Intrusion Detection For Train-Ground Wireless Network In Communication-Based Train Control Systems

Communication-based Train Control(CBTC)systems provide accurate closed-loop control of trains through continuous,bidirectional,and high-capacity communication between trains and wayside equipment.Wireless Local Area Network(WLAN)based on the IEEE 802.11 standard is adopted in most existing CBTC systems.Since WLAN equipment works in the open ISM(Industrial Scientific Medical)frequency band,and the IEEE 802.11 standard has flaws in security,CBTC systems based on WLAN are at risk from serious cyber attacks.Intrusion detection technologies can detect cyber attacks in time and provide an essential basis for security defense strategies.Due to the particularities of the wireless network in CBTC systems,the existing intrusion detection technologies can not be deployed directly to train-ground wireless network.This paper focuses on the intrusion detection for train-ground wireless network in CBTC systems.According to the characteristics of train-ground wireless network based on WLAN,the physical layer and the Medium Access Control(MAC)layer are studied,and intrusion detectors are designed respectively.The detection results of two layers are integrated to improve the overall performance.In this paper,a fusion method of the physical layer detection based on discrete wavelet and the MAC layer detection based on Random Forest is proposed.An experimental environment is built to simulate various wireless attacks,and the effectiveness of the proposed methods is verified.The contents of this paper are as follows:(1)The technical characteristics of train-ground wireless network based on WLAN are researched.Considering different wireless attack scenarios,the principles of various wireless attacks are summarized.According to the intrusion detection requirements of train-ground wireless network,an intrusion detection scheme combining the physical layer and MAC layer is designed.(2)The physical layer intrusion detection method based on discrete wavelet analysis is proposed.In this paper,Received Signal Strength(RSS)is selected as a detection feature of the physical layer.RSS time series are constructed by analyzing the characteristics of the wireless channel.The discrete wavelet analysis is used to decompose and reconstruct the RSS time series,and a detection algorithm is designed to identify abnormal changes.(3)The MAC layer intrusion detection method based on Random Forest is researched.Based on the AWID datasets,this paper designs MAC layer features for detecting attacks against train-ground wireless network and constructs a wireless intrusion detection dataset suitable for CBTC systems.The MAC layer intrusion detection model is designed,and Random Forest is used to process and analyze the dataset for classifying different wireless attacks.The method of discretization of continuous attributes in Random Forest is improved.(4)The intrusion detection method combining the physical layer and the MAC layer is proposed.A train-ground wireless network experimental environment is built to simulate different wireless attacks and collect normal and attack data.The effectiveness of the physical layer and the MAC layer intrusion detection methods proposed in this paper is verified.In addition,the performance of single layer intrusion detection is evaluated and compared with the overall detection performance.The experimental results show that the train-ground wireless network intrusion detection method proposed in this paper can accurately detect wireless attack behaviors in time.For the 13 types of wireless attacks simulated in the experiment,the fusion detection method achieves 97.6%detection rate and 1.6%false positive rate.Intrusion detection for train-ground wireless network is of great significance to improve the security protection capability of CBTC systems.