Design And Implementation Of Intrusion Detection System For Train Control Network

The train control network is the critical infrastructure of the train networked control system,which requires strict timeliness,reliability,and safety.The openness of the network makes the train control system face serious cybersecurity risk,and the research of intrusion detection system for the train control network is of great significance.This thesis designs and implements a intrusion detection system after analyzing the vulnerabilities and the external threats of the train control network.The intrusion detection system designed in this thesis consists of two parts:distributed intrusion detection software and centralized intrusion analysis software.Rule-based misuse detection technology is utilized in distributed intrusion detection software,which is deployed in each critical part of the train control network to detect the whole network traffic in real time.Centralized intrusion analysis software performs alarm aggregation and alarm correlation on multi-source heterogeneous alarm data in the train control network,and provides decision support for the security management in the train control center.The main work includes: 1)A deep protocol parsing algorithm is designed for the train real-time data protocol(TRDP);2)a misuse detection rule repository is designed,which includes the TRDP compliance detection rule set based on whitelist technology;3)a misuse detection engine based on rule organization optimization is designed,including a two-level rule organization form based on priority and a two-level rule matching process;4)an alarm aggregation method based on attribute similarity and dynamic time interval threshold is designed to realize alarm simplification,with the consideration of the spatial attributes of the train control network;5)an alarm reverse causal correlation method based on priority is designed,and an improved method of probabilistic correlation and inferential correlation is proposed to tackle the scenarios of attack scene fracture.In this thesis,the intrusion detection system software for the train control network is designed and implemented,and a simulation experiment platform of the train control network is built,on which the attack injection and intrusion detection experiments are carried out.The experimental results prove the effectiveness of the designed intrusion detection system.