Research On An Anomaly Detection Scheme On Railway Time Synchronization Network

With the promotion of Outline on Building a Powerful Transportation Country,high-speed railway has stepped into the era of great development.In order to maintain traffic safety and transportation efficiency,China Railway Corporation has put forward new requirements for time synchronization level among railway subsystems.As one of the important subnets of Railway Communication Network,Railway Time Synchronization Network is responsible for coordinating and unifying the time of each link of railway,so that each link can record and execute tasks according to the unified time information of standards.Railway Time Synchronization network achieves the time synchronization function through NTP protocol,which has its natural vulnerability and is easy to be attacked.When Railway Time Synchronization Network is maliciously attacked,the transmission bandwidth of the network will be occupied.That would severely affect the time synchronization level of the network,thus reducing the operation efficiency and endangering the traffic safety.At present,there are few researches on safety of Railway Time Synchronization Network,and there is still a gap in the field of anomaly detection of the network.How to detect the attack on Railway Time Synchronization Network accurately and in real time on the premise of huge amount of data transmission is an important research subject to improve railway safety.Therefore,an anomaly detection scheme of Railway Time Synchronization Network under Spark was proposed in this thesis,through which anomaly caused by attacks can be detected.First of all,whether there is difference between the description ability of the traffic data characteristics of the marked time synchronization network was studied from two aspects of linear correlation and non-linear correlation by calculating Pearson Correlation Coefficient and Distance Correlation Coefficient under Spark of Python language,and the existence of optimal characteristics was verified.According to that,the marked traffic data was processed by Chi-square test,Pearson correlation coefficient and maximal information coefficient through Python under Spark to reduce the number of data features,and then three sets of feature subset were got.After that,through contrast and analysis,some control groups were set up as other feature subsets,and the accuracy of each feature subset was calculated.Among all the subsets,the one that own the highest accuracy was chosen as the optimal feature subset,which can well show whether a traffic data is abnormal or not.On this basis,the optimal features were analyzed.And according to these features and taking the network structure of Railway Time Synchronization Network into consideration,some defense suggestions for Distributed Denial of Service attacks were introduced initially.Secondly,an anomaly detection scheme of Railway Time Synchronization Network based on joint classifiers under Spark was proposed in the thesis.In the joint classifiers,theMini Batch K-Means clustering algorithm and the Random Forest classification algorithm were connected in parallel,and the final comprehensive judgment of the two results was made by the K-Nearest Neighbor principle.Specifically,at first,the training data was processed and input to build the model of Mini-Batch K-Means and Random Forest,which were then paralleled by the principle of consistency.After that,in order to verify the detection performance of the joint classifier algorithm,the test data was respectively input into models of joint classifier,Mini Batch K-means and Random Forest to calculate and compare detection accuracy,through which verifies the superiority of the joint classifier algorithm in detection accuracy and stabilityFinally,based on the above research,an attack alarm mechanism based on mining association rule algorithm was initially put forward to give an efficient real-time alarm to detected abnormal traffic of Railway Time Synchronization Network.This assumption provides a certain direction for the subsequent research on improving the safety of Railway Time Synchronization Network.