storage medium
CN102622322B (en) A kind of method, black box and server utilizing black box to obtain crash info
CN115118793B (en) BLF file analysis fault tolerance method and device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant