Research On Security Protection Strategy Of Railway Signal Safety Data Network

The railway signal safety data network carriers the safety information transmission of train control system.It provides an important guarantee for safe and efficient operation of the train under high speed and high density conditions.Security attack may cause equipment failure or even safety accident.Reliability and security of the network are directly related to traffic safety.With the application of general computer technology,the potential security risks are also introduced.The security problems are more and more severe and may cause serious consequences.Therefore,the research on security protection of signal safety data network is of great significance.This thesis studies the security protection strategy of signal safety data network.Based on the analysis of the network topology,operation characteristics and security requirements of signal safety data network,the dynamic risk assessment is completed.The optimal protection strategy is analyzed by the multi-objective optimization method.The implementation of protection measures can improve the security level of the system,and may lead to the attack strategy selection tendency change.Based on this,the decision-making method of protection schemes is studied using game theory.This thesis mainly includes the following three parts:1.Dynamic security risk assessment for signal safety data network based on Bayesian inference.By analyzing the logical relationship among vulnerability,permission,multi-step attacks and affect propagation paths,the extended Bayesian attack graph model is established based on the uncertainty of atomic attack.Then,the extended Bayesian attack graph model considers and quantifies the correlation between attacks and detection equipment alarms,and uses real-time alarms information as evidence for accident probability dynamic reasoning.Finally,the system risk is obtained by combining the safety impact of the accident.2.Analysis of combined protection strategies for signal safety data network based on multi-objective optimization.Combined with the extended Bayesian attack defense graph,this thesis studies the risk impact of different protection measures combinations,and takes the difference of risk before and after the implementation of protection measures as the protection strategy reward.The protection strategy economic cost,the impact of the protection strategy implementation on the system performance,and the safety impact of the protection equipment failure are considered to evaluate the protection cost.Combining various factors,a multi-objective evaluation model of protection strategies was established and the set of optimal protection strategies was obtained by solving multi-objective optimization problems.3.Protection scheme decision of signal safety data network based on attack-defense game.Combined with the extended Bayesian attack defense graph,an attack-defense game model is established.With the analyze of influencing factors of the attacker's strategy choice,this paper studies the attack strategy cost and reward indicators and quantitative methods.Through the protection evaluation index function in the combined protection strategy research,the protection strategy cost and reward are evaluated with expert knowledge.The optimal protection strategy is given by solving the mixed strategy equilibrium state in the attack-defense game.The method described in this thesis can model the uncertainty and correlation of the attack,detection and protection behaviors of signal safety data network according to the extended Bayesian attack graph model,and can assess the current status of system security effectively and accurately.Based on this,the multi-objective optimization model is adopted to reduce the security risk most effectively under the limit of protection measures combination cost.Finally,based on the attack-defense game model,the balance between the residual risk and attack cost of both attackers and defenders is found.The simulation results show that the method is scientific and effective.This thesis contains 50 figures,25 tables and 78 references.