基于APT特征的铁路网络安全性能研究  

作　　者：郭梓萌 朱广劼 杨轶杰 司群 GUO Zimeng;ZHU Guangjie;YANG Yijie;SI Qun(Postgraduate Department,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China;Institute of Computing Technologies,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)

机构地区：[1]中国铁道科学研究院集团有限公司研究生部,北京100081 [2]中国铁道科学研究院集团有限公司电子计算技术研究所,北京100081

出　　处：《信息网络安全》2024年第5期802-811,共10页Netinfo Security

基　　金：中国国家铁路集团有限公司科技研究开发计划[K2022W010]。

摘　　要：为了探究新网络安全形势下APT攻击对铁路网络安全造成的影响,文章首先分析APT攻击特点,提出融合APT过程的杀伤链模型,并据此总结APT攻击特点及对铁路网络安全可能产生的影响;然后分析铁路网络架构,对铁路外部服务网架构进行研究;最后根据提出的铁路网络模型图进行APT攻击建模,详细分析连接过程和连接指数,通过连接指数反映网络性能,进而展示网络攻击对网络安全性能的影响。仿真实验结果表明,APT攻击的发起对网络性能造成了显著不利影响,APT攻击产生后,非法用户的网络连接指数平均提升5倍以上。对比实验表明,APT攻击产生后,非法用户的连接指数比普通网络攻击平均提升2倍以上,这表明APT攻击的影响更加严重。In order to explore the impact of APT attacks on railway network security under the new network security situation,the article first analyzed the characteristics of APT attack,proposed the killing chain model integrating APT process,and summarized the characteristics of APT and its possible impact on railway network security based on this.Then analyzed the railway network architecture,selected the railway external network architecture.Finally,based on the proposed railway network model diagram,conducted APT attack modeling,analyzed the connection process and connection index in detail,reflected network performance through the connection index,and then demonstrated the impact of network attacks on network security performance.The simulation experiment results indicate that,the initiation of APT attacks has a significant adverse impact on network performance,After the APT attack,the average network connection index of illegal users increased by more than 5 times.Comparative experiments have shown that,after the occurrence of APT attacks,the connection index of illegal users is more than twice that of ordinary network attacks on average,indicating that the impact of APT attacks is more severe.

关 键 词：APT攻击 铁路网络系统 网络性能 连接指数 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]