Data Analysis for Anomaly Detection to Secure Rail Network

The security, safety and reliability of rail systems are of the utmost importance. In order to better detect and prevent anomalies, it is necessary to accurately study and analyze the network traffic and abnormal behaviors, as well as to detect and alert any anomalies if happened. This paper focuses on data analysis for anomaly detection with Wireshark and packet analysis system. An alert function is also developed to provide an alert when abnormality happens. Rail network traffic data have been captured and analyzed so that their network features are obtained and used to detect the abnormality. To improve efficiency, a packet analysis system is introduced to receive the network flow and analyze data automatically. The provision of two detection methods, i.e., the Wireshark detection and the packet analysis system together with the alert function will facilitate the timely detection of abnormality and triggering of alert in the rail network.

[1]  Ali A. Ghorbani,et al.  Comparative Study of Supervised Machine Learning Techniques for Intrusion Detection , 2007, Fifth Annual Conference on Communication Networks and Services Research (CNSR '07).

[2]  Huaqun Guo,et al.  Cyber-physical authentication for metro systems , 2017, 2017 23rd Asia-Pacific Conference on Communications (APCC).

[3]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[4]  Qinghua Zheng,et al.  Using Renyi Cross Entropy to Analyze Traffic Matrix and Detect DDoS Attacks , 2009 .

[5]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[6]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[7]  David J. Hand,et al.  On Pruning and Averaging Decision Trees , 1995, ICML.

[8]  Yue Yang,et al.  A Novel Network Traffic Model Based on Superstatistics Theory , 2010, 2010 2nd International Workshop on Intelligent Systems and Applications.

[9]  Zhizhong Fu,et al.  A new image thresholding method based on relative entropy , 2002, IEEE 2002 International Conference on Communications, Circuits and Systems and West Sino Expositions.

[10]  Sun Xin DoS detection model base on alive entropy , 2011 .