信息网络安全 ›› 2024, Vol. 24 ›› Issue (1): 143-149.doi: 10.3969/j.issn.1671-1122.2024.01.014

• 技术研究 • 上一篇    下一篇

面向铁路客票系统的网络流量检测技术

胡金华1,2()   

  1. 1.深圳市永达电子信息股份有限公司,深圳 518000
    2.西南交通大学信息化研究院,成都 610031
  • 收稿日期:2023-06-06 出版日期:2024-01-10 发布日期:2024-01-24
  • 通讯作者: 胡金华 E-mail:butterfly830@139.com
  • 作者简介:胡金华(1979—),男,湖北,硕士,主要研究方向为网络空间安全

Network Traffic Detection Technology for Railway Ticketing System

HU Jinhua1,2()   

  1. 1. Shenzhen Yongda Electronic Information Co., Ltd., Shenzhen 518000, China
    2. Information Technology Research Institute of Southwest Jiaotong University, Chengdu 610031, China
  • Received:2023-06-06 Online:2024-01-10 Published:2024-01-24
  • Contact: HU Jinhua E-mail:butterfly830@139.com

摘要:

随着互联网技术的发展,网络承载的业务越来越重要,传统设备级网管、监控面临着更大挑战,定位故障困难导致的业务损失难以控制,需要更全面的监控和分析手段来提升效率和保障能力。传统的通过静态规划匹配的网络异常检测方法在动态、复杂的网络环境中难以检测出未知异常和攻击类型,不能满足网络安全检测的需求。网络中的业务较多,依靠主动检测方式会给业务服务器带来新的负载压力,特别是应用层流量来自私有协议时,由于不能解码,进一步增大了检测和分析的难度。文章基于铁路客票系统提出一种面向铁路客票系统的网络流量检测技术,该技术可以计算流量主要特征对应的信息熵,并根据多个检查点历史流量的信息熵取值集合判断合法性,在兼顾流量内部特征以及流量间关系的情况下,取得更好的业务流量检测效果。

关键词: 铁路客票系统, 信息熵, 主成分分析, 检查点

Abstract:

As networks become increasingly complex, the services carried by the network are becoming more and more important. Traditional device-level network management and monitoring are facing increasing challenges. It was difficult to locate problem boundaries and control the business losses caused by faults. More comprehensive monitoring and analytical means control are needed to improve efficiency and capabilities. The traditional network anomaly detection method through static planning and matching is difficult to detect unknown anomalies and attack types in dynamic and complex network environments, and cannot meet the requirements of network security detection. In addition, services in the network, relying on active detection methods, will bring new load pressure to the service server. Especially when the application layer traffic is generated by encryption or private protocols, the inability to decode further increases the difficulty of detection and analysis. Based on the railway ticketing system, this paper proposed a network traffic detection technology for railway ticketing system. It could calculate the information entropy corresponding to the characteristic that affects the traffic, and judge it based on the information entropy value set of historical traffic at multiple checkpoints. Whether it was legal or not, this method comprehensively considers the internal characteristics of traffic and the relationship between traffic, and achieved better business traffic detection results.

Key words: railway ticketing system, information entropy, principal component analysis, checkpoint

中图分类号: