| Real-time Ethernet has been applied in the new generation of trains because of its good compatibility,high transmission rate,and low cost.The integration of multiple services and the openness of the Ethernet communication protocol put the train communication network at risk of being attacked,posing a threat to the normal operation of the train and the lives and property of passengers.The application of relevant security technologies in the train real-time Ethernet technical solution is of great significance to guarantee the safe operation of trains.This dissertation uses penetration testing techniques to test and explore the weaknesses of train real-time Ethernet and uses anomaly detection technology to effectively protect train real-time Ethernet.The main contents of the thesis are as follows:(1)The vulnerability of train real-time Ethernet is analyzed based on train network communication protocol and network equipment,and the possible network attacks on trains are summarized.To find the vulnerability in the real-time Ethernet of trains and test the effectiveness of existing security defense measures,Python programming language is used to complete the penetration test software design to simulate various network attacks.Two kinds of network attacks,IP scanning,and port scanning,are simulated.For denial of service attacks,SYN flood,UDP flood,Smurf attack,and MAC flood are simulated.For identity deception attacks,the simulation of three kinds of network attacks,namely ARP deception,violent decryption,and TRDP replay attacks,are realized.(2)An anomaly detection and attack classification model for train real-time Ethernet are established.To quickly screen normal data and abnormal data,a network attack anomaly detection model based on support vector machine is designed,and genetic algorithm is used to optimize the kernel function parameters of the support vector machine;to respond to different network attacks in the filtered abnormal data,two attack classification models based on the random forest are designed.The designed model was tested using KDD-99,the most commonly used benchmark data set in the network security field.(3)Combined with the network penetration test software designed in the thesis,the penetration test of the train real-time Ethernet platform is carried out.The influence of various network attacks is analyzed and the data of the test process is collected by Wireshark software.The anomaly detection and attack classification models are validated using the new data set.Comprehensive experimental results show that the train real-time Ethernet can use support vector machine and genetic algorithm(GA-SVM)model to detect abnormal data.After passing the normal data,the classification and regression tree(CART)model can be used to distinguish the attack types to better complete the follow-up response and operation. |
PDF Full Text Request