CN112130798A - Weapon equipment control endogenous safety computer design system and method - Google Patents
Weapon equipment control endogenous safety computer design system and method Download PDFInfo
- Publication number
- CN112130798A CN112130798A CN202011009013.7A CN202011009013A CN112130798A CN 112130798 A CN112130798 A CN 112130798A CN 202011009013 A CN202011009013 A CN 202011009013A CN 112130798 A CN112130798 A CN 112130798A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- control
- service
- heterogeneous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000013461 design Methods 0.000 title claims abstract description 34
- 230000008569 process Effects 0.000 claims abstract description 15
- 239000003795 chemical substances by application Substances 0.000 claims description 26
- 230000004044 response Effects 0.000 claims description 24
- 238000004140 cleaning Methods 0.000 claims description 20
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 16
- 230000003139 buffering effect Effects 0.000 claims description 16
- 238000007405 data analysis Methods 0.000 claims description 12
- 238000011084 recovery Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 8
- 238000006317 isomerization reaction Methods 0.000 claims description 4
- 238000011144 upstream manufacturing Methods 0.000 claims description 3
- 230000007123 defense Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000002195 synergetic effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
- G06F3/1423—Digital output to display device ; Cooperation and interconnection of the display device with other functional units controlling a plurality of local displays, e.g. CRT and flat panel display
- G06F3/1431—Digital output to display device ; Cooperation and interconnection of the display device with other functional units controlling a plurality of local displays, e.g. CRT and flat panel display using a single graphics controller
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Graphics (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Multi Processors (AREA)
Abstract
The invention provides a weapon equipment control endogenous safety computer design system, which comprises: the system comprises a distribution agent module, a heterogeneous executive body module, a resolution service module and a feedback control module; one or more heterogeneous executive modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch. The invention designs a display switching function aiming at the condition that the weapon equipment controls the multi-path display and the control of a computer, provides the control from multi-path screen display to single-path display, and outputs the control with an arbitration service to select according to the judgment result. The user's control input for the screen is sent to the distribution agent by display switching and submitted to the currently running executives, so as to ensure the state consistency of all the executives in the running process.
Description
Technical Field
The invention relates to the field of computer network security, in particular to a weapon equipment control endogenous security computer design system and a weapon equipment control endogenous security computer design method.
Background
The safety of the domestic weaponry is primarily aimed at protecting the safety of weaponry commands, the receiver of the weaponry safety commands receives the safety commands sent by the ground safety control equipment, the commands are sent to the safety controller after decoding and identification, and the controller outputs execution commands to complete ground information command tasks. The information command is generally a binary digital coding command to increase the anti-interference capability, and the information system has a strong command conversion function, and is usually provided with hundreds of commands to select before the weapon is fired. The selected order is ordered into the information order receiver, and then the information transmitter is connected to the receiver to make order generation, transmission and detection check. The weapon equipment information data protection means mainly comprises: (1) the traffic is encrypted so that any unauthorized party cannot interpret the content of the information from the authorized source. The encryption service uses a data encryption algorithm to transform plaintext data into ciphertext data so as to prevent data content from leaking; (2) the integrity service ensures that the information of the authorized source is not modified illegally in the processes of sending, transmitting and receiving; (3) the authentication service can prevent the forged data attack of an illegal person, wherein the forged data attack comprises the plagiarism attack, and the authentication service is realized by checking a data source address protected by an encryption service or an integrity service, counting a data sending sequence and the like.
However, the above methods are all based on the aspect of data protection to improve equipment safety. The mimicry defense technology is a novel active defense technology provided by scientists in China, and the core of the mimicry defense technology is to realize dynamic, heterogeneous and redundant endogenous safety design from the architecture level, so that the system can normally run when receiving backdoor and vulnerability threat attacks and is not influenced.
The existing computer design for preventing hacker attack includes partition design for hardware isolation and network defense method based on encryption algorithm reconstruction.
Patent document "anti-hacking computer design" with publication number CN110337651A discloses a computer structure disclosed for implementing an anti-hacking computing device, which is mainly an anti-hacking method proposed from the viewpoint of hacking. The passive defense system is based on the passive defense of hacker access and stealing related operations, and the invention provided by the invention is a novel active defense mode oriented to weapon equipment control, and has different technical fields.
The patent document with publication number "107065750 a" dynamic defense method for intrinsically safe industrial control networks "discloses a dynamic defense method for intrinsically safe industrial control networks, which is characterized in that dynamic reconfiguration of an encryption algorithm is performed, while the invention proposed herein performs heterogeneous design on a control execution body from the perspective of mimicry defense, and realizes that the receiving and sending of weapon equipment control instructions are not affected even under abnormal conditions through the synergistic action of a distribution and arbitration module and a feedback control module.
Disclosure of Invention
In view of the defects in the prior art, the invention aims to provide a weapon equipment control endogenous safety computer design system and a weapon equipment control endogenous safety computer design method.
According to one aspect of the invention, there is provided a weaponry control endogenous security computer design system, comprising the following modules: the system comprises a distribution agent module, a heterogeneous executive body module, a resolution service module and a feedback control module;
one or more heterogeneous executive modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch.
Preferably, the distribution agent module includes: the system comprises a network data transceiver module, a frame data signature module, a data buffer module and a frame data forwarding module; the network data transceiver module receives the datagram from the upstream, submits the datagram to a data buffering queue of the data buffering module for buffering, and after uniform coding and signature are carried out through the frame data signature of the frame data signature module, the datagram is copied into three parts through the frame data forwarding module and is respectively submitted to each control executive body.
Preferably, the heterogeneous executive module provides and constitutes heterogeneous control executives, war plans, weaponry control data and instructions from distribution equipment and external equipment provided by the distribution agent module are transmitted to the weaponry control executives in a one-to-many mode, after data encryption and decryption and data analysis processes, the heterogeneous control executives forward data responses, instruction response states and context states to the decision service module, and the decision service module outputs correct results based on a majority voting mechanism.
Preferably, the arbitration service module comprises a network data transceiver module, a frame queue management module, a policy management module, a result arbitration module and a result feedback module; the network data transceiver module receives data from a control executive and submits the data to a frame queue of a frame queue management module for buffering, signature is analyzed, three datagrams with uniform signatures are obtained, result comparison is carried out in a result judging module according to a judging strategy of a strategy management module, correct results are output, judging records are reported to a feedback control module, and if the judging service finds that a plurality of executive response data of a system are inconsistent, the feedback control module is called to carry out asynchronous cleaning recovery processing according to a preset strategy of judging equipment.
Preferably, the feedback control module comprises a network data transceiver module, a decision result recording module, a log analysis module and an executive body cleaning control module; the feedback control module receives the result reported by the judgment service module through the network data transceiver module, records the result through the judgment result recording module, judges whether the application executive body is abnormal or not through log comparison and analysis in the log analysis module, and initiates a cleaning control instruction for the abnormal application executive body through the executive body clear control module so as to provide self-healing feedback capacity for the endogenous safety application system.
According to another aspect of the present invention, there is provided a weaponry control intrinsic safety computer design method, according to the above-mentioned weaponry control intrinsic safety computer design system, including the steps of: a distribution agent step, a heterogeneous executive body step, a sanction service step and a feedback control step.
Preferably, the distribution agent step includes:
substep 1: maintaining the information of codes, domain names, addresses, forwarding channels, forwarding ports and the like of all devices in the system to form an integral routing list of the system;
substep 2: after receiving the data message or file from the port, analyzing the message header to retrieve the destination user code, simultaneously inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port, and forwarding the data message or file according to the requirement;
substep 3: aiming at the endogenous safety protection of the forwarded message, multiple copies are formed through the isomerization design of application software, and data analysis is independently performed when the message needing to be forwarded is received, so that the routing table query is completed.
Preferably, the heterogeneous implementation step comprises:
substep 1: the arbitration service software receives the data from the application executive body and submits the data to a frame queue for buffering, and the signature is analyzed to obtain three datagrams with uniform signatures;
substep 2: comparing results of the three datagrams obtained after signature analysis according to a decision strategy, outputting correct results, and reporting a decision record to feedback control service software;
substep 3: if the arbitration service finds that the system has a condition that the response data of a plurality of execution bodies are inconsistent, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the arbitration device.
Preferably, the feedback control step includes:
substep 1: recording the result reported by the arbitration service software in the running process and recording the result as a log;
substep 2: whether the application executer is abnormal or not is judged through log comparison and analysis, and a cleaning control instruction is initiated aiming at the abnormal application executer, so that self-healing feedback capability is provided for the endogenous safety application system.
Preferably, the heterogeneous implementation step comprises: and transmitting the war plans, weapon equipment control data and instructions from the distribution equipment and the external equipment provided by the distribution agent step to a plurality of weapon equipment control executives in a one-to-many mode, after data encryption and decryption and data analysis processes, the heterogeneous control executives forward the data response, the instruction response state and the context state to the decision service step, and the decision service step outputs a correct result based on a majority voting mechanism.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention is based on the DHR framework of the mimicry defense, realizes the TCP data receiving and sending based on the C/S framework under the condition of not changing the system operation flow, and realizes the endogenous safety design of the computer through different configurations of the embedded heterogeneous executors.
2. According to the invention, by researching the background of requirements for functions and information safety of a weapon equipment ground system, the display control and business modules of a computer are separated, output control is carried out through a decision service, display of abnormal information is switched in real time, and the efficiency of system cleaning recovery is improved.
3. The distribution agent, the arbitration service and the feedback control module of the endogenous safety computer all adopt an embedded real-time processing mode, so that the real-time performance and the time certainty of the computer service processing are well ensured.
4. The invention takes the functions and information safety of the ground system of the weapon equipment as the background of requirements, takes the traditional weapon equipment safety method as the basis, integrates the idea of endogenous safety into the computer architecture design, develops the endogenous safety control computer facing the weapon equipment, solves the endogenous safety problem of the weapon equipment control computer from the architecture level, and provides powerful guarantee for the weapon equipment system.
5. The invention greatly improves the safety of the system by separating different modules such as display control, service and the like.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a block diagram of a weaponry control endogenous security computer system;
FIG. 2 is a diagram of a weaponry control endogenous safety computer system architecture;
FIG. 3 is a diagram of weaponry control endogenous security computer information flow.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
Example 1
The invention provides a weapon equipment control endogenous safety computer design system, as shown in figure 1, a distribution agent module, a heterogeneous executive body module, a sanction service module and a feedback control module; one or more heterogeneous executive modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch.
As shown in fig. 2, the distribution agent module includes: the system comprises a network data transceiver module, a frame data signature module, a data buffer module and a frame data forwarding module; the network data transceiver module receives the datagram from the upstream, submits the datagram to a data buffering queue of the data buffering module for buffering, and after uniform coding and signature are carried out through the frame data signature of the frame data signature module, the datagram is copied into three parts through the frame data forwarding module and is respectively submitted to each control executive body.
The heterogeneous executive module provides control executives forming a heterogeneous structure, war plans, weapon equipment control data and instructions from distribution equipment and external equipment provided by the distribution agent module are transmitted to the weapon equipment control executives in a one-to-many mode, after data encryption and decryption and data analysis processes, the heterogeneous control executives forward data responses, instruction response states and context states to the decision service module, and the decision service module outputs correct results based on a majority voting mechanism.
The arbitration service module comprises a network data receiving and transmitting module, a frame queue management module, a strategy management module, a result arbitration module and a result feedback module; the network data transceiver module receives data from a control executive and submits the data to a frame queue of a frame queue management module for buffering, signature is analyzed, three datagrams with uniform signatures are obtained, result comparison is carried out in a result judging module according to a judging strategy of a strategy management module, correct results are output, judging records are reported to a feedback control module, and if the judging service finds that a plurality of executive response data of a system are inconsistent, the feedback control module is called to carry out asynchronous cleaning recovery processing according to a preset strategy of judging equipment.
The feedback control module comprises a network data receiving and transmitting module, a judgment result recording module, a log analysis module and an executive body cleaning control module; the feedback control module receives the result reported by the judgment service module through the network data transceiver module, records the result through the judgment result recording module, judges whether the application executive body is abnormal or not through log comparison and analysis in the log analysis module, and initiates a cleaning control instruction for the abnormal application executive body through the executive body clear control module so as to provide self-healing feedback capacity for the endogenous safety application system.
In this embodiment, X86, a domestic ARM, and the like are used as a basic platform, an operating system layer performs heterogeneous execution body construction based on Windows, ruihua, Vxworks, and the like, and an application layer correspondingly realizes software and hardware infrastructure of target application versions such as Windows, ruihua, Vxworks, and the like. Meanwhile, a C/S framework is adopted, and a TCP monitoring mode is used for receiving and sending service requests under the condition that the operation flow of the system is not changed. Aiming at the high real-time requirement of an embedded processing platform, a data buffer module and a frame data signature module are added in a distribution agent module according to the design provided by the invention, then a war plan, weapon equipment control data and instructions from distribution equipment and external equipment are transmitted to a plurality of weapon equipment control executives in a mode of one-to-many conversion, after the processes of data encryption and decryption, data analysis and the like, a heterogeneous executives forward a data response, an instruction response state and a context state to a decision service, and the decision service outputs a correct result based on a majority voting mechanism. In addition, by designing a lightweight feedback control mechanism, the system can store the context of the executive body, and if the arbitration service finds an abnormal executive body, the running state of the executive body can be synchronized quickly and synchronously through the context after cleaning recovery is executed, so that the system is prevented from falling into a blocking state waiting for the service of the executive body, information of the abnormal control executive body is output through the feedback control module, and support is further provided for cleaning recovery of the system. And high-reliability and stable operation of the system is realized.
The invention designs a display switching function aiming at the condition that the weapon equipment controls the multi-path display and the control of a computer, provides the control from multi-path screen display to single-path display, and outputs the control with an arbitration service to select according to the judgment result. The user switches and sends the control input aiming at the screen to the distribution agent through the display, and submits the control input to the currently running executive bodies so as to ensure the state consistency of all the executive bodies in the running process; if the output result of the executing body which is displayed at present is abnormal, the display switching work is automatically executed, and the correct display and control of the weapon equipment control computer in the executing process are ensured.
Example 2
The invention also provides a design method of the weapon equipment control endogenous safety computer, which comprises the following steps: a distribution agent step, a heterogeneous executive body step, a sanction service step and a feedback control step.
The distributing agent step includes: substep 1: maintaining the information of codes, domain names, addresses, forwarding channels, forwarding ports and the like of all devices in the system to form an integral routing list of the system; substep 2: after receiving the data message or file from the port, analyzing the message header to retrieve the destination user code, simultaneously inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port, and forwarding the data message or file according to the requirement; substep 3: aiming at the endogenous safety protection of the forwarded message, multiple copies are formed through the isomerization design of application software, and data analysis is independently performed when the message needing to be forwarded is received, so that the routing table query is completed.
The heterogeneous executive steps include: substep 1: the arbitration service software receives the data from the application executive body and submits the data to a frame queue for buffering, and the signature is analyzed to obtain three datagrams with uniform signatures; substep 2: comparing results of the three datagrams obtained after signature analysis according to a decision strategy, outputting correct results, and reporting a decision record to feedback control service software; substep 3: if the arbitration service finds that the system has a condition that the response data of a plurality of execution bodies are inconsistent, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the arbitration device.
The feedback control step includes: substep 1: recording the result reported by the arbitration service software in the running process and recording the result as a log; substep 2: whether the application executer is abnormal or not is judged through log comparison and analysis, and a cleaning control instruction is initiated aiming at the abnormal application executer, so that self-healing feedback capability is provided for the endogenous safety application system.
The heterogeneous executive steps include: and transmitting the war plans, weapon equipment control data and instructions from the distribution equipment and the external equipment provided by the distribution agent step to a plurality of weapon equipment control executives in a one-to-many mode, after data encryption and decryption and data analysis processes, the heterogeneous control executives forward the data response, the instruction response state and the context state to the decision service step, and the decision service step outputs a correct result based on a majority voting mechanism.
In this embodiment, the computer information flow is as shown in fig. 3, and the information flow is transferred through the following steps:
the method comprises the following steps: the control command is input and sent to the distribution agent module through a display, a keyboard, a mouse and the like;
step two: after receiving the corresponding weapon equipment control command request, the distribution agent updates and maintains a routing form of the system and prepares the planned operation and control work of the data instruction;
step three: after receiving the data message/file from the port, analyzing a message header to retrieve a target user code, inquiring a routing table to check a target user address, a forwarding channel and a forwarding port, and forwarding the data message/file according to requirements;
step four: aiming at the endogenous safety protection of the forwarded message, forming multiple copies through the isomerization design of application software;
step five: each executive body independently executes data analysis when receiving the message to be forwarded, and controls weapon equipment and records and monitors and manages data according to respective execution logic;
step six: after each weapon equipment control execution body passes through the processes of data encryption and decryption, data analysis and the like, the data response, the instruction response state and the context state are forwarded to a sanction service at the first time;
step seven: the arbitration service software receives the data from the application executive body and submits the data to a frame queue for buffering, and the signature is analyzed to obtain three datagrams with uniform signatures;
step eight: comparing results of three datagrams with the same format obtained after signature analysis according to a decision strategy, outputting correct results, and reporting a decision record to feedback control service software;
step nine: if the arbitration service arbitrates consistently, the system normally outputs weapon equipment control commands; the display displays the status of each executive body and the weapon equipment control information under normal conditions. If the arbitration service finds that the system has a condition that the response data of a plurality of execution bodies are inconsistent, the step ten is carried out;
step ten: if the arbitration service finds that the system has a condition that the response data of a plurality of execution bodies are inconsistent, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the arbitration device. At the moment, the abnormal execution body condition is output and displayed on a display; and cleaning recovery is carried out in real time for it.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
In the description of the present application, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on those shown in the drawings, and are only for convenience in describing the present application and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present application.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. A weaponry control endogenous security computer design system, comprising: the system comprises a distribution agent module, a heterogeneous executive body module, a resolution service module and a feedback control module;
one or more heterogeneous executive modules are respectively connected with the distribution agent module, the arbitration service module and the feedback control module through a switch.
2. The weaponry control endogenous security computer design system of claim 1, wherein the distribution agent module includes: the system comprises a network data transceiver module, a frame data signature module, a data buffer module and a frame data forwarding module;
the network data transceiver module receives the datagram from the upstream, submits the datagram to a data buffering queue of the data buffering module for buffering, and after uniform coding and signature are carried out through the frame data signature of the frame data signature module, the datagram is copied into three parts through the frame data forwarding module and is respectively submitted to each heterogeneous executive module.
3. The system of claim 1, wherein the heterogeneous executives module provides heterogeneous control executives, war plans, weaponry control data and commands provided by the distribution agent module from distribution equipment and external equipment are transmitted to the weaponry control executives in a form of one-turn-multiple, and after data encryption and decryption and data analysis processes, the heterogeneous control executives forward data responses, command response states and context states to the arbitration service module, and the arbitration service module outputs correct results based on a majority voting mechanism.
4. The weaponry control endogenous security computer design system of claim 1, wherein the arbitration service module includes a network data transceiver module, a frame queue management module, a policy management module, a result arbitration module, and a result feedback module;
the network data transceiver module receives data from a control executive and submits the data to a frame queue of a frame queue management module for buffering, signature is analyzed, three datagrams with uniform signatures are obtained, result comparison is carried out in a result judging module according to a judging strategy of a strategy management module, correct results are output, judging records are reported to a feedback control module, and if the judging service finds that a plurality of executive response data of a system are inconsistent, the feedback control module is called to carry out asynchronous cleaning recovery processing according to a preset strategy of judging equipment.
5. The system of claim 1, wherein the feedback control module comprises a network data transceiver module, a decision result recording module, a log analysis module, and an executive cleaning control module;
the feedback control module receives the result reported by the judgment service module through the network data transceiver module, records the result through the judgment result recording module, judges whether the application executive body is abnormal or not through log comparison and analysis in the log analysis module, and initiates a cleaning control instruction for the abnormal application executive body through the executive body clear control module so as to provide self-healing feedback capacity for the endogenous safety application system.
6. A weaponry control endogenous security computer design method, a weaponry control endogenous security computer design system of claim 1, comprising: a distribution agent step, a heterogeneous executive body step, a sanction service step and a feedback control step.
7. The weaponry control endogenous security computer design method of claim 6, wherein the distribution agent step includes:
substep 1: maintaining information including codes, domain names, addresses, forwarding channels and forwarding ports of all devices in the system to form an integral routing list of the system;
substep 2: after receiving the data message or file from the port, analyzing the message header to retrieve the destination user code, simultaneously inquiring the routing table to check the destination user address, the forwarding channel and the forwarding port, and forwarding the data message or file according to the requirement;
substep 3: aiming at the endogenous safety protection of the forwarded message, multiple copies are formed through the isomerization design of application software, and data analysis is independently performed when the message needing to be forwarded is received, so that the routing table query is completed.
8. The weaponry control endogenous security computer design method of claim 6, wherein the heterogeneous executables step includes:
substep 1: the arbitration service software receives the data from the application executive body and submits the data to a frame queue for buffering, and the signature is analyzed to obtain three datagrams with uniform signatures;
substep 2: comparing results of the three datagrams obtained after signature analysis according to a decision strategy, outputting correct results, and reporting a decision record to feedback control service software;
substep 3: if the arbitration service finds that the system has a condition that the response data of a plurality of execution bodies are inconsistent, the feedback control software is called to carry out asynchronous cleaning recovery processing according to a preset strategy of the arbitration device.
9. The method of claim 6, wherein the feedback control step comprises:
substep 1: recording the result reported by the arbitration service software in the running process and recording the result as a log;
substep 2: whether the application executer is abnormal or not is judged through log comparison and analysis, and a cleaning control instruction is initiated aiming at the abnormal application executer, so that self-healing feedback capability is provided for the endogenous safety application system.
10. The weaponry control endogenous security computer design method of claim 6, wherein the heterogeneous executables step includes: and transmitting the war plans, weapon equipment control data and instructions from the distribution equipment and the external equipment provided by the distribution agent step to a plurality of weapon equipment control executives in a one-to-many mode, after data encryption and decryption and data analysis processes, the heterogeneous control executives forward the data response, the instruction response state and the context state to the decision service step, and the decision service step outputs a correct result based on a majority voting mechanism.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011009013.7A CN112130798B (en) | 2020-09-23 | 2020-09-23 | Weapon equipment control endophytic safety computer design system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011009013.7A CN112130798B (en) | 2020-09-23 | 2020-09-23 | Weapon equipment control endophytic safety computer design system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112130798A true CN112130798A (en) | 2020-12-25 |
| CN112130798B CN112130798B (en) | 2024-04-02 |
Family
ID=73842934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011009013.7A Active CN112130798B (en) | 2020-09-23 | 2020-09-23 | Weapon equipment control endophytic safety computer design system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112130798B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505006A (en) * | 2021-07-08 | 2021-10-15 | 上海红阵信息科技有限公司 | Mimicry database oriented arbitration device and method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070112574A1 (en) * | 2003-08-05 | 2007-05-17 | Greene William S | System and method for use of mobile policy agents and local services, within a geographically distributed service grid, to provide greater security via local intelligence and life-cycle management for RFlD tagged items |
| US20130185096A1 (en) * | 2011-07-13 | 2013-07-18 | The Multiple Myeloma Research Foundation, Inc. | Methods for data collection and distribution |
| CN108282337A (en) * | 2017-12-04 | 2018-07-13 | 中国电子科技集团公司第三十研究所 | A kind of Routing Protocol reinforcement means based on trusted cryptography's card |
| CN110380961A (en) * | 2019-07-05 | 2019-10-25 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method of conventional router mimicryization transformation |
| CN110557437A (en) * | 2019-08-05 | 2019-12-10 | 上海拟态数据技术有限公司 | universal mimicry distribution voting scheduling device and method based on user-defined protocol |
| CN111310245A (en) * | 2020-03-05 | 2020-06-19 | 之江实验室 | Data encryption storage method for mimicry defense system |
| CN111464335A (en) * | 2020-03-10 | 2020-07-28 | 北京邮电大学 | Intelligent service customization method and system for endogenous trusted network |
| CN111669342A (en) * | 2020-04-25 | 2020-09-15 | 中国人民解放军战略支援部队信息工程大学 | Network defense method, system and switch based on generalized robust control |
-
2020
- 2020-09-23 CN CN202011009013.7A patent/CN112130798B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070112574A1 (en) * | 2003-08-05 | 2007-05-17 | Greene William S | System and method for use of mobile policy agents and local services, within a geographically distributed service grid, to provide greater security via local intelligence and life-cycle management for RFlD tagged items |
| US20130185096A1 (en) * | 2011-07-13 | 2013-07-18 | The Multiple Myeloma Research Foundation, Inc. | Methods for data collection and distribution |
| CN108282337A (en) * | 2017-12-04 | 2018-07-13 | 中国电子科技集团公司第三十研究所 | A kind of Routing Protocol reinforcement means based on trusted cryptography's card |
| CN110380961A (en) * | 2019-07-05 | 2019-10-25 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method of conventional router mimicryization transformation |
| CN110557437A (en) * | 2019-08-05 | 2019-12-10 | 上海拟态数据技术有限公司 | universal mimicry distribution voting scheduling device and method based on user-defined protocol |
| CN111310245A (en) * | 2020-03-05 | 2020-06-19 | 之江实验室 | Data encryption storage method for mimicry defense system |
| CN111464335A (en) * | 2020-03-10 | 2020-07-28 | 北京邮电大学 | Intelligent service customization method and system for endogenous trusted network |
| CN111669342A (en) * | 2020-04-25 | 2020-09-15 | 中国人民解放军战略支援部队信息工程大学 | Network defense method, system and switch based on generalized robust control |
Non-Patent Citations (2)
| Title |
|---|
| 门嘉平: "魔高一尺,道高一丈:工业控制系统的内生安全观", 《信息安全研究》, vol. 5, no. 12, pages 1133 - 1136 * |
| 马海龙;伊鹏;江逸茗;贺磊;: "基于动态异构冗余机制的路由器拟态防御体系结构", 信息安全学报, vol. 2, no. 1, pages 29 - 41 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505006A (en) * | 2021-07-08 | 2021-10-15 | 上海红阵信息科技有限公司 | Mimicry database oriented arbitration device and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112130798B (en) | 2024-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109587168B (en) | Network function deployment method based on mimicry defense in software defined network | |
| US11921906B2 (en) | Security device with programmable systolic-matrix cryptographic module and programmable input/output interface | |
| AU2002324631B2 (en) | Active intrusion resistant environment of layered object and compartment keys | |
| Crosbie et al. | Defending a computer system using autonomous agents | |
| Knight et al. | Survivability architectures: Issues and approaches | |
| US7340597B1 (en) | Method and apparatus for securing a communications device using a logging module | |
| WO2000002115A1 (en) | Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources | |
| US9245147B1 (en) | State machine reference monitor for information system security | |
| AU2002324631A1 (en) | Active intrusion resistant environment of layered object and compartment keys | |
| US20050154869A1 (en) | Security measures in a partitionable computing system | |
| US20200167342A1 (en) | System for Secure Software Defined Networking Based on Block-Chain and Method Thereof | |
| JP2022528947A (en) | Blockchain-based network security system and processing method | |
| Yao et al. | Network security analyzing and modeling based on Petri net and Attack tree for SDN | |
| CN112130798B (en) | Weapon equipment control endophytic safety computer design system and method | |
| CN108322460B (en) | Business system flow monitoring system | |
| EP4231168A1 (en) | Mimic storage system and method for data security of industrial control system | |
| US20100157806A1 (en) | Method for processing data packet load balancing and network equipment thereof | |
| Rocke et al. | CONFIDANT: Collaborative object notification framework for insider defense using autonomous network transactions | |
| CN117997655B (en) | Safe and reliable fireproof cloud system based on distributed and parallel computing and control method | |
| US7296146B2 (en) | Security measures in a partitionable computing system | |
| CN113923030B (en) | Remote access method based on zero trust, terminal equipment and computer storage medium | |
| Zhang et al. | Towards comprehensive protection for openflow controllers | |
| Potteiger | A Moving Target Defense Approach Towards Security and Resilience in Cyber-Physical Systems | |
| Guan et al. | Research and application of Web network attack protection and block chain log storage based on software definition | |
| Stetsyuk et al. | Architecture of the system with a subsystem of providing fault tolerance, survivability and information protection of specialized information technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |