CN113347022B - Civil aircraft airborne information system network security capability detection system and method - Google Patents

Civil aircraft airborne information system network security capability detection system and method Download PDF

Info

Publication number
CN113347022B
CN113347022B CN202110525738.XA CN202110525738A CN113347022B CN 113347022 B CN113347022 B CN 113347022B CN 202110525738 A CN202110525738 A CN 202110525738A CN 113347022 B CN113347022 B CN 113347022B
Authority
CN
China
Prior art keywords
security
gateway
capability detection
information
avionic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110525738.XA
Other languages
Chinese (zh)
Other versions
CN113347022A (en
Inventor
张双
万欣宇
孔德岐
刘绚
王辰娇
王元勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Aeronautics Computing Technique Research Institute of AVIC
Original Assignee
Xian Aeronautics Computing Technique Research Institute of AVIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Aeronautics Computing Technique Research Institute of AVIC filed Critical Xian Aeronautics Computing Technique Research Institute of AVIC
Priority to CN202110525738.XA priority Critical patent/CN113347022B/en
Publication of CN113347022A publication Critical patent/CN113347022A/en
Application granted granted Critical
Publication of CN113347022B publication Critical patent/CN113347022B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/42Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for mass transport vehicles, e.g. buses, trains or aircraft
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a civil aircraft airborne information system network security capability detection system and a method. The system comprises an avionic security capability detection case set, an avionic security capability detection module, an information security gateway security capability detection case set, an information security gateway security capability detection module, a security gateway security log analysis module and an airborne information system security capability detection main control module; by executing the security log monitoring, the avionic security capability detection and the information security gateway security capability detection method, the purpose of detecting the network security capability of the airborne information system of the tested equipment is realized while the network security robustness test and the vulnerability test are executed.

Description

Civil aircraft airborne information system network security capability detection system and method
Technical Field
The invention relates to a civil aircraft airborne information system network security capability detection system and a method.
Background
With the popularization and application of the digital aviation concept, the airborne information system develops towards the direction of realizing information sharing of a control center, a flight operation center, a passenger cabin, an airport and an airplane. The airborne information system can acquire airplane parameter information, audio and video information in real time and send the information to the ground, so that real-time monitoring of the airplane on the ground is realized; the state information of the airplane equipment can be collected and analyzed, and the airplane operation and maintenance are supported; the airplane system can be quickly updated through the electronic transmission and loading functions; an electronic flight manual and a tool can be provided to reduce the workload of the flight set; the video data of a passenger cabin, a cargo hold and the like can be provided, and the capability of the flight unit for sensing the internal and external environments of the airplane is improved; the data required by the flight such as weather can be provided; the system can provide services such as video, online shopping and surfing the Internet to improve the flight experience of passengers; the information of each interest relevant party can be wirelessly transmitted, and the integration of the air-ground information is realized.
The civil aircraft airborne information system integrates functions of airline information service, network management, wiFi-based air-ground wireless communication and the like. The airborne information system also faces the problems of heterogeneous integration and security network threats brought by the need of fusing different suppliers, different devices, different networks and different information processing, such as network interruption, data leakage or stealing, data tampering and the like, while improving the economy of the civil airliner. Meanwhile, the information technology is applied to integrate and optimize a plurality of airborne information, and new system functions, system architectures and airborne network security environments can be generated. Conventional system detection techniques do not support the detection of this new type of system. Particularly, the detection of the airborne network security function needs to utilize the traditional internet information security testing technology and also needs to consider the special network security verification requirement under the airborne environment.
In the process of detecting the network security function of the airborne information system, when the robustness test and the vulnerability test of the network security are executed, whether the security function of the tested equipment works effectively is verified, and the network security capability of the tested equipment is detected, but at present, no solution for detecting the network security protection capability of the airborne information system exists.
Disclosure of Invention
The invention provides a civil aircraft airborne information system network security capability detection system and method, which achieve the purpose of detecting the network security capability of a tested equipment airborne information system while executing a network security robustness test and a vulnerability test.
The technical scheme of the invention is to provide a civil aircraft airborne information system network security capability detection system, which is characterized in that: the safety protection capability detection system comprises an avionic safety gateway safety protection capability detection case set, an avionic safety gateway safety protection capability detection module, an information safety gateway safety protection capability detection case set, an information safety gateway safety protection capability detection module, a safety gateway safety protection log analysis module and an airborne information system safety protection capability detection main control module;
the avionic security gateway security capability detection case set is a set of avionic security capability detection cases;
the avionic security gateway security capability detection module is used for reading and sequentially executing detection cases in the avionic security capability detection case set, receiving response messages of the tested equipment and detecting the working state of the avionic domain security function of the avionic security gateway in the tested equipment in real time by analyzing the response messages;
the information security gateway security capability detection case set is a set of information security gateway security capability detection cases;
the information security gateway security capability detection module is used for calling and executing detection cases in the information security gateway security capability detection case set, receiving response messages of the tested equipment and detecting the working state of the information domain security function of the information security gateway in the tested equipment in real time by analyzing the response messages;
the security gateway security log analysis module is used for receiving security logs sent by an avionic security gateway and an information security gateway in the tested equipment in real time and judging the working state of the avionic domain security function of the avionic security gateway in the tested equipment and the working state of the information domain security function of the information security gateway by analyzing the content of the security logs;
the security capability detection main control module of the onboard information system is used for controlling the execution of the security capability detection module of the avionic security gateway, the security capability detection module of the information security gateway and the security log analysis module of the security gateway and providing a human-computer interface for operation and interaction.
Furthermore, a detection case set for the security protection capability of the avionic security gateway defines request message sending logic, response message receiving logic and judgment logic in the detection case according to the security protection function of the avionic security gateway;
the security protection capability detection module of the avionic security gateway is used for: firstly, calling request message sending logic of a security capability detection case set of the avionic security gateway to send a request message to tested equipment; then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with the response message corresponding to the request message in the detection case, considering that the received response message is a correct response message, and judging that the working state of the avionic domain security function of the avionic security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message; otherwise, judging the abnormal condition, and recording the content and the occurrence time of the abnormal response message for manually analyzing the abnormal reason.
Furthermore, the information security gateway security capability detection case set defines request message sending logic, response message receiving logic and judgment logic in the detection case according to the information security gateway security function;
the information security gateway security capability detection module is used for: firstly, calling request message sending logic of an information security gateway security capability detection case set to send a request message to a tested device; and then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with a response message corresponding to the request message in the detection case, determining that the received response message is a correct response message, judging that the working state of the information domain security function of the information security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message, otherwise, judging that the working state is abnormal, and recording the content and occurrence time of the abnormal response message for manually analyzing the reason of the abnormality.
Further, the security log analysis module analyzes the content of the security log, and if the content of the field of the record type in the security log is 'error', the security working state of the security function of the corresponding security gateway in the tested device is abnormal, and the content and the occurrence time of the log are recorded.
The invention also provides a detection method based on the civil aircraft airborne information system network security capability detection system, which is characterized by comprising the following steps:
step 1, monitoring a security log;
step 1.1, a security capability detection main control module of an airborne information system starts a security log analysis module of a security gateway;
step 1.2, a security log analysis module of the security gateway receives security log messages sent by an avionic security gateway and an information security gateway in the tested equipment in real time;
step 1.3, a security log analysis module of the security gateway analyzes the content of the security log;
step 1.4, a security gateway security log analysis module judges whether the working state of the avionic domain security function of the avionic security gateway of the tested equipment and the working state of the information domain security function of the information security gateway are normal or not according to the type and the content of the security log; if the data is normal, the step 1.6 is carried out, otherwise, the step 1.5 is carried out;
step 1.5, a security log analysis module of the security gateway records the content and occurrence time of abnormal security logs;
step 1.6, the security capability detection main control module of the airborne information system judges whether the test is finished, if so, the step 1.7 is carried out, and if not, the step 1.2 is carried out;
step 1.7, the security capability detection master control module of the airborne information system stops the security log analysis module of the security gateway, and the test is finished;
step 2, detecting security protection capability of the avionic security gateway;
step 2.1, the airborne information system security capability detection main control module starts an avionic security capability detection module;
step 2.2, the security protection capability detection module of the avionic security gateway reads detection cases in the security protection capability detection case set of the avionic security gateway;
step 2.3, sequentially executing detection cases in the avionic security capability detection case set by the avionic security gateway security capability detection module;
2.4, receiving and analyzing a response message sent by the tested equipment in the execution of the test case by a security capability detection module of the avionic security gateway;
step 2.5, the security protection capability detection module of the avionic security gateway judges whether the response message is correct, if so, the step 2.7 is carried out, and if not, the step 2.6 is carried out;
step 2.6, the security protection capability detection module of the avionic security gateway records the content and the occurrence time of the abnormal message;
step 2.7: the security protection capability detection module of the avionic security gateway judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 2.3 is carried out;
step 3, detecting the security protection capability of the information security gateway;
step 3.1, the security protection capability detection master control module of the airborne information system starts an information security gateway security protection capability detection module;
3.2, the security protection capability detection module of the information security gateway calls a detection case in the security protection capability detection case set of the information security gateway;
3.3, sequentially executing detection cases in the information security gateway security capability detection case set by the information security gateway security capability detection module;
step 3.4, the security capability detection module of the information security gateway receives and analyzes a response message sent by the tested equipment in the execution of the detection case;
step 3.5, the security protection capability detection module of the information security gateway judges whether the response message is correct; if the result is correct, the step 3.7 is carried out, otherwise, the step 3.6 is carried out;
step 3.6, the security protection capability detection module of the information security gateway records the content and the occurrence time of the abnormal message;
step 3.7; the information security gateway security capability detection module judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 3.3 is carried out.
Further, step 2.3 specifically includes:
the avionic security gateway security capability detection module calls request message sending logic of the avionic security capability detection case set to send a request message to the tested equipment;
the step 2.5 is specifically as follows:
if the avionic security gateway security capability detection module receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the avionic security function of the avionic security gateway of the tested device is judged to be normal by using the judgment logic corresponding to the request message, the step 2.7 is carried out, otherwise, the step 2.6 is carried out if the working state is judged to be abnormal.
Further, step 3.3 specifically comprises:
an information security gateway security capability detection module calls request message sending logic of an information security gateway security capability detection case set 104 to send a request message to the tested equipment;
the step 3.5 is specifically as follows:
if the information security gateway security capability detection module receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the judgment logic corresponding to the request message is used for judging that the working state of the information domain security function of the information security gateway of the tested device is normal, the step 3.7 is carried out, otherwise, the step 3.6 is carried out.
Further, step 1.4 specifically includes:
the security log analysis module of the security gateway judges the working states of the avionic security gateway and the information security gateway in the tested equipment by analyzing the content of the security log: and if the content of the record type field in the security log is error, the working state of the security function of the corresponding security gateway in the tested equipment is abnormal, the step 1.5 is carried out, and if the working state is normal, the step 1.6 is carried out.
The present invention also provides a computer-readable storage medium having a computer program stored thereon, characterized in that: which when executed by a processor implements the above-described method.
The present invention also provides a terminal, comprising: at least one processor, at least one memory, and a communication interface, characterized by: the communication interface, the at least one memory, and the at least one processor are coupled; the terminal communicates with other devices via the communication interface, and the at least one memory stores a computer program such that, when executed by the at least one processor, the computer program implements the method described above.
The invention has the beneficial effects that:
1. the network security capability detection system of the civil aircraft airborne information system comprises an avionic security gateway security capability detection module, an avionic security gateway security capability detection case set, an information security gateway security capability detection module, an information security gateway security capability detection case set, a security gateway security log analysis module and an airborne information system security capability detection main control module.
2. In the security log monitoring execution flow of the method, the running state of the security function of the security gateway in the tested equipment can be detected by receiving and analyzing the log of the security gateway of the tested equipment.
3. In the security protection capability detection execution flow of the avionic security gateway in the method, the avionic security gateway security protection capability detection module and the avionic security gateway security protection capability detection case are executed in a centralized combination manner, so that the communication interface effectiveness and the protection function effectiveness of the avionic security gateway security protection function can be simultaneously detected when a network security test is executed.
4. In the method, in the security capability detection execution flow of the information security gateway, the security capability detection module of the information security gateway and the security capability detection case set of the information security gateway are executed in a combined manner, so that the validity of a communication interface and the validity of a protection function of the security function of the information security gateway can be detected simultaneously when a network security test is executed.
Drawings
FIG. 1 is a system configuration of the present invention.
Fig. 2 is a security log monitoring execution flow of the present invention.
Fig. 3 is a security capability detection process of the avionic security gateway.
Fig. 4 is a security capability detection flow of the information security gateway of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the network security capability detection system of the civil aircraft airborne information system of the present invention includes the following modules: the system comprises an avionic security gateway security capability detection module 101, an avionic security gateway security capability detection case set 102, an information security gateway security capability detection module 103, an information security gateway security capability detection case set 104, a security gateway security log analysis module 105 and an airborne information system security capability detection main control module 106.
The avionic security gateway security capability detection case set 102 is a set of avionic security capability detection cases, and request message sending logic, response message receiving logic and judgment logic are defined in the cases according to the avionic security gateway security function. Such as avionics request message sending logic, response message receiving logic, and decision logic, may be implemented using Python scripting programming language.
The security capability detection module 101 is responsible for detecting the validity of the communication interface and the protection function of the security function of the avionic security gateway in real time, so as to detect the working state of the avionic domain security function of the avionic security gateway. The security capability detection module 101 calls the security capability detection case set 102 of the avionic security gateway, sequentially executes detection cases, and receives a response message of the device to be detected. The avionic security gateway security capability detection module 101 detects the operating state of the avionic domain security function of the avionic security gateway in the device under test by analyzing the response message of the device under test. For example, the avionic security gateway security capability detection module 101 first calls a request message sending logic of the avionic security gateway security capability detection case set 102 to send a request message to the device under test; then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with the response message corresponding to the request message in the detection case, considering that the received response message is a correct response message, and judging that the working state of the avionic domain security function of the avionic security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message; otherwise, the judgment is abnormal. And recording the content and the occurrence time of the abnormal response message for manually analyzing the abnormal reason.
The information security gateway security capability detection use case set 104 is a set of information security gateway security capability detection use cases, and request message sending logic, response message receiving logic and judgment logic are defined in the use cases according to the information security gateway security function. Such as the message sending request message logic, the response message receiving logic and the judgment logic, may be implemented using Python scripting programming language.
The information security gateway security capability detection module 103 is responsible for detecting the validity of the communication interface and the validity of the protection function of the information security gateway security function in real time, and detecting the working state of the information domain security function of the information security gateway. The information security gateway security capability detection module 103 calls the information security gateway security capability detection case set 104, sequentially executes detection cases, and receives a response message of the device to be detected. The information security gateway security capability detection module 103 detects the working state of the information domain security function of the information security gateway in the device under test by analyzing the response message of the device under test. For example, first, a request message sending logic of the information security gateway security capability detection use case set 104 is called to send a request message to a device to be tested; and then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with the response message corresponding to the request message in the detection case, judging that the received response message is a correct response message, judging that the working state of the information domain security function of the information security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message, otherwise, judging that the working state is abnormal, recording the content and the occurrence time of the abnormal response message, and manually analyzing the reason of the abnormality.
The security gateway security log analysis module 105 is responsible for receiving security logs sent by an avionic security gateway and an information security gateway in the tested device in real time, analyzing the received log contents, wherein the value range of a record type field in a log message has { operation, notification, warning and error }, and when the value of the field is 'error', the security function of the security gateway is abnormal. Log content and time of occurrence are recorded.
The airborne information system security capability detection main control module 106 is responsible for controlling the execution of the avionic security gateway security capability detection module 101, the information security gateway security capability detection module 103 and the security gateway security log analysis module 105, and providing a human-computer interface for operation and interaction.
Detection is achieved by the following process:
1) Monitoring security logs:
the security log monitoring process is shown in fig. 2.
Step 1.1: after the test is started, the security capability detection main control module 106 of the airborne information system starts the security log analysis module 105 of the security gateway.
Step 1.2: the security gateway security log analysis module 105 receives log messages of the device under test in real time.
Step 1.3, the security gateway security log analysis module 105 analyzes the log.
Step 1.4: the security gateway security log analysis module 105 determines whether the security function of the device under test is normal according to the log type and the message content. And if the content of the record type field in the security log is error, the abnormal working state of the security function of the corresponding security gateway in the tested equipment is shown, the step 1.5 is carried out, and if the abnormal working state is normal, the step 1.6 is carried out.
Step 1.5: the security gateway security log analysis module 105 records the content and occurrence time of the abnormal log message.
Step 1.6: the airborne information system security capability detection main control module 106 judges whether the test is completed. If the process is finished, the process goes to step 1.7, and if the process is not finished, the process goes to step 1.2.
Step 1.7: the security capability detection main control module 106 of the airborne information system stops the security log analysis module 105, and the test is finished.
2) Security capability detection of the avionic security gateway:
the security capability detection flow of the avionic security gateway is shown in figure 3.
Step 2.1: after the test is started, the airborne information system security capability detection main control module 106 starts the avionic security gateway security capability detection module 101.
Step 2.2: the security capability detection module 101 of the avionic security gateway reads detection use cases in the security capability detection use case set 102 of the avionic security gateway.
Step 2.3: the security capability detection module 101 sequentially executes detection use cases in the security capability detection use case set 102. Such as: and calling request message sending logic of the avionic security gateway security capability detection case set 102 to send a request message to the tested device.
Step 2.4: the security capability detection module 101 of the avionic security gateway receives and analyzes a response message sent by a device under test in the execution of a detection use case.
Step 2.5: if the avionic security gateway security capability detection module 101 receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the avionic security function of the avionic security gateway of the tested device is judged to be normal by using the judgment logic corresponding to the request message, and the step 2.7 is executed, otherwise, the step 2.6 is executed if the working state is judged to be abnormal.
Step 2.6: the security capability detection module 101 of the avionic security gateway records the content and the occurrence time of the abnormal message.
Step 2.7: the security capability detection module 101 of the avionic security gateway determines whether all detection cases are executed completely. If the test is finished, and if the test is not finished, the step 2.3 is carried out.
3) Detecting security capability of the information security gateway:
the security capability detection flow of the information security gateway is shown in figure 4.
Step 3.1: after the test is started, the onboard information system security capability detection main control module 106 starts the information security gateway security capability detection module 103.
Step 3.2: the information security gateway security capability detection module 103 reads the information security gateway security capability detection case set 104.
Step 3.3: the information security gateway security capability detection module 103 sequentially executes the information security gateway security capability detection use cases. Such as: and calling request message sending logic of the information security gateway security capability detection case set 104 to send a request message to the tested device.
Step 3.4: the information security gateway security capability detection module 103 receives and analyzes a response message sent by the device under test in the detection case execution.
Step 3.5: if the information security gateway security capability detection module 103 receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the information domain security function of the information security gateway of the device under test is judged to be normal by using the judgment logic corresponding to the request message, the step 3.7 is switched, otherwise, the step 3.6 is switched.
Step 3.6: the information security gateway security capability detection module 103 records the content and occurrence time of the abnormal message.
Step 3.7: the information security gateway security capability detection module 103 determines whether all detection cases are executed completely. If the test is finished, and if the test is not finished, the step 3.3 is carried out.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are all or partially generated upon loading and execution of computer program instructions on a computer.
In the above embodiments, the computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable devices. The computer program may use any programming language and be in the form of source code, object code or intermediate code between source code and object code, such as partially compiled form or in any other form necessary to implement the method according to the invention. The program may be downloaded into the base station via a communication network such as the internet.
In the above embodiments, the computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.).
In the embodiments described above, the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more servers, data centers, and the like that may be integrated with the medium. The available media may be any entity or device capable of storing the program. For example, the medium may comprise a storage medium, such as a ROM, e.g. a CD ROM or a microelectronic circuit ROM, or a USB key, or a magnetic recording medium, e.g. a hard disk, on which the computer program according to the invention is recorded.

Claims (10)

1. The utility model provides a civil aircraft machine carries information system network security ability detecting system which characterized in that: the safety protection capability detection system comprises an avionic safety gateway safety protection capability detection case set (102), an avionic safety gateway safety protection capability detection module (101), an information safety gateway safety protection capability detection case set (104), an information safety gateway safety protection capability detection module (103), a safety gateway safety protection log analysis module (105) and an airborne information system safety protection capability detection main control module (106);
the avionic security gateway security capability detection case set (102) is a set of avionic security capability detection cases;
the avionic security gateway security capability detection module (101) is used for reading and sequentially executing detection cases in the avionic security capability detection case set (102), receiving response messages of the tested equipment and detecting the working state of an avionic domain security function of the avionic security gateway in the tested equipment in real time by analyzing the response messages;
the information security gateway security capability detection use case set (104) is a set of information security gateway security capability detection use cases;
the information security gateway security capability detection module (103) is used for calling and executing detection use cases in the information security gateway security capability detection use case set (104), receiving response messages of the tested equipment, and detecting the working state of the information domain security function of the information security gateway in the tested equipment in real time by analyzing the response messages;
the safety gateway security log analysis module (105) is used for receiving security logs sent by an avionic safety gateway and an information safety gateway in the tested equipment in real time, and judging the working state of the avionic security function of the avionic safety gateway in the tested equipment and the working state of the information domain security function of the information safety gateway by analyzing the content of the security logs;
the airborne information system security capability detection main control module (106) is used for controlling execution of the avionic security gateway security capability detection module (101), the information security gateway security capability detection module (103) and the security gateway security log analysis module (105), and providing a human-computer interface for operation interaction.
2. The civil aircraft airborne information system network security capability detection system of claim 1, wherein: a detection case set (102) of security capability of the avionic security gateway defines request message sending logic, receiving logic and judgment logic of response messages in a detection case according to the security function of the avionic security gateway;
the security protection capability detection module (101) of the avionic security gateway is used for: firstly, calling request message sending logic of a security capability detection case set (102) of an avionic security gateway to send a request message to a tested device; then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with the response message corresponding to the request message in the detection case, considering that the received response message is a correct response message, and judging that the working state of the avionic domain security function of the avionic security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message; otherwise, judging the abnormal condition, and recording the content and the occurrence time of the abnormal response message.
3. The civil aircraft airborne information system network security capability detection system of claim 1 or 2, characterized in that: an information security gateway security capability detection case set (104) defines request message sending logic, response message receiving logic and judgment logic in a detection case according to the information security gateway security function;
the information security gateway security capability detection module (103) is used for: firstly, calling a request message sending logic of an information security gateway security capability detection use case set (104) to send a request message to a tested device; and then waiting for receiving a response message sent by the tested equipment, if the response message is received within a specified time and is consistent with the response message corresponding to the request message in the detection case, judging that the received response message is a correct response message, judging that the working state of the information domain security function of the information security gateway of the tested equipment is normal by using a judgment logic corresponding to the request message, otherwise, judging that the working state is abnormal, and recording the content and the occurrence time of the abnormal response message.
4. The civil aircraft airborne information system network security capability detection system of claim 3, wherein: the security log analysis module (105) analyzes the security log content, if the content of the 'record type' field in the security log is 'error', the security working state of the security function of the corresponding security gateway in the tested device is abnormal, and the log content and the occurrence time are recorded.
5. A detection method of a civil aircraft onboard information system network security capability detection system based on any one of claims 1 to 4 is characterized by comprising the following steps:
step 1, monitoring a security log;
step 1.1, a security protection capability detection main control module (106) of an airborne information system starts a security protection log analysis module (105) of a security gateway;
step 1.2, a security log analysis module (105) receives security log messages sent by an avionic security gateway and an information security gateway in the tested equipment in real time;
step 1.3, a security log analysis module (105) analyzes the security log content;
step 1.4, a security gateway security log analysis module (105) judges whether the working state of the avionic domain security function of the avionic security gateway of the tested equipment and the working state of the information domain security function of the information security gateway are normal or not according to the type of the security log and the content of the security log; if the data is normal, the step 1.6 is carried out, otherwise, the step 1.5 is carried out;
step 1.5, a security gateway security log analysis module (105) records the content and occurrence time of abnormal security logs;
step 1.6, the security capability detection main control module (106) of the airborne information system judges whether the test is finished, if so, the step 1.7 is carried out, and if not, the step 1.2 is carried out;
step 1.7, stopping a security log analysis module (105) of the security gateway by a security capability detection main control module (106) of the airborne information system, and ending the test;
step 2, detecting security protection capability of the avionic security gateway;
step 2.1, starting a security protection capability detection module (101) of an avionic security gateway by a security protection capability detection main control module (106) of the airborne information system;
step 2.2, a security protection capability detection module (101) of the avionic security gateway reads detection cases in the security protection capability detection case set (102) of the avionic security gateway;
step 2.3, the security protection capability detection module (101) of the avionic security gateway sequentially executes detection cases in the security protection capability detection case set (102) of the avionic security gateway;
2.4, receiving and analyzing a response message sent by the tested device in the test case execution by a security capability detection module (101) of the avionic security gateway;
step 2.5, the security protection capability detection module (101) of the avionic security gateway judges whether the response message is correct, if so, the step 2.7 is carried out, otherwise, the step 2.6 is carried out;
step 2.6, a security protection capability detection module (101) of the avionic security gateway records the content and the occurrence time of the abnormal message;
step 2.7: the security protection capability detection module (101) of the avionic security gateway judges whether all detection cases are executed completely; if the test is finished, and if the test is not finished, the step 2.3 is carried out;
step 3, detecting the security protection capability of the information security gateway;
3.1, starting an information security gateway security capability detection module (103) by an airborne information system security capability detection main control module (106);
3.2, the information security gateway security capability detection module (103) calls detection cases in the information security gateway security capability detection case set (104);
3.3, sequentially executing detection cases in the information security gateway security capability detection case set (104) by an information security gateway security capability detection module (103);
step 3.4, the information security gateway security capability detection module (103) receives and analyzes a response message sent by the tested device in the execution of the detection case;
step 3.5, the security capability detection module (103) of the information security gateway judges whether the response message is correct; if the result is correct, the step 3.7 is carried out, otherwise, the step 3.6 is carried out;
step 3.6, the security protection capability detection module (103) of the information security gateway records the content and the occurrence time of the abnormal message;
step 3.7; the information security gateway security capability detection module (103) judges whether all detection cases are executed; if the test is finished, and if the test is not finished, the step 3.3 is carried out.
6. The detection method according to claim 5, characterized in that:
the step 2.3 is specifically as follows:
the security protection capability detection module (101) calls request message sending logic of the security protection capability detection case set (102) of the avionic security gateway to send a request message to the tested equipment;
the step 2.5 specifically comprises the following steps:
if the avionic security gateway security capability detection module (101) receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the working state of the avionic security function of the avionic security gateway of the tested device is judged to be normal by using the judgment logic corresponding to the request message, the step 2.7 is carried out, otherwise, the step 2.6 is carried out.
7. The detection method according to claim 6, characterized in that:
step 3.3 is specifically:
an information security gateway security capability detection module (103) calls a request message sending logic of an information security gateway security capability detection case set (104) to send a request message to a tested device;
the step 3.5 is specifically as follows:
if the information security gateway security capability detection module (103) receives the response message within the specified time and the response message is consistent with the response message corresponding to the request message in the detection case, the received response message is considered to be a correct response message, then the judgment logic corresponding to the request message is utilized to judge that the working state of the information domain security function of the information security gateway of the tested device is normal, the step 3.7 is carried out, otherwise, the step 3.6 is carried out.
8. The detection method according to claim 7, characterized in that:
the step 1.4 is specifically as follows:
the safety gateway security log analysis module (105) judges the working states of the avionic safety gateway and the information safety gateway in the tested equipment by analyzing the security log content: and if the content of the record type field in the security log is 'error', the working state of the security function of the corresponding security gateway in the tested equipment is abnormal, the step 1.5 is carried out, and if the working state is normal, the step 1.6 is carried out.
9. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when executed by a processor, implements the method of any of claims 5-8.
10. A terminal, comprising: at least one processor, at least one memory, and a communication interface, characterized in that: the communication interface, the at least one memory, and the at least one processor are coupled; the terminal communicating with other devices via the communication interface, the at least one memory storing a computer program such that the computer program when executed by the at least one processor implements the method of any one of claims 5-8.
CN202110525738.XA 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method Active CN113347022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110525738.XA CN113347022B (en) 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110525738.XA CN113347022B (en) 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method

Publications (2)

Publication Number Publication Date
CN113347022A CN113347022A (en) 2021-09-03
CN113347022B true CN113347022B (en) 2022-11-11

Family

ID=77469679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110525738.XA Active CN113347022B (en) 2021-05-13 2021-05-13 Civil aircraft airborne information system network security capability detection system and method

Country Status (1)

Country Link
CN (1) CN113347022B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270716A (en) * 2016-12-30 2018-07-10 绵阳灵先创科技有限公司 A kind of audit of information security method based on cloud computing

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7581002B2 (en) * 2006-10-06 2009-08-25 The Boeing Company Methods and systems for network failure reporting
TWI369623B (en) * 2008-11-07 2012-08-01 Chunghwa Telecom Co Ltd Control system and protection method for integrated information security service
JP6839963B2 (en) * 2016-01-08 2021-03-10 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Anomaly detection method, anomaly detection device and anomaly detection system
CN107888599B (en) * 2017-11-17 2020-10-27 中国航空工业集团公司西安航空计算技术研究所 Two-way communication system and method between high-low security network domains of avionics
FR3094506B1 (en) * 2019-03-29 2021-04-16 Thales Sa SYSTEM ON BOARD AN INCIDENT DETECTION AND RESPONSE AIRCRAFT WITH LOGS RECORDING
US10872479B1 (en) * 2019-11-04 2020-12-22 Ford Global Technologies, Llc Secure log capture
CN111130922A (en) * 2019-11-28 2020-05-08 中国航空工业集团公司西安航空计算技术研究所 Airborne information safety automatic test method and test platform

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270716A (en) * 2016-12-30 2018-07-10 绵阳灵先创科技有限公司 A kind of audit of information security method based on cloud computing

Also Published As

Publication number Publication date
CN113347022A (en) 2021-09-03

Similar Documents

Publication Publication Date Title
CN112953971B (en) Network security flow intrusion detection method and system
US20140013431A1 (en) Methods and systems for use in identifying cyber-security threats in an aviation platform
US20210024224A1 (en) Systems and methods for automatically recording interactivity and anomaly data at a vehicle
US20140259171A1 (en) Tunable intrusion prevention with forensic analysis
CN103297266B (en) A kind of system access management method based on utility integration bus
CN111754653A (en) Embedded system on an aircraft for detecting and responding to incidents using logging
CN114500039B (en) Instruction issuing method and system based on safety control
CN113347022B (en) Civil aircraft airborne information system network security capability detection system and method
CN113824686A (en) GNSS time service defense system, method, device and computer readable storage medium
CN110807184A (en) Method for intelligently recording screen and acquiring behavior data of computer and mobile terminal user
CN113395260B (en) Network security verification system and method for civil aircraft airborne information system
CN115037531A (en) Unauthorized access vulnerability detection method, device and system
CN106598803A (en) Method for remotely monitoring operation of host system
CN116545642B (en) Terminal monitoring management system for specific environment
CN117493218B (en) VSOA-based test system and test method
CN113364740A (en) Network security test system and method for civil aircraft airborne information system
US12107720B2 (en) Script discrimination apparatus, script discrimination method and script discrimination system
CN114884993B (en) Virtualized android system for enhancing data security
CN118400712A (en) Vehicle information synchronous processing method, vehicle management system, device and equipment
CN115190008B (en) Fault processing method, fault processing device, electronic equipment and storage medium
CN114328140A (en) Operation behavior alarm method and device and related equipment
CN118041758A (en) Service flow limiting method, device, equipment and medium
CN113254113A (en) Vehicle safety defect verification method and system
CN117997566A (en) Security system
CN117640357A (en) Processing method and device for network element data acquisition abnormality and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant