Technical gazette, Vol. 28 No. 4, 2021.
Preliminary communication
https://doi.org/10.17559/TV-20210414030120
Anomaly Detection Based on Multiple Streams Clustering for Train Real-Time Ethernet
Jing Liu*
orcid.org/0000-0002-8240-0459
; Beijing Mass Transit Railway Operation Corporation Limited, Beijing, China
Yunjuan Peng
; School of Software Engineering, Beijing Jiaotong University, Beijing, China
Dalin Zhang
; School of Software Engineering, Beijing Jiaotong University, Beijing, China
Abstract
With the increasing traffic of train communication network (TCN), real-time Ethernet becomes the development trend. However, Train Control and Management System (TCMS) is inevitably faced with more security threats than before because of the openness of Ethernet communication protocol. It is necessary to introduce effective security mechanism into TCN. Therefore, we propose a train real-time Ethernet anomaly detection system (TREADS). TREADS introduces a multiple streams clustering algorithm to realize anomaly detection, which considers the correlation between the data dimensions and adopts the decay window to pay more attention to the recent data. In the experiment, the reliability of TREADS is tested based on the TRDP data set collected from the real network environment, and the models of anomaly detection algorithms are established for evaluation. Experimental results show that TREADS can provide a high reliability guarantee, besides, the algorithm can detect and analyze network anomalies more efficiently and accurately.
Keywords
anomaly detection; decay window; multiple streams; real-time Ethernet
Hrčak ID:
260860
URI
Publication date:
22.7.2021.
Visits: 1.354 *