基于双向AC算法的列车通信网络异常入侵检测系统设计  被引量：2

作　　者：贾寒霜 张卡 杨碎明 JIA Hanshuang;ZHANG Ka;YANG Suiming(School of Civil and Railway Engineering,Xi an Traffic Engineering Institute,Xi an 710300,China;China National Chemical Engineering No.14 Construction Co.,Ltd.,Nanjing 210044,China)

机构地区：[1]西安交通工程学院土木与铁道工程学院,西安710300 [2]中国化学工程第十四建设有限公司,南京210044

出　　处：《计算机测量与控制》2024年第8期14-19,共6页Computer Measurement &Control

基　　金：西安交通工程学院2023年度中青年基金项目(2023KY-43)。

摘　　要：列车通信网络异常流量的类型和形式多样化,特征提取难度较大,异常入侵检测效果较差,为此,设计基于双向AC算法的列车通信网络异常入侵检测系统;采集层利用网络数据采集器,在列车通信网络内,采集列车通信网络信息;存储层以分布式存储、列式存储与结构化存储方式,存储采集的信息;分析层利用协议解析模块,解析信息,得到符合规范的信息;其中,深度包过滤模块利用白名单技术深度包过滤符合规范的信息,提取关键信息;入侵特征模式提取模块能够在关键信息内提取异常入侵特征模式;特征模式匹配模块利用双向AC算法,自动匹配提取的特征模式与入侵特征模式库内的特征模式;入侵响应模块通过分析自动匹配结果,完成列车通信网络异常入侵检测;可视化层以可视化的报表形式,呈现异常入侵检测结果;实验结果表明,该系统可有效采集列车通信网络信息,完成异常入侵特征模式提取,该系统可快速自动匹配异常入侵特征模式,异常入侵检测精度较高。There are the characteristics of diverse types and forms of abnormal traffic,difficult feature extraction,and poor effectiveness of abnormal intrusion detection in train communication networks.Therefore,a train communication network abnormal intrusion detection system based on bidirectional AC algorithm is designed.The collection layer utilizes a network data collector to collect train communication network information within the train communication network;The storage layer stores the collected information through the distributed storage,columnar storage,and structured storage methods;The analysis layer utilizes a protocol parsing module to parse the information and obtain the information that meets the specifications.Among them,the deep packet filtering module applies a whitelist technology to filter the compliant information and extract the key information;The intrusion feature pattern extraction module can extract abnormal intrusion feature patterns from the key information;The feature pattern matching module utilizes the bidirectional AC algorithm to automatically match the extracted feature patterns with the feature patterns in the intrusion feature pattern library;The intrusion response module completes abnormal intrusion detection in the train communication network by analyzing the automatic matching results.The visualization layer presents anomaly intrusion detection results in the form of visual reports.Experimental results show that the system can effectively collect train communication network information and extract abnormal intrusion feature patterns.The system can quickly and automatically match abnormal intrusion feature patterns,with a high accuracy of abnormal intrusion detection.

关 键 词：双向AC算法 列车通信网络 异常入侵 检测系统 采集器 协议解析 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]