| With the continuous development of train communication network technology,the train communication Ethernet(ETCN)has become the preferred in-vehicle network.The characteristics of high speed and large bandwidth of ETCN can meet the transmission needs of multiple types of traffic,which is conducive to the expansion and enrichment of in-vehicle information data.However,due to its own openness,ETCN increases the exposure of the train communication network data transmission and the vulnerability of the network.With the increase of train interaction with the outside world,there is a greater possibility of network attack.In the situation of diversified network attacks,traditional single-type network security products are more and more difficult to meet the network security requirements of train communication Ethernet due to their technical defects.In order to conduct a defense system that combines active and passive characteristics,complementary static and dynamic,and overall linkage,this dissertation proposes an intrusion detection and firewall linkage system based on train communication Ethernet.The main work done in the dissertation is as follows:(1)Research on the basic problem of the train communication Ethernet linkage defense system,which is studied to establish the theoretical basis for the subsequent research.According to the network structure and communication mechanism of ETCN,the network characteristics are studied,and the network security is further analyzed from the vulnerability of ETCN and the threat of typical attacks.Combined with the particularity of ETCN and the linkage defense technology,the key issues of research to be studied are proposed.(2)Research and design the intrusion detection method of train communication Ethernet,which can realize fast and accurate message detection.The intrusion detection method adopts a data-driven method for network data.Firstly,the protocol analysis method is used to carry out deep packet analysis and extract features for network data in train communication Ethernet.Secondly,through the research on the ensemble learning Cat Boost algorithm,the intrusion detection method of train communication Ethernet is designed;finally,the proprietary dataset ETCN-ID is built,the intrusion detection model is constructed,and the evaluation test is carried out.(3)Research and design the linkage defense system of intrusion detection and firewall,and combine the functions of intrusion detection and firewall to realize overall defense.On the basis of analyzing the requirements of the system,the overall framework of the design system is divided into intrusion detection sub-module,firewall submodule and linkage sub-module.The intrusion detection sub-module realizes real-time packet capture,processing,detection and alarming.Combining static and dynamic filtering,the firewall sub-module designs a proprietary double filtering mechanism,i.e.,edge filtering and dynamic rule matching,to realize data interception,which is aiming at the network message of train communication Ethernet.Linkage sub-module can analyze,evaluate intrusion alarms,and realize the configuration of dynamic firewall rules by designing linkage strategies and response methods.(4)Design and realize the visualization software of the linkage defense system for intuitive control and display system.The software sets the intrusion detection subinterface,the firewall sub-interface and the linkage defense sub-interface.Design and build a hardware-in-the-loop experiment platform for train communication Ethernet,which is used to verify the effectiveness of the system functions.The experimental platform simulates the normal operation of the train communication Ethernet,generates different attack scenarios to test each part of the system and verify the effectiveness of each functional module of the system. |
PDF Full Text Request