Font Size: a A A

Host-Based Intrusion Detection Method For Ethernet-based Train Communication Network

Posted on:2024-02-15Degree:MasterType:Thesis
Country:ChinaCandidate:B WangFull Text:PDF
GTID:2542307172992569Subject:Electrical engineering
Abstract/Summary:
As China’s high-speed trains continue to develop towards intelligence and comfort,the demand for data transmission within the train is also increasing.Ethernet-based Train Communication Network(ETCN)has become the new trend in train communication networks with its high-speed communication and convenient networking.In this background,train networking devices have also achieved information interaction with external networks through wireless communication modules,wired hardware interfaces and other ways.But this has also increased the potential risk of network attacks on train networking devices.Host-based intrusion detection methods can effectively detect network attacks and could be deployed on train networking devices to achieve precise protection.Combined with the vulnerability of train networking devices,this dissertation designs host-based intrusion detection methods against different types of network attacks.The main work completed in this dissertation is as follows:(1)Researched the vulnerability of train networking devices.Firstly,this dissertation analyze the internal security risks of on-board equipment,and classify the potential network attacks into three types: denial of service,brute force and host vulnerability.Secondly,the dataset source of host-based intrusion detection is analyzed,MIB data and system call data are selected based on their sensitivity to different types of network attacks.Finally,machine learning algorithms are evaluated from data characteristics,classification performance and model deployment,therefore the overall intrusion detection framework is designed.(2)Designed a host-based intrusion detection method based on Simple Network Management Protocol(SNMP).Firstly,the characteristics of SNMP and MIB are analyzed,and a proprietary dataset ETMIB-ID for train networking devices intrusion detection is constructed.Secondly,the decision tree algorithm is brought in,and different MIB feature indicators are extracted based on the differences between train end devices and train switch devices,then the intrusion detection models for attack categories and attacked devices are correspondingly designed.Finally,testing experiments are conducted on the proprietary ETMIB-ID,key MIB indicators and detection principles are also analyzed.(3)Designed a host-based intrusion detection method based on system call sequences.Firstly,the characteristics of train embedded devices are analyzed,a series of feature extraction methods are designed,which consider the behavioral features and temporal relationships of system call functions.Secondly,an intrusion detection model based on K-Nearest Neighbor(KNN)algorithm is designed,and grid search is used to optimize model parameters.Finally,testing experiments are conducted on the classic ADFA dataset,including anomaly detection and multi-category attack detection.(4)Completed the deployment of intrusion detection models.Firstly,the semiphysical testbed was built,then normal TRDP traffic and simulated network attack are conducted on the testbed.Secondly,original MIB data and system call data are collected from the testbed in both normal and simulated attack traffic.Finally,the host-based intrusion detection models are deployed on the embedded device and validation experiments are conducted.The experimental results indicate that classification evaluation and detection efficiency are satisfied with train networking devices’ requirement.
Keywords/Search Tags:Train Communication Network, Host-based Intrusion Detection, SNMP, System Call Sequences
Related items