CN-121531345-B - Vehicle confidentiality technology detection method and system based on shielding tent

Abstract

The invention belongs to the technical field of security and confidentiality, and particularly relates to a vehicle security technology detection method and system based on a shielding tent. The method comprises the steps of constructing a signal isolation environment in an electromagnetic shielding tent, establishing a noise baseline model through frequency spectrum analysis, detecting wireless terminal equipment through a full-system terminal analyzer, adopting a nonlinear node detector, an infrared thermal imager, a near-field signal detector, a back-scattered X-ray machine and an endoscope to perform regional collaborative scanning, combining big data, machine learning and other algorithms to locate an out-of-standard signal source, and if suspicious equipment is found to be disposed according to rules and evidence is obtained. The invention solves the problems of low standardization degree, high false alarm rate, low implementation efficiency and low detection comprehensiveness of the security technology detection of the vehicle in an open environment. The device is suitable for detecting eavesdropping, peeping and positioning devices of confidential vehicles.

Inventors

• ZHENG HONGBO
• FU ZHENWEI
• WU CHENPENG
• LIU JIAHUI
• JIANG JUN
• XIAO LEI
• XIAO XIAO
• ZHAO PENGFEI
• HE JIE
• LIU XIAODONG
• SONG ZHIYONG
• LI JING
• WANG SHULONG
• SONG ZHONGXIANG
• SONG KAIWEI

Assignees

• 武汉诚乐科技有限公司
• 湖北省无线电监测中心

Dates

Publication Date

20260508

Application Date

20260114

Claims (7)

1. 1. The vehicle confidentiality technology detection method based on the shielding tent is characterized by comprising the following steps of: S1, constructing a signal isolation environment, namely constructing an electromagnetic shielding tent at a detection site, driving a vehicle to be detected into the tent and closing a tent door curtain; S2, electromagnetic baseline calibration, namely acquiring a background noise spectrogram of a vehicle in a flameout/starting state by using a spectrum analyzer, and establishing a spectrum baseline threshold model; s3, monitoring by the wireless terminal equipment, namely starting a full-standard terminal analyzer, grabbing radio frequency communication signals in a vehicle range in a shielding environment, and identifying and primarily positioning suspicious wireless terminal signals; s4, expanding multi-mode collaborative detection and verification while the all-system terminal analyzer operates; s4.1 multi-mode collaborative detection and verification: Monitoring the temperature distribution of the whole car through an infrared thermal imager; Scanning the vehicle region with a nonlinear node detector at a speed of less than or equal to 0.1 m/s; the endoscope is adopted to carry out physical detection on the part which is difficult to directly observe by the whole vehicle through video observation; The back-scattered X-ray machine is used for carrying out physical detection on the car door and the car body through perspective; a near field signal detector is used for carrying out fine field intensity gradient scanning on the whole vehicle; s4.2, comparing the spectrum baseline threshold model established in the step S2, and marking abnormal signals/hot spots/nodes with signal strength exceeding-60 dBm or not conforming to normal characteristics found in the detection of the steps S3 and S4.1; S5, verifying, positioning and disposing the suspicious device, namely cross-verifying the abnormal signals/hot spots/nodes marked in the step S4.2 by combining a near-field signal detector positioning result, an X-ray perspective image, an endoscope video observation result, a thermal imaging image and a semiconductor scanning result, and after determining the position of the suspicious device, performing physical disassembly or further X-ray perspective imaging inspection and evidence obtaining; s6, obtaining a detection conclusion according to the detection process; the system further comprises a real-time processing layer, a medium-speed processing layer and an asynchronous analysis layer, wherein the real-time processing layer is deployed at an edge computing node in the electromagnetic shielding tent and is configured to execute with a delay of less than or equal to 10 ms: a. extracting electromagnetic signal characteristics in a wavelet transformation and frequency domain energy integration mode; b. motion vector based dynamic sampling of thermal imaging video stream key frame capture; the medium speed processing layer is arranged on the detection industrial personal computer and is configured to execute with a delay of less than or equal to 2 minutes: c. the physical anomaly association analysis comprises the steps of mining space-time rules of electromagnetic signal layer anomalies and physical layer anomalies by using an Apriori algorithm, wherein the electromagnetic signal layer anomalies refer to electromagnetic signal intensity exceeding-60 dBm and do not belong to a vehicle inherent electromagnetic characteristic spectrum fingerprint library; d. Generating a multi-device cooperative control instruction to trigger threshold calculation, wherein the multi-device refers to an industrial personal computer, a near-field detector, a back-scattered X-ray machine, an endoscope and a nonlinear node detector, the object of the threshold calculation is an abnormality judgment threshold, and the main calculation body is the industrial personal computer; the asynchronous analysis layer is deployed on the central server and is configured to be executed with a delay of less than or equal to 5 minutes; e. Matching the historical database, comparing the vehicle feature library by using a modified cosine similarity algorithm, calculating the similarity, setting a threshold value to be 0.85, and outputting a high risk label if the threshold value is higher than or equal to the threshold value; f. The method comprises the steps of adjusting a threshold value according to false alarm feedback, dynamically updating node weights of a random forest classifier, performing incremental training through a random forest model, developing learning by using an AdaBoost algorithm, and adjusting a characteristic weight delta W=0.2×false alarm rate and a learning rate eta=0.01 so as to improve detection effect; The real-time processing layer is directly connected with a metal feed point of the electromagnetic shielding tent through a PCIe x 4 interface, the transmission impedance is matched to be 50Ω+/-5%, the edge computing node adopts an FPGA to realize the parallel computation of wavelet transformation, the processing bandwidth is 0.1-8GHz, and the sampling rate is more than or equal to 1GS/s; the dynamic updating of the asynchronous analysis layer comprises the steps of reducing the characteristic weight of the non-shielding environment according to the historical false alarm case, wherein the weight reduction proportion is DeltaW=0.2×false alarm rate, and when the number of newly added secret stealer samples is more than 100, starting the classifier incremental training based on an online gradient descent algorithm.
2. 2. The method for detecting the security technology of the vehicle based on the shielding tent according to claim 1, wherein the step S1 includes an electromagnetic shielding tent, and the shielding effectiveness of the electromagnetic shielding tent is greater than or equal to 75dB in a frequency band of 10 mhz-20 ghz.
3. 3. The method for detecting the security technology of the vehicle based on the shielding tent according to claim 1, wherein the constructing the spectrum baseline threshold model in the step S2 includes: a) Under the flameout state of the vehicle, full-band scanning is carried out on the frequency band of 0.1-8GHz, and the amplitude-frequency characteristic of the background noise of the environment is recorded and used as a baseline noise reference; b) Under the starting state of the vehicle, the inherent and stable electromagnetic radiation characteristics of the electronic system of the vehicle are identified and recorded, and a characteristic spectrum fingerprint library is formed; c) And integrating the baseline noise reference and the characteristic spectrum fingerprint library, setting a dynamic alarm threshold, and alarming abnormal spectrum components exceeding the baseline noise level or not belonging to the characteristic spectrum fingerprint library.
4. 4. The method for detecting the security technology of the vehicle based on the shielding tent according to claim 1, wherein the step S3 of monitoring and pre-screening the wireless terminal equipment comprises the steps of starting a full-system terminal analyzer, transmitting a fundamental wave signal, trapping and analyzing IMSI/identification information of the wireless terminal responding to the signal in the shielding tent, displaying the signal of the identified risk category in a real-time classification mode through an equipment interface, and marking the signal as a 'target to be verified'.
5. 5. The method for detecting the vehicle security technology based on the shielding tent according to claim 1, wherein the method in the step S4.1 is characterized in that the near-field signal detector is used for carrying out space field intensity gradient scanning on a suspicious signal area initially located in the step S3 to realize accurate directional location, a terminal detection analyzer is used for activating a terminal in the step S3 to realize continuous tracking of suspicious signals, the method in the step S4.2 comprises anomaly comparison and marking, and the detection results in the step S3 and the step S4.2 are subjected to cross comparison with a spectrum baseline threshold model established in the step S2 in real time or in a post-processing stage.
6. 6. The system for realizing the shielding tent-based vehicle security technology detection method is characterized by comprising an electromagnetic shielding tent and a full-system terminal analyzer, wherein a signal coupling enhancement layer is integrated on the side wall of the electromagnetic shielding tent, the shielding effectiveness is greater than or equal to 75dB in a frequency band of 10 MHz-20 GHz, the system comprises a seven-layer composite structure and a detachable door curtain, a resonance circuit matched with the signal coupling enhancement layer in impedance is arranged in the full-system terminal analyzer, 2G/4G/5G/WiFi/GPS multi-frequency band signal scanning and SIM card type identification are supported, and sub-meter positioning can be performed, and the system comprises a multi-frequency band scanning module and a signal trapping unit.
7. 7. The system of the vehicle security technology detection method based on the shielding tent of claim 6, wherein the seven-layer composite structure is a double-sided symmetrical coating structure, each side is sequentially provided with a base material, a first coating, a second coating and a third coating from outside to inside, the other side is identical in coating sequence and shares the base material, the edge of the detachable door curtain is provided with an electromagnetic sealing strip, and the shielding effectiveness is more than or equal to 70dB in a closed state.

Description

Vehicle confidentiality technology detection method and system based on shielding tent Technical Field The invention belongs to the technical field of security and confidentiality, and particularly relates to a vehicle security technology detection method and system based on a shielding tent. Background Along with the improvement of vehicle electronization and intelligent degree, the vehicle-mounted system integrates a large number of communication modules (such as 4G/5G, beidou/GPS, bluetooth and WiFi) and storage units, and the modules realize the intelligent function of the vehicle and simultaneously bring the risks of information leakage and electromagnetic interference. For example, the vehicle may leak sensitive information through electromagnetic radiation during operation, or problems such as communication interruption and data tampering occur when external electromagnetic interference is received, so that the information security and operation security of the vehicle are seriously threatened. Therefore, the detection work of the vehicle security technology is very necessary, and needs to detect and find 1) security loopholes and hidden dangers of the detected vehicle, 2) technology theft devices possibly installed by the detected vehicle for stealing sound, images, positioning and other data, and 3) behaviors and means for stealing the secret by utilizing various facility equipment in the detected vehicle. The existing vehicle security technology detection mainly adopts two modes, namely, firstly, detection is carried out by using portable detection equipment in an open environment, the mode is easy to be subjected to external electromagnetic interference, so that the false alarm rate of signal scanning equipment is high, the accuracy of detection results is low, secondly, detection is carried out in a fixed electromagnetic shielding room, but the signal emission behavior of a suspicious device is easy to be triggered and hidden by the outside, and a plurality of technical means are not fused aiming at the physical and electromagnetic characteristics of the security equipment, so that the detection omission rate is high. Disclosure of Invention The invention provides a vehicle security technology detection method and system based on a shielding tent, which are used for solving the technical problems that the existing method and system cannot eliminate the influence of environmental electromagnetic interference on vehicle security technology detection and wireless terminal equipment detection, and the differentiated requirements of multi-level detection tasks on delay are contradictory with limited hardware resources, so that model optimization cannot be realized. In order to achieve the purpose, the technical scheme adopted by the invention is as follows, the vehicle security technology detection method based on the electromagnetic shielding tent comprises the following steps: S1, constructing a signal isolation environment, namely constructing an electromagnetic shielding tent at a detection site, driving a vehicle to be detected into the tent and closing a tent door curtain; S2, electromagnetic baseline calibration, namely acquiring a background noise spectrogram of a vehicle in a flameout/starting state by using a spectrum analyzer, and establishing a spectrum baseline threshold model; s3, monitoring by the wireless terminal equipment, namely starting a full-standard terminal analyzer, grabbing radio frequency communication signals in a vehicle range in a shielding environment, and identifying and primarily positioning suspicious wireless terminal signals; s4, expanding multi-mode collaborative detection and verification while the all-system terminal analyzer operates; s4.1 multi-mode collaborative detection and verification: Monitoring the temperature distribution of the whole car through an infrared thermal imager; Scanning the vehicle region with a nonlinear node detector at a speed of less than or equal to 0.1 m/s; the endoscope is adopted to carry out physical detection on the part which is difficult to directly observe by the whole vehicle through video observation; The back-scattered X-ray machine is used for carrying out physical detection on the car door and the car body through perspective; a near field signal detector is used for carrying out fine field intensity gradient scanning on the whole vehicle; s4.2, comparing the spectrum baseline threshold model established in the step S2, and marking abnormal signals/hot spots/nodes with signal strength exceeding-60 dBm or not conforming to normal characteristics found in the detection of the steps S3 and S4.1; S5, verifying, positioning and disposing the suspicious device, namely cross-verifying the abnormal signals/hot spots/nodes marked in the step S4.2 by combining a near-field signal detector positioning result, an X-ray perspective image, an endoscope video observation result, a thermal imaging image and a semiconductor scanning resul