Research On Information Security Situation Assessment Method Of Railway Signaling System

In the railway transportation system,the railway signaling system is the central nerve for the whole railway system,and it is the core factor for ensuring the safety and efficiency of the train operation.With the application of general-purpose computer network software and hardware,the security hidden danger is also introduced into railway signaling system.Physical isolation is the main safety protection method currently adopted by railway signaling system,but the introduction of general-purpose IT technology will lead to system security devices can’t find its potential security threats in time,such as the 4"Stuxnet" incident in Iranian nuclear power plant,so the signaling system is facing more serious information security problems.In order to grasp the security of the entire signaling system in real time,this paper proposes an information security situation assessment method for signaling system,builds a situation assessment model,and simulates its feasibility.The main research contents of this article include:In this paper,the ground equipment of railway signaling system is taken as an example to analyze the information security risk of the equipment interface and internal structure,and the information security situation assessment is carried out on this basis.Design a railway signaling system information security situation assessment plan that includes:(1)Collect and design the collection system for the original data;process the collected raw data to obtain the necessary situation elements.Based on the characteristics of situation factor,the system of signaling system based on threat,vulnerability and information assets is constructed.(2)According to the structure characteristic of the signaling system,the situation assessment model is constructed.This paper proposes a situation assessment method based on D-S evidence theory,which mainly includes the construction of expert knowledge base for threat,vulnerability and information assets as well as its two-level index,and provides the scoring for the calculation of situation assessment method.For the index system,using AHP to calculate index weights.Using index weights,the basic probability function and the synthesis rule of D-S evidence theory are revised.The modified D-S evidence theory integrates the evidence of the security events occurring in the signaling system to obtain the security threat posture level of the equipment.According to the importance of the equipment in the signaling system,the security threat posture level of the entire signal system is calculated.(3)Finally,the feasibility of the situation assessment method is verified.Set up an experimental platform for railway signaling systems.The main hardware devices include TCC,TSRS,CBI,IDS,switch,attack host A,and host B.Host B is mainly required for installing experiments,including Nmap,Nessus,WireShark,and assessment algorithms implementation program.The experiment mainly sets up two experimental scenarios of system vulnerability mining and system attack;carries out static assessment,normal operation situation assessment,and attack situation assessment of the system;and displays through the visual graphs,provides decision-making reference for the administrator.The experimental results show that the static threat assessment status of the system is medium,the security threat posture level is normal when the system is running normally,and the security threat posture level when the system is attacked is dangerous,which is in line with the actual situation.