面向铁路客票系统的网络流量检测技术

doi:10.3969/j.issn.1671-1122.2024.01.014

摘要/Abstract

摘要：

随着互联网技术的发展，网络承载的业务越来越重要，传统设备级网管、监控面临着更大挑战，定位故障困难导致的业务损失难以控制，需要更全面的监控和分析手段来提升效率和保障能力。传统的通过静态规划匹配的网络异常检测方法在动态、复杂的网络环境中难以检测出未知异常和攻击类型，不能满足网络安全检测的需求。网络中的业务较多，依靠主动检测方式会给业务服务器带来新的负载压力，特别是应用层流量来自私有协议时，由于不能解码，进一步增大了检测和分析的难度。文章基于铁路客票系统提出一种面向铁路客票系统的网络流量检测技术，该技术可以计算流量主要特征对应的信息熵，并根据多个检查点历史流量的信息熵取值集合判断合法性，在兼顾流量内部特征以及流量间关系的情况下，取得更好的业务流量检测效果。

关键词: 铁路客票系统, 信息熵, 主成分分析, 检查点

Abstract:

As networks become increasingly complex, the services carried by the network are becoming more and more important. Traditional device-level network management and monitoring are facing increasing challenges. It was difficult to locate problem boundaries and control the business losses caused by faults. More comprehensive monitoring and analytical means control are needed to improve efficiency and capabilities. The traditional network anomaly detection method through static planning and matching is difficult to detect unknown anomalies and attack types in dynamic and complex network environments, and cannot meet the requirements of network security detection. In addition, services in the network, relying on active detection methods, will bring new load pressure to the service server. Especially when the application layer traffic is generated by encryption or private protocols, the inability to decode further increases the difficulty of detection and analysis. Based on the railway ticketing system, this paper proposed a network traffic detection technology for railway ticketing system. It could calculate the information entropy corresponding to the characteristic that affects the traffic, and judge it based on the information entropy value set of historical traffic at multiple checkpoints. Whether it was legal or not, this method comprehensively considers the internal characteristics of traffic and the relationship between traffic, and achieved better business traffic detection results.

Key words: railway ticketing system, information entropy, principal component analysis, checkpoint

中图分类号:

TP309

胡金华. 面向铁路客票系统的网络流量检测技术[J]. 信息网络安全, 2024, 24(1): 143-149.

HU Jinhua. Network Traffic Detection Technology for Railway Ticketing System[J]. Netinfo Security, 2024, 24(1): 143-149.

图/表 7

图1

图2

图3

图4

表1

表2

图5

参考文献 14

[1]	WANG Huili, YAO Xiangzhen, REN Zejun. Research on Security Protection System of Key Information Infrastructure[J]. Secrecy Science and Technology, 2019(7): 20-24.
	王惠莅, 姚相振, 任泽君. 关键信息基础设施安全防护体系研究[J]. 保密科学技术, 2019(7): 20-24.
[2]	SHAO Jinman. On the Protection of Critical Information Infrastructure[D]. Shanghai: Shanghai Jiao Tong University, 2018.
	邵金满. 试论关键信息基础设施保护[D]. 上海: 上海交通大学, 2018.
[3]	ZHAO Yingming, ZHANG Dedong, CHEN Xun, et al. Research on the Safety Management Center of Railway Ticketing System with Level Protection 2.0[J]. Railway Computer Application, 2020, 29(8): 24-27.
	赵英明, 张德栋, 陈勋, 等. 等级保护2.0的铁路客票系统安全管理中心研究[J]. 铁路计算机应用, 2020, 29(8): 24-27.
[4]	ZHAO Yingming, ZHANG Dedong, XU Dongping, et al. Research on Risk Assessment of Railway Ticket Sales and Booking System[J]. Railway Transport and Economy, 2020, 42(1): 72-76, 83.
	赵英明, 张德栋, 徐东平, 等. 铁路客票发售与预订系统风险评估研究[J]. 铁道运输与经济, 2020, 42(1): 72-76, 83.
[5]	JOGLEKAR S P, TATE S R. Protomon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention[C]//IEEE. International Conference on Information Technology:Coding and Computing (ITCC 2004). New York: IEEE, 2004: 81-88.
[6]	ZHANG Jun, CHEN Xiao, XIANG Yang, et al. Robust Network Traffic Classification[J]. IEEE/ACM Transactions on Networking, 2014, 23(4): 1257-1270. doi: 10.1109/TNET.2014.2320577 URL
[7]	KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: Multilevel Traffic Classification in the Dark[J]. ACM SIGCOMM Computer Communication Review, 2005, 35(4): 229-240. doi: 10.1145/1090191.1080119 URL
[8]	GROVER A, LESKOVEC J. Node2vec: Scalable Feature Learning for Networks[C]// ACM. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM, 2016: 855-864.
[9]	TAYLOR V F, SPOLAOR R, CONTI M, et al. Robust Smartphone App Identification via Encrypted Network Traffic Analysis[J]. IEEE Transactions on Information Forensics and Security, 2017, 13(1): 63-78. doi: 10.1109/TIFS.2017.2737970 URL
[10]	LI Bing, HAN Rui, HE Yigang, et al. Application of Improved Random Forest Algorithm in Fault Diagnosis of Motor Bearings[J]. Proceedings of the CSEE, 2020, 40(4): 1310-1319.
	李兵, 韩睿, 何怡刚, 等. 改进随机森林算法在电机轴承故障诊断中的应用[J]. 中国电机工程学报, 2020, 40(4): 1310-1319.
[11]	ZHOU Yang, WANG Chunlin, GUO Rui. A Data Center Operation and Maintenance Anomaly Alarm Method Based on Random Forest Algorithm[J]. Modern Electronics Technique, 2023, 46(8): 143-148.
	周杨, 王春林, 郭锐. 基于随机森林算法的数据中心运维异常告警方法[J]. 现代电子技术, 2023, 46(8): 143-148.
[12]	HAO Shuai, WANG Huaixiu, LIU Zuiliang. A Collapse Column Identification Model Based on K-Means SMOTE and Random Forest Algorithm[J]. Safety in Coal Mines, 2023, 54(2): 174-180.
	郝帅, 王怀秀, 刘最亮. 基于K-Means SMOTE和随机森林算法的陷落柱识别模型[J]. 煤矿安全, 2023, 54(2): 174-180.
[13]	ZHAO Jiayuan, LU Zhongyu, LIU Xinyu, et al. A Knowledge Retrieval Optimization Algorithm Based on Improved Random Forest[J]. Software Guide, 2023, 22(3): 36-41.
	赵佳媛, 卢中玉, 刘鑫宇, 等. 一种基于改进随机森林的知识检索优化算法[J]. 软件导刊, 2023, 22(3): 36-41.
[14]	DONG Yongfeng, DONG Yanqi, ZHANG Yajuan. Improved SMOTE Algorithm for Imbalanced Datasets[J]. Journal of Hebei University of Technology, 2022, 51(6): 40-46.
	董永峰, 董彦琦, 张亚娟. 面向不平衡数据集的改进SMOTE算法[J]. 河北工业大学学报, 2022, 51(6): 40-46.

实例名称	NVIDIA A10G Tensor Core GPU	VCPU	内存/GB	本地存储/GB	EBS 带宽/Gbps	网络带宽 /Gbps
g5.xlarge	1	4	16	250	最高3.5	最高10
g5.2xlarge	1	8	32	450	最高3.5	最高10
g5.4xlarge	1	16	64	600	8	最高25
g5.8xlarge	1	32	128	1900	16	25
g5.12xlarge	4	48	192	3800	16	40
g5.16xlarge	1	64	256	1900	16	25
g5.24xlarge	4	96	384	3800	19	50
g5.48xlarge	8	192	768	7600	19	100

类别	应用
传输协议	ftps、scp、Skype
浏览器	Firefox、Chrome
邮件	SMTPS、POP3S、IMAPS
聊天	ICQ、AIM、Skype、Facebook、Hangouts、Gmail、voipbuster
音视频	Vimeo、Youtube、Netflix、spotify
语音	Facebook、Skype、Hangouts发起的通话（时长为1h）
Torrent	uTorrent、Transmission

[1]	马敏, 付钰, 黄凯. 云环境下基于秘密共享的安全外包主成分分析方案[J]. 信息网络安全, 2023, 23(4): 61-71.
[2]	石乐义, 徐兴华, 刘祎豪, 刘佳. 一种改进概率神经网络的工业控制系统安全态势评估方法[J]. 信息网络安全, 2021, 21(3): 15-25.
[3]	刘奕, 李建华, 张一瑫, 孟涛. 基于特征属性信息熵的网络异常流量检测方法[J]. 信息网络安全, 2021, 21(2): 78-86.
[4]	彭长根, 赵园园, 樊玫玫. 基于最大信息系数的主成分分析差分隐私数据发布算法[J]. 信息网络安全, 2020, 20(2): 37-48.
[5]	杨威超, 郭渊博, 钟雅, 甄帅辉. 基于设备型号分类和BP神经网络的物联网流量异常检测[J]. 信息网络安全, 2019, 19(12): 53-63.
[6]	尹心明, 胡正梁, 陈国梁, 黄海晔. 基于设备指纹决策树分类的IP视频专网入网检测方案研究[J]. 信息网络安全, 2016, 16(12): 68-73.
[7]	戚名钰, 刘铭, 傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全, 2015, 15(2): 15-18.
[8]	沈长达，尤俊生，钱镜洁. TrueCrypt加密容器快速检测技术[J]. 信息网络安全, 2014, 14(9): 220-222.
[9]	. 基于两个方向二维核主成分分析的手指静脉识别[J]. , 2014, 14(4): 51-.
[10]	. 基于信息熵的网络流量信息结构特征研究[J]. , 2014, 14(3): 28-.
[11]	严承华;程晋;樊攀星. 基于信息熵的网络流量信息结构特征研究[J]. , 2014, 14(3): 0-0.
[12]	王小鸥;李琳. 计算机网络中Markov信息熵的证明[J]. , 2012, 12(5): 0-0.
[13]	张新超;董建锋;张婧. 主成份分析在网络流量异常检测中的应用研究[J]. , 2012, 12(1): 0-0.
[14]	郑辉. 基于KPCA组合核函数SVM的网络危险因素识别[J]. , 2010, (2): 0-0.
[15]	孙子文;周治平;李慧. 基于小波子带特征函数矩和主成分分析的图像隐写分析方法[J]. , 2009, 9(7): 0-0.