基于双向AC算法的列车通信网络异常入侵检测系统设计
Design of Abnormal Intrusion Detection System for Train Communication Network Based on Bidirectional AC Algorithm
贾寒霜 1张卡 2杨碎明1
作者信息
- 1. 西安交通工程学院土木与铁道工程学院,西安 710300
- 2. 中国化学工程第十四建设有限公司,南京 210044
- 折叠
摘要
列车通信网络异常流量的类型和形式多样化,特征提取难度较大,异常入侵检测效果较差,为此,设计基于双向AC算法的列车通信网络异常入侵检测系统;采集层利用网络数据采集器,在列车通信网络内,采集列车通信网络信息;存储层以分布式存储、列式存储与结构化存储方式,存储采集的信息;分析层利用协议解析模块,解析信息,得到符合规范的信息;其中,深度包过滤模块利用白名单技术深度包过滤符合规范的信息,提取关键信息;入侵特征模式提取模块能够在关键信息内提取异常入侵特征模式;特征模式匹配模块利用双向AC算法,自动匹配提取的特征模式与入侵特征模式库内的特征模式;入侵响应模块通过分析自动匹配结果,完成列车通信网络异常入侵检测;可视化层以可视化的报表形式,呈现异常入侵检测结果;实验结果表明,该系统可有效采集列车通信网络信息,完成异常入侵特征模式提取,该系统可快速自动匹配异常入侵特征模式,异常入侵检测精度较高.
Abstract
There are the characteristics of diverse types and forms of abnormal traffic,difficult feature extraction,and poor effec-tiveness of abnormal intrusion detection in train communication networks.Therefore,a train communication network abnormal intru-sion detection system based on bidirectional AC algorithm is designed.The collection layer utilizes a network data collector to collect train communication network information within the train communication network;The storage layer stores the collected information through the distributed storage,columnar storage,and structured storage methods;The analysis layer utilizes a protocol parsing module to parse the information and obtain the information that meets the specifications.Among them,the deep packet filtering mod-ule applies a whitelist technology to filter the compliant information and extract the key information;The intrusion feature pattern ex-traction module can extract abnormal intrusion feature patterns from the key information;The feature pattern matching module utili-zes the bidirectional AC algorithm to automatically match the extracted feature patterns with the feature patterns in the intrusion fea-ture pattern library;The intrusion response module completes abnormal intrusion detection in the train communication network by an-alyzing the automatic matching results.The visualization layer presents anomaly intrusion detection results in the form of visual re-ports.Experimental results show that the system can effectively collect train communication network information and extract abnor-mal intrusion feature patterns.The system can quickly and automatically match abnormal intrusion feature patterns,with a high accu-racy of abnormal intrusion detection.
关键词
双向AC算法/列车通信网络/异常入侵/检测系统/采集器/协议解析Key words
bidirectional AC algorithm/train communication network/abnormal intrusion/detection system/collector/protocol parsing引用本文复制引用
基金项目
西安交通工程学院2023年度中青年基金项目(2023KY-43)
出版年
2024
NETL
NSTL
万方数据