中国安全科学学报 ›› 2019, Vol. 29 ›› Issue (S2): 154-160.doi: 10.16265/j.cnki.issn1003-3033.2019.S2.026

• 公共安全 • 上一篇    下一篇

基于网络流量和数据包的CBTC入侵检测系统*

陈雪倩, 步兵 教授   

  1. 北京交通大学 轨道交通控制与安全国家重点实验室,北京 100044
  • 收稿日期:2019-08-04 修回日期:2019-10-13 出版日期:2019-12-30 发布日期:2020-10-28
  • 作者简介:陈雪倩 (1995—),女,浙江宁波人,硕士研究生,主要研究方向为交通信息工程及控制。E-mail:18120211@bjtu.edu.cn。
  • 基金资助:
    北京交控创新基金资助(9907006607);横向科研项目(I19L00090);北京交通大学研究生创新基金资助(I18JB00110);城市轨道交通北京实验室项目。

An intrusion detection system for CBTC based on network traffic and packets

CHEN Xueqian, BU Bing   

  1. State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing 100044, China
  • Received:2019-08-04 Revised:2019-10-13 Online:2019-12-30 Published:2020-10-28

摘要: 为解决基于通信的列车控制(CBTC)系统面临的安全风险问题,实时有效检测CBTC系统中的攻击行为,如拒绝服务(DoS)和数据篡改攻击,提出一种基于网络流量和数据包的入侵检测系统(IDS)。首先分析CBTC系统特点和典型攻击行为对CBTC系统的影响;然后基于CBTC系统构建IDS 模型,在数据包检测模块中,自组织映射(SOM)神经网络被用于改进基于密度的带有噪声的空间聚类(DBscan)方法,将基于自回归(AR)算法的网络流量检测模块与数据包检测模块结合;最后在CBTC仿真平台测试IDS,并进行性能验证。结果表明:IDS系统可通过对网络流量和数据包的特征提取、检测和告警,实现对CBTC系统的入侵检测,从而提高CBTC系统的信息安全防护能力。

关键词: 基于通信的列车控制(CBTC), 入侵检测系统(IDS), 网络流量, 网络数据包, 检测性能, 实时性能

Abstract: In order to solve the problem of security risks faced by CBTC systems, an IDS based on network traffic and packets was proposed to detect typical attacks of CBTC systems in real time, such as the denial of service (DoS) and data tempering attacks. Firstly, thecharacteristics of CBTC system and impacts of cyber attacks on CBTC system wereanalyzed. Thenthe IDS was designedbased onCBTC system. In the packet detection module, self-organizing maps (SOM) neural networkswere used to improve the density-based spatial clustering of applications with noise (DBscan) method. And the traffic detection module based on auto regression (AR) algorithmwas combined with packet detection module. Finally, the IDS was tested on CBTC simulation platformand its performance was verified. The results show that the IDS can detect attacks in CBTC system by alerting the characteristics of network traffic and packets, so as to improve the information security protection ability of CBTC system.

Key words: communication-based train control (CBTC), intrusion detection system (IDS), network traffic, network packets, detection performance, real-time performance

中图分类号: