CN116894250A - Malicious software detection method for air traffic control system - Google Patents
Malicious software detection method for air traffic control system Download PDFInfo
- Publication number
- CN116894250A CN116894250A CN202310872097.4A CN202310872097A CN116894250A CN 116894250 A CN116894250 A CN 116894250A CN 202310872097 A CN202310872097 A CN 202310872097A CN 116894250 A CN116894250 A CN 116894250A
- Authority
- CN
- China
- Prior art keywords
- software
- malicious
- code
- codes
- traffic control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 26
- 238000013528 artificial neural network Methods 0.000 claims abstract description 11
- 238000012360 testing method Methods 0.000 claims description 7
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 230000003203 everyday effect Effects 0.000 claims description 3
- RZVHIXYEVGDQDX-UHFFFAOYSA-N 9,10-anthraquinone Chemical compound C1=CC=C2C(=O)C3=CC=CC=C3C(=O)C2=C1 RZVHIXYEVGDQDX-UHFFFAOYSA-N 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The invention discloses a method for detecting malicious software of an air traffic control system, which belongs to the technical field of air traffic control systems and specifically comprises the following steps: s1, importing new software, analyzing and disassembling the software, and analyzing a software code; s2, collecting malicious codes and establishing a malicious code database; according to the method, a malicious code database is established, a neural network identification system is combined, after a new software code is imported, a plurality of nodes are connected with the new software code through a plurality of channels, the software code is identified in the same time, the software code is analyzed, whether the malicious code exists or not is judged, meanwhile, undetected suspicious codes are marked, the running smoothness of the new software is detected through a cloud system, and a software version which still has problems is run, so that the existence of the malicious code is proved, the newly developed malicious software or the software code can be effectively identified, the purpose of effective identification is achieved, and the risk of opening the software is greatly reduced.
Description
Technical Field
The invention belongs to the technical field of air traffic control systems, and particularly relates to a method for detecting malicious software of an air traffic control system.
Background
The air traffic control system is a control system which monitors and controls the aircraft by using a technical means, prevents collision in the air or on the ground, and guides the aircraft to take off and land safely on time. The air traffic control radar is responsible for collecting and transmitting various information of the aircraft in the responsibility area to the flight control center in the air traffic control system, so that the requirements of flight control are met.
The empty pipe system is often attacked by malicious software, some software for containing information is received in the running process, however, malicious viruses may exist in the opened software, so that the empty pipe system is affected, the existing malicious software identification system can only identify the existing malicious software or malicious codes in the malicious software, but if the existing malicious software or malicious codes are newly developed, the purpose of effective identification cannot be achieved, and therefore, the opened software still has a great risk.
Disclosure of Invention
The invention aims at: the method for detecting the malicious software of the air traffic control system aims at solving the problems that the existing malicious software identification system can only identify existing malicious software or malicious codes in the malicious software, but can not achieve the purpose of effective identification if the existing malicious software or the malicious codes are newly developed, so that the problem that the open software is at great risk exists.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a method for detecting malicious software of an air traffic control system specifically comprises the following steps:
s1, importing new software, analyzing and disassembling the software, and analyzing a software code;
s2, collecting malicious codes and establishing a malicious code database;
s3, a neural network identification system is established, malicious code data are imported, and the malicious code data are used for identifying malicious codes in software;
s4, eliminating malicious codes and marking unidentified suspicious codes;
s5, establishing a cloud system, importing new software to run, and testing the running state of the new software;
s6, locking malicious codes according to the running state of the new software;
s7, performing software repair.
As a further description of the above technical solution:
in the step S1, the analyzed software codes are imported into a conventional code recognition model, the non-conventional codes are recognized, and the non-conventional codes are marked respectively, so that the quick locking in the detection process is facilitated, and the software codes are imported into a neural network recognition system.
As a further description of the above technical solution:
in the step S2, after the malicious code database is established, the internet large database is connected through a network, a malicious code classification group in the corresponding industry field is searched, malicious codes of the internet large database are extracted, the malicious code database needs to be kept updated every day, the malicious code database is ensured to be consistent with malicious code data in the internet large database, the malicious code database is used for preventing new malicious codes from being utilized, and malicious software is manufactured according to time difference and information difference to be destroyed.
As a further description of the above technical solution:
in the step S3, the malicious code is stored in a plurality of nodes in the neural network recognition system, after the new software code is imported, the plurality of nodes are connected with the new software code through a plurality of channels, the software code is recognized in the same time, the software code is analyzed, whether the malicious code exists or not is judged, and meanwhile, the recognition efficiency is higher.
As a further description of the above technical solution:
in S4, the malicious code can be removed, and after the suspicious code is marked, the suspicious code can be imported into the new software along with the marking signal.
As a further description of the above technical solution:
in the step S5, the main purpose of the test software is to detect the running smoothness of the new software, divide the running period of the software into three periods, namely, front, middle and rear periods, and analyze the running speed and state of the three-stage software respectively, if the running speed of the software in any one period is found to be slow or extremely fast, and the situation that multiple times of blocking, delay or network fluctuation is caused in the running process is detected and marked.
As a further description of the above technical solution:
in the S6, by analyzing the running state, the problem of the three periods before, during and after can be analyzed, the time point of the problem of the running of the software is recorded, the position of the time point corresponds to the marked suspicious malicious code in the software, and the malicious code with the highest malicious probability can be detected rapidly.
As a further description of the above technical solution:
in the step S7, a plurality of cloud systems are established in the testing process, malicious codes with high suspicious degree are deleted or modified, the purpose of modifying software is achieved, a plurality of modified software versions are respectively sent to different cloud systems for running, and running of the software versions still having problems proves that the malicious codes exist in the cloud systems.
In summary, due to the adoption of the technical scheme, the beneficial effects of the invention are as follows:
according to the method, a malicious code database is established, a neural network identification system is combined, after a new software code is imported, a plurality of nodes are connected with the new software code through a plurality of channels, the software code is identified in the same time, the software code is analyzed, whether the malicious code exists or not is judged, meanwhile, undetected suspicious codes are marked, the running smoothness of the new software is detected through a cloud system, the malicious code with the highest malicious probability is detected rapidly by corresponding to the marked suspicious malicious code in the software, a plurality of cloud systems are established in the testing process, the malicious code with the high suspicious degree is deleted or modified, the purpose of modifying the software is achieved, a plurality of modified software versions are respectively transmitted to different cloud systems to run, the running of the software version still having problems is proved, the newly developed malicious software or the software code can be effectively identified, the purpose of effective identification is achieved, and the risk of opening the software is greatly reduced.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention provides a technical scheme that: a method for detecting malicious software of an air traffic control system specifically comprises the following steps:
s1, importing new software, analyzing and disassembling the software, and analyzing a software code, wherein in the S1, the analyzed software code is imported into a conventional code identification model, non-conventional codes are identified, and the non-conventional codes are marked respectively, so that the software is conveniently and rapidly locked in a detection process and imported into a neural network identification system;
s2, collecting malicious codes and establishing a malicious code database, wherein in the S2, the malicious code database is connected with an Internet large database through a network after being established, a malicious code classification group in the corresponding industry field is searched, the malicious codes of the Internet large database are extracted, the malicious code database needs to be kept updated every day, the consistency with malicious code data in the Internet large database is ensured, the malicious code database is used for preventing the new malicious codes from being utilized, and malicious software is manufactured according to time difference and information difference to be destroyed;
s3, establishing a neural network identification system, importing malicious code data for identifying malicious codes in software, wherein in S3, the malicious codes are stored in a plurality of nodes in the neural network identification system, after a new software code is imported, the nodes are connected with the new software code through a plurality of channels, the software code is identified in the same time, the software code is analyzed, whether the malicious code exists or not is judged, and meanwhile, the identification efficiency is higher;
s4, eliminating malicious codes and marking unidentified suspicious codes, wherein in the S4, the malicious codes can be eliminated, and after the suspicious codes are marked, the suspicious codes can be imported into new software along with marking signals;
s5, establishing a cloud system, importing new software to run, and testing the running state of the new software, wherein in S5, the testing software mainly aims at detecting the running smoothness of the new software, dividing the running period of the software into front, middle and rear three periods, respectively analyzing the running speed and the running state of the three-stage software, and if the running speed of the software in any one period is found to be slow or extremely fast, and a plurality of times of blocking, delay or conditions causing large network fluctuation are detected and marked;
s6, locking malicious codes according to the running state of the new software, wherein in the S6, by analyzing the running state, the problem of the occurrence of the problem in the front, middle and rear three stages can be analyzed, the time point of the problem of the running of the software is recorded, the position of the time point corresponds to the marked suspicious malicious codes in the software, and the malicious code with the highest malicious probability can be detected rapidly;
s7, repairing software, wherein in S7, a plurality of cloud systems are established in the testing process, malicious codes with high suspicious degree are deleted or modified, the purpose of modifying the software is achieved, the plurality of modified software versions are respectively sent to different cloud systems for running, and the running of the software versions still having problems proves that the malicious codes exist in the cloud systems.
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should make equivalent substitutions or modifications according to the technical scheme of the present invention and the inventive concept thereof, and should be covered by the scope of the present invention.
Claims (8)
1. The method for detecting the malicious software of the air traffic control system is characterized by comprising the following steps of:
s1, importing new software, analyzing and disassembling the software, and analyzing a software code;
s2, collecting malicious codes and establishing a malicious code database;
s3, a neural network identification system is established, malicious code data are imported, and the malicious code data are used for identifying malicious codes in software;
s4, eliminating malicious codes and marking unidentified suspicious codes;
s5, establishing a cloud system, importing new software to run, and testing the running state of the new software;
s6, locking malicious codes according to the running state of the new software;
s7, performing software repair.
2. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S1, the parsed software codes are imported into a conventional code recognition model, non-conventional codes are recognized, and the non-conventional codes are marked respectively, so that the method is convenient to lock quickly in the detection process and is imported into a neural network recognition system.
3. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S2, after the malicious code database is established, the internet big database is connected through a network, a malicious code classification group in a corresponding industry field is searched, malicious codes in the internet big database are extracted, and the malicious code database needs to be kept updated every day to ensure consistency with malicious code data in the internet big database.
4. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S3, malicious codes are stored in a plurality of nodes in the neural network recognition system, after a new software code is introduced, the plurality of nodes are connected with the new software code through a plurality of channels, the software code is recognized at the same time, the software code is analyzed, whether the malicious code exists is judged, and at the same time, the recognition efficiency is higher.
5. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S4, the malicious code can be removed, and the suspicious code can be imported into new software along with the marking signal after being marked.
6. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S5, the test software is mainly aimed at detecting the running smoothness of the new software, dividing the running period of the software into three periods of front, middle and rear, and analyzing the running speed and state of the three-stage software respectively, and if the running speed of the software in any one period is found to be slow or extremely fast, and a plurality of times of blocking, delay or cause a large network fluctuation in the running process are detected and marked.
7. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S6, by analyzing the operation status, it is possible to analyze where problems occur in the first, second and third phases, and record the time point when the problems occur in the operation of the software, and perform location correspondence with the suspicious malicious code marked in the software, so that the malicious code with the highest malicious probability can be detected quickly.
8. The method for detecting malicious software in an air traffic control system according to claim 1, wherein in S7, a plurality of cloud systems are established in the testing process, malicious codes with high suspicious degree are deleted or modified to achieve the purpose of modifying software, and a plurality of modified software versions are respectively sent to different cloud systems for running, and running software versions still having problems proves that malicious codes exist therein.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310872097.4A CN116894250A (en) | 2023-07-17 | 2023-07-17 | Malicious software detection method for air traffic control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310872097.4A CN116894250A (en) | 2023-07-17 | 2023-07-17 | Malicious software detection method for air traffic control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116894250A true CN116894250A (en) | 2023-10-17 |
Family
ID=88314611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310872097.4A Pending CN116894250A (en) | 2023-07-17 | 2023-07-17 | Malicious software detection method for air traffic control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116894250A (en) |
-
2023
- 2023-07-17 CN CN202310872097.4A patent/CN116894250A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110213077B (en) | Method, device and system for determining safety event of power monitoring system | |
| CN112114995B (en) | Terminal abnormality analysis method, device, equipment and storage medium based on process | |
| NL2012421A (en) | Computer-implemented systems and methods for comparing and associating objects. | |
| CN109347853B (en) | Deep packet analysis-based anomaly detection method for integrated electronic system | |
| CN105100122A (en) | Threat detection and alert method and system based on big data analysis | |
| CN113422763B (en) | Alarm correlation analysis method constructed based on attack scene | |
| CN105376193A (en) | Intelligent association analysis method and intelligent association analysis device for security events | |
| CN113064932A (en) | Network situation assessment method based on data mining | |
| CN115643035A (en) | Network security situation assessment method based on multi-source log | |
| CN115269314A (en) | Transaction abnormity detection method based on log | |
| CN117081858A (en) | Intrusion behavior detection method, system, equipment and medium based on multi-decision tree | |
| Hendry et al. | Intrusion signature creation via clustering anomalies | |
| KR101444250B1 (en) | System for monitoring access to personal information and method therefor | |
| CN112600828B (en) | Attack detection and protection method and device for power control system based on data message | |
| CN114244594A (en) | Network flow abnormity detection method and detection system | |
| WO2018110997A1 (en) | Method and apparatus for generating network intrusion detection rule | |
| Werner et al. | Near real-time intrusion alert aggregation using concept-based learning | |
| CN116894250A (en) | Malicious software detection method for air traffic control system | |
| CN110399485B (en) | Data tracing method and system based on word vector and machine learning | |
| CN111104670B (en) | APT attack identification and protection method | |
| CN117082453A (en) | Vehicle electronic fence alarm method, device, equipment and storage medium | |
| CN109324985A (en) | A kind of SQL injection recognition methods of the automatic adaptation scene based on machine learning | |
| CN113162904B (en) | Power monitoring system network security alarm evaluation method based on probability graph model | |
| CN102882893A (en) | Alarming cooperative system based on blackboard structure | |
| CN113536322A (en) | Intelligent contract reentry vulnerability detection method based on countermeasure neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |