CN115802356B - Data processing method, system, device and medium for satellite ground station management system - Google Patents
Data processing method, system, device and medium for satellite ground station management system Download PDFInfo
- Publication number
- CN115802356B CN115802356B CN202310073464.4A CN202310073464A CN115802356B CN 115802356 B CN115802356 B CN 115802356B CN 202310073464 A CN202310073464 A CN 202310073464A CN 115802356 B CN115802356 B CN 115802356B
- Authority
- CN
- China
- Prior art keywords
- equipment
- honeypot
- data
- station
- station control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Radio Relay Systems (AREA)
Abstract
The invention relates to the technical field of satellite measurement, operation and control data processing, and provides a data processing method, a system, equipment and a medium of a satellite ground station management system, wherein the method comprises the following steps: the equipment management module selects a ground station and displays a ground station equipment topological graph; judging whether each station control device of the ground station device topological graph is a real device or not; if the equipment is real equipment, loading the real equipment; if the honeypot equipment is not the real equipment, loading honeypot equipment corresponding to the station control equipment, acquiring abnormal equipment data by the data management center according to the loaded honeypot equipment, and judging whether the honeypot equipment is attacked or not according to the abnormal equipment data; if the honeypot equipment is attacked, destroying the honeypot equipment; and if the honeypot device is not attacked, continuing to operate the honeypot device. According to the scheme, the data safety transmission of the satellite ground station can be ensured, and the intranet of the whole satellite ground station is prevented from being broken.
Description
Technical Field
The invention relates to the technical field of satellite measurement, operation and control data processing, in particular to a data processing method, a data processing system, data processing equipment and a data processing medium of a satellite ground station management system.
Background
With the continuous development of human aerospace activities, more and more satellite ground stations participate in satellite measurement and control tasks.
If the data of the satellite ground station is not protected, the satellite measurement and control can be greatly influenced. The proxy honeypot is used as a proxy, the function of recording user information is added, the proxy honeypot is deployed in an extranet for external scanning and is added into a proxy pool of the user, and then data can be recorded and analyzed.
However, brokering honeypots poses a risk to users, honeypots can pose a risk to users' network environments, and honeypots, once compromised, can be used to attack, submerge, or compromise other systems or organizations. The network environment danger brought by honeypots means that honeypots are used for hackers to invade and must provide certain loopholes, but it is also known that many loopholes belong to a high-risk level, and a system is infiltrated by carelessness, once a honeypot is damaged, what an intruder needs to do is unforeseeable by an administrator, for example, an intruder successfully enters one honeypot and uses the honeypot as a 'jump board' (meaning that the intruder remotely controls one or more invaded computers to invade other computers) to attack other people.
Therefore, the problem of risk caused by the intrusion of the agent honeypot must be solved. In order to solve the problem of network environment risk caused by honeypots, a data processing method, a system, equipment and a medium of a satellite ground station management system are needed to be provided, and data safety transmission of the satellite ground station is guaranteed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
The invention mainly aims to solve the problem of network environment risks brought by agent honeypots, and provides a data processing method, a data processing system, data processing equipment and a data processing medium of a satellite ground station management system, so that the data safety transmission of the satellite ground station is ensured, and the intranet of the whole satellite ground station is prevented from being broken.
In order to achieve the above object, a first aspect of the present invention provides a data processing method for a satellite ground station management system, where the satellite ground station management system includes a station control system center, a plurality of honeypot devices, and a plurality of ground stations, each ground station is communicatively connected to the station control system center, each ground station includes a plurality of station control devices, the plurality of station control devices form a topology structure, each station control device is connected to the station control system center through one honeypot device, the station control system center includes a device management module and a data management center, and the data processing method includes the following steps:
the equipment management module selects a ground station and displays a ground station equipment topological graph;
judging whether each station control device of the ground station device topological graph is a real device or not;
if the equipment is real equipment, loading the real equipment;
if the equipment is not real equipment, loading corresponding honeypot equipment of the station control equipment; the data management center acquires abnormal equipment data according to the loaded honeypot equipment and judges whether the honeypot equipment is attacked or not according to the abnormal equipment data;
if the honeypot equipment is attacked, destroying the honeypot equipment;
and if the honeypot device is not attacked, continuing to operate the honeypot device.
According to an example embodiment of the present invention, the station control device includes: antenna control unit, baseband system.
According to an example embodiment of the present invention, the method for determining whether each station control device of a ground station device topology map is a real device includes: the central end of the station control system comprises a database, wherein identification codes of the station control devices are stored in the database, the identification codes of the station control devices of the ground station device topological graph are read by the device management module and are matched with the identification codes of the corresponding station control devices of the database, if the identification codes cannot be matched with the identification codes of the corresponding station control devices of the database, the equipment management module is not real equipment, and if the identification codes can be matched with the identification codes of the corresponding station control devices of the database, the equipment management module is real equipment.
According to an example embodiment of the present invention, a method for reading an identification code of a station control device of a ground station device topology map by a device management module includes: the central end of the station control system comprises a hardware management device, the hardware management device reads interface data of the station control device, and the device management module acquires an identification code of the station control device of the ground station device topological graph according to the interface data.
According to an example embodiment of the present invention, the method for acquiring abnormal equipment data according to the loaded honeypot equipment comprises: and inputting operation data to the honeypot equipment, displaying whether the honeypot equipment is abnormal or not, and displaying the honeypot equipment data to obtain abnormal equipment data.
According to an example embodiment of the invention, the method for judging whether the honeypot device is attacked or not according to the abnormal device data comprises the following steps: and judging whether the abnormal equipment data is a predicted bug, wherein if the abnormal equipment data is the predicted bug, the honeypot equipment is not attacked, and if the abnormal equipment data is not the predicted bug, the honeypot equipment is attacked.
According to an example embodiment of the present invention, the honeypot device includes a honeypot data input module, a honeypot data processing module, and a honeypot data management module;
the honeypot data input module is used for acquiring user parameter operation;
the honeypot data processing module is used for processing the packaging parameters of the user parameter operation and sending the packaging parameters to the honeypot data management module through an interface;
the honeypot data management module is used for analyzing the processing parameters.
According to an example embodiment of the present invention, the honeypot data input module is further configured to obtain parameters and status;
the honeypot data processing module is also used for receiving the parameters and the states through an interface and processing the packaging parameters;
the honeypot data management module is also used for generating a data module.
As a second aspect of the present invention, the present invention provides a satellite ground station management system that can execute a data processing method of the satellite ground station management system.
According to an example embodiment of the invention, the satellite ground station management system comprises a station control system center end, a plurality of honeypot devices and a plurality of ground stations; each ground station is in communication connection with a central end of the station control system, each ground station comprises a plurality of station control devices, the plurality of station control devices form a topological structure, a honeypot device is arranged on the outer layer of each station control device, and the central end of the station control system comprises a device management module;
the equipment management module is used for selecting a ground station and displaying a ground station equipment topological graph; judging whether each station control device of the ground station device topological graph is a real device or not; if the equipment is real equipment, loading the real equipment; if the honeypot equipment is not the real equipment, loading the honeypot equipment corresponding to the station control equipment, acquiring abnormal equipment data according to the loaded honeypot equipment, and judging whether the honeypot equipment is attacked or not according to the abnormal equipment data; if the honeypot equipment is attacked, destroying the honeypot equipment; and if the honeypot device is not attacked, continuing to operate the honeypot device.
As a third aspect of the present invention, the present invention provides an electronic apparatus comprising:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the data processing method of the satellite earth station management system.
As a fourth aspect of the present invention, the present invention provides a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing the data processing method of the satellite ground station management system.
The method has the advantages that the unreal devices are replaced by the honeypot devices to operate, whether the honeypot devices are broken or not is judged according to the output results of the honeypot devices, if the honeypot devices are broken, the honeypot devices are abandoned, network environment risks caused by the existence of the honeypot devices are prevented, the data safety transmission of the satellite ground stations is guaranteed, and the intranet of the whole satellite ground station is guaranteed not to be broken.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application, and other drawings may be derived from those drawings by those skilled in the art without inventive effort.
Fig. 1 schematically shows a block diagram of a satellite ground station management system.
Fig. 2 schematically shows a data flow diagram of a honeypot apparatus.
Fig. 3 schematically shows a step diagram of a data processing method of the satellite earth station management system.
Fig. 4 schematically shows a flow chart of a data processing method of the satellite earth station management system.
Fig. 5 schematically shows a block diagram of an electronic device.
FIG. 6 schematically shows a block diagram of a computer-readable medium.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the present concepts. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It should be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or flowchart illustrations in the drawings are not necessarily required to practice the present application and, therefore, should not be considered to limit the scope of the present application.
According to a first embodiment of the present invention, the present invention provides a satellite ground station management system, as shown in fig. 1, comprising a central end 1 of a station control system, a plurality of honeypot devices 2 and a plurality of ground stations 3.
Each ground station 3 is communicatively connected with the station control system center terminal 1, each ground station 3 comprises a plurality of station control devices 31, the plurality of station control devices 31 form a topological structure, and each station control device 31 is connected with the station control system center terminal 1 through one honeypot device 2. The honeypot device 2 is arranged on the outer layer of the station control device 31. The station control device 31 includes: antenna Control Unit (ACU), baseband system (BBE).
The station control system center terminal 1 comprises a device management module 11, a database 12, a hardware management device 13 and a data management center 14. The device management module 11 is communicatively connected to the database 12, the hardware management device 13, and the data management center 14, and the hardware management device 13 is communicatively connected to the station control device 31. The equipment management module 11 is used for selecting the ground station 3 and displaying a topological diagram of the ground station equipment; judging whether each station control device 31 of the ground station device topological graph is a real device; if the equipment is real equipment, loading the real equipment; if the device is not a real device, loading the corresponding honeypot device 2 of the station control device 31; the data management center 14 acquires abnormal equipment data according to the loaded honeypot equipment 2, and judges whether the honeypot equipment 2 is attacked or not according to the abnormal equipment data; if the honeypot device 2 is attacked, destroying the honeypot device 2; if the honeypot device 2 is not attacked, the honeypot device 2 continues to run. The database 12 stores the identification code of the station control device 31, the device management module 11 reads the identification code of the station control device 31 of the ground station device topology map, and matches the identification code of the station control device 31 corresponding to the database 12, if the identification code cannot be matched, the device is not a real device, and if the identification code can be matched, the device is a real device. The database 12 also stores parameter data for the operation of the station control device 31. The hardware management device 13 is configured to read interface data of the station control device 31, and the device management module 11 obtains an identifier of the station control device 31 of the ground station device topology map according to the interface data. The hardware management device 13 is also an upper computer, the hardware management device 13 is connected to the station control device 31 through hardware, an interface is adapted to the hardware, for example, FPGA data, and the device management module 11 can determine the device condition (including device attribute, data characteristics, data content, and the like) of the station control device 31 through the interface and data received by the interface. The station control device 31 is monitored by an upper computer (hardware management device 13), and the upper computer monitoring is performed by using an upper computer interface and can inquire the data and the state of the station control device 31 administered by the upper computer. The upper computer itself collects data and cannot process the data, and data analysis is performed by the data management center 14.
As shown in fig. 2, the honeypot apparatus 2 includes a honeypot data input module, a honeypot data processing module, and a honeypot data management module. The honeypot data input module is used for acquiring parameters and states and user parameter operation. The honeypot data processing module is used for receiving the parameters and the states through the interface and processing the packaging parameters; and processing the packaging parameters by the user parameter operation, and sending the packaging parameters to the honeypot data management module through an interface. The honeypot data management module is used for generating a data module and analyzing the processing parameters.
According to a second embodiment of the present invention, the present invention provides a data processing method for a satellite ground station management system, which adopts the satellite ground station management system of the first embodiment.
The satellite ground station management system comprises a station control system center end 1, a plurality of honeypot devices 2 and a plurality of ground stations 3, wherein each ground station 3 is in communication connection with the station control system center end 1, each ground station 3 comprises a plurality of station control devices 31, the plurality of station control devices 31 form a topological structure, one honeypot device 2 is arranged on the outer layer of each station control device 31, and the station control system center end 1 comprises a device management module 11, a database 12, a hardware management device 13 and a data management center 14.
As shown in fig. 3 and 4, the data processing method includes the steps of:
s1: the device management module 11 selects the ground station 3 and displays a ground station device topology map.
S2: judging whether each station control device 31 of the ground station device topological graph is a real device;
if the equipment is real equipment, loading the real equipment;
if not, the corresponding honeypot device 2 of the station control device 31 is loaded.
The method for judging whether each station control device 31 of the ground station device topological graph is a real device comprises the following steps: the database 12 stores the identification code of the station control device 31, and the device management module 11 reads the identification code of the station control device 31 of the ground station device topology map, and matches the identification code of the station control device 31 corresponding to the database 12, if the identification code cannot be matched, the device is not a real device, and if the identification code can be matched, the device is a real device. Each station control device 31 in the database 12 has an ID, and the ID read by the device management module 11 is a real device when the device is matched with the database 12, or is a real device if the device is not matched.
The method for the device management module 11 to read the identification code of the station control device 31 of the ground station device topological graph comprises the following steps: the hardware management device 13 reads the interface data of the station control device 31, and the device management module 11 obtains the identification code of the station control device 31 of the ground station device topology map according to the interface data.
S3: the data management center 14 acquires abnormal equipment data according to the loaded honeypot equipment 2, and judges whether the honeypot equipment 2 is attacked or not according to the abnormal equipment data;
if the honeypot device 2 is attacked, destroying the honeypot device 2;
if the honeypot device 2 is not attacked, the honeypot device 2 continues to run.
The method for acquiring the abnormal equipment data by the data management center 14 according to the loaded honeypot equipment 2 comprises the following steps: the data management center 14 inputs operation data to the honeypot device 2, displays whether the honeypot device 2 is abnormal or not, and displays honeypot device data to obtain abnormal device data. The abnormal device data includes whether the device is abnormal and device data. If the abnormity occurs, ERROR, WARM and the like are prompted on the line in the interface.
As shown in fig. 2, the honeypot apparatus 2 includes a honeypot data input module, a honeypot data processing module, and a honeypot data management module.
In FIG. 2, there are two data flows, the first for generating the data model and the second for real-time parsing of the processing parameters. The data model is that after the parameters are packaged, the contents of the data are known, and false data can be generated (spliced) according to the contents of the data, so as to attack the station control device 31 or the station control system center 1. The real-time analysis processing parameters are that the parameters are split according to the format of the database table, the data management center 14 performs analysis and comparison, and if the split parameters are not the data of the response in the database, the data are indicated to be false data, and the honeypot device 2 is attacked.
The honeypot data input module is used for acquiring parameters and states and user parameter operation. The parameters and states are used to generate a data model, i.e. the parameters are device parameters, such as: bandwidth, input frequency, state output frequency, channel gain, monitoring mode, local control remote control mode, local oscillation state, output power and the like.
The honeypot data processing module is used for receiving the parameters and the states through the interface and processing the packaging parameters; and processing the packaging parameters by the user parameter operation, and sending the packaging parameters to the honeypot data management module through an interface.
The honeypot data management module is used for generating a data module and analyzing the processing parameters.
Whether the honeypot equipment 2 is abnormal or not can be displayed by analyzing the processing parameters, and honeypot equipment data can also be displayed, namely abnormal equipment data.
The method for judging whether the honeypot device 2 is attacked or not according to the abnormal device data comprises the following steps: and judging whether the abnormal equipment data is a predicted vulnerability or not, wherein if the abnormal equipment data is the predicted vulnerability, the honeypot equipment 2 is not attacked, and if the abnormal equipment data is not the predicted vulnerability, the honeypot equipment 2 is attacked.
The honeypot device 2 is intended to be hacked and must provide some vulnerability, but it is also known that many vulnerabilities are at a "high risk" level, which can result in system infiltration with little caution. Therefore, the honeypot device 2 is artificially set with a predicted vulnerability, and if the honeypot device 2 runs out, the result is the predicted vulnerability, which indicates that the vulnerability is deliberately made by a technician, and the honeypot device 2 is not attacked; but if the honeypot device 2 runs out of the range of the predicted vulnerability, the honeypot device 2 is attacked.
By the method, unreal equipment is replaced by the honeypot equipment 2 to operate, whether the honeypot equipment 2 is broken or not is judged according to the output result of the honeypot equipment 2, if the honeypot equipment 2 is broken, the honeypot equipment 2 is abandoned, network environment risks caused by the existence of the honeypot equipment 2 are prevented, the safe transmission of data of the satellite ground station is ensured, and the intranet of the whole satellite ground station is ensured not to be broken.
According to a third embodiment of the present invention, there is provided an electronic device, as shown in fig. 5, and fig. 5 is a block diagram of an electronic device according to an exemplary embodiment.
An electronic device 500 according to this embodiment of the present application is described below with reference to fig. 5. The electronic device 500 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 5, the electronic device 500 is embodied in the form of a general purpose computing device. The components of the electronic device 500 may include, but are not limited to: at least one processing unit 510, at least one memory unit 520, a bus 530 that couples various system components including the memory unit 520 and the processing unit 510, a display unit 540, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 510 such that the processing unit 510 performs the steps according to various exemplary embodiments of the present application described in the present specification. For example, the processing unit 510 may perform the steps as shown in fig. 3.
The memory unit 520 may include a readable medium in the form of a volatile memory unit, such as a random access memory unit (RAM) 5201 and/or a cache memory unit 5202, and may further include a read only memory unit (ROM) 5203.
The memory unit 520 may also include a program/utility 5204 having a set (at least one) of program modules 5205, such program modules 5205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 500 may also communicate with one or more external devices 500' (e.g., keyboard, pointing device, bluetooth device, etc.), such that a user can communicate with devices with which the electronic device 500 interacts, and/or any devices (e.g., router, modem, etc.) with which the electronic device 500 can communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 550. Also, the electronic device 500 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 560. The network adapter 560 may communicate with other modules of the electronic device 500 via the bus 530. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 500, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware.
Thus, according to a fourth embodiment of the present invention, there is provided a computer readable medium. As shown in fig. 6, the technical solution according to the embodiment of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present invention.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The computer-readable medium carries one or more programs which, when executed by a device, cause the computer-readable medium to carry out the functions of the second embodiment.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiment of the present invention.
Exemplary embodiments of the present invention are specifically illustrated and described above. It is to be understood that the invention is not limited to the precise construction, arrangements, or instrumentalities described herein; on the contrary, the invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A data processing method of a satellite ground station management system comprises a station control system center end, a plurality of honeypot devices and a plurality of ground stations, wherein each ground station is in communication connection with the station control system center end, each ground station comprises a plurality of station control devices, the plurality of station control devices form a topological structure, each station control device is connected with the station control system center end through one honeypot device, and the station control system center end comprises a device management module and a data management center, and is characterized by comprising the following steps:
the equipment management module selects a ground station and displays a ground station equipment topological graph;
judging whether each station control device of the ground station device topological graph is a real device or not;
if the equipment is real equipment, loading the real equipment;
if the equipment is not real equipment, loading corresponding honeypot equipment of the station control equipment; the data management center acquires abnormal equipment data according to the loaded honeypot equipment and judges whether the honeypot equipment is attacked or not according to the abnormal equipment data;
if the honeypot equipment is attacked, destroying the honeypot equipment;
and if the honeypot device is not attacked, continuing to operate the honeypot device.
2. The data processing method of the satellite earth station management system according to claim 1, characterized in that the station control device comprises: antenna control unit, baseband system.
3. The data processing method of the satellite earth station management system according to claim 1, wherein the method of determining whether each station control device of the earth station device topology map is a real device comprises: the central end of the station control system comprises a database, wherein identification codes of the station control devices are stored in the database, the identification codes of the station control devices of the ground station device topological graph are read by the device management module and are matched with the identification codes of the corresponding station control devices of the database, if the identification codes cannot be matched with the identification codes of the corresponding station control devices of the database, the equipment management module is not real equipment, and if the identification codes can be matched with the identification codes of the corresponding station control devices of the database, the equipment management module is real equipment.
4. The data processing method of the satellite earth station management system according to claim 3, wherein the method for the device management module to read the identification code of the station control device of the earth station device topology map comprises: the central end of the station control system comprises a hardware management device, the hardware management device reads interface data of the station control device, and the device management module acquires an identification code of the station control device of the ground station device topological graph according to the interface data.
5. The data processing method of a satellite ground station management system according to claim 1, wherein the method of acquiring abnormal equipment data according to the loaded honeypot equipment comprises: and inputting operation data to the honeypot equipment, displaying whether the honeypot equipment is abnormal or not, and displaying the honeypot equipment data to obtain abnormal equipment data.
6. The data processing method of the satellite ground station management system according to claim 1, wherein the method for judging whether the honeypot device is attacked or not according to the abnormal device data comprises the following steps: and judging whether the abnormal equipment data is a predicted vulnerability or not, wherein if the abnormal equipment data is the predicted vulnerability, the honeypot equipment is not attacked, and if the abnormal equipment data is not the predicted vulnerability, the honeypot equipment is attacked.
7. The data processing method of the satellite ground station management system according to claim 1, wherein the honeypot apparatus includes a honeypot data input module, a honeypot data processing module, and a honeypot data management module;
the honeypot data input module is used for acquiring user parameter operation;
the honeypot data processing module is used for processing the packaging parameters of the user parameter operation and sending the packaging parameters to the honeypot data management module through an interface;
the honeypot data management module is used for analyzing the processing parameters.
8. A satellite ground station management system is characterized by comprising a station control system center end, a plurality of honeypot devices and a plurality of ground stations, wherein each ground station is in communication connection with the station control system center end, each ground station comprises a plurality of station control devices, the plurality of station control devices form a topological structure, each station control device is connected with the station control system center end through one honeypot device, and the station control system center end comprises a device management module and a data management center;
the satellite ground station management system may perform the data processing method of the satellite ground station management system of any one of claims 1 to 7.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a data processing method of the satellite ground station management system of any one of claims 1-7.
10. A computer-readable medium on which a computer program is stored, characterized in that the program, when executed by a processor, implements a data processing method of the satellite earth station management system according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310073464.4A CN115802356B (en) | 2023-02-07 | 2023-02-07 | Data processing method, system, device and medium for satellite ground station management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310073464.4A CN115802356B (en) | 2023-02-07 | 2023-02-07 | Data processing method, system, device and medium for satellite ground station management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115802356A CN115802356A (en) | 2023-03-14 |
| CN115802356B true CN115802356B (en) | 2023-04-11 |
Family
ID=85430256
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310073464.4A Active CN115802356B (en) | 2023-02-07 | 2023-02-07 | Data processing method, system, device and medium for satellite ground station management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115802356B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110336811A (en) * | 2019-06-29 | 2019-10-15 | 上海淇馥信息技术有限公司 | A kind of Cyberthreat analysis method, device and electronic equipment based on honey pot system |
| CN110798482A (en) * | 2019-11-11 | 2020-02-14 | 杭州安恒信息技术股份有限公司 | System-level honeypot network isolation system based on linux network filter |
| CN112788023A (en) * | 2020-12-30 | 2021-05-11 | 成都知道创宇信息技术有限公司 | Honeypot management method based on secure network and related device |
| CN114500026A (en) * | 2022-01-20 | 2022-05-13 | 深信服科技股份有限公司 | Network traffic processing method, device and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10135867B2 (en) * | 2015-12-08 | 2018-11-20 | Bank Of America Corporation | Dynamically updated computing environments for detecting and capturing unauthorized computer activities |
-
2023
- 2023-02-07 CN CN202310073464.4A patent/CN115802356B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110336811A (en) * | 2019-06-29 | 2019-10-15 | 上海淇馥信息技术有限公司 | A kind of Cyberthreat analysis method, device and electronic equipment based on honey pot system |
| CN110798482A (en) * | 2019-11-11 | 2020-02-14 | 杭州安恒信息技术股份有限公司 | System-level honeypot network isolation system based on linux network filter |
| CN112788023A (en) * | 2020-12-30 | 2021-05-11 | 成都知道创宇信息技术有限公司 | Honeypot management method based on secure network and related device |
| CN114500026A (en) * | 2022-01-20 | 2022-05-13 | 深信服科技股份有限公司 | Network traffic processing method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115802356A (en) | 2023-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11683333B1 (en) | Cybersecurity and threat assessment platform for computing environments | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| US20210136101A1 (en) | Security threats from lateral movements and mitigation thereof | |
| US20140344936A1 (en) | Software vulnerability notification via icon decorations | |
| CN112926048B (en) | Abnormal information detection method and device | |
| EP4276665A1 (en) | Analyzing scripts to create and enforce security policies in dynamic development pipelines | |
| US10362046B1 (en) | Runtime behavior of computing resources of a distributed environment | |
| CN107563203A (en) | Integrated security strategy and incident management | |
| Schlegel et al. | Structured system threat modeling and mitigation analysis for industrial automation systems | |
| CN111294347B (en) | Safety management method and system for industrial control equipment | |
| US20200177621A1 (en) | Determining security risks for software services in a cloud computing platform | |
| CN105224868A (en) | The detection method that system vulnerability is attacked and device | |
| KR101941039B1 (en) | System and method for forecasting cyber threat | |
| CN107566409A (en) | Local area network scan behavioral value method, apparatus, electronic equipment, storage medium | |
| CN110348210A (en) | Safety protecting method and device | |
| Rehman et al. | Enhancing cloud security: A comprehensive framework for real-time detection analysis and cyber threat intelligence sharing | |
| CN111488580A (en) | Safety hazard detection method, device, electronic device and computer readable medium | |
| CN116954811A (en) | Container authority detection method, device, equipment and storage medium | |
| CN114662090A (en) | File processing method, device, storage medium and system | |
| CN110311946A (en) | Business datum security processing, the apparatus and system calculated based on cloud and mist | |
| CN115802356B (en) | Data processing method, system, device and medium for satellite ground station management system | |
| US10275596B1 (en) | Activating malicious actions within electronic documents | |
| CN115174192B (en) | Application security protection method and device, electronic equipment and storage medium | |
| CN112134870B (en) | Network security threat blocking method, device, equipment and storage medium | |
| CN114553551A (en) | Method and device for testing intrusion prevention system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Room 301, 3rd Floor, Building 2, Yard 1, Shangdi East Road, Haidian District, Beijing, 100085 Patentee after: Beijing Aerospace Yuxing Technology Co.,Ltd. Country or region after: China Address before: Room A601, 6th Floor, Building 1, Shengjing Entrepreneurship Park T01, Tujing Village, South of Dengzhuang South Road and West of Youyi Road, Xibeiwang Town, Haidian District, Beijing Patentee before: BEIJING AEROSPACE SATELLITEHERD SCIENCE AND TECHNOLOGY CO.,LTD. Country or region before: China |