| Ethernet-based train communication network(ETCN)has become the first choice for on-board control networks because of its high communication rate and strong compatibility.However,it is precisely because of the openness of Ethernet technology that the security problems of the train control network have gradually increased,the network protocol has more obvious vulnerabilities,and the hardware interface integrated by the equipment components is easier to be broken.Intrusion detection technology can effectively detect hidden attack behaviors and timely warnings,which is an important part of the network security protection system.The existing intrusion detection technology is more sui Tab.for traditional information networks and is difficult to fully port to ETCN.In order to realize network anomaly identification and attack identification,this paper proposes an Ethernet intrusion detection method based on anomaly and characteristics,and the main research contents are as follows:(1)Research on the network structure and protocol characteristics of ETCN.Based on the internal vulnerability and external attack vectors of ETCN,the operation principle and data characteristics of typical ETCN attacks are analyzed.Aiming at the special requirements and design principles of ETCN intrusion detection,an overall intrusion detection scheme for network traffic and packets is proposed.(2)Research on efficient discrimination methods for abnormal behavior.According to the traffic fluctuation characteristics under ETCN attack,two types of directional intrusion detection methods are designed.Aiming at scenarios where traffic fluctuates significantly under network attacks,this paper designs a residual screening and detection module.The statistical features that can distinguish between normal activities and abnormal behaviors are selected and extracted,and an intrusion detection method based on differential integrated moving average autoregressive model is designed to realize normal flow fitting and abnormal flow discrimination.Aiming at the scenario of moderate traffic fluctuation under network attacks,this topic designs a traffic characteristic detection module.By network traffic preprocessing,the horizontal data volume and vertical traffic characteristics are reduced dimensionality,and an intrusion detection method based on the improved gradient boosting decision tree algorithm is designed to achieve the goal of determining unknown abnormal behavior.(3)Research on accurate identification methods for multi-category attacks.Based on packets,an intrusion detection review method is designed that can refine the attack category.Firstly,an intrusion detection method based on natural gradient boosting is designed to achieve accurate detection of vehicle data.Secondly,three modules for feature optimization and detection are designed,including a packet analysis module for protocol analysis and feature matching,an intrusion detection module for configuring optimal parameters,and a detection and evaluation module for calculating performance indicators.Finally,the filtering function based on alarm rules is designed.(4)Design and implementation of intrusion detection visualization software and experimental verification in different scenarios.Build an ETCN semi-physical experimental platform and self-built intrusion dataset ETCN-OP.On this basis,the intrusion detection interface of human-computer interaction is designed,including the front-end traffic module,the back-end packet module,and the front-end alarm module.The effect of anomaly discrimination and attack identification is tested under a single model,and the overall detection performance of the multimode fusion intrusion detection system is verified. |