Abstract: In order to solve the problem of security risks faced by CBTC systems, an IDS based on network traffic and packets was proposed to detect typical attacks of CBTC systems in real time, such as the denial of service (DoS) and data tempering attacks. Firstly, thecharacteristics of CBTC system and impacts of cyber attacks on CBTC system wereanalyzed. Thenthe IDS was designedbased onCBTC system. In the packet detection module, self-organizing maps (SOM) neural networkswere used to improve the density-based spatial clustering of applications with noise (DBscan) method. And the traffic detection module based on auto regression (AR) algorithmwas combined with packet detection module. Finally, the IDS was tested on CBTC simulation platformand its performance was verified. The results show that the IDS can detect attacks in CBTC system by alerting the characteristics of network traffic and packets, so as to improve the information security protection ability of CBTC system.

Key words: communication-based train control (CBTC), intrusion detection system (IDS), network traffic, network packets, detection performance, real-time performance