基于网络流量与设备状态的CBTC入侵检测系统*

doi:10.16265/j.cnki.issn1003-3033.2019.S2.027

中国安全科学学报 ›› 2019, Vol. 29 ›› Issue (S2): 161-167.doi: 10.16265/j.cnki.issn1003-3033.2019.S2.027

基于网络流量与设备状态的CBTC入侵检测系统^*

宋雅洁, 步兵教授

北京交通大学轨道交通控制与安全国家重点实验室,北京 100044

收稿日期:2019-08-10 修回日期:2019-10-15 出版日期:2019-12-30 发布日期:2020-10-28
作者简介:宋雅洁 (1995—),女,河北承德人,硕士研究生,主要研究方向为城市轨道交通信息安全、车地通信等。E-mail:17120267@bjtu.edu.cn。
基金资助:
国家自然科学基金资助(61603031),横向项目(I19L00090);北京交通大学研究生创新基金资助(I18JB00110),城市轨道交通北京实验室项目。

An intrusion detection system based on network traffic and device states for CBTC

SONG Yajie, BU Bing

State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing 100044, China

Received:2019-08-10 Revised:2019-10-15 Online:2019-12-30 Published:2020-10-28

摘要/Abstract

摘要： 为提高基于通信的列车运行控制(CBTC)系统的信息安全防护能力,利用网络流量与设备状态信息,研究入侵检测技术。首先,根据列车运行控制系统特点,分析攻击对系统产生的影响;然后,构建网络流量与设备状态检测模型,识别系统异常;最后,应用隐马尔科夫模型(HMM)融合异常检测结果,实现系统故障与恶意入侵的区分。研究表明:该系统可通过对网络流量、设备状态等信息的收集、处理和分析,实现多种攻击的检测,从而提高CBTC系统信息安全防护水平。

关键词: 基于通信的列车运行控制(CBTC), 信息安全, 入侵检测系统(IDS), 网络流量, 设备状态

Abstract: In order to improve the ability of information security protection of CBTC, intrusion detection technologies were studied based on the information of network traffic and equipment status. Firstly, according to the characteristics of CBTC, the impacts of different attacks on system were analyzed. Then detection models based on network traffic and equipment status were established to identify system abnormalities. Finally, the Hidden Markov Model (HMM) was applied to build a classifier, and the anomaly detection results were fused to distinguish between system faults and malicious intrusion. The results show that the proposed intrusion detection system (IDS) can realize the detection of various attacks through collection, processing and analysis of information, so as to improve the information security protection ability of CBTC.

Key words: communication-based train control (CBTC), security, intrusion detection system (IDS), network traffic, device states

中图分类号:

X924.3

宋雅洁, 步兵. 基于网络流量与设备状态的CBTC入侵检测系统^*[J]. 中国安全科学学报, 2019, 29(S2): 161-167.

SONG Yajie, BU Bing. An intrusion detection system based on network traffic and device states for CBTC[J]. China Safety Science Journal, 2019, 29(S2): 161-167.

参考文献 14

[1]	WEN Tao, COSTAS C, CHEN Lei, et al. Access point deployment optimization in CBTC data communication system[J]. IEEE Transactions on Intelligent Transportation Systems, 2018, 19(6):1985-1995.
[2]	赖英旭, 刘增辉, 蔡晓田,等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156.LAI Yingxu, LIU Zenghui, CAI Xiaotian, et al. A survey of intrusion detection research in industrial control systems[J]. Journal of Communications, 2017, 38(2):143-156.
[3]	MELARAGNO A, BANDARA K, FEWELL A, et al. Rail radio intrusion detection system (RRIDS) for communication based train control (CBTC)[C]. 2016 IEEE International Conference on Intelligent Rail Transportation (ICIRT), 2016:39-48.
[4]	YANG Qingyu, YANG Jie, YU Wei, et al. On false data-injection attacks against power system state estimation: modeling and countermeasures[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 25(3):717-729.
[5]	ANDRYSIAK T, SAGANOWSKI L, MAZURCZYK W. Network anomaly detection for railway critical infrastructure based on autoregressive fractional integrated moving average[J]. EURASIP Journal on Wireless Communications and Networking, 2016, 2016(1):245.
[6]	ZHU Li, YU F R, NING Bing, et al. Cross-layer handoff design in MIMO-enabled WLANs for communication-based train control (CBTC) systems[J]. IEEE Journal on Selected Areas in Communications, 2012, 30(4):719-728.
[7]	PATCHA A, PARK J M. An overview of anomaly detection techniques: Existing solutions and latest technological trends[J]. Computer Networks, 2007, 51(12):3 448-3 470.
[8]	BAKIR S T. Distribution-free quality control charts based on signed-rank-like statistics[J]. Communications in Statistics-Theory and Methods, 2006, 35(4):743-757.
[9]	ZHOU Zhihua, JIANG Yuan. Medical diagnosis with C4. 5 rule preceded by artificial neural network ensemble[J]. IEEE Transactions on Information Technology in Biomedicine, 2003, 7(1):37-42.
[10]	KAPIL M, PATKA S, THOOL R. An overview of intrusion detection based on data mining techniques[C]. 2013 International Conference on Communication Systems and Network Technologies, 2013:626-629.
[11]	MANSINGH G, OSEI K M, REICHGELT H. Using ontologies to facilitate post-processing of association rules by domain experts[J]. Information Sciences, 2011, 181(3):419-434.
[12]	LI Jinbo, WITOLDP, IQBAL J. Multivariate time series anomaly detection: a framework of hidden markov models[J]. Applied Soft Computing, 2017, 60(1): 229-240.
[13]	LI Zefang, FANG Huajing, HUANG Ming. Diversified learning for continuous hidden Markov models with application to fault diagnosis[J]. Expert Systems with Applications, 2015, 42(23): 9 165-9 173.
[14]	YE Nong, SEAN V, CHEN Qiang. Computer intrusion detection through EWMA for autocorrelated and uncorrelated data[J]. IEEE Transactions on Reliability, 2003, 52(1):75-82.

[1]	李婷婷, 陆铖. 基于安全防护的铁路行业统计调查系统[J]. 中国安全科学学报, 2020, 30(S1): 133-138.
[2]	张帆, 步兵, 赵骏逸. 列车运行控制系统信息安全风险评估方法[J]. 中国安全科学学报, 2020, 30(S1): 172-178.
[3]	李祥, 步兵, 朱力. 城市轨道交通列控系统主动防御方法研究^*[J]. 中国安全科学学报, 2019, 29(S2): 62-68.
[4]	陈雪倩, 步兵. 基于网络流量和数据包的CBTC入侵检测系统^*[J]. 中国安全科学学报, 2019, 29(S2): 154-160.
[5]	熊文泽, 靳江红, 唐军梅. SCADA系统信息安全定量风险评估方法[J]. 中国安全科学学报, 2019, 29(8): 157-163.
[6]	陆铖, 王栋, 孙一萌. 基于移动安全的铁路安全监管系统[J]. 中国安全科学学报, 2018, 28(S1): 125-130.
[7]	戴天虹，王克奇，杨少春. 基于支持向量机的入侵检测研究[J]. 中国安全科学学报, 2008, 18(4): 126-.
[8]	李禾，王述洋. 安全多方计算的应用研究[J]. 中国安全科学学报, 2008, 18(3): 123-.
[9]	刘晓义，王述洋. 数字隐写技术及发展趋势[J]. 中国安全科学学报, 2007, 17(9): 102-.
[10]	李跃贞. 基于"蜜罐"技术(Honeypot)的网络信息安全研究[J]. 中国安全科学学报, 2006, 16(7): 118-.
[11]	张征，何有世. 企业与消费者型(B to C)网络支付模式及相关安全技术研究[J]. 中国安全科学学报, 2006, 16(5): 94-.
[12]	戴天虹. 基于遗传神经网络的入侵检测研究[J]. 中国安全科学学报, 2006, 16(2): 103-.
[13]	马继业，张仲义，吕永波. 按需装配Agent系统的构件安全机制研究[J]. 中国安全科学学报, 2005, 15(4): 77-.
[14]	王大虎，翁翼飞，杨维，柳艳红. 针对IEEE802.11标准的无线局域网的攻击和防卫研究[J]. 中国安全科学学报, 2005, 15(2): 77-.
[15]	刘巍伟，刘欣，韩臻. Windows系统端口安全和防护[J]. 中国安全科学学报, 2004, 14(6): 70-.

基于网络流量与设备状态的CBTC入侵检测系统^*

An intrusion detection system based on network traffic and device states for CBTC

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献 14

相关文章 15

编辑推荐

Metrics

本文评价