a plurality of intrusion detection components that are distributed across hardware processors of various business devices within a railway signaling system and a core network, wherein each intrusion detection component functions as an intrusion detection node within a blockchain, a hash value of a system log from the railway signaling system and a hash value of alarm information output by the intrusion detection node are both uploaded to the blockchain; wherein:

each intrusion detection node incorporates an intrusion detection model, the intrusion detection model is employed to conduct intrusion detection on the system log within a business device or the core network where the intrusion detection node is situated, the alarm information output indicates whether there is an external attack;

a trust evaluation program is established by combining intrusion detection precision of each intrusion detection node, the intrusion detection node chosen by the trust evaluation program employs a consensus program to verify the alarm information and achieve a unified representation of intrusion detection results;

wherein the trust evaluation program comprises: a node reward and punishment program and a node trust blacklist program;

wherein the node reward and punishment program is used to reward and penalize the intrusion detection node based on the intrusion detection precision thereof, that is, adjusts a trust weight of the intrusion detection node, and combines the trust weight with the node trust blacklist program to categorize intrusion detection nodes into trusted nodes and untrusted nodes, and a trusted node is the intrusion detection node selected by the trust evaluation program.