Rule-based anomaly detection for railway signalling networks

被引：3

作者：

Heinrich, Markus ^{[1
,3
]}

Goelz, Arwed ^{[1
]}

Arul, Tolga ^{[2
]}

Katzenbeisser, Stefan ^{[2
,3
]}

机构：

[1] Tech Univ Darmstadt, Dept Comp Sci, Darmstadt, Germany

[2] Univ Passau, Fac Comp Sci & Math, Passau, Germany

[3] INCYDE Ind Cyber Def GmbH, Berlin, Germany

来源：

INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION | 2023年 / 42卷

关键词：

Critical infrastructure protection; Cyber-physical system; Cybersecurity; Railway signalling; Rule -based anomaly detection; Safety and security co -engineering; Semantic attack; SECURITY; SAFETY;

D O I：

10.1016/j.ijcip.2023.100603

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a DolevYao attacker who is able to inject control commands to perform semantic attacks by issuing licit but mistimed control messages. The system as well mitigates the effects of a signal box compromised by an attacker with the same effect. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to create a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects mistimed control messages against light signals, points and train detection systems that lead to derailments and collisions without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.

引用

页数：11

共 50 条

[1] Rule-Based Anomaly Detection on IP Flows
Duffield, Nick
Haffner, Patrick
Krishnamurthy, Balachander
Ringberg, Haakon
[J]. IEEE INFOCOM 2009 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS, VOLS 1-5, 2009, : 424 - +
[2] Rule-based expert system for maritime anomaly detection
Roy, Jean
[J]. SENSORS, AND COMMAND, CONTROL, COMMUNICATIONS, AND INTELLIGENCE (C3I) TECHNOLOGIES FOR HOMELAND SECURITY AND HOMELAND DEFENSE IX, 2010, 7666
[3] Rule-Based Anomaly Detection Technique Using Roaming Honeypots for Wireless Sensor Networks
Gowri, Muthukrishnan
Paramasivan, Balasubramanian
[J]. ETRI JOURNAL, 2016, 38 (06) : 1145 - 1152
[4] A Rule-based Approach for Anomaly Detection in Subscriber Usage Pattern
Gopal, Rupesh K.
Meher, Saroj K.
[J]. PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, VOL 25, 2007, 25 : 396 - 399
[5] Extracted rule-based technique for anomaly detection in a global network
Azeez, Nureni A.
Victor, Ogunlusi E.
Misra, Sanjay
Damasevicius, Robertas
Maskeliunas, Rytis
[J]. INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2022, 14 (06) : 616 - 637
[6] Rule-based anomaly pattern detection for detecting disease outbreaks
Wong, WK
Moore, A
Cooper, G
Wagner, M
[J]. EIGHTEENTH NATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE (AAAI-02)/FOURTEENTH INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE (IAAI-02), PROCEEDINGS, 2002, : 217 - 223
[7] Rule-based modelling of cellular signalling
Danos, Vincent
Feret, Jerome
Fontana, Walter
Harmer, Russell
Krivine, Jean
[J]. CONCUR 2007 - CONCURRENCY THEORY, PROCEEDINGS, 2007, 4703 : 17 - 41
[8] Rule-based anomaly detection of inter-domain routing system
Zhu, PD
Liu, X
Yang, MJ
Xu, M
[J]. ADVANCED PARALLEL PROCESSING TECHNOLOGIES, PROCEEDINGS, 2005, 3756 : 417 - 426
[9] A knowledge representation meta-model for rule-based modelling of signalling networks
Basso-Blandin, Adrien
Fontana, Walter
Harmer, Russ
[J]. ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2016, (204): : 47 - 59
[10] A rule-based model of insulin signalling pathway
Di Camillo, Barbara
Carlon, Azzurra
Eduati, Federica
Toffolo, Gianna Maria
[J]. BMC SYSTEMS BIOLOGY, 2016, 10

← 1 2 3 4 5 →