An Intrusion Detection Method Based On Trusted Network For CBTC Systems

With the application of network and information components,Communication-based Train Control(CBTC)systems are facing serious security risks.Intrusion Detection System(IDS)can detect attacks in time and improve the security protection capability of CBTC systems.However,the existing researches ignore the security and trust issues of the IDS.Once the IDS is attacked,the security protection capability of the system will be seriously damaged.This dissertation focuses on the intrusion detection method of CBTC based on the trusted network.The trusted network theory and methods are introduced into the IDS of CBTC systems.The framework of trusted IDS is established from two aspects,the network structure and the working mechanism.A trust evaluation method is adopted which combines direct trust and recommended trust.The intrusion detection methods are designed based on the trusted framework,which effectively improves the credibility of the intrusion detection results.Among them,Auto Regression(AR)is used to set up detection models based on network traffic.And Back Propagation(BP)neural network is used to build detection models based on packets.The main work of the paper is as follows:(1)The characteristics of CBTC are analyzed,including network topology,communication protocols,and so on.The security vulnerabilities and typical cyber attacks in CBTC are studied.The causes of untrustworthy IDS are analyzed.Finally,an intrusion detection scheme is proposed.(2)The framework of IDS based on the trusted network is established.The improved fuzzy comprehensive evaluation method is applied to calculate the direct trust degree through collecting trust evaluation factors of IDS nodes.Fuzzy logic inference method is used to transfer and merge recommended trust information.Both the direct trust degree and the recommended trust infromation are used to comprehensively evaluate the trust degree of IDS nodes.A reward and punishment mechanism is proposed to defense against malicious recommendation attacks.With trust management methods,the performance of IDS and the credibility of the detection results can be guaranteed.(3)Based on the constructed framework of IDS,the detection methods are studied.On the one hand,an improved AR algorithm that can dynamically adjust the threshold is proposed.The improved AR algorithm is adopted to detect abnormal traffic based on the extracted traffic statistical features.The trusted detection results of multiple IDS nodes are used to trace the source of attacks.On the other hand,the BP neural network algorithm is used to classify the packets based on the extracted packet characteristics.(4)An experimental environment is set up to create the data set for the training,verifying and trust evaluation of the IDS.Then the detection performance and credibility of the proposed method are evaluated in the designed attack scenarios.The simulation results show that the proposed IDS has good detection performance and high real-time performance in credible and uncredible scenarios,where the true positive rate is 98.91%,and the F1 score is 99.18.The proposed method can effectively identify attacks in CBTC and distinguish abnormal behaviors of IDS.The intrusion detection method of CBTC based on the trusted network can effectively improve the security protection capability of CBTC systems.This thesis includes 50 figures,13 tables,90 references.