Yajie Song,Bing Bu,Li Zhu

DOI: https://doi.org/10.3390/electronics9010181

IF: 2.9

2020-01-01

Electronics

Abstract:Security is crucial in cyber-physical systems (CPS). As a typical CPS, the communication-based train control (CBTC) system is facing increasingly serious cyber-attacks. Intrusion detection systems (IDSs) are vital to protect the system against cyber-attacks. The traditional IDS cannot distinguish between cyber-attacks and system faults. Furthermore, the design of the traditional IDS does not take the principles of CBTC systems into consideration. When deployed, it cannot effectively detect cyber-attacks against CBTC systems. In this paper, we propose a novel intrusion detection method that considers both the status of the networks and those of the equipment to identify if the abnormality is caused by cyber-attacks or by system faults. The proposed method is verified on a hardware-in-the-loop simulation platform of CBTC systems. Simulation results indicate that the proposed method has achieved 97.64% true positive rate, which can significantly improve the security protection level of CBTC systems.

Wei Zhang,Bing Bu,Hongwei Wang

DOI: https://doi.org/10.1109/itsc.2019.8917488

2019-01-01

Abstract:Communication-based train control (CBTC) technologies are widely applied in order to improve the efficiency and safety of urban rail transit systems. With the increase of informatization and automation through utilization of communication, computer and control technologies, amounts of potential security vulnerabilities are introduced into CBTC systems, where malicious attacks could be implemented. Some attacks, such as data tampering attacks cannot be efficiently detected by traditional intrusion detection systems (IDS), which can affect the safety operation of CBTC systems, e.g., rear-end collisions. Based on the operation principles and information exchange characteristics of CBTC systems, the paper firstly proposes a model to measure the effects of data tampering attacked on trains, and an intrusion detection method is developed based on the running status of the train through Kalman filter and χ 2 detector. The method improves the χ 2 detector to detect data tampering attacks and continuously output alarms during the attack. The improved method has higher accuracy and a lower false negative rate.

Wei Li,Zengwei Yan,Renwei He,Liming Zong,Fan Zhang,Yanjun Zhan

DOI: https://doi.org/10.1109/iwcmc55113.2022.9824972

2022-01-01

Abstract:Wireless communication is the basis for ensuring the safe and efficient operation of rail transit trains. The advantages of 5G technology such as high reliability, high speed and low latency make it a very broad application prospect in the field of rail transit. However, 5G networks also face corresponding security threats in application, such as various network attacks. The communication-based train control (CBTC) systems are vulnerable to network attacks, which can easily lead to emergency braking or collision of trains when it was attacked. In order to protect network security, the intrusion detection systems (IDS) can be used. The IDS currently applied to the CBTC systems have problems such as low detection rate and high false rate. Therefore, this paper proposes an intrusion detection system based on machine learning, and simulates the real network environment by using KDD99 data. First, the data is preprocessed and feature extracted. Then two methods of decision tree and neural network are used to train the classifiers. In addition, the multiple classifiers are trained on the basis of the binary classifiers. Finally, we test the performance of the classifiers. The results show that the classifiers have a good detection accuracy of network traffic.

Bing Gao,Bing Bu

DOI: https://doi.org/10.1109/access.2019.2958198

IF: 3.9

2019-01-01

IEEE Access

Abstract:At present, the train-ground communication system based on the wireless communication protocol is a very important component of communication-based train control (CBTC) systems in intelligent transportation. Its information security is worthy of attention. In order to guarantee the security of the train-ground communication system, this paper proposes an improved AdaBoost multi-classification intrusion detection method based on the n-gram model. First, the n-gram model is used to model the state transitions of the IEEE 802.11 protocol. Then, a typical normal behavior set and typical abnormal behavior sets are obtained by learning and they can portray typical behaviors of their respective classes. Furthermore, a similarity measure algorithm is proposed to construct AdaBoost weak classifiers, which improves the classification effect of AdaBoost algorithm. At last, an AdaBoost multi-classification algorithm is presented to detect and identify the attacks. Experiments prove that the algorithm can effectively detect and distinguish attack types in the train-ground communication system.

Xueqian Chen,Bing Bu,Xuetao Yang

DOI: https://doi.org/10.1007/978-981-15-2866-8_29

2019-01-01

Abstract:With the application of advanced network and computer technologies, communication-based train control (CBTC) systems are facing increasingly serious security risks. Intrusion detection can help detect attacks of CBTC systems and avoid major accidents. The traditional intrusion detection systems (IDS) do not consider the characteristics of CBTC systems, so they cannot be applied to CBTC systems directly. In this paper, we analyze the characteristics of network data of CBTC systems and propose an IDS based on network traffic and packets to detect typical attacks of CBTC systems, such as the denial of service (DoS) and data tempering attacks. The self-organizing maps (SOM) neural networks are used to improve the density-based spatial clustering of applications with noise (DBscan) method since DBscan only can detect anomalies offline with low detection rate. By testing on a simulation platform of CBTC systems, it is verified that the designed IDS is suitable for CBTC systems for its great detection performance and real-time performance.

Liru Hu,Bing Bu

DOI: https://doi.org/10.1109/itsc48978.2021.9564592

2021-01-01

Abstract:The existing intrusion detection system (IDS) does not consider the security and credibility problem of its own. An IDS captured by cyber attackers may generate lots of malicious alarms which will seriously impact the operation of communication-based train control (CBTC) systems. In this paper, we analyze the information exchange characteristics of CBTC systems and propose an IDS based on distributed trusted infrastructure. The method of relative entropy is adopted for intrusion detection. In addition, a trust evaluation model is developed based on the fuzzy theory to evaluate the credibility of IDSs. Simulation results show that the proposed IDS can effectively detect the malicious alarms and eliminate their effects on the operation of CBTC systems. The detection rate can reach over 95%.

Yajie Song,Bing Bu,Xuetao Yang

DOI: https://doi.org/10.1007/978-981-15-2914-6_16

2020-01-01

Abstract:Communication-based train control (CBTC) is considered as the main organ of urban rail transit systems, which is facing increasingly serious security threats. Intrusion detection systems (IDS) are crucial for security protection. This paper reports the design principles and evaluation results of a novel hybrid intrusion detection system which is suitable for CBTC systems. This hybrid method combines the advantages of the high true positive rate of network-based IDS (NIDS) and the ability of host-based IDS (HIDS) to monitor system behavior, where decision tree and critical state analysis are used, respectively. The proposed method is verified on a semi-physical simulation platform of CBTC and the experiments show that the designed scheme can detect intrusions accurately with a 97.8% detection rate.

Bing Gao,Bing Bu,Xiaoxuan Wang

DOI: https://doi.org/10.1109/tits.2022.3192510

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:In recent years, intelligent transportation systems and automatic train control technologies have been developed rapidly. The communication-based train control (CBTC) system through train-to-train communications is very important in the intelligent transportation system and it uses wireless communication links to transmit the train control commands. However, the CBTC system is sensitive to information security attacks. Therefore, a comprehensive resilient control strategy is proposed for the CBTC system under Denial of Service (DoS) attacks. As a cyber physical system, the CBTC system includes two layers. In the communication layer, a strongly robust train-to-train communication topology is proposed which adopts a bidirectional communication strategy and a three times communication protocol to achieve the goal of resisting multi-channel DoS attacks. In the physical layer, an observer-based distributed intrusion detection method is firstly proposed to detect the attack. Further, a resilient control method based on a distributed state observer of the leader train is proposed to avoid triggering the train safety protection mechanism frequently. Finally, simulation results prove that the proposed comprehensive resilient control algorithm is effective in the CBTC system.

He Lu,Yanan Zhao,Yajing Song,Yang Yang,Guanjie He,Haiyang Yu,Yilong Ren

DOI: https://doi.org/10.1007/s10586-024-04376-9

2024-04-14

Cluster Computing

Abstract:Communication-based train control (CBTC) system is a typical cyber-physical system with open wireless communication that is vulnerable to attacks. To protect the security of wireless communication in the CBTC system, machine learning-based intrusion detection system (IDS) has been extensively researched. However, the performance of a machine learning-based IDS highly depends on feature design, and the spatial and temporal correlation of network data attributes makes it difficult to design features manually. Meanwhile, this type of IDS can only detect known attacks that are contained in the training dataset and fail to detect new attacks (i.e., zero-day attacks). To cope with the above issue, we propose a novel IDS based on transfer learning for the CBTC system. The proposed IDS leverages an optimized one-dimensional convolutional neural network block and long short-term memory to automatically extract spatial and temporal features from the original data. Furthermore, a knowledge transfer method is utilized to transfer the features to enable zero-day attack detection. We evaluate the proposed IDS on a dataset representing the CBTC system network data. The results show that the proposed IDS can achieve 99.32% accuracy for known attacks and 93.21% average F1-Score for zero-day attacks.

computer science, information systems, theory & methods

Hao Liang,Li Zhu,F. Richard Yu,Xuan Wang

DOI: https://doi.org/10.1109/TITS.2022.3211020

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Due to the high integration of wireless communication and networking technologies, the communication-based train control (CBTC) systems are exposed to additional cyber-attack surfaces, allowing sophisticated attackers to combine cyber attack vectors with physical attack means to achieve malicious goals. Notably, the decentralized authentication features are missing in existing communication protocols which make the CBTC be easily compromised by data tampering attacks, and lead to serious operational accidents. With outstanding advantages in decentralized authentication, blockchain provides new effective solutions for decentralized identity authentication in CBTC. Consequently, it is critical to study the complex physical consequences of cyber breaches from a cross-layer defense perspective. In this paper, we propose a novel cross-layer defense method for cyber security in blockchain empowered CBTC against data tampering attacks. In the physical layer, the joint Kalman filter and chi(2) detector is proposed for the train state estimation and detection. In the cyber layer, an asymmetric encryption-based secure communication protocol with identity authentication and the blockchain-based distributed key management system with the adaptive consensus mechanism are designed for data communication security. Considering the unavailable direct observation of the CBTC cyber security states, a partially observable Markov (POMDP) decision model is constructed to derive the optimal adaptive consensus strategies for balancing cyber security and efficiency. Extensive simulation results show that the proposed blockchain empowered CBTC cross-layer defense method can effectively improve the cyber security protection capability and minimize the impact of data tampering attacks on the train operation.

Ruifeng Duo,Xiaobo Nie,Ning Yang,Chuan Yue,Yongxiang Wang

DOI: https://doi.org/10.1109/access.2021.3055209

IF: 3.9

2021-01-01

IEEE Access

Abstract:Real-time Ethernet has been applied to train control and management system (TCMS) of 250km/h Fuxing Electric Multiple Units (EMUs) and some urban rail vehicles. The openness of the Ethernet communication protocol poses a risk of intrusion attacks on the train communication network. It is, therefore, necessary that a safety protection technology is introduced to the train communication network based on real-time Ethernet. In this paper, a train communication network intrusion detection system based on anomaly detection and attack classification is proposed. Firstly, the paper built an anomaly detection model based on support vector machines (SVM). The particle swarm optimization-support vector machines (PSO-SVM), and genetic algorithm-support vector machines (GA-SVM) optimization algorithms are used to optimize the kernel function parameters of SVM. Secondly, the paper built two attack classification models based on random forest. They are iterative dichotomiser3 (ID3) and classification and regression tree (CART). And then, the built intrusion detection and attack classification model is tested by using the public data set knowledge discovery and data mining-99(KDD-99) and the data set of the simulation train real-time Ethernet test bench. PSO-SVM improves the intrusion detection accuracy from 90.3% to 95.75%, GA-SVM improves the detection accuracy from 90.3% to 95.85%. The training time of the PSO-SVM algorithm was higher than that of the GA-SVM algorithm, and much higher than that of the SVM, without optimization. Both ID3 and CART models are verified valid in the attack classification, while the ID3 algorithm obtained 100% accuracy on the training set, and only 32.89% accuracy on the test set, ID3 has a poor classification accuracy of the data outside of the training set. Also, the classification time is very long for ID3 compared with CART. So the comprehensive experimental results show that the intrusion detection system of train real-time Ethernet can use the GA-SVM model for detection of abnormal data. After passing the normal data, the CART model can be used to distinguish between the types of attacks to better complete subsequent responses and operations. Compared with the anomaly detection model based on SVM, the proposed model improves intrusion detection accuracy. And the proposed attack classification algorithm based on CART can improve the computing speed while ensuring the precision of classification.

Yang Li,Wei Xiukun,Wen Chenglin

DOI: https://doi.org/10.23919/cje.2022.00.248

IF: 1.019

2023-01-01

Chinese Journal of Electronics

Abstract:The communication-based train control system is the safety guarantee for automatic train driving. Wireless communication brings network security risks to the communication-based train control system. The eavesdropping of the transmitted information by unauthorized third-party personnel will lead to the leakage of the estimated value of the system state, which will lead to major accidents. This paper focuses on solving the problem of defense against eavesdropping threats and proposes an eavesdropping defense architecture. This defense architecture includes a coding mechanism based on punishing eavesdroppers, an information upload trigger mechanism based on contribution, and a random information transmission strategy, and provides a guarantee for the privacy protection of information. This research makes three contributions. First, it is the first attempt to construct an information encoding mechanism with punishing eavesdroppers as the objective function; Second, for the first time, an information upload trigger mechanism based on contribution is proposed; Third, the strategy of random transmission of information is proposed. The proposed method in this paper is verified by taking the medium and low-speed maglev train as the object. The experimental results show that, compared with Gaussian noise and non-Gaussian noise mechanisms, the coding mechanism proposed in this paper can not only protect the security of information but also make the estimation error of eavesdroppers tend to be infinite. Using the state estimation error as a metric, the average growth rate of the state estimation error of the system using the trigger mechanism in this paper is less than 2% while improving the security of the system. The transmission strategy in this paper does not increase the system state estimation error while improving the security of the system.

Li Zhu,Yang Li,F. Richard Yu,Bin Ning,Tao Tang,Xiaoxuan Wang

DOI: https://doi.org/10.1109/tits.2020.3005931

IF: 8.5

2021-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Communication-based Train Control (CBTC) systems are the burgeoning directions for developing future train control systems. With the adoption of wireless communication and network techniques, train control systems are more vulnerable to cyber-attacks. Notably, the jamming attacks, aiming at the handoff process that is the weakest part of train ground communication systems, will cause long disruption of communication. It will have a severe impact on train control operation efficiency. Current research regarding industry control system security is hard to model the impact of the jamming attacks on the train control system quantitatively, and current countermeasure schemes against jamming attacks are not designed for the operating mechanism of train control systems. This paper first builds the train control security state transition probability model under jamming attacks. A cross-layer defense scheme is then proposed from the aspect of the physical layer, the cyber layer and the management layer. In the physical layer, this paper designs a model prediction control algorithm to track dynamic target signals, in the hopes of eventually tracking the dynamic target quickly and smoothly. In the cyber layer, a multi-stage and zero-sum stochastic game model is built for the channel selection for the attack and the defense, whereby the channel selection randomized policy will be obtained. In the management layer, a dynamic train travel speed profile generation algorithm is proposed to mitigate the jamming attacks' impact on train control systems. Extensive simulation results are shown that jamming attack impact on CBTC can be mitigated effectively with our proposed cross-layer defense scheme.

Zhongru Wang,Xinzhou Xie,Lei Chen,Shouyou Song,Zhongjie Wang

DOI: https://doi.org/10.1109/tits.2021.3127681

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The exploration of the intrusion detection effect of urban rail transit management system aims to further improve the safety performance of the traffic field in urban construction. Thus, the deep convolution neural network model AlexNet with more network layers and stronger learning ability is adopted and improved, to ensure the safe operation of urban rail transit. Meanwhile, the GRU (Gate Recurrent Unit) neural network is introduced into the improved AlexNet to build an intrusion detection model of urban rail transit management system. Finally, the model performance is verified through the collected data and simulation experiments. Through the comparative analysis of the model and other scholars’ models in related fields, the recognition accuracy of intrusion detection of the intrusion detection model reaches 96.00%, which is at least 1.55% higher than that of other neural network models. Besides, its training time is stable at about 55.05 seconds, and the test time is stable at about 22.17 seconds. Moreover, the analysis result of data transmission security performance indicates that the data message delivery rate of this model is more than 80%, the data message leakage rate and packet loss rate are less than 10%, and the average delay is basically stable at about 350 milliseconds. Therefore, the constructed model can achieve high data transmission security performance under the premise of ensuring prediction accuracy, which can provide experimental basis for improving the safety performance of rail transit systems in smart cities.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Hao Fengping,Li Yi,Wang Jingjing

DOI: https://doi.org/10.1117/12.3013387

2023-01-01

Abstract:Communication network is an important part of social life, but it is extremely vulnerable to various network attacks, and the energy of data nodes in the network is limited, and abnormal behavior in the network cannot be detected in the highdimensional traffic data mode. Therefore, an intrusion behavior detection method based on machine learning algorithm was proposed to detect attack behavior in communication network in real time. Firstly, through the restricted Boltzmann machine algorithm model of machine learning, high-dimensional traffic data features are extracted and dimension reduction operation is carried out. Then, combined with the characteristics of communication network cluster structure, a multi-layer support vector machine classification model is established to detect network abnormal state. Finally, the public intrusion detection data set is used to verify the proposed intrusion behavior detection model. The experimental results show that the detection accuracy of the model for network traffic can reach 99.63%, in order to provide reference for further research on intrusion behavior detection methods in the future.

Zhang Kanghao,Wang Hongwei,Cui Dongliang

DOI: https://doi.org/10.1109/cac51589.2020.9327069

2020-01-01

Abstract:Communication-based train control (CBTC) is the main method of railway signaling systems applying wireless communication to improve capacity by realizing the moving block. Due to the large adoption of Commercial Off-The-Shelf and the multiple interconnections with other service systems of railways, CBTC systems are facing increasing and severe information security challenges. However, there have been few studies highlighting the situation awareness of CBTC systems. This paper is intended to achieve the information security situation of CBTC systems quantitatively based on mass audit data, where the four dynamic features are both considered with the Gaussian Hidden Markov Model, the dynamic performance of critical equipment of CBTC systems is described. Baum-Welch algorithm is applied to obtain the optimal parameter of the model. Then, the forward algorithm is adopted to determine the probability distribution of hidden states. Moreover, we develop a method for an integrated SA value of CBTC systems based on entropy weight. The simulation results show the availability of the proposed approach.

Wenhao Wu,Bing Bu

DOI: https://doi.org/10.3390/electronics8090991

IF: 2.9

2019-01-01

Electronics

Abstract:Communication-based train controls (CBTC) systems play a major role in urban rail transportation. As CBTC systems are no longer isolated from the outside world but use other networks to increase efficiency and improve productivity, they are exposed to huge cyber threats. This paper proposes a generalized stochastic Petri net (GSPN) model to capture dynamic interaction between the attacker and the defender to evaluate the security of CBTC systems. Depending on the characteristics of the system and attack–defense methods, we divided our model into two phases: penetration and disruption. In each phase, we provided effective means of attack and corresponding defensive measures, and the system state was determined correspondingly. Additionally, a semiphysical simulation platform and game model were proposed to assist the GSPN model parameterization. With the steady-state probability of the system output from the model, we propose several indicators for assessing system security. Finally, we compared the security of the system with single defensive measures and multiple defensive measures. Our evaluations indicated the significance of the defensive measures and the seriousness of the system security situation.

Hui-Yu DONG,Tao TANG,Hong-Wei WANG

DOI: https://doi.org/10.16383/j.aas.c180374

2019-01-01

Abstract:With the wide application of computer, communication and control technologies in train operation control system, the degree of automation and informatization of urban rail transit is continuously improved. However, universal computer equipment and communication technologies adopted by the method of CBTC (communication-based train control) bring serious security risks to the CBTC system. In view of this, it is of great significance to quantify and dynamically evaluate the information security risks of CBTC system. In this paper, a topology model of CBTC networks is built according to the characteristics of equipment and communication links. Combining the capacity loss from performance changes of train control under security risks, the 2D structural information entropy is constructed, which can comprehensively characterize the cyber space and physical space features, to model and evaluate the information security risks of CBTC system. Finally, with a hardware-in-the-loop simulation platform for urban rail transit CBTC security, the effectiveness and accuracy of the proposed approach are verified.

Yang Li,Li Zhu,Hongwei Wang,F. Richard Yu,Shichao Liu

DOI: https://doi.org/10.1109/tits.2020.3030496

IF: 8.5

2020-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:While communication-based train control (CBTC) systems play a crucial role in the efficient and reliable operation of urban rail transits, its high penetration level of communication networks opens doors to Man-in-the-Middle (MitM) attacks. Current researches regarding MitM attacks do not consider the characteristics of CBTC systems. Particularly, the limited computing capability of the on-board computers prevents the direct implementation of most existing intrusion detection and defense algorithms against the MitM attack. In order to tackle this dilemma, in this article, we first introduce edge intelligence (EI) into CBTC systems to enhance the computing capability of the system. A cross-layer defense scheme, which includes the detection and defense stages, are proposed next. For the cross-layer detection stage, we propose a Long Short-Term Memory (LSTM) and Support Vector Machine (SVM) based detection method to combine the detection probability calculated from the train control parameter sequence and operation log files. For the cross-layer defense stage, we construct a Bayesian game based defense model to derive the optimal defense policy against MitM attacks. To further improve the accuracy of the defense scheme as well as optimize the communication resource allocation scheme, we propose an optimal communication resource allocation scheme based on the Asynchronous Advantage Actor-Critic (A3C) algorithm at last. Extensive simulation results show that the proposed scheme achieves excellent performance in defending against MitM attacks.