Cyber Security Intrusion Detection Methods Of Urban Rail Transit Control System

Communication-Based Train Control(CBTC)systems are complicated systems combining advanced technologies such as modern communication,control,computer and traditional signaling technologies.Although the application of those advanced technologies significantly improves the level of automation of CBTC systems,they bring potential cyber security risks to CBTC systems.The current intrusion detection methods in traditional Information Technology and Industrial Control fields do not consider CBTC communication and application characteristics which can’t meet the specific needs of intrusion detection in CBTC systems.Meanwhile,the research on cyber security intrusion detection in CBTC systems is still in its infancy.Therefore,it is of great theoretical and practical significance to timely carry out the research on the theory and method of CBTC cyber security intrusion detection.In this paper,we consider both the characteristics and typical attacks of CBTC systems to study intrusion detection methods in CBTC systems.One-Class Support Vector Machine(OCSVM)and association analysis algorithm are used to detect Denial of Service(DoS)attacks,and CBTC systems’ features are combined to extract features,build models and conduct simulation verification.Then,a multi-source mutual discipline detection method is proposed innovatively for data spoofing attacks detection in CBTC systems,and the detection performance of this method and the influence of the detector on CBTC systems are studied.Finally,the overall detection performance of the intrusion detection methods proposed in this paper is analyzed and compared with the existing method.The specific research contents of this paper are as follows:(1)The cyber security status of CBTC systems is analyzed.The security risks of CBTC systems,typical attack methods and principles in CBTC systems are studied.Then,the requirements of intrusion detection system for CBTC systems are analyzed,and the framework of intrusion detection system is designed.(2)The Data Mining based intrusion detection methods for CBTC DoS attacks are studied.The flow anomaly detection model of CBTC is established using the OCSVM model,and the detection performance of the model in different departing time interval scenarios is verified by simulation.Based on the association analysis method,the double-contour rule detection model of CBTC system and the normal behavior and abnormal behavior rules are established.The effectiveness of the method is verified by Snort tool.(3)A multi-source mutual discipline detection method is proposed innovatively to solve the detection problem of CBTC data spoofing attacks.Firstly,the concept of multi-source mutual discipline detection is defined.Then,the detection mechanisms of vehicle detector and ground detector are designed.The detection performance of multi-source mutual discipline detection scheme and the impact of the method on safety and efficiency of CBTC systems are theoretically analyzed.(4)The detection performance of the proposed detection method based on multi-source mutual discipline is verified and the overall performance of the intrusion detection system is analyzed.The multi-source mutual discipline detection method is modeled and verified by Deterministic and Stochastic Petri Nets(DSPN).Finally,based on the system framework,the overall detection performance of the intrusion detection system is analyzed.Simulation verification and comparison with existing methods show that the intrusion detection methods proposed in this paper can effectively improve the detection rate of DoS attacks and data spoofing attacks.The detection rates of DoS attacks and data spoofing attacks are as high as 99.5%and 99.99974%,which greatly improves the CBTC systems’ cyber security level.