基于KF的列控系统数据篡改攻击检测方法*

doi:10.16265/j.cnki.issn1003-3033.2019.S1.007

中国安全科学学报 ›› 2019, Vol. 29 ›› Issue (S1): 32-37.doi: 10.16265/j.cnki.issn1003-3033.2019.S1.007

基于KF的列控系统数据篡改攻击检测方法^*

张维, 步兵教授, 王洪伟副教授

北京交通大学轨道交通控制与安全国家重点实验室,北京 100044

收稿日期:2019-03-04 修回日期:2019-05-15 出版日期:2019-06-30
作者简介:张维 (1994—),男,内蒙古呼和浩特人,硕士研究生,主要研究方向为基于通信的列车控制系统、列控系统信息安全、入侵检测技术。E-mail:17120296@bjtu.edu.cn。
基金资助:
轨道交通控制与安全国家重点实验室资助(I18JB00110)。

An intrusion detection method of data tampering attack in train control system based on KF

ZHANG Wei, BU Bing, WANG Hongwei

State Key Laboratory of Traffic Control and Safety, Beijing Jiaotong University, Beijing 100044, China

Received:2019-03-04 Revised:2019-05-15 Published:2019-06-30

摘要/Abstract

摘要： 为提高城市轨道交通列车运行控制系统信息安全保护级别、针对列控系统面临的潜在数据篡改攻击进行有效检测。首先基于列控系统的运行原理以及信息交互特性,对列车追踪运行过程、攻击者篡改列车上下行信息过程进行数学建模;其次提出基于卡尔曼滤波器(KF)的列车状态估计方法和基于卡方检测器相结合的入侵检测方法,通过对卡方检测器进行改进,使之能够检测数据篡改攻击并在攻击期间持续输出报警;最后通过半实物仿真平台进行仿真,并给出验证结果。结果表明:入侵检测方法可以对攻击者的数据篡改攻击给出实时报警,且具有95%以上的准确率和6%以下的误报率。

关键词: 列控系统, 数据篡改攻击, 入侵检测, 卡尔曼滤波器(KF), 卡方检测器

Abstract: In order to improve the cyber security protection level of communication-based train control system of urban rail transit train, and effectively detect the potential data tampering attacks suffered by train control system, firstly, the analysis was based on operating principle and the information interaction characteristics of the train control system. And mathematical model of the train tracking operation processes and the attackers' tampering with the train uplink and downlink information was established. Then, the trains' state estimation method and intrusion detection method based on KF and chi-square detector was proposed. At the same time, by improving the Chi-square detector, data tampering attacks could be detected and continuously alarms were output during the attack. Finally, through the semi-physical simulation platform of the laboratory, the simulation was conducted and results were verified. The results show that the intrusion detection method can attack the attackers' data tampering and give a real-time alarm, and the method has an accuracy of more than 95% and a false alarm rate of less than 6%.

Key words: train control system, data tampering attack, intrusion detection system, Kalman Filter (KF), chi-square detector

中图分类号:

X924.2

张维, 步兵, 王洪伟. 基于KF的列控系统数据篡改攻击检测方法^*[J]. 中国安全科学学报, 2019, 29(S1): 32-37.

ZHANG Wei, BU Bing, WANG Hongwei. An intrusion detection method of data tampering attack in train control system based on KF[J]. China Safety Science Journal, 2019, 29(S1): 32-37.

参考文献

[1] WANG Xiaoxuan, LIU Lingjia, TANG Tao, et al. Enhancing communication-based train control systems through train-to-train communications[J]. IEEE Transactions on Intelligent Transportation Systems, 2018, 20(4): 1 544-1 561.
[2] HODO E, BELLEKENS X, HAMILTON A, et al. Shallow and deep networks intrusion detection system: a taxonomy and survey[C]. International Conference on Distributed Computing Systems,2017:1-43.
[3] MICHELL R, CHEN I R. A survey of intrusion detection techniques for cyber-physical systems[J]. ACM Computing Surveys, 2014, 46(4):405-418.
[4] BHUYAN M H, BHATTACHARYYA D K, KALITA J K. Network anomaly detection: methods, systems and tools[J]. IEEE Communications Surveys & Tutorials, 2014, 16(1):303-336.
[5] CARDENAS A A, AMIN S, SASTRY S. Secure control: towards survivable cyber-physical systems[C]. 2008 The 28^th International Conference on Distributed Computing Systems Workshops. IEEE, 2008:495-500.
[6] LIANG Gaoqi, ZHAO Junhua, LUO Fengji, et al. A review of false data injection attacks against modern power systems[J]. IEEE Transactions on Smart Grid, 2016,8(8):1-13.
[7] STOUFFER K A, FALCO J A, SCARFONE K A. Guide to industrial control systems security: supervisory control and data acquisition systems, distributed control systems[M]. Gaithersburg : National Institute of Standards & Technology, 2011:89-102.
[8] MANANDHAR K, CAO Xiaojun, HU Fei, et al. Detection of faults and attacks including false data injection attack in smart grid using Kalman filter[J]. IEEE Transactions on Control of Network Systems, 2014, 1(4):370-379.
[9] MO Y, SIMOPOLI B. Secure control against replay attacks[C]. IEEE 2009 47th Annual Allerton Conference on Communication, Control and Computing. Institute of Electrical and Electronics Engineers, 2009:911-918.
[10] MO Y. Detecting integrity attacks on SCADA systems[J]. IEEE Transactions on Control Systems Technology, 2011, 44(1):1239-1244.
[11] BU Bing, YU F R, TANG Tao. Performance improved methods for communication-based train control systems with random packet drops[J]. IEEE Transactions on Intelligent Transportation Systems, 2014, 15(3):1 179-1 192.
[12] GUO Weiwei, ZHAO Huibing, ZHOU Guo. Verification and analysis of RSSP-1 protocol based on colored Petri nets[C]. Business Computing and Global Informatization (BCGIN), 2012 Second International Conference on. IEEE, 2012:592-595.
[13] 黄平, 彭其渊, 文超. 高速铁路故障分类及其影响列车数模型[J]. 中国安全科学学报, 2018, 28(增2):50-57.
HUANG Ping, PENG Qiyuan, WEN Chao. High-speed railway fault classification and its influence on train number model[J]. China Safety Science Journal, 2018, 28(S2):50-57.
[14] 汪洋, 王俊刚. 基于深度学习算法的铁路列车运行安全检测[J]. 中国安全科学学报, 2018, 28(增2):45-49.
WANG Yang, WANG Jungang. Railway train operation safety detection based on deep learning algorithm[J]. China Safety Science Journal, 2018, 28(S2):45-49.

基于KF的列控系统数据篡改攻击检测方法^*

An intrusion detection method of data tampering attack in train control system based on KF

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 13

编辑推荐

Metrics

本文评价

[1]	赵开功, 张晓蕾, 李长明, 赵成浩, 盖泳伶. 铁路列控系统应急案例知识重用方法[J]. 中国安全科学学报, 2022, 32(S2): 217-224.
[2]	宋雅洁, 步兵. 基于网络流量与设备状态的CBTC入侵检测系统^*[J]. 中国安全科学学报, 2019, 29(S2): 161-167.
[3]	陈雪倩, 步兵. 基于网络流量和数据包的CBTC入侵检测系统^*[J]. 中国安全科学学报, 2019, 29(S2): 154-160.
[4]	李祥, 步兵, 朱力. 城市轨道交通列控系统主动防御方法研究^*[J]. 中国安全科学学报, 2019, 29(S2): 62-68.
[5]	王阳. 基于IEC62425的CTCS-3列控系统安全评估体系^*[J]. 中国安全科学学报, 2019, 29(S1): 81-87.
[6]	窦磊, 李耀, 郭进, 童音, 兰浩. 列控车载设备安全功能测试序列优化方法研究[J]. 中国安全科学学报, 2019, 29(5): 73-78.
[7]	刘强. CTCS-3级列控系统功能测试方法分析^*[J]. 中国安全科学学报, 2018, 28(S2): 79-83.
[8]	马敏，刘芳兰，宁娇丽. 高校数字图书馆网络安全风险分析与策略[J]. 中国安全科学学报, 2010, 20(4): 130-.
[9]	戴天虹，王克奇，杨少春. 基于支持向量机的入侵检测研究[J]. 中国安全科学学报, 2008, 18(4): 126-.
[10]	翟继强. 虚拟蜜罐技术在网络安全中的应用研究[J]. 中国安全科学学报, 2008, 18(12): 106-.
[11]	戴天虹. 基于遗传神经网络的入侵检测研究[J]. 中国安全科学学报, 2006, 16(2): 103-.
[12]	徐成，喻飞，李红，朱淼良. 高速网络环境下的入侵检测[J]. 中国安全科学学报, 2005, 15(1): 74-.
[13]	李昆仑，黄厚宽，田盛丰，赵俊忠. 入侵检测的1类支持向量机模型[J]. 中国安全科学学报, 2003, 13(6): 72-.