Intrusion Detection Methods In Communication-Based Train Control Systems Based On Train Behavior Analysis

Communication-Based Train Control(CBTC)systems implement precise operating control of trains through a large-capacity,continuous,bidirectional wireless network and backbone network.Existing CBTC systems widely use commercial products.Attackers can use device vulnerabilities to access the system to launch data tampering attacks,resulting in reducing operating efficiency and even causing security accidents.Traditional intrusion detection methods detect intrusion behavior by analyzing cyber characteristics,which cannot effectively detect data tampering attacks.Therefore,researching intrusion detection methods based on the train's behavior analysis and identifying data tampering attacks in the CBTC system has important theoretical guidance and practical application significance.This paper mainly studies intrusion detection methods based on the train's behavior analysis.The operating process is modeled and the impact of data tampering attacks on the behavior of the train is analyzed based on the dynamic characteristics of the train.An intrusion detection method is proposed,and machine learning methods are used to further improve the detection performance.This paper proposes an intrusion detection method based on the train's behavior analysis and multi-agent reinforcement learning.A simulation platform is built to simulate data tampering attacks to verify the effectiveness of intrusion detection methods.The main work completed in this article is as follows:(1)The possibility of data tampering attacks on the CBTC system and the impact of data tampering attacks on different subsystems are analyzed.For data tampering attacks between Zone Controller(ZC)and Vehicle On-Board Controller(VOBC),four possible attack modes are proposed;(2)An intrusion detection method based on the estimation of the train's state is proposed.The system is modeled according to the dynamic characteristics of the train in the CBTC system,and an intrusion detection system is designed using particle filter and chi-square detection method by using the observation value of the train's status information and the moving authority;(3)An intrusion detection method based on multi-agent reinforcement learning is proposed.Aiming at the mobility and distributed characteristics of the trains in the CBTC system,an intrusion detection framework based on multi-agents is proposed.An intrusion detection system based on reinforcement learning is designed,using the global observations in the data set to train the model offline,and using the local observations of the on-board detection agent for online detection;(4)A simulation platform of the CBTC system to simulate data tampering attacks is built to generate an intrusion detection data set and verify the effectiveness of the intrusion detection method based on train's state estimation and multi-agent reinforcement learning.The data set is used to compare and evaluate the performance of the detection method.Experiments show that the intrusion detection method based on train's behavior analysis can explore the data tampering attack behavior in real-time and accurately.For the four attack modes in the experiment,the multi-agent reinforcement learning improves the intrusion detection method based on the estimation of the train's status is used,and the true positive rate reaches 99.14% and the false positive rate is 1.34%.The intrusion detection method based on train's behavior analysis proposed in the paper has important theoretical guidance and practical application significance for improving the information cyber protection level of CBTC system.