摘要
列车内部的主机设备搭载Linux嵌入式操作系统,外部应用需要执行系统调用来访问系统内核。随着列车通信网络的兼容性和开放性不断提升,车载主机设备存在遭受网络攻击的风险。当网络攻击发生时,恶意程序同样会通过系统调用与内核产生交互并留下相应痕迹,因此可基于系统调用序列实现车载主机设备的入侵检测。文章分析了Linux系统结构和系统调用序列的原理,设计了包含特征提取、特征词袋处理、特征逆频率处理和特征降维的原始数据特征处理方法,构建了基于网格搜索-K近邻(Grid Search-K-Nearest Neighbor, GS-KNN)的入侵检测模型。试验证明,文章提出的方法准确率达到了96.62%,相较于其他轻量级算法存在优势,能够实现网络入侵的有效检测。
Linux embedded operating system is installed on the host devices on the train.All the external applications need to access the kernel via system calls.With the increasing compatibility and openness of the train communication network,there is a risk of cyberattacks on the train-mounted host devices.In case of a cyberattack,the malware will interact with the kernel via the system call and leave a trace.Therefore,the train-mounted host device intrusion can be detected based on system call sequence.In this paper,the structure of Linux system and the principle of system call sequence were analyzed,the original data feature processing methods including feature extraction,bag-of-words,inverse-frequency processing and dimension reduction were designed,and an intrusion detection model based on Grid Search-K-Nearest Neighbor(GS-KNN)was created.The experimental results show that the accuracy of the method designed in this paper is 96.62%,and the method has certain advantages compared with other lightweight algorithms and can detect the network intrusion effectively.
作者
王雪
王立德
王彪
许书娴
王冲
WANG Xue;WANG Lide;WANG Biao;XU Shuxian;WANG Chong(School of Electrical Engineering,Beijing Jiaotong University,Beijing 100044,China)
出处
《机车电传动》
北大核心
2023年第6期106-113,共8页
Electric Drive for Locomotives
基金
中国国家铁路集团有限公司科技研究开发计划重点课题(N2020J007)。