Airborne wireless access and transmission safety protection system and method

文档序号：687442 发布日期：2021-04-30 浏览：2次中文

阅读说明：本技术 一种机载无线接入与传输安全防护系统和方法 (Airborne wireless access and transmission safety protection system and method ) 是由郑涛刘文学张双朱恩亮周翔宇王元勋于 2020-12-23 设计创作，主要内容包括：本发明涉及一种机载无线接入与传输安全防护系统和方法,该系统包括运行于飞机的信息系统中的无线安全设备；所述无线安全设备包括安全监控模块、开启和信道切换模块、安全预设模块、安全防护模块以及安全信息审计模块,以及运行于飞机驾驶舱侧显上的侧显警示模块；实现了对无线网络的安全接入和传输安全的保护,保护无线网络的工作,当机载无线安全受到威胁严重时,对无线网络进行切断保护,进而阻止传输的安全隐患,提高了飞机飞行的安全。(The invention relates to an airborne wireless access and transmission safety protection system and a method, wherein the system comprises wireless safety equipment operating in an information system of an airplane; the wireless safety equipment comprises a safety monitoring module, an opening and channel switching module, a safety preset module, a safety protection module, a safety information auditing module and a side display warning module which runs on a side display of an aircraft cockpit; the safety access and transmission safety protection of the wireless network are realized, the work of the wireless network is protected, and when the airborne wireless safety is seriously threatened, the wireless network is cut off and protected, so that the potential safety hazard of transmission is prevented, and the flight safety of the airplane is improved.)

1. The utility model provides an airborne wireless security inserts and transmits the safety protection system which characterized in that:

a wireless security device included in an information system operating in an aircraft; the wireless safety equipment comprises a safety monitoring module (101), an opening and channel switching module (102), a safety preset module (103), a safety protection module (104) and a safety information auditing module (105);

and a sideslip display alert module (106) operating on the sideslip display of the aircraft cockpit;

the safety monitoring module (101) is responsible for starting the opening and channel switching module, the safety preset module, the safety protection module and the safety information auditing module, and monitoring the working state of the opening and channel switching module, the safety preset module, the safety protection module and the safety information auditing module and the detailed state information of internal operation during working;

the opening and channel switching module (102) is responsible for starting communication with a wireless network; selecting the best wireless network according to the network signal quality to verify the security identity, continuously monitoring the wireless network after the verification is passed and providing a data transmission channel, simultaneously reporting the state of the wireless network and the working state of the opening and channel switching module (102) to the security monitoring module (101), and sending security audit information to the security information audit module (105); the external wireless network is a mobile network antenna and a wifi network antenna;

the safety preset module (103) is used for screening external data sent by the wireless network according to the safety rule table, directly sending the screened data outwards or sending the screened data to the safety protection module (104) for further safety protection treatment and then sending the data, and sending safety audit information to the safety information audit module (105);

the safety protection module (104) carries out safety protection processing on the data transmitted by the safety preset module (103) according to a safety protection check rule table: if the data security protection processing does not meet the requirements, the security preset module (103) discards the data; simultaneously, reporting the security event information and the statistical result information to a security monitoring module (101), and sending security event audit information to a security information audit module (105); if the data security protection processing meets the requirements, the security preset module (103) sends the data to the outside and simultaneously sends security event audit information to the security information audit module (105);

the safety information auditing module (105) is used for periodically receiving the safety auditing information in operation from the safety monitoring module (101), the opening and channel switching module (102), the safety presetting module (103) and the safety protection module (104), recording the safety auditing information, performing auditing classification and auditing statistics on the safety information in the safety information, and encrypting and storing the safety auditing information;

the side display warning module (106) is used for periodically receiving warning information and displaying in time according to the importance level of warning so as to remind a pilot of abnormal states of key equipment of an airplane.

2. An airborne wireless security access and transmission security protection method, characterized in that, the airborne wireless security access and transmission security protection system according to claim 1 is adopted, and the specific implementation steps are as follows:

step 1: judging the states of the wheel load and the cabin door of the airplane and determining whether the safety protection equipment starts to normally operate;

step 2: after the safety protection equipment normally operates, the safety monitoring module (101) is started, and the starting and channel switching module (102) and the safety information auditing module (105) are started to work;

and step 3: the starting and channel switching module (102) judges the quality of the wireless network and uploads the judgment result to the safety monitoring module (101);

if the judgment result shows that the wireless network quality is good, the safety monitoring module (101) starts the safety preset module (103) and the safety protection module (104), sends safety information started by the wireless network safety preset module (103) and the wireless network safety protection module (104) to the safety information auditing module (105), and then jumps to the step 4;

if the judgment result shows that the quality of the wireless network is not good, the safety monitoring module (101) does not start the safety preset module (103) and the safety protection module (104), sends warning information with poor wireless network signal quality to the side display warning module (106), simultaneously sends warning safety information to the safety information auditing module (105), and continuously waits for the wireless network quality to be improved, and then jumps to the step 4;

and 4, step 4: the safety preset module (103) starts to periodically receive the data information forwarded by the opening and channel switching module (102), and searches the data through a safety rule table in the safety preset module (103);

if the current period data can be found in the safety rule table, judging that the current period data need to be protected through the safety rule table, and sending the current period data to a safety protection module (104);

if the current period data can be found in the safety rule table, judging that the current period data does not need protection processing through the safety rule table, and directly sending the current period data outwards;

if the current period data cannot be found in the safety rule table, indicating that the current period data cannot be forwarded, discarding the period data, and starting to wait for the next period data to be accepted;

and 5: the safety protection module (104) carries out safety protection processing on the current period data forwarded by the safety preset module (103);

if the security protection processing result shows that the current period data does not meet the security requirement, the security preset module (103) is informed to discard the data, the state information of the current period data with security problems is sent to the security monitoring module (101), and meanwhile, security examination information related to the current period data is sent to the security information auditing module (105);

if the safety protection inspection result shows that the current period data meets the safety requirement, the safety protection module (104) informs the safety preset module (103) to forward the current period data to the required service, and sends the state information that the current period data has no safety problem to the safety monitoring module (101).

3. The method for securing airborne wireless secure access and transmission according to claim 1, wherein: the specific implementation process of the step 1 is as follows:

when the wheel load is detected to be stressed, the stress exceeds a threshold value and the stress exceeds a specific time, no matter the cabin door is opened or closed, the airplane can start to enter a working state, and the step 2 is skipped;

when the wheel load is detected to be changed from the non-stressed state to the stressed state, the stress exceeds the threshold value, the stress time exceeds the set duration and the cabin door is closed, the situation that the airplane can start to enter the working state in the landing stage is shown, and the step 2 is skipped;

when the wheel load is detected to be changed from the stressed state to the unstressed state, the unstressed state exceeds the set time and the cabin door is closed, the fact that the wireless safety equipment should stop working in the ground takeoff stage of the airplane is indicated.

4. The method for securing airborne wireless secure access and transmission according to claim 1, wherein: the specific process of judging the quality of the wireless network by the opening and channel switching module (102) in the step 3 is as follows:

step A1: the method comprises the steps that a starting and channel switching module (102) starts to configure and initialize a mobile antenna of a wireless network, after initialization is successful, a message that mobile network initialization is successful is sent to a security monitoring module (101), the signal quality Yq of the mobile network and the network communication performance are obtained, if initialization is failed, information that mobile network initialization is failed is sent to the security monitoring module (101), and the mobile antenna network is closed;

step A2: the method comprises the steps that a wifi network antenna of a wireless network starts to be configured and initialized by a starting and channel switching module (102), after initialization is successful, a message that initialization of the wireless network is successful is sent to a safety monitoring module (101) to obtain signal quality Wq of the wifi network and network communication, if initialization is failed, a message that initialization of a mobile network is failed is sent to the safety monitoring module (101), and the wifi network is closed;

step A3: comparing the signal quality Yq of the mobile network with the signal quality Wq of the wifi network;

if Wq is larger than or equal to Yq, the signal quality of the wifi network is better, the wifi network is used for communication, the wifi network antenna is reinitialized, the initialization is successful, and wifi network signal quality information including information of using the wifi network and wifi network interface information is reported to the safety monitoring module (101);

if Wq is less than Yq, the mobile network signal quality is good, the mobile network is used for communication, the mobile network antenna is reinitialized, the initialization is successful, and the mobile network signal quality information including the mobile network information and the mobile network interface information is reported to the security monitoring module (101).

5. The method for securing airborne wireless secure access and transmission according to claim 1, wherein: in the process of continuously operating the starting and channel switching module (102), channel switching is also required, and the specific switching process is as follows:

if the initially selected wireless network is a mobile network, when the signal quality of the mobile network is less than a specified threshold value, stopping receiving data, closing the mobile network antenna, initializing the wifi network antenna, detecting the signal quality of the wifi network, if the signal quality of the ifi network exceeds the specified threshold value, switching to the wifi network, reporting a network signal switching command to the safety monitoring module (101), and sending the network signal switching command to the safety information auditing module (105) and recording the safety auditing information of the network signals;

if the initially selected wireless network is a wifi network, when the signal quality of the wifi network is less than a specified threshold value, stopping receiving data, closing the wifi network antenna, initializing the mobile network antenna, detecting the signal quality of the mobile network, if the signal quality of the mobile network exceeds the specified threshold value, switching to the mobile network, reporting a network signal switching command to the safety monitoring module (101), and sending the network signal switching command to the safety information auditing module (105) and recording the safety auditing information of the network signals.

6. The method for securing airborne wireless secure access and transmission according to claim 1, wherein: the security rule table in step 4 includes a channel interface name, an interface address, a data source port, a data destination address, a data destination port, a data type, a data detection depth, a data abnormal state statistic value, and a data abnormal state threshold value.

7. The method for securing airborne wireless secure access and transmission according to claim 1, wherein: the process of the safety protection treatment in the step 5 specifically comprises the following steps:

the safety protection module (104) receives current cycle data which is sent by the safety preset module (103) and needs to be protected, carries out data index calculation on the forwarded current cycle data, and calculates an index number; searching a corresponding index number in a safety protection check rule table according to the index number, searching a deep searching and killing protection method library index number according to the corresponding index number, and calling a searching and killing method stored in a safety protection module (104) according to the deep searching and killing protection method library index number to start deep searching and killing of data; the safety protection inspection rule table comprises index numbers and index numbers of a deep killing protection method library.

Technical Field

The invention belongs to computer software-system application software, and relates to an airborne wireless access and transmission safety protection system and method.

Background

With the great application of information technology in civil avionics systems, more and more civil aircraft systems have informatization and networking functions, data transmission between a civil aircraft and the ground needs to be carried out by means of a wireless network, the wireless network has some bugs or potential threats, and the threats possibly affect the safe flight of the aircraft, so that a safety protection method is added in airborne wireless network equipment, and the improvement of the safety of the airborne wireless network equipment is of great importance.

The aircraft can receive the data of the wireless network that the outside transmitted when closing on ground, closes on ground state and divide into the stage of taking off, ground standby phase, aircraft landing phase, and in the stage of different stages machine-carried wireless device faces different threats, consequently in order to improve the security of aircraft, urgently need provide one kind and close on ground state when different to the machine-carried wireless network design safety access and transmit the safeguard measure.

Disclosure of Invention

The invention provides an airborne wireless access and transmission safety protection system and method, which realize the safety access and transmission safety protection of a wireless network, protect the work of the wireless network, and cut off and protect the wireless network when the airborne wireless safety is seriously threatened, thereby preventing the potential safety hazard of transmission and improving the flight safety of airplanes.

The specific technical scheme of the invention is as follows:

an airborne wireless security access and transmission security protection system is provided, comprising a wireless security device operating in an information system of an aircraft; the wireless safety equipment comprises a safety monitoring module, an opening and channel switching module, a safety preset module, a safety protection module and a safety information auditing module;

the side display warning module runs on the side display of the aircraft cockpit;

the safety monitoring module is responsible for starting the opening and channel switching module, the safety preset module, the safety protection module and the safety information auditing module, and monitoring the working states of the opening and channel switching module, the safety preset module, the safety protection module and the safety information auditing module and detailed state information of internal operation during working;

the opening and channel switching module is responsible for starting communication with a wireless network; selecting the best wireless network according to the quality of the network signal to verify the security identity, continuously monitoring the wireless network after the verification is passed and providing a data transmission channel, simultaneously reporting the state of the wireless network and the working state of the opening and channel switching module to the security monitoring module, and sending security audit information to the security information audit module; the external wireless network is a mobile network antenna and a wifi network antenna;

the safety preset module is used for screening external data sent by the wireless network according to the safety rule table, directly sending the screened data outwards or sending the screened data to the safety protection module after further safety protection treatment, and sending safety audit information to the safety information audit module;

the safety protection module carries out safety protection processing on the data transmitted by the safety preset module according to the safety protection check rule table: if the data security protection processing does not meet the requirements, the security preset module discards the data; simultaneously reporting the security event information and the statistical result information to a security monitoring module, and sending security event audit information to a security information audit module; if the data security protection processing meets the requirements, the security preset module sends the data to the outside and simultaneously sends security event audit information to the security information audit module;

the safety information auditing module is used for periodically receiving the safety auditing information in operation from the safety monitoring module, the opening and channel switching module, the safety presetting module and the safety protection module, recording the safety auditing information, performing auditing classification and auditing statistics on the safety information in the safety information, and encrypting and storing the safety auditing information;

the side display warning module is used for periodically receiving warning information and displaying in time according to the importance level of warning so as to remind a pilot of abnormal states of key equipment of the airplane.

Meanwhile, the invention also provides an airborne wireless security access and transmission security protection method, which comprises the following specific implementation steps:

step 1: judging the states of the wheel load and the cabin door of the airplane and determining whether the safety protection equipment starts to normally operate;

step 2: after the safety protection equipment normally operates, the safety monitoring module is started, and the starting and channel switching module and the safety information auditing module are started to work;

and step 3: the starting and channel switching module judges the quality of the wireless network and uploads a judgment result to the safety monitoring module;

if the judgment result shows that the wireless network quality is good, the safety monitoring module starts the safety preset module and the safety protection module, sends safety information started by the wireless network safety preset module and the wireless network safety protection module to the safety information auditing module, and then jumps to the step 4;

if the judgment result shows that the quality of the wireless network is not good, the safety monitoring module does not start the safety preset module and the safety protection module, sends warning information with poor wireless network signal quality to the side display warning module, simultaneously sends warning safety information to the safety information auditing module, and jumps to the step 4 after continuously waiting for the wireless network to have good quality;

and 4, step 4: the safety preset module starts to periodically receive the data information forwarded by the starting and channel switching module and searches the data through a safety rule table in the safety preset module;

and 5: the safety protection module carries out safety protection processing on the current period data forwarded by the safety preset module;

if the safety protection processing result shows that the current period data does not meet the safety requirement, the safety preset module is informed to discard the data, the state information that the current period data has safety problems is sent to the safety monitoring module, and meanwhile, safety review information related to the current period data is sent to the safety information auditing module;

if the safety protection inspection result shows that the current period data meets the safety requirement, the safety protection module informs the safety preset module to forward the current period data to the required service, and sends the state information that the current period data has no safety problem to the safety monitoring module.

Further, the specific implementation process of step 1 is as follows:

Further, the specific process of the step 3 for starting and the channel switching module to judge the quality of the wireless network is as follows:

step A1: the method comprises the steps that a mobile antenna of a wireless network starts to be configured and initialized by a starting and channel switching module, after initialization is successful, a message that initialization of the mobile network is successful is sent to a safety monitoring module, the signal quality Yq and the passability of the mobile network are obtained, if initialization is failed, information that initialization of the mobile network is failed is sent to the safety monitoring module, and the mobile antenna network is closed;

step A2: the method comprises the steps that a wifi network antenna of a wireless network starts to be configured and initialized by a starting and channel switching module, after initialization is successful, a message that initialization of the wireless network is successful is sent to a safety monitoring module to obtain signal quality Wq of the wifi network and network communication, if initialization is failed, a message that initialization of a mobile network is failed is sent to the safety monitoring module, and the wifi network is closed;

step A3: comparing the signal quality Yq of the mobile network with the signal quality Wq of the wifi network;

if Wq < Yq, it indicates that the mobile network signal quality is good, the mobile network is used for communication, the mobile network antenna is reinitialized, the initialization is successful, and the mobile network signal quality information including the mobile network information and the mobile network interface information is reported to the security monitoring module.

Further, during the continuous operation of the startup and channel switching module, channel switching is also required, and the specific switching process is as follows:

if the initially selected wireless network is a mobile network, stopping receiving data and closing the mobile network antenna when the signal quality of the mobile network is less than a specified threshold value, initializing the wifi network antenna, detecting the signal quality of the wifi network, if the signal quality of the ifi network exceeds the specified threshold value, switching to the wifi network, reporting a network signal switching command to a safety monitoring module, and sending the network signal switching command and recording the safety audit information of the network signal to a safety information audit module;

if the initially selected wireless network is a wifi network, when the signal quality of the wifi network is less than a specified threshold value, stopping receiving data, closing the wifi network antenna, initializing the mobile network antenna, detecting the signal quality of the mobile network, if the signal quality of the mobile network exceeds the specified threshold value, switching to the mobile network, reporting a network signal switching command to the safety monitoring module, and sending the network signal switching command and recording the safety audit information of the network signal to the safety information audit module.

Further, the security rule table in step 4 includes a channel interface name, an interface address, a data source port, a data destination address, a data destination port, a data type, a data detection depth, a data abnormal state statistic value, and a data abnormal state threshold value.

Further, the process of the safety protection processing in the step 5 specifically includes:

the safety protection module receives current period data which are sent by the safety preset module and need to be protected, and data index calculation is carried out on the forwarded current period data to calculate an index number; searching a corresponding index number in a safety protection check rule table according to the index number, searching a index number of a deep searching and killing protection method library according to the corresponding index number, and calling a searching and killing method stored in a safety protection module according to the index number of the deep searching and killing protection method library to perform deep searching and killing on data; the safety protection inspection rule table comprises index numbers and index numbers of a deep killing protection method library.

The invention has the beneficial effects that:

1. the invention can automatically manage the security of the wireless network in different stages near the ground, and can automatically report the states of the wireless network and the airplane to the side display of the cockpit, thereby greatly improving the security of the airplane.

2. The invention adopts the opening and channel switching module to automatically detect the quality of the wireless channel and switch the channel of the wireless network of the airplane, and can actively report the information of the wireless channel, so that the wireless network communication can be switched freely and the use is more convenient.

3. The invention adopts the safety preset module to perform safety protection on the external data uploaded by the wireless network according to rules, can count abnormal information appearing in the data, can report warning information to the side display of the aircraft cockpit, can automatically close the service on the equipment and stop the equipment from working, and further improves the safety of the aircraft for receiving the external data.

4. According to the invention, the safety preset module and the safety protection module are adopted, the data can be preliminarily monitored in a safety way through the safety preset module, and the safety protection module can be hidden outwards, so that the protection of equipment cannot be sensed by external application, a safety inspection mechanism cannot be bypassed, and the safety protection performance of the airplane is further improved.

Drawings

Fig. 1 is a schematic block diagram of an airborne wireless access and transmission security system.

Detailed Description

The embodiment provides an airborne wireless access and transmission security system, as shown in fig. 1, which includes a wireless security device operating in an information system of an aircraft; the wireless safety equipment comprises a safety monitoring module 101, an opening and channel switching module 102, a safety presetting module 103, a safety protection module 104 and a safety information auditing module 105;

and a sideview alert module 106 operating on the sideview of the aircraft cockpit;

the function of the module is described below:

safety monitoring module

The function of the module is as follows: the system is responsible for starting the opening and channel switching module 102, the safety preset module 103, the safety protection module 104 and the safety information auditing module 105, monitoring the working states of the opening and channel switching module 102, the safety preset module 103, the safety protection module 104 and the safety information auditing module 105 and detailed state information of internal operation during working, when detecting that a certain module does not work, the safety monitoring module 101 restarts the module in time, sends a starting command to the opening and channel switching module 102, sends safety auditing information to the safety information auditing module 105 and sends key fault and warning information to the side display warning display module 106 of the aircraft cockpit;

specifically, the method comprises the following steps: the specific workflow of the module in actual work is as follows:

step A1: the security monitoring module 101 starts the starting and channel switching module 102 and the wireless network security information auditing module 105;

step A2: waiting for a wireless network channel quality command and wireless network address and interface information reported by the starting and channel switching module 102;

step A3: the security monitoring module 101 receives a wireless network channel quality command and wireless network address and interface information sent by the opening and channel switching module 102;

when the information shows that the signal quality is not good, the safety monitoring module 101 does not start the safety preset module 103 and the safety protection module 104 any more, sends warning information with poor wireless network signal quality to the side display warning module 106, simultaneously sends warning safety information to the wireless network safety information auditing module 105, and waits for the wireless network to be started and the network signal reported by the channel switching module (102) to be good;

when the signal quality is better, the security monitoring module 101 starts the security preset module 103 and the security protection module 104, sends the security information started by the security preset module 103 and the security protection module 104 to the security information auditing module 105, and skips to step a 4;

when the safety monitoring module 101 receives command information of channel switching, the safety monitoring module 101 sends channel switching information to the side display warning module 106, the side display warning module (106) displays a currently used channel, and sends safety audit information of channel switching to the safety information audit module 105;

step A4: the safety monitoring module 101 starts the safety presetting module 103, and waits for a message that the starting of the safety presetting module 103 is completed;

step a5, the security monitoring module 101 receives the feedback start message from the security preset module 103,

if the safety preset module 103 returns a message of successful start, the safety monitoring module 101 sends a message of successful start of the safety preset module 103 to the safety information auditing module 105, and sends a warning message of successful start of the safety preset module 103 to the side display warning module 106, and step a7 is executed;

if the safety preset module 103 returns a message that the start is unsuccessful, the safety monitoring module 101 sends start failure information and a reason of the start failure of the safety preset module 103 to the safety information auditing module 105, and continuously restarts the safety preset module 103, if the continuous start exceeds a set threshold value, the safety preset module 103 cannot be started successfully, the safety monitoring module 101 sends information of the start failure of the safety preset module 103 and information of the reason of the failure to the safety information auditing module 105, and sends warning information that the wireless safety equipment is unavailable to the side display warning information module 106, and step a6 is executed;

step A6: the safety monitoring module 101 sends the wireless safety equipment fault information and the wireless safety equipment closing information to the safety information auditing module 105, and performs power-off operation on the equipment;

step A7: the safety monitoring module 101 starts the safety protection module 104, and waits for a message whether the starting is successful or not fed back by the safety protection module 104;

if the safety protection module 104 returns a message of successful start, the safety monitoring module 101 sends safety audit information of successful start of the safety protection module 104 to the safety information audit module 105, and skips to execute the step A8;

if the safety protection module 104 returns a message that the starting is unsuccessful, the safety monitoring module 101 sends information of the starting failure of the safety protection module 104 and the reason of the starting failure to the safety information auditing module 105, and continues to restart the safety protection module 104, if the continuous starting exceeds the set threshold value, the safety monitoring module 101 fails to start the safety protection module 104, the safety monitoring module 101 sends information of the starting failure of the safety protection module 104 and the information of the failure reason to the safety information auditing module 105, and sends information that the wireless safety equipment is unavailable to the side display warning information module 106, and executes step a 9;

step A8: the security monitoring module 101 sends a command for starting to receive external data to the opening and channel switching module 102, and waits for receiving status messages reported by the opening and channel switching module 102, the security preset module 103, the security protection module 104 and the side display warning information module 106;

when the security monitoring module 101 receives the channel switching status message reported by the startup and channel switching module 102, and updates the channel information table in the security monitoring module 101 according to the channel information in the reported channel switching status message, where the channel information table includes the signal quality, the channel quality, the interface information, and the interface address information of the wireless network; and sends log information to security information auditing module 105; sending a channel information table to the security preset module 103, and sending security audit information which causes the security rule table to be updated due to channel switching to the security information audit module 105;

when the security monitoring module 101 receives a state that the data security rule reported by the security preset module 103 fails to detect, the security monitoring module 101 updates a data abnormal state statistic in the security rule corresponding to the data, and adds 1 to the data abnormal state statistic; if the data abnormal state statistic corresponding to the data security rule exceeds the data abnormal state threshold and the time of exceeding the threshold is in a specified range, sending warning information of external threats faced by the wireless security equipment to the side display warning information module 106, and sending security audit information to the security information audit module 105;

when the response message of the external threat alert information received by the security monitoring module 101 and sent by the side display alert information module 106 is a command to close the wireless security device, the security monitoring module 101 closes the functions of the start and channel switching module 102, the security preset module 103, the security protection module 104 and the security information auditing module 105, and sends a command to close the device to the wireless security device, and the device is closed and stops working.

When the security monitoring module 101 receives a message that there is no exception in the forwarding data rule check reported by the security preset module 103 and no exception message occurs after a specified time threshold is exceeded, the security monitoring module 101 updates the rule check exception statistical information corresponding to the data, sets the rule exception statistical information corresponding to the data to 0, and sends the security audit information that the data has no security exception to the security information audit module 105.

When the safety monitoring module 101 receives a message that the starting and channel switching module 102, the safety preset module 103 and the safety protection module 104 run abnormally, the safety monitoring module 101 sends a warning message that the task works abnormally to the side display warning information module 106, and sends safety audit information that the task works abnormally to the safety information audit module 105;

when the safety monitoring module 101 receives a warning response message of task work abnormality sent by the side display warning information module 106, processing is performed according to the response message, if the wireless network device is turned off, soft power-off processing is performed on the wireless network device, if the wireless network device is restarted, and if the warning response message of task work abnormality is not received after waiting for a set time, the safety monitoring module 101 sends a self-restarting command of the wireless network device.

Step A9: the security monitoring module 101 sends a device restart command.

Before the steps A1-A9 are executed, the wireless network equipment needs to be judged to start to normally operate according to the wheel load stress condition of the airplane and the opening and closing condition of the cabin door, and the specific judgment process is as follows:

when the wheel load is detected to be changed from the stressed state to the unstressed state and the unstressed state is over

Over-mounting

The fixed time and the closed cabin door indicate that the wireless safety equipment should stop working in the ground takeoff phase of the airplane.

Opening and channel switching module

The function of the module is as follows: the method comprises the steps that communication with a wireless network (the wireless network comprises a mobile network and a wifi network) is started, the best network is selected according to network signal quality for verifying the security identity, a channel for monitoring the wireless network and providing data transmission is continuously formed after the verification is passed, the wireless state and the task working state are reported to a security monitoring module 101, security audit information is sent to a security information audit module 105, and in addition, the module also provides a channel switching function;

specifically, the method comprises the following steps: the specific workflow of the module in actual work is as follows:

step B1: the startup channel switching module 102 starts to configure and initialize the mobile antenna of the wireless network, after the initialization is successful, the startup channel switching module sends a message that the initialization of the mobile network is successful to the security monitoring module 101, and obtains the signal quality Yq of the mobile network and the network permeability, if the initialization is failed, the startup channel switching module sends a message that the initialization of the mobile network is failed to the security monitoring module 101, and the mobile antenna network is closed;

step B2: the method comprises the steps that the starting and channel switching module 102 starts to configure and initialize a wifi network antenna of a wireless network, after initialization is successful, a message that initialization of the wireless network is successful is sent to the safety monitoring module 101 to obtain signal quality Wq of the wifi network and network communication, if initialization fails, information that initialization of the mobile network fails is sent to the safety monitoring module 101, and the wifi network is closed;

step B3: comparing the signal quality Yq of the mobile network with the signal quality Wq of the wifi network;

if Wq is less than Yq, it indicates that the mobile network signal quality is good, the mobile network is used for communication, the mobile network antenna is reinitialized, the initialization is successful, and the mobile network signal quality information including the mobile network information and the mobile network interface information is reported to the security monitoring module 101;

step B4: the opening and channel switching module 102 starts to receive external data and continuously monitor the network signal quality and report the signal quality when receiving a command for receiving the external data sent by the security monitoring module 101;

if the initially selected wireless network is a mobile network, when the signal quality of the mobile network is less than a specified threshold value, stopping receiving data, closing the mobile network antenna, initializing the wifi network antenna, detecting the signal quality of the wifi network, if the signal quality of the ifi network exceeds the specified threshold value, switching to the wifi network, reporting a network signal switching command to the safety monitoring module 101, and sending the network signal switching command and recording the safety audit information of the network signal to the safety information audit module 105;

if the initially selected wireless network is a wifi network, when the signal quality of the wifi network is less than a specified threshold, stopping receiving data, closing the wifi network antenna, initializing the mobile network antenna, detecting the signal quality of the mobile network, if the signal quality of the mobile network exceeds the specified threshold, switching to the mobile network, reporting a network signal switching command to the security monitoring module 101, and sending the network signal switching command and recording the security audit information of the network signal to the security information audit module 105.

Safety preset module

The function of the module is as follows: starting a security rule table, screening external data sent by a wireless network according to the security rule table, providing the screened data to a security module 104 for further security verification and killing, sending the data passing the security verification of the security module 104 outwards, and sending security audit information to a security information audit module 105;

specifically, the method comprises the following steps: the specific workflow of the module in actual work is as follows:

step C1: the security presetting module 103 forms a security rule table of the security presetting module 103 according to the wireless network interface address information, the interface name and the channel information table transmitted by the security monitoring module 101, and transmits security information indicating whether the security rule table is successfully constructed or not to the wireless network security information auditing module 105; the safety rule table comprises N columns of safety rule information, wherein each column of safety rule information comprises a channel interface name, an interface address, a data source port, a data destination address, a data destination port, a data type, a data detection depth, a data abnormal state statistic value and a data abnormal state threshold value;

if the security preset module 103 is successfully started, the information that the wireless network security preset module is successfully started is sent to the security monitoring module 101, and step 2 is executed.

If the wireless network security preset module 103 fails to start, sending information of the failure of starting the wireless network security preset module to the security monitoring module 101;

step C2: the security presetting module 103 starts to periodically receive the data information forwarded by the opening and channel switching module 102, and searches the data through a security rule table in the security presetting module 103;

if the current period data can be found in the safety rule table and the current period data is judged to need protection processing through the data detection depth in the safety rule table, the current period data is sent to the safety protection module 104;

if the current period data can be found in the safety rule table and the current period data is judged to be not required to be protected through the data detection depth in the safety rule table, the current period data is directly sent out;

if the current period data cannot be found in the safety rule table, the current period data cannot be forwarded, the period data is discarded, and the next period data is waited to be received.

Safety protection module

The function of the module is as follows: processing safety protection on data transmitted by a safety preset module 103 according to a safety protection check rule table, reporting safety event information and statistical result information to a safety monitoring module 101 if the data safety does not meet requirements, sending safety audit information to a safety information audit module 105, feeding back a safety rule non-compliance state to the safety preset module 103, discarding the data by the safety preset module 103, sending a safety rule processing result to the safety preset module 103 when the data safety meets requirements, sending the data to the outside by the safety preset module 103, and sending the safety audit information to the safety information audit module 105; the safety protection inspection rule table comprises index numbers and index numbers of a deep killing protection method library;

specifically, the method comprises the following steps: the specific workflow of the module in actual work is as follows:

the safety protection module 104 receives the current period data which is sent by the safety preset module 103 and needs to be protected, and performs data index calculation on the forwarded current period data to calculate an index number; searching a corresponding index number in a safety protection check rule table according to the index number, searching a index number of a deep searching and killing protection method library according to the corresponding index number, and calling a searching and killing method stored in a safety protection module 104 according to the index number of the deep searching and killing protection method library to perform deep searching and killing on data;

if the safety inspection processing is passed, response information that the safety inspection is passed is returned to the safety preset module 103, if the safety inspection processing is not passed, it is indicated that the data has a potential safety hazard, response information that the safety inspection is not passed is returned to the safety preset module 103, and the safety preset module 103 discards the data.

Safety information auditing module

The function of the module is as follows: the method comprises the steps of periodically receiving safety audit information in operation from a safety monitoring module 101, an opening and channel switching module 102, a safety preset module 103 and a safety protection module 104, recording the safety audit information, performing audit classification and audit statistics on the safety audit information in the safety audit information, and encrypting and storing the safety audit information;

side display warning module

When the aircraft operates, the alarm information sent from the outside is periodically received, and the prompt display is carried out according to the importance level of the alarm so as to remind a pilot of the abnormal state of the key equipment of the aircraft.

The specific workflow of the module in actual work is as follows:

step D1: the side display warning module 106 receives warning information sent by the safety monitoring module 101;

step D2: the side display alarm module 106 displays the alarm information reported by the safety monitoring module 101 on an alarm interface;

step D3: the side display warning module 106 receives the processing result of the warning alarm information on the interface, and if the processing result is a command for closing the wireless safety equipment, the side display warning module 106 sends a command response message for closing the wireless safety equipment to the safety monitoring module 101; if the command is a command for restarting the wireless security device, the side-display warning module 106 sends a command response message for restarting the wireless security device to the security monitoring module 101.

14页详细技术资料下载

Airborne wireless access and transmission safety protection system and method

相关技术

网友询问留言