Study On Information Security Risk Monitoring Approach Of Rail Transit Signal System

In order to relieve the pressure of urban traffic and meet the travel demand of citizens,rail transit has introduced the information technology(IT)to develop Communication based Train Control(CBTC)system.With the development of IT technology,the introduction of network improves the operation efficiency of the rail transit,but also brings the risk of information security,which makes the system vulnerable to information security attacks such as replay attacks.This study aims at the information security requirements from rail transit industry,and designs the information security risk monitoring method for replay attacks.The main research works of this study are as follows:(1)System information security background,research status and related theories and methods of risk monitoring methods at home and abroad are introduced,and the feasibility and limitations of existing methods applied to replay attacks monitoring in the field of rail transit are analyzed.(2)Aiming at the problem that existing methods are not suitable for monitoring replay attacks in rail transit industry directly,the state space model of trains in CBTC system was designed applying wireless network control system(WiNCS)theory in the secure communication and replay attack scenarios,describing the correspondence between the trains status and the information security state of vehicle-ground communication with state changes.On the basis of the CBTC system model and replay attack characteristics,a joint risk monitoring method based on residual chi-square and Pearson coefficient was designed.This method redefines the residuals of the traditional chi-square test so that the improved residual chi-square risk monitoring algorithm can effectively monitor the replay attacks in the field of rail transit.(3)In order to make up for the deficiencies that the residual chi-square test can not detect covert attacks,the similarity metric was introduced and the Pearson coefficient risk monitoring algorithm was designed.The joint monitoring method has complementary advantages of both methods,solving the problems that the residual chi-square test is difficult to detect covert attack and the amount of data interferes with the Pearson coefficient,improving the detection rate of replay attack against rail transit and reducing the false alarm rate.(4)Aiming at the problem that a special replay attack in rail transit industry leads to longer delay of risk monitoring,a risk monitoring method based on improved state propagator was designed according to the principle of state propagator.The traditional state propagator principle uses state of the historical moment to obtain the state at the moment recursively.In this study,state of the future moment is obtained recursively according to MA and state at the moment when the system is in steady state.The method judges whether the attack occurred or not by comparing the deviation of state estimations before and after the special replay attack.The improved risk monitoring method can monitor theoretically at the moment of attack,reducing the monitor process time drastically.Finally,system model parameters and risk scenarios are set to simulate the system state space model and risk monitoring methods designed by this study.Two replay attack risk scenarios are selected respectively to test two designed risk monitoring methods.The results of simulation analysis verify the effectiveness of the designed risk monitoring methods.