Active Defense Of Security Risk In Train Control System

Along with the information security risk of train control system increasing,considering its particularity and complexity,the information security solutions for general industrial control system cannot be applied to train control system directly.At present,domestic and foreign researches on information security defense technology of train control system are very few and failure to fully consider the characteristics like data driven,security redundancy structure and“Fail-Safe”,etc.Therefore,under the background of informatization and networking in train control system,it is of great significance to carry out the research on the active defense technology.This paper mainly investigates how to introduce Attack Countermeasure Tree(ACT)into train control system information security modeling.By modifying the model definition,ACT can characterize the system better.Then a goal on information security of train control system defense is proposed.On this basis,the optimal active defense strategy selection method is given.The specific research contents are as follows:(1)The current situation of industrial control system and train control system information security is researched.Taking Communication-based Train Control(CBTC)systems based on Wireless Local Area Networks(WLANs)as the research object,this paper focuses on the analysis of information security of train control system,including information security requirements,network vulnerability,attack surface,typical attack and defense technology,especially the active defense technology.(2)The active defense modeling method of information security based on ACT is intensive studied.At first,the paper analyzes the typical security modeling methods,such as Attack Tree,Defense Tree,Attack Defense Tree and Bayesian Defense Graph.Then ACT and its probability calculation,qualitative analysis and quantitative analysis are introduced as the information security analysis tool by revising the definition of ACT model to make it more suitable for modeling train control system.At last,the ACT modeling steps are given.(3)The optimal strategy selection method for the information security of train control system is proposed.Firstly,through analyzing the characteristics and requirements of the train control system,this paper puts forward an optimal defense target of train control system and gives its formal expression.Then the train control system oriented attack classification is given which based on the attack process of general industrial control system.Secondly,the quantitative analysis model of attack and defense is determined.Finally,the optimal defense strategy selection method based on qualitative and quantitative techniques is given.(4)The active defense model and related method are applied in the minimal system.By analyzing the information flow of WLAN-based CBTC systems,a minimum system is defined,and its ACT model is established.The optimal defense strategy of train control system is considered by the quantitative analysis of the model,and the defense effect is verified as well.The analysis results show that the active defense model of train control system combined with Attack Countermeasure Tree can well reflect the interaction among attack,detection and mitigation events.The raised optimal defense target and strategy selection method can be used to obtain the optimal defense strategy of train control system according with the safety and efficiency requirements and other goals.The experimental results proved that this method is scientific and efficient.