摘要
在铁路5G专网快速发展的背景下,铁路网络信息安全关系到铁路运行安全等方面。但当前成熟的铁路网络安全设备多是针对可能存在的非法入侵、外网干预等外部安全隐患,对于内部使用不当或通信异常带来的安全问题,还未有系统性的检测方法。因此,提出一种可同时进行网络内外异常检测、集流量抓取和数据分析为一体的实时性较强的网络安全审计系统成为迫切需要。设计从网络安全审计的三大关键技术出发,分别对应本系统的数据采集、数据解析、流量识别三个模块,并说明系统在网络中部署的环境与位置。具体运用了eBPF技术抓取网络流量数据包,利用深度学习的数据预处理方法提取其中特征信息,并导入已训练好的ConvLSTM模型中进行预测,最终判断是否出现异常流量。通过两个数据集的实验验证并与传统算法进行对比,此网络安全审计系统针对外部攻击流量的预测准确率可以达到0.97,针对内部通信异常预测准确率为0.96,实现了对外部或内部因素导致的网络流量异常问题的监测与排查,以便快速反应采取进一步措施。针对5G-R场景进行的网络安全审计系统设计和研究可以为未来铁路面临的网络安全挑战提供技术支撑和帮助。
In the context of the rapid development of railway 5G dedicated network,railway network information security is related to railway operation security and other aspects.However,the current established railway network security equipment is mostly for the possible illegal intrusions,external network interventions and other external security risks.While,for the security issues arising from improper internal use or communication anomalies,there is no systematic detection method.Therefore,it is urgent to propose a network security audit system with strong real-time capabilities,which can simultaneously conduct internal and external network anomaly detection,and integrate traffic capture and data analysis.The design starts from the three key technologies of network security audit,corresponding to the three modules of data collection,data parsing and traffic identification of the system,and explains the environment and location of the systems deployment in the network.Specifically,eBPF technology is used to capture network traffic packets,and the feature information is extracted by deep learning data preprocessing method,which is imported into the trained ConvLSTM model for prediction,and finally whether the abnormal traffic occurs is determined.Through experimental verification with two datasets and comparison with traditional algorithms,the prediction accuracy of this network security audit system for external attack traffic can reach 0.97,and the prediction accuracy of internal communication anomalies is 0.96,realizing the monitoring and troubleshooting of network traffic anomalies caused by external or internal factors,so as to take further measures quickly.The design and research of the network security audit system for the 5G-R scenario can provide technical support and assistance for the network security challenges faced by railways in the future.
作者
陈律
李辉
刘畅
CHEN Lyu;LI Hui;LIU Chang(Postgraduate Department,China Academy of Railway Sciences,Beijing 100081,China;Signal and Communication Research Institute,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China;National Research Center of Railway Intelligence Transportation System Engineering Technology,Beijing 100081,China)
出处
《铁道标准设计》
北大核心
2024年第4期203-210,共8页
Railway Standard Design
基金
中国铁道科学研究院集团有限公司科研项目(2022YJ150)
中国国家铁路集团有限公司科技研究开发计划项目(K2022G018)。
