• • 上一篇    下一篇

基于 BP 神经网络的铁路互联网售票系统信息安全评估方法

姚洪磊%张彦   

  • 基金资助:
    国家自然科学基金[51078353]、铁路科技研究开发计划项目(2011T009、2013T005-C、J2012X002)

Approach of Information Security Assessment for Railway Internet Ticketing System based on BP Model of Artificial Neural Network

YAO Hong-lei%ZHANG Yan   

  • About author:中国铁道科学研究院电子计算技术研究所,北京,100081

摘要: 互联网售票逐步取代了传统售票方式,在铁路运输生产中发挥至关重要的作用,但由于其向互联网提供服务,面临多个层面的安全风险和威胁,受外部攻击、病毒感染等安全威胁日益增大,一旦遭受攻击或其他因素导致系统宕机或终止服务,产生社会负面影响巨大。针对上述威胁,需要安全维护人员运用科学的方法和手段,系统地分析系统所面临的威胁及其存在的脆弱性,评估安全事件一旦发生可能造成的危害程度,提出有针对性的抵御威胁的防护对策和整改措施,将风险控制在可接受的水平,最大限度地保障信息系统安全。人工神经网络具有常规方法所不具备的智能特性,具有自主获取和学习知识的功能,可以较好地处理不确定性和非线性的问题,目前基于人工神经网络的信息安全风险评估在多个行业中已经开展了研究并得到了应用。相对其他人工神经网络模型,BP 神经网络模型具有较强的非线性映射能力和自学习、自适应能力。首先,采用3层的神经网络能够以任意精度逼近任何非线性连续函数,使其适合于求解内部机制复杂的问题;其次,训练时能够通过学习自动提取输出、输出数据间的“合理规则”,并自适应的将学习内容记忆于网络的权值中。因此,文章根据铁路互联网售票系统复杂网络体系结构,采用具有3层结构的 BP 反向传播人工神经网络模型与之对应,准确反映互联网售票系统面临的各类安全威胁,并利用 BP 神经网络良好的自适应性和容错能力,以互联网售票系统面临的安全风险威胁等级值为训练样本,采用已训练的 BP 网络对互联网售票系统进行安全风险评估,设计了基于 BP 神经网络的风险评估模型,仿真结果表明,设计的模型具有很好的自适应性和容错能力,适用于复杂的互联网售票系统网络,实验数据与实际系统风险评估值基本吻合。

Abstract: Railway internet ticketing system had replaced the conventional ticket transaction method which was playing an important part in railway transportation production. As a result of the Internet-based character, railway internet ticketing system was facing several levels of security risks and threats such as overt aggressions and virus infections. Once the system was break down, a great negative impact would be brought to the society. Based on the threats referred, scientific methods and tools need to be used to analyze the threats vulnerability of the system; consequences caused by the security incidents should also be evaluated once the accidents occurred. Protection countermeasures and corrective measures against threats should be proposed to control and mitigate information security risks which should bring the threats to an acceptable level. Artificial neural networks (ANN) has intelligent character such as autonomously access knowledge which can better deal with uncertainty and nonlinear problems, and it had been wildly applied in information security risk assessment in many industries. Compared with other ANN, the BP neural network had a good nonlinear mapping ability including self-learning and adaptive capacities. First, using the 3-layer neural network can approximate any nonlinear arbitrary precision continuous functions, making it suitable for solving complex problems. Second, the output can be automatically extracted "Reasonable Rules" between output data during the training process, and the learning content can adaptively memory the rules on the weights in the network. As a result, an evaluation mode was proposed by using artificial neural network based on BP model in view of safety menace of railway internet ticketing system, the major safety menaces of internet ticketing system were used as the training samples; an experiment was conducted by using the trained BP artificial neural network to evaluate the security of the internet ticketing system. The experiment results show that the proposed evaluation model can indicate the practical status of internet ticketing system precisely. It is highly adaptive and fault-tolerant.