Research On Intrusion Detection Method Of Train Control System Information Network Based On Random Forest

In recent years,with the rapid development of China’s high-speed railway construction,the corresponding high-speed railway signal system is no longer limited to internal communications only as a proprietary network,more and more communications occur between external contacts.With the emergence of new viruses and attack means,moreover,with the development of high-speed railway information transmission system itself,there is an increasing demand for external data sharing and large-scale data communication.The current railway signal system and the external environment has a very strong interoperability.Therefore,more in-depth research and prevention are needed on information network security for train control system.This paper mainly studies the intrusion detection work of information network security of CTCS-3 train control system,and studies the network security protection measures against network security attacks and internal system vulnerabilities faced by information network security of train control system.This paper studies and analyses the structure composition,security vulnerabilities and protection requirements of information security of the train control system,and conducts the risk assessment of existing information security of the train control system.This paper uses machine learning technology to analyze the characteristics and components of network information flow,considers that a malicious attacker may initiate a large-scale network attack,and studies intrusion detection scheme from the analysis algorithm whether it can be parallelized or not.The main work is as follows:1)This paper first analyses the development and basic status of train control system in our country,and then analyses the specific composition of train control system from the system composition and information transmission system and signal security transmission network.Then,it analyses the existing intrusion risks of train control system,and summarizes the internal and external risks of information network security of train control system.According to these requirements,an intrusion detection and protection mode for network security of train control system information is built for the infrastructure.2)This paper analyses the network traffic generated by the interconnected communication between the Control Technology Center,Computer Based Interlocking and Radio Block Center in the high-speed railway vehicle control virtualization test platform,and establishes the data set with a variety of malicious traffic.The traffic data characteristics of the column control system collected with mixed malicious traffic are analyzed from the protocol level and traffic statistics characteristics.Based on the SBS algorithm,the feature optimization algorithm is introduced to implement the feature filtering model based on the SBS algorithm.3)In this paper,the network traffic generated by train running communication is simulated using the high-speed railway vehicle control virtualization test platform,and malicious network attacks with controllable risks are added as the initial data set,the message structure is analyzed,the feature is optimized and filtered,and the training sample set and training model are constructed.This scheme compares several recognition models,and performs better in accuracy,training time cost and utilization of equipment resources.