Design And Implementation Of Train Communication Network Intrusion Detection System Based On Deep Packet Inspection

With the application of industrial Ethernet in the train communication network,its openness is getting stronger and stronger,and the security problems it faces are becoming more and more prominent.The Ethernet train communication network is a fusion of the service network and the control network,and the data must be exchanged through the gateway.This thesis analyzes the vulnerability of train communication network and the TRDP protocol used to transmit process data and message data in train control network.Combined with the research of network security intrusion detection technology of current industrial control system,an intrusion detection system based on deep packet inspection was designed.The IDS designed in this thesis captures the real-time communication data from the network.It uses the deep packet inspection technology to analyze the data packet from the link layer to the application layer,and extracts the characteristics of the network communication for further deeper detection.At the same time,the legitimacy of the packet is checked according to the specification of protocol in each layer.Then the IDS uses the whitelist technology to filter the illegal access by setting the ruiles of IP address,port number,ComId,and function combination.Then,the OCSVM-based anomaly detection model is used for deeper anomaly behavior detection.This thesis focuses on the use of OCSVM algorithm to establish an anomaly detection model to solve the problems caused by the unbalanced data sample in train communication network.In view of the complex structure of the train communication network and the high dimensionality of the data samples,the PCA method is used for dimensionality reduction.Aiming at the problems of slow search speed and low accuracy of grid search method,the PSO algorithm is used to optimize the parameters,and the superiority of the method was verified by experiments.At the end of this thesis,the implementation of each module of the IDS was introduced.The analysis function of the TRDP protocol,the packet validity check function and the packet filtering function were verified by experiments.Combining static protection with an anomaly detection model based on PSO-OCSVM can improve the accuracy of intrusion detection.