CN117134928A - Attack and defense shooting range system for train network control system and implementation method thereof - Google Patents
Attack and defense shooting range system for train network control system and implementation method thereof Download PDFInfo
- Publication number
- CN117134928A CN117134928A CN202210551919.4A CN202210551919A CN117134928A CN 117134928 A CN117134928 A CN 117134928A CN 202210551919 A CN202210551919 A CN 202210551919A CN 117134928 A CN117134928 A CN 117134928A
- Authority
- CN
- China
- Prior art keywords
- train
- attack
- network control
- data
- train network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 65
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000005540 biological transmission Effects 0.000 claims abstract description 67
- 238000004891 communication Methods 0.000 claims abstract description 60
- 238000004088 simulation Methods 0.000 claims abstract description 40
- 238000012360 testing method Methods 0.000 claims abstract description 34
- 238000012544 monitoring process Methods 0.000 claims abstract description 28
- 238000005206 flow analysis Methods 0.000 claims abstract description 20
- 230000035515 penetration Effects 0.000 claims abstract description 12
- 238000004458 analytical method Methods 0.000 claims abstract description 11
- 238000001514 detection method Methods 0.000 claims abstract description 8
- 238000005065 mining Methods 0.000 claims abstract description 5
- 238000007726 management method Methods 0.000 claims description 24
- 238000012550 audit Methods 0.000 claims description 19
- 238000012545 processing Methods 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 238000009412 basement excavation Methods 0.000 claims description 5
- 230000006855 networking Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 230000003993 interaction Effects 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 abstract description 4
- 238000012795 verification Methods 0.000 abstract description 3
- 238000012423 maintenance Methods 0.000 description 15
- 230000002159 abnormal effect Effects 0.000 description 13
- 238000003745 diagnosis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000004378 air conditioning Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses an attack and defense shooting range system for a train network control system and an implementation method thereof, wherein the system comprises the following steps: the train network control system and the wireless transmission system are used for building a topological structure of the attack and defense shooting range; the system management equipment is used for simulating service data of the target service system to form a simulation service scene of the attack and defense target range; the test tool set is used for performing simulation attack on the target service system through the penetration test tool, and performing vulnerability detection on the attack and defense target range through the vulnerability scanning and vulnerability mining tool; the flow analysis system is used for carrying out flow monitoring and analysis on the in-out data of the train network in the simulation service scene, generating a flow monitoring log and sending the flow monitoring log to the display system for display. The attack and defense target range system has the advantages of low cost, expandability and reconfigurability, and simultaneously has the service scene simulation capability of train network data transmission and train-ground communication data transmission, and supports the functional requirements of network security attack and defense countermeasure, test verification, evaluation analysis and the like.
Description
Technical Field
The invention relates to the technical field of train network safety, in particular to an attack and defense shooting range system for a train network control system and an implementation method thereof.
Background
For a long time, a train network control system, also called a train control and management system (Train Control and Management System, abbreviated as TCMS) adopts a private network communication interface and a communication protocol, so that an external attacker is difficult to enter the system, the track traffic industry pays more attention to the realization of the functional safety of a train, and less attention is paid to the train network safety. In recent years, on one hand, the national network security method, the network security level protection regulations and other legal regulations are put into play, so that the rail traffic industry is more and more concerned about the security of the train network, and on the other hand, with the wide application of technologies such as Ethernet, wireless communication and unmanned on the train, the train network control system is developed towards an open and generalized direction, so that the threshold of an attacker is lower and the security situation faced by the train network is more and more severe. Therefore, higher requirements are put forward on network security testing and evaluation of the train network control system, and in order to accurately evaluate the influence of various attacks on the system and verify the security protection capability of network equipment, it is highly desirable to put forward an attack and defense range system suitable for the train network control system.
Disclosure of Invention
The invention provides an attack and defense range system for a train network control system and an implementation method thereof, which are used for solving the problem that the prior art lacks an attack and defense range suitable for the train network control system.
Based on the above object, the present invention provides an attack and defense range system for a train network control system, comprising: the system comprises a train network control system, a wireless transmission system, system management equipment, a test tool set, a flow analysis system and a display system; wherein,
the train network control system and the wireless transmission system are used for building a topological structure of the attack and defense shooting range;
the system management equipment is used for simulating service data of the train network control system and the wireless transmission system to form a simulation service scene of the attack and defense shooting range;
the test tool set comprises a penetration test tool, a vulnerability scanning tool and a vulnerability excavation tool, wherein the penetration test tool is used for performing simulation attack on the train network control system and the wireless transmission system, and the vulnerability scanning tool and the vulnerability excavation tool are used for performing vulnerability detection on the attack and defense target range;
the flow analysis system is used for carrying out flow monitoring and analysis on the in-out data of the train network in the simulation service scene and generating a flow monitoring log;
and the display system is used for collecting the flow monitoring log sent by the flow analysis system for display.
Preferably, the train network control system comprises a switch, a central controller, a gateway module, an IO chassis, an event recorder and a display; wherein,
the switch is used for connecting each device of the train network control system for networking communication, auditing the port of the switch and the running data of the process of the switch, and generating an audit log;
the gateway module is used for simulating communication data of each vehicle-mounted subsystem;
the IO machine case is used for collecting input and output data of the train;
the event recorder is used for recording train operation data, wherein the train operation data comprises input and output data of the train and communication data of each vehicle-mounted subsystem;
the display is used for displaying state data extracted from the train operation data, and the state data comprises state information of each vehicle-mounted subsystem;
and the central controller is used for carrying out centralized control on each device of the train network control system.
Preferably, the input and output data of the train comprise state information of each switch control device in a hard line circuit of the train; the communication data of the vehicle-mounted subsystem comprises state information and fault information of the vehicle-mounted subsystem.
Preferably, the wireless transmission system comprises a main control board, a wireless communication board, a switching board, a fireproof wallboard and a power panel; wherein,
the exchange board is used for carrying out data interaction with an exchange connected with the exchange board, and sending service data interacted by the train network control system and the wireless transmission system to the main control board;
the main control board is used for carrying out format conversion processing on the service data sent by the exchange board and sending the processed service data to the wireless communication board;
the wireless communication board is used for communicating with a ground network through a wireless channel and transmitting the processed service data to the ground network;
the fireproof wallboard is used for configuring a security protection strategy and generating a firewall log;
the power panel is used for supplying power to each component of the wireless transmission system.
Preferably, the system management device includes a first simulation unit and a second simulation unit; the first simulation unit is used for calling upper computer management software to simulate service data interacted between each vehicle-mounted subsystem and the train network control system, and sending UDP messages corresponding to the service data to a gateway module after the configuration of the upper computer management software is completed, so that the UDP messages are converted into TRDP messages through the gateway module and are sent to a central controller;
the second simulation unit is used for simulating the service data interacted by the train network control system and the wireless transmission system according to the application condition of the project, and sending the service data to the main control board so as to return to the ground network through the wireless communication board after format conversion processing is carried out on the service data through the main control board.
Preferably, the display system is further configured to collect an audit log sent by the train network control system, and a firewall log sent by the wireless transmission system, and display the audit log and the firewall log.
Preferably, the simulation service scene comprises a train network data transmission service scene and a train-ground communication data transmission service scene.
In addition, the invention also provides a method for realizing the attack and defense target range system, which comprises the following steps:
building a topological structure of the attack and defense shooting range through a train network control system and a wireless transmission system;
simulating service data of the train network control system and the wireless transmission system through system management equipment to form a simulation service scene of the attack and defense target range;
adopting a penetration testing tool in a testing tool set to simulate attack on a target service system, and adopting a vulnerability scanning tool and a vulnerability mining tool in the testing tool set to detect vulnerabilities of the attack and defense shooting ranges;
the flow analysis system is used for carrying out flow monitoring and analysis on the in-out data of the train network in the simulation service scene, and a flow monitoring log is generated;
and collecting the flow monitoring log sent by the flow analysis system through a display system for display.
Preferably, the implementation method of the attack and defense target range system further comprises the following steps:
and collecting audit logs sent by the train network control system and firewall logs sent by the wireless transmission system through the display system, and displaying the audit logs and the firewall logs.
According to the attack and defense target range system for the train network control system and the implementation method thereof, provided by the invention, the topological structure of the attack and defense target range is built through the train network control system and the wireless transmission system, and the service data of the train network control system and the wireless transmission system are simulated through the system management equipment, so that the service data can be configured according to the communication protocols of different actual projects, and the actual service scene simulation is carried out in the attack and defense target range. The attack and defense target range system provided by the invention has the advantages of low cost, expandability and reconfigurability, and simultaneously has the service scene simulation capability of train network data transmission and train-ground communication data transmission, and can support the functional requirements of network security attack and defense countermeasure, test verification, evaluation analysis, product scientific research and the like.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an attack and defense range system for a train network control system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a train network control system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a wireless transmission system according to an embodiment of the present invention;
fig. 4 is a flow chart of an implementation of the attack and defense range system according to an embodiment of the invention.
Detailed Description
In order to make the technical problems, technical schemes and beneficial effects to be solved more clearly apparent, the invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 1, an attack and defense range system for a train network control system according to an embodiment of the present invention includes a train network control system 10, a wireless transmission system 20, a system management device 30, a test tool set 40, a flow analysis system 50, and a presentation system 60; the train network control system 10 is connected with the wireless transmission system 20, the system management device 30, the test tool set 40, the flow analysis system 50 and the display system 60 through the ethernet.
The train network control system 10 and the wireless transmission system 20 are used for building a topological structure of the attack and defense range. Preferably, the train network control system 10 adopts the Ethernet ring network technology, and can receive communication data sent by the vehicle-mounted subsystem in real time, wherein the communication data mainly comprises state information and fault information of the vehicle-mounted subsystem; the wireless transmission system 20 is a key node for connecting a train network corresponding to the train network control system 10 and a ground network, is a potential attack object of train network security, and can receive train operation and maintenance data sent by the train network control system 10 in real time.
The system management device 30 is used for simulating the service data of the train network control system 10 and the wireless transmission system 20 so as to simulate the service scene of the train network control system 10 in the attack and defense range. In the present embodiment, the service data of the train network control system 10 refers to train operation data including, but not limited to, input/output data of a train, communication data of each on-board subsystem, control data generated from the input/output data and the communication data, and the like; the service data of the wireless transmission device 20 is train operation and maintenance data sent by the train network control system 10 to the wireless transmission device 20, and the train operation and maintenance data mainly comprises state information and fault information of an important vehicle-mounted subsystem and an operation log generated according to the state information and the fault information; the simulation service scene can be divided into a train network data transmission service scene and a train-ground communication data transmission service scene.
The test tool set 40 includes a penetration test tool for performing a simulation attack on the train network control system 10 and the wireless transmission system 20, a vulnerability scanning tool and a vulnerability excavation tool for performing vulnerability detection on the network attack and defense range. In this embodiment, the penetration test tools in the test tool set 40 mainly perform tests on aspects of wireless communication network penetration, multiple protocol cracking such as File Transfer Protocol (FTP), remote terminal protocol (Telnet), secure shell protocol (SSH), replay attack, and the like; the vulnerability scanning tool in the test tool set 40 adopts open source tool software, and mainly aims at the robustness of a real-time data protocol (TRDP) of a TCP/IP protocol stack to find out related cracked vulnerabilities, namely 0DAY vulnerabilities, in the potential earliest time of the TRDP; the vulnerability scanning tool adopts professional security testing equipment, integrates a plurality of security vulnerability libraries such as CVE, CNVD, CNNVD, CWE and the like, and mainly aims at carrying out vulnerability detection work by a vehicle-mounted subsystem adopting two operating systems such as Vxworks and Linux.
The flow analysis system 50 is used for performing flow monitoring and analysis on the in-out data of the train network in the simulation service scene, and generating a flow monitoring log. In this embodiment, the flow analysis system 50 monitors and analyzes the incoming and outgoing data of the whole train network in real time, compares the flow and the connection number of the incoming and outgoing data, determines whether the flow and the connection number have abnormal changes, if any detection item of the flow and the connection number has abnormal changes, generates corresponding abnormal alarm information, generates a flow monitoring log according to the abnormal alarm information, the recorded incoming and outgoing data and the like, and transmits the flow monitoring log to the display system 60.
And a presentation system 60 for collecting and presenting the flow monitoring log sent by the flow analysis system 50. In this embodiment, the display system 60 collects the flow monitoring log sent by the flow analysis system 50, analyzes the flow monitoring log to obtain abnormal alarm information related to abnormal flow or abnormal connection number, and displays the analyzed abnormal alarm information, and meanwhile, the display system 60 can display structural information related to the topology structure of the attack and defense range.
It can be understood that, in the attack and defense target range system for the train network control system of the present embodiment, the topology structure of the attack and defense target range is built by the train network control system 10 and the wireless transmission system 20, and the service data of the train network control system 10 and the wireless transmission system 20 are simulated by the system management device 30, so that the service data can be configured according to the communication protocols of different actual projects, and thus the actual service scene simulation is performed in the attack and defense target range. The attack and defense target range system has the advantages of low cost, expandability and reconfigurability, and simultaneously has the service scene simulation capability of train network data transmission and train-ground communication data transmission, and can support the functional requirements of network security attack and defense countermeasure, test verification, evaluation analysis, product scientific research and the like.
In an alternative embodiment, as shown in FIG. 2, the train network control system 10 includes a switch 11, a central controller 12, a gateway module 13, an IO enclosure 14, an event recorder 15, and a display 16.
The switch 11 is used for connecting each device of the train network control system 10 for networking communication, auditing the own port and the running data of the own process, and generating an audit log. That is, the switch 11 is connected to the central controller 12, the gateway module 13, the IO box 14, the event recorder 15, and the display 16 to perform networking, and audit operation data such as an own port, an operation state and an operation flow performed by the own, and if abnormal information such as an abnormal message, an abnormal process, abnormal start of the port, an overrun of the port flow, and a broadcast storm is found, an audit log including the abnormal information is generated, and the audit log is directly sent to the display system 60.
The gateway module 13 is used for simulating communication data sent by each on-board subsystem to the train network control system 10 and sending the communication data to the central controller 12. Wherein the vehicle subsystems may include, but are not limited to, braking systems, traction systems, door control systems, air conditioning control systems, auxiliary systems, broadcast systems, and the like; the communication data of the train network control system 10 mainly includes status information and fault information of the in-vehicle subsystem.
The IO chassis 14 is used for collecting input and output data of a train. The input and output data of the train comprise state information of each switch control device in the hard line circuit of the train; the switch control device may be a button, relay, sensor, or the like.
The event recorder 15 is used for recording train operation data including input/output data of the train and communication data of each in-vehicle subsystem. Further, the event recorder 15 may also be used to record other train operation data than input and output data and communication data, such as failure diagnosis information of the train itself, and the like.
The display 16 is used to display status data extracted from train operation data, including status information for each of the on-board subsystems.
The central controller 12 is used for centrally controlling the devices of the train network control system 10. In this embodiment, the central controller 12 is a core processing device of the train network control system 10, and may be used for communication management, fault diagnosis and logic control of a train network, where the communication management is specifically communication and management of the train network based on ethernet, and is performed according to IEC61375 standard, so as to implement master-slave management, bandwidth allocation, communication cycle management and the like of the train network; the fault diagnosis is specifically to comprehensively analyze according to the state information of each vehicle-mounted subsystem so as to realize fault alarm; the logic control is specifically to perform logic operation according to input and output data of the train and communication data of each vehicle-mounted subsystem, so as to realize output of control data. As can be appreciated, the central controller 12 may acquire the state information of each switch control device acquired by the IO chassis 14 in real time, and generate control data in combination with the acquired state information of each vehicle subsystem, and send the control data to the IO chassis 14; the central controller 12 may also obtain the communication data simulated by the gateway module 13, extract train operation and maintenance data from the communication data, and send the train operation and maintenance data to the wireless transmission system 20 through the switch 11.
It can be appreciated that the train network control system 10 of the present embodiment can implement functions of communication management, train fault diagnosis, data processing, status display, data recording, and the like of a train network.
In an alternative embodiment, as shown in fig. 3, the wireless transmission system 20 includes a main control board 21, a wireless communication board 22, a switch board 23, a fire wall board 24, and a power supply board 25.
The switch board 23 is used for performing data interaction with the switch 11 in the train network control system 10, and sending service data interacted between the train network control system 10 and the wireless transmission system 20 to the main control board 21;
the main control board 21 is used for performing format conversion processing on the service data sent by the switch board 23, and sending the processed service data to the wireless communication board 22;
the wireless communication board 22 is used for communicating with the ground network through a wireless channel, and transmitting the processed service data to the ground network; optionally, the wireless channel is a wireless network, an LTE network, or a 5G network;
fire wall board 24 is used to configure security policies and generate firewall logs; wherein the fire wall panel 24 is connected to the wireless communication panel 22;
the power panel 25 is used to power the components of the wireless transmission system 20.
In this embodiment, the service data interacted by the train network control system 10 and the wireless transmission system 20 is train operation and maintenance data, and the train operation and maintenance data mainly includes state information, fault information and operation log of an important vehicle-mounted subsystem.
It can be understood that when the switch board 23 in the wireless transmission system 20 communicates with the switch 11 in the train network control system 10, the switch board 23 can acquire train operation and maintenance data transmitted through the switch 11 and transmit the train operation and maintenance data to the main control board 21, at this time, the main control board 21 can acquire train operation and maintenance data transmitted through the switch board 23 and convert the train operation and maintenance data from the TRDP protocol format into a protocol format that can be transmitted by the wireless communication board 22, and then transmit the train operation and maintenance data to the ground network through the wireless communication board 22.
It can be appreciated that the wireless transmission system 20 of the present embodiment can implement functions such as train operation and maintenance data acquisition, data processing, and wireless data transmission.
In an alternative embodiment, the system management device 30 includes a first analog unit and a second analog unit; the first simulation unit is used for calling the upper computer management software to simulate the service data interacted between each vehicle-mounted subsystem and the train network control system 10, and transmitting a UDP message corresponding to the service data to the gateway module 13 after the configuration of the upper computer management software is completed, so that the gateway module 13 converts the UDP message into a TRDP message and transmits the TRDP message to the central controller 12;
the second simulation unit is configured to simulate, according to the application condition of the project, service data interacted by the train network control system 10 and the wireless transmission system 20, and send the service data to the main control board 21, so that after the format conversion processing is performed on the service data by the main control board 21, the processed service data is transmitted to the ground network by the wireless communication board 22.
It can be understood that when the attack and defense target range system performs network security attack and defense exercise, the first simulation unit invokes the host computer management software to simulate the communication data of each vehicle-mounted system according to the project communication protocol, and after the configuration of the host computer management software is completed, the host computer management software sends the UDP message corresponding to the communication data to the ethernet gateway module, and the ethernet gateway module converts the UDP message into a TRDP message and sends the TRDP message to the central controller 12, so as to form a train network data transmission service scene of the attack and defense target range.
Further, the second simulation unit simulates train operation and maintenance data according to the application condition of the project, and sends a TRDP message corresponding to the train operation and maintenance data to the main control board 21, and the main control board 21 converts the TRDP message into a communication protocol required by the wireless communication board 22 and then transmits the communication protocol to the ground network, so as to form a train-ground communication data transmission service scene of the attack and defense target range. Preferably, the items in the present embodiment refer to items related to urban rail transit, including but not limited to subway lines, high-speed rails, urban trajectories, and the like.
In an alternative embodiment, where the train network control system 10 includes the switch 11 and the wireless transmission system 20 includes the fire wall panel 24, the presentation system 60 further includes collecting audit logs sent by the train network control system 10 and firewall logs sent by the wireless transmission system 20, and presenting the audit logs and firewall logs.
In addition, as shown in fig. 4, an embodiment of the present invention further provides a method for implementing the attack and defense target range system for the train network control system, which specifically includes:
step S10, constructing a topological structure of the attack and defense target range through the train network control system 10 and the wireless transmission system 20;
step S20, simulating service data of the train network control system 10 and the wireless transmission system 20 through the system management equipment 30 to form a simulation service scene of the attack and defense target range;
step S30, performing simulation attack on the target service system by adopting a penetration test tool in the test tool set 40, and performing vulnerability detection on an attack and defense target range by adopting a vulnerability scanning tool and a vulnerability mining tool in the test tool set 40 to generate a vulnerability log;
step S40, flow monitoring analysis is carried out on the in-out data of the train network in the simulation service scene through the flow analysis system 50, and a flow monitoring log is generated;
in step S50, the flow monitoring log sent by the flow analysis system 50 is collected by the presentation system 60 for presentation.
Further, the step S50 further includes the following steps: and collecting audit logs sent by the train network control system and firewall logs sent by the wireless transmission system through the display system, and displaying the audit logs and the firewall logs.
It can be understood that, in the implementation method of the attack and defense target range system of the embodiment, firstly, the topology structure of the attack and defense target range is built through the train network control system 10 and the wireless transmission system 20, service data of the target service system is simulated through the system management device 30, actual service scene simulation is performed in the attack and defense target range, then, the penetration test tools of the test tool set 40 are used for performing simulation attack on the target service system, the vulnerability scanning tool and the vulnerability mining tool are used for performing vulnerability detection on the attack and defense target range, further, the flow analysis system 50 is used for performing flow monitoring analysis on the inflow and outflow of the simulation service range, a flow monitoring log is generated, and finally, data results such as a firewall log of the attack and defense target range, a vulnerability log of the attack and defense target range, the flow monitoring log and the audit log are collected through the display system 60, and the data results are displayed in real time. According to the implementation method of the attack and defense range system, risks and vulnerabilities existing in the train network control system 10 can be found in time according to the data results of the attack and defense range system, the effectiveness of the network security protection strategy is analyzed and evaluated, optimization measures are provided for the security protection system of the train network based on the network security protection strategy, and the network security protection system is further updated to be ready for next network security attack and defense exercise. In addition, by continuously drilling the attack and defense range system, the safety of the train network control system 10 is gradually enhanced, and the safety protection capability of the train network is improved.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the invention is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the invention, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the present invention. Therefore, any omissions, modifications, equivalent substitutions, improvements, and the like, which are within the spirit and principles of the embodiments of the invention, are intended to be included within the scope of the invention.
Claims (9)
1. An attack and defense range system for a train network control system, comprising: the system comprises a train network control system, a wireless transmission system, system management equipment, a test tool set, a flow analysis system and a display system; wherein,
the train network control system and the wireless transmission system are used for building a topological structure of the attack and defense shooting range;
the system management equipment is used for simulating service data of the train network control system and the wireless transmission system to form a simulation service scene of the attack and defense shooting range;
the test tool set comprises a penetration test tool, a vulnerability scanning tool and a vulnerability excavation tool, wherein the penetration test tool is used for performing simulation attack on the train network control system and the wireless transmission system, and the vulnerability scanning tool and the vulnerability excavation tool are used for performing vulnerability detection on the attack and defense target range;
the flow analysis system is used for carrying out flow monitoring and analysis on the in-out data of the train network in the simulation service scene and generating a flow monitoring log;
and the display system is used for collecting the flow monitoring log sent by the flow analysis system for display.
2. The offensive and defensive range system for a train network control system of claim 1 wherein the train network control system comprises a switch, a central controller, a gateway module, an IO chassis, an event recorder and a display; wherein,
the switch is used for connecting each device of the train network control system for networking communication, auditing the port of the switch and the running data of the process of the switch, and generating an audit log;
the gateway module is used for simulating communication data of each vehicle-mounted subsystem;
the IO machine case is used for collecting input and output data of the train;
the event recorder is used for recording train operation data, wherein the train operation data comprises input and output data of the train and communication data of each vehicle-mounted subsystem;
the display is used for displaying state data extracted from the train operation data, and the state data comprises state information of each vehicle-mounted subsystem;
and the central controller is used for carrying out centralized control on each device of the train network control system.
3. The offensive and defensive range system for a train network control system of claim 2, wherein the input and output data of the train includes state information of each switch control device in a train hard line circuit; the communication data of the vehicle-mounted subsystem comprises state information and fault information of the vehicle-mounted subsystem.
4. The offensive and defensive range system for a train network control system of claim 2 wherein the wireless transmission system comprises a master control board, a wireless communication board, a switch board, a fire wall board and a power board; wherein,
the exchange board is used for carrying out data interaction with an exchange connected with the exchange board, and sending service data interacted by the train network control system and the wireless transmission system to the main control board;
the main control board is used for carrying out format conversion processing on the service data sent by the exchange board and sending the processed service data to the wireless communication board;
the wireless communication board is used for communicating with a ground network through a wireless channel and transmitting the processed service data to the ground network;
the fireproof wallboard is used for configuring a security protection strategy and generating a firewall log;
the power panel is used for supplying power to each component of the wireless transmission system.
5. The offensive and defensive range system for a train network control system of claim 4, wherein the system management device comprises a first simulation unit and a second simulation unit; the first simulation unit is used for calling upper computer management software to simulate service data interacted between each vehicle-mounted subsystem and the train network control system, and sending UDP messages corresponding to the service data to a gateway module after the configuration of the upper computer management software is completed, so that the UDP messages are converted into TRDP messages through the gateway module and are sent to a central controller;
the second simulation unit is used for simulating the service data interacted by the train network control system and the wireless transmission system according to the application condition of the project, and sending the service data to the main control board so as to return to the ground network through the wireless communication board after format conversion processing is carried out on the service data through the main control board.
6. The attack and defense lead system for a train network control system according to claim 1 wherein the presentation system is further configured to collect an audit log sent by the train network control system, a firewall log sent by the wireless transmission system, and present the audit log and the firewall log.
7. The offensive and defensive range system for a train network control system of claim 1 wherein the simulated traffic scenario comprises a train network data transmission traffic scenario and a train ground communication data transmission traffic scenario.
8. The method for realizing the attack and defense target range system is characterized by comprising the following steps of:
building a topological structure of the attack and defense shooting range through a train network control system and a wireless transmission system;
simulating service data of the train network control system and the wireless transmission system through system management equipment to form a simulation service scene of the attack and defense target range;
adopting a penetration testing tool in a testing tool set to simulate attack on a target service system, and adopting a vulnerability scanning tool and a vulnerability mining tool in the testing tool set to detect vulnerabilities of the attack and defense shooting ranges;
the flow analysis system is used for carrying out flow monitoring and analysis on the in-out data of the train network in the simulation service scene, and a flow monitoring log is generated;
and collecting the flow monitoring log sent by the flow analysis system through a display system for display.
9. The method of implementing the offensive and defensive range system of claim 8, further comprising:
and collecting audit logs sent by the train network control system and firewall logs sent by the wireless transmission system through the display system, and displaying the audit logs and the firewall logs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210551919.4A CN117134928A (en) | 2022-05-20 | 2022-05-20 | Attack and defense shooting range system for train network control system and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210551919.4A CN117134928A (en) | 2022-05-20 | 2022-05-20 | Attack and defense shooting range system for train network control system and implementation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117134928A true CN117134928A (en) | 2023-11-28 |
Family
ID=88849572
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210551919.4A Pending CN117134928A (en) | 2022-05-20 | 2022-05-20 | Attack and defense shooting range system for train network control system and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117134928A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117319094A (en) * | 2023-11-30 | 2023-12-29 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
-
2022
- 2022-05-20 CN CN202210551919.4A patent/CN117134928A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117319094A (en) * | 2023-11-30 | 2023-12-29 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
| CN117319094B (en) * | 2023-11-30 | 2024-03-15 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aftab et al. | IEC 61850 based substation automation system: A survey | |
| CN103033703B (en) | A kind of online, intelligent substation analysis test method of off-line integral type | |
| CN107819633B (en) | Method for rapidly discovering and processing network fault | |
| EP4163183A1 (en) | Information security protection method and apparatus | |
| CN106302535A (en) | The attack emulation mode of power system, device and attack emulator | |
| CN104539473A (en) | Whole-group verification method and system for network virtual secondary loop of intelligent substation | |
| CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
| CN103647684A (en) | System and method for testing urban rail train security detection sensing network | |
| CN107888613B (en) | Management system based on cloud platform | |
| US20200156678A1 (en) | Railroad track verification and signal testing system | |
| CN111526061B (en) | Monitoring flow scheduling system and method for network target range actual combat drilling scene | |
| Khan et al. | The cyberphysical power system resilience testbed: Architecture and applications | |
| Elbez et al. | A cost-efficient software testbed for cyber-physical security in iec 61850-based substations | |
| CN117134928A (en) | Attack and defense shooting range system for train network control system and implementation method thereof | |
| CN111245806A (en) | Network security test method, device and platform, storage medium and electronic device | |
| CN103607373A (en) | Method enabling single service port to realize multiple network protocol agents | |
| CN106789274B (en) | Intelligent substation safety testing system and method | |
| CN201813382U (en) | Network monitoring system for carrier rocket test and launch controll | |
| CN203102509U (en) | Fire alarm simulation debugging system based on train control and monitoring system | |
| CN203204332U (en) | Train controlling and monitoring system-based broadcast simulation debugging system | |
| KR20200054927A (en) | Traffic generating apparatus, traffic agent and traffic generating system comprising same | |
| CN116346655A (en) | Network abnormal movable mould test system and method for new generation transformer substation and centralized control station | |
| CN115801441A (en) | Safety protection system and method of train communication network | |
| CN112737878B (en) | Station control layer switch test system and performance test method thereof | |
| CN210112051U (en) | Multi-information-source communication management device based on security isolation network gate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |