| The train communication network merges the control network and the service network.Unlike the IT system,the train control system is an industrial control system with high real-time and reliability requirements.It cannot be protected by the traditional IT system protection ideas.This thesis analyzes the structure of train communication network,train real-time data protocol and function data unit.In consideration of the characteristics of intrusion detection technologies for industrial control system and train communication network,the thesis designs and implements a intrusion detection system for train communication network combining misuse detection and anomaly detection.First of all in response to the information security needs of the train communication network,this thesis analyzes the structure and communication data of the train communication network and the information security threats faced by the train communication network.Secondly it studies related network attack technologies and summarizes what requirements the intrusion detection system for train communication network should meet.Next it designs a hybrid intrusion detection system based on feature-based misuse detection and anomaly detection based on Long Short-Term Memory networks: transforming the rule-based open source intrusion detection system,adding train communication protocol analysis plug-in and rule option plug-in,writing corresponding detection rules based on expert knowledge,and using misuse detection to detect known attacks;and for unknown attacks and variant attacks,this thesis synthesizes the data packets of train communication network into network flows,and analyzes and selects the network stream feature data.Then it uses Long Short-Term Memory networks to learn these network stream features data and simplifies the intrusion detection problem into a binary classification problem.It obtains a classification model through learning to perform anomaly detection.Aiming at the problem that the train communication network data is difficult to obtain,this thesis designs and implements a simulation platform for train communication network,and carried out attack and detection experiments on this platform.Data packet high-speed acquisition technology is used to capture data packet quickly and efficiently,so as to adapt to the high real-time communication of train communication network.The experimental results show the availability of the simulation platform and the effectiveness of the proposed intrusion detection system. |
PDF Full Text Request