An intrusion detection system based on network traffic and device states for CBTC

doi:10.16265/j.cnki.issn1003-3033.2019.S2.027

Abstract

Abstract: In order to improve the ability of information security protection of CBTC, intrusion detection technologies were studied based on the information of network traffic and equipment status. Firstly, according to the characteristics of CBTC, the impacts of different attacks on system were analyzed. Then detection models based on network traffic and equipment status were established to identify system abnormalities. Finally, the Hidden Markov Model (HMM) was applied to build a classifier, and the anomaly detection results were fused to distinguish between system faults and malicious intrusion. The results show that the proposed intrusion detection system (IDS) can realize the detection of various attacks through collection, processing and analysis of information, so as to improve the information security protection ability of CBTC.

Key words: communication-based train control (CBTC), security, intrusion detection system (IDS), network traffic, device states

CLC Number:

X924.3

SONG Yajie, BU Bing. An intrusion detection system based on network traffic and device states for CBTC[J]. China Safety Science Journal, 2019, 29(S2): 161-167.

References 14

[1]	WEN Tao, COSTAS C, CHEN Lei, et al. Access point deployment optimization in CBTC data communication system[J]. IEEE Transactions on Intelligent Transportation Systems, 2018, 19(6):1985-1995.
[2]	赖英旭, 刘增辉, 蔡晓田,等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156.LAI Yingxu, LIU Zenghui, CAI Xiaotian, et al. A survey of intrusion detection research in industrial control systems[J]. Journal of Communications, 2017, 38(2):143-156.
[3]	MELARAGNO A, BANDARA K, FEWELL A, et al. Rail radio intrusion detection system (RRIDS) for communication based train control (CBTC)[C]. 2016 IEEE International Conference on Intelligent Rail Transportation (ICIRT), 2016:39-48.
[4]	YANG Qingyu, YANG Jie, YU Wei, et al. On false data-injection attacks against power system state estimation: modeling and countermeasures[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 25(3):717-729.
[5]	ANDRYSIAK T, SAGANOWSKI L, MAZURCZYK W. Network anomaly detection for railway critical infrastructure based on autoregressive fractional integrated moving average[J]. EURASIP Journal on Wireless Communications and Networking, 2016, 2016(1):245.
[6]	ZHU Li, YU F R, NING Bing, et al. Cross-layer handoff design in MIMO-enabled WLANs for communication-based train control (CBTC) systems[J]. IEEE Journal on Selected Areas in Communications, 2012, 30(4):719-728.
[7]	PATCHA A, PARK J M. An overview of anomaly detection techniques: Existing solutions and latest technological trends[J]. Computer Networks, 2007, 51(12):3 448-3 470.
[8]	BAKIR S T. Distribution-free quality control charts based on signed-rank-like statistics[J]. Communications in Statistics-Theory and Methods, 2006, 35(4):743-757.
[9]	ZHOU Zhihua, JIANG Yuan. Medical diagnosis with C4. 5 rule preceded by artificial neural network ensemble[J]. IEEE Transactions on Information Technology in Biomedicine, 2003, 7(1):37-42.
[10]	KAPIL M, PATKA S, THOOL R. An overview of intrusion detection based on data mining techniques[C]. 2013 International Conference on Communication Systems and Network Technologies, 2013:626-629.
[11]	MANSINGH G, OSEI K M, REICHGELT H. Using ontologies to facilitate post-processing of association rules by domain experts[J]. Information Sciences, 2011, 181(3):419-434.
[12]	LI Jinbo, WITOLDP, IQBAL J. Multivariate time series anomaly detection: a framework of hidden markov models[J]. Applied Soft Computing, 2017, 60(1): 229-240.
[13]	LI Zefang, FANG Huajing, HUANG Ming. Diversified learning for continuous hidden Markov models with application to fault diagnosis[J]. Expert Systems with Applications, 2015, 42(23): 9 165-9 173.
[14]	YE Nong, SEAN V, CHEN Qiang. Computer intrusion detection through EWMA for autocorrelated and uncorrelated data[J]. IEEE Transactions on Reliability, 2003, 52(1):75-82.

[1]	FENG Wengang. Research on civil aviation security event analysis based on deep LSTM model [J]. China Safety Science Journal, 2021, 31(9): 1-7.
[2]	WANG Bing, HUANG Qingwen, YOU Bo, XU Jiaxin, WU Chao. Research on methodology of safety & security intelligence science [J]. China Safety Science Journal, 2021, 31(7): 9-14.
[3]	TONG Ruipeng, WANG Lulu, LI Hongwei, GAO Ning, AN Yu. Discussion on relationship between safety management, risk management and emergency management based on Macro-security view [J]. China Safety Science Journal, 2021, 31(5): 36-44.
[4]	YI Tao, LI Jizu. Influence of job insecurity on miners' safety performance: based on perspective of intergenerational difference [J]. China Safety Science Journal, 2021, 31(4): 49-56.
[5]	WANG Bing, WANG Yuanjie, ZHANG Yalei, WU Chao. Research on safety & security identity mechanism [J]. China Safety Science Journal, 2021, 31(10): 16-22.
[6]	LI Tingting, LU Cheng. Railway industry statistical survey system based on safety protection [J]. China Safety Science Journal, 2020, 30(S1): 133-138.
[7]	LI Niansi, LIU Xiaoyong, LI Liang, XU Jianqiang, YU Bendong. Research on environmental adaptability of lithium-ion battery used in UAV under extreme high and low temperature [J]. China Safety Science Journal, 2020, 30(8): 177-182.
[8]	LI Xiang, BU Bing, ZHU Li. Research on proactive defensemethodin train control systemfor urban rail transit [J]. China Safety Science Journal, 2019, 29(S2): 62-68.
[9]	ZHANG Weijun. Research on technical scheme of railway communication network security management center [J]. China Safety Science Journal, 2019, 29(S2): 88-92.
[10]	XIE Anna, YIN Panpan, WANG Zhiyuan. Application of QFD in security service quality evaluation of railway passenger station [J]. China Safety Science Journal, 2019, 29(S2): 144-148.
[11]	CHEN Xueqian, BU Bing. An intrusion detection system for CBTC based on network traffic and packets [J]. China Safety Science Journal, 2019, 29(S2): 154-160.
[12]	CHENG Xi. Discussion of application of safety economics in railway operation and production [J]. China Safety Science Journal, 2019, 29(S1): 5-10.
[13]	YU Shengli, CHENG Liang, XIAO Chao, GAO Xicheng, WANG Baojiang, SONG Hao. A brief discussion on relationship between high-speed railway deformation monitoring and railway operation safety [J]. China Safety Science Journal, 2019, 29(S1): 180-185.
[14]	WANG Yonggang, ZHANG Di, LIU Xiaolu. Study on evaluation of security safeguarding ability of aviation security personnel [J]. China Safety Science Journal, 2019, 29(8): 10-16.
[15]	XIONG Wenze, JIN Jianghong, TANG Junmei. Quantitative risk assessment method for information security of SCADA systems [J]. China Safety Science Journal, 2019, 29(8): 157-163.