A Novel Intrusion Detection Model Using a Fusion of Network and Device States for Communication-Based Train Control Systems

Security is crucial in cyber-physical systems (CPS). As a typical CPS, the communication-based train control (CBTC) system is facing increasingly serious cyber-attacks. Intrusion detection systems (IDSs) are vital to protect the system against cyber-attacks. The traditional IDS cannot distinguish between cyber-attacks and system faults. Furthermore, the design of the traditional IDS does not take the principles of CBTC systems into consideration. When deployed, it cannot effectively detect cyber-attacks against CBTC systems. In this paper, we propose a novel intrusion detection method that considers both the status of the networks and those of the equipment to identify if the abnormality is caused by cyber-attacks or by system faults. The proposed method is verified on a hardware-in-the-loop simulation platform of CBTC systems. Simulation results indicate that the proposed method has achieved 97.64% true positive rate, which can significantly improve the security protection level of CBTC systems.