Font Size: a A A

Machine Learning-based Intrusion Detection Method For Ethernet-based Train Communication Network

Posted on:2023-08-24Degree:DoctorType:Dissertation
Country:ChinaCandidate:C YueFull Text:PDF
GTID:1522306845497054Subject:Electrical engineering
Abstract/Summary:
With the advantages of high communication rate and openness,the Ethernet-based train communication network(ETCN)becomes the preferred in-vehicle network for the new generation railway trains.However,in the context of the rapidly increased interacition between the in-vehicle network and the external information environment,the application of ETCN reduces the threshold of the interactions,which breaks the “barrier of network security” generated by the relative closeness of the traditional in-vehicle network,increases the potential risk of network intrusion,and brings new challenges to network security protection.Network intrusion detection that is capable of detecting network attacks is a key aspect of ETCN’s network security protection.However,there are no systematic ETCN intrusion detection methods at present.Therefore,there is an urgent need to conduct systematic research on intrusion detection method for ETCN.Following the mode of “detection in depth”,this dissertation divides the intrusion detection task of ETCN into attack discovery part and attack identification part,and conducts systematic method research oriented to solving several critical problems.Specifically,three intrusion detection methods are researched respectively for the problem of efficient attack discovery,the problem of highly accurate identification of multi-class attacks,and the problem of targeted identification of spatially indistinguishable attacks.Furthermore,an attack sample generation method is researched for the few-shot problem in the training phase of machine learning-based ETCN intrusion detection models.The main research work of this dissertation is as follows.(1)Research on the efficient attack discovery method.In order to achieve effective preprocessing and feature selection of raw network data,a feature engineering method is designed and a two-stage feature selection method is proposed.The light gradient boosting machine(Light GBM)is brought in and improved in three aspects,i.e.,self-adaptive weight,model structure refinement,and category feature processing,oriented to improve the detection efficiency in the attack discovery process.Then,following the anomaly detection manner,an improved Light GBM-based ETCN intrusion detection method is proposed.The experimental results indicate that the proposed intrusion detection method is able to discover ETCN network attacks efficiently.(2)Research on the highly accurate identification method against multi-class attacks.The concept of spatio-temporal traces of network attacks is brought in,and a sample construction method is designed,which can represent spatio-temporal traces in an appropriate way.An ETCN intrusion detection method based on ensemble deep learning is proposed.In this method,firstly,spatial and temporal base detectors that are capable of capturing spatial and temporal traces are constructed based on convolutional neural network(CNN)and recurrent neural network(RNN);secondly,a transfer strategy is designed to realize the transfer of sample spatial information across data domains;finally,an ensemble structure and an ensemble algorithm are designed for integration of base detectors.The experimental results indicate that the proposed intrusion detection method can ac-curately identify multi-class ETCN network attacks.(3)Research on the highly accurate identification method against spatially indistinguishable attacks.Against ETCN attacks that are difficult to be discriminated through spatial features,an ETCN intrusion detection method based on improved temporal convolutional neural network(TCNN)is proposed.In this method,firstly,the basic framework of the detection model is constructed based on TCNN;secondly,shortcomings of the basic framework’s static structure are improved,and the main network structure is further constructed;finally,so as to solve the problem that the length of the inner time traces of the temporal attack samples are variable,the main network structure is optimized based on the dynamic neural network technology.The experimental results indicate that the proposed intrusion detection method can ac-curately identify ETCN spatially indistinguishable attacks.(4)Research on the attack sample generation method under the few-shot condition.So as to solve the few-shot problem in the training phase of machine learning-based intrusion detection models,an ETCN attack sample generation method based on improved generative adversarial network(GAN)is proposed.In this method,firstly,sampling strategy,constraint condition and loss function of GAN are improved and the backbone structure is designed;secondly,the one-dimensional and two-dimensional generators and discriminators based on deep neural network(DNN)and CNN are designed respectively for the sample form requirements of different types of ETCN intrusion detection methods.The experimental results indicate that the proposed method can effectively generate new ETCN network attack samples under the few-shot condition.The limitation of detection accuracy brought by the few-shot problem is effectively alleviated by utilizing these generated samples in ETCN intrusion detection models’ training phase.
Keywords/Search Tags:Train Communication Network, Intrusion Detection, Machine Learning, Deep Learning, Data Mining
Related items