基于CB-CNN与分割残差优化的列控系统网络攻击流量检测

Train Control System Network Attack Traffic Detection Based onCB-CNN and Segmentation Residual Optimization

复杂环境中的列控系统容易遭到各类网络流量攻击,现有的攻击流量检测方法往往特征选择差、稳定性较弱,导致检测精度较低。为此,提出一种通道增强卷积神经网络与分割残差优化的攻击流量检测方法。首先通过降噪式自动编码器对正常流量进行建模,同时使用无监督训练将原始特征空间转换为重构特征空间;然后利用通道增强使相关误差向量转化为分类器的多通道输入变量;最后为增加神经网络的特征表示多样性,设计一种多路径的分割残差网络来优化CB-CNN,通过学习不同维度级别的流量特征来优化分类。实验结果表明:所提方法具有较好的训练性能,NSL-KDD数据集与真实铁路安全网络中获得的平均精确率分别为94.573%与96.78%。在误报率较低的同时均具有较好的分类可视化效果。综合对比其他检测方法,提出方法检测实时性较好,能够适用于复杂场景的列控系统网络攻击检测,在噪声存在时具有较好的鲁棒性。

Train control systems are easily attacked by various network attack traffic in complex environments.However,existing attack traffic detection methods often have poor feature selection and weak stabilities,resulting in low detection accuracy.To this end,an attack traffic detection method based on channel boosting convolutional neural network(CB-CNN)and segmentation residual network optimization was proposed.First,a denoising auto-encoder(DAE)was used to model the normal traffic.Meanwhile,unsupervised training was used to transform the original feature space into a reconstructed feature space.Then,channel boosting was proposed to transform the correlation error vector into the multi-channel input variables of the classifier.Finally,a multi-path segmentation residual network was designed to optimize CB-CNN,to increase the diversity of feature representation of neural network.Different dimension levels of traffic features were learned to optimize classification.The experimental results show that the proposed method has better training performance.The average precision rates obtained from NSL-KDD data set and real railway safety networks are 94.573%and 96.78%,respectively.The method achieves a good classification visualization effect while maintaining low false positive rate.In general,compared with other detection methods,the proposed method has better real-time detection and can be applied to train control network attack traffic detection in complex scenes,with better robustness in the presence of noise.