基于APT特征的铁路网络安全性能研究

doi:10.3969/j.issn.1671-1122.2024.05.013

信息网络安全 ›› 2024, Vol. 24 ›› Issue (5): 802-811.doi: 10.3969/j.issn.1671-1122.2024.05.013

基于APT特征的铁路网络安全性能研究

郭梓萌¹, 朱广劼²(), 杨轶杰², 司群²

1.中国铁道科学研究院集团有限公司研究生部，北京 100081
2.中国铁道科学研究院集团有限公司电子计算技术研究所，北京 100081

收稿日期:2024-01-26 出版日期:2024-05-10 发布日期:2024-06-24
通讯作者: 朱广劼 E-mail:guangjie.zhu@rails.cn
作者简介:郭梓萌（2000—），女，陕西，硕士研究生，主要研究方向为网络与信息安全|朱广劼（1974—），男，河南，正高级工程师，硕士，主要研究方向为等级保护、密码安全|杨轶杰（1988—），男，山西，助理研究员，博士，主要研究方向为网络攻击与防御技术、无线网络安全防御|司群（1985—），女，山东，工程师，硕士，主要研究方向为网络安全
基金资助:
中国国家铁路集团有限公司科技研究开发计划(K2022W010)

Research on Railway Network Security Performance Based on APT Characteristics

GUO Zimeng¹, ZHU Guangjie²(), YANG Yijie², SI Qun²

1. Postgraduate Department, China Academy of Railway Sciences Corporation Limited, Beijing 100081, China
2. Institute of Computing Technologies, China Academy of Railway Sciences Corporation Limited, Beijing 100081, China

Received:2024-01-26 Online:2024-05-10 Published:2024-06-24
Contact: ZHU Guangjie E-mail:guangjie.zhu@rails.cn

摘要/Abstract

摘要：

为了探究新网络安全形势下APT攻击对铁路网络安全造成的影响，文章首先分析APT攻击特点，提出融合APT过程的杀伤链模型，并据此总结APT攻击特点及对铁路网络安全可能产生的影响；然后分析铁路网络架构，对铁路外部服务网架构进行研究；最后根据提出的铁路网络模型图进行APT攻击建模，详细分析连接过程和连接指数，通过连接指数反映网络性能，进而展示网络攻击对网络安全性能的影响。仿真实验结果表明，APT攻击的发起对网络性能造成了显著不利影响，APT攻击产生后，非法用户的网络连接指数平均提升5倍以上。对比实验表明，APT攻击产生后，非法用户的连接指数比普通网络攻击平均提升2倍以上，这表明APT攻击的影响更加严重。

关键词: APT攻击, 铁路网络系统, 网络性能, 连接指数

Abstract:

In order to explore the impact of APT attacks on railway network security under the new network security situation, the article first analyzed the characteristics of APT attack, proposed the killing chain model integrating APT process, and summarized the characteristics of APT and its possible impact on railway network security based on this. Then analyzed the railway network architecture, selected the railway external network architecture. Finally, based on the proposed railway network model diagram, conducted APT attack modeling, analyzed the connection process and connection index in detail, reflected network performance through the connection index, and then demonstrated the impact of network attacks on network security performance. The simulation experiment results indicate that, the initiation of APT attacks has a significant adverse impact on network performance, After the APT attack, the average network connection index of illegal users increased by more than 5 times. Comparative experiments have shown that, after the occurrence of APT attacks, the connection index of illegal users is more than twice that of ordinary network attacks on average, indicating that the impact of APT attacks is more severe.

Key words: APT attack, railway network system, network performance, connection index

中图分类号:

TP309

郭梓萌, 朱广劼, 杨轶杰, 司群. 基于APT特征的铁路网络安全性能研究[J]. 信息网络安全, 2024, 24(5): 802-811.

GUO Zimeng, ZHU Guangjie, YANG Yijie, SI Qun. Research on Railway Network Security Performance Based on APT Characteristics[J]. Netinfo Security, 2024, 24(5): 802-811.

图/表 9

图1

图2

图3

表1

图4

表2

图5

图6

图7

参考文献 18

[1]	XIE Lixia, LI Xueou, YANG Hongyu, et al. Multi-Stage Detection Method for APT Attack Based on Sample Feature Reinforcement[J]. Journal on Communications, 2022, 43(12): 66-76. doi: 10.11959/j.issn.1000-436x.2022238
	谢丽霞, 李雪鸥, 杨宏宇, 等. 基于样本特征强化的APT攻击多阶段检测方法[J]. 通信学报, 2022, 43(12):66-76. doi: 10.11959/j.issn.1000-436x.2022238
[2]	LIN Yukun, YU Xinhui, LI Yuancheng, et al. APT Attack Detection of New Type Power Systems Based on Improved CNN[J]. Electric Power Information and Communication Technology, 2023, 21(6): 1-7.
	林玉坤, 于新会, 李元诚, 等. 基于改进CNN的新型电力系统APT攻击检测[J]. 电力信息与通信技术, 2023, 21(6):1-7.
[3]	HOSSAIN M N, MILAJERDI S M, WANG Junao, et al. SLEUTH: Real-Time Attack Scenario Reconstruction from COTS Audit Data[EB/OL]. (2018-01-06)[2024-01-11]. http://arxiv.org/abs/1801.02062v1.
[4]	DONG Chengyu, LYU Mingqi, CHEN Tieming, et al. Heterogeneous Provenance Graph Learning Model Based APT Detection[J]. Computer Science, 2023, 50(4): 359-368. doi: 10.11896/jsjkx.220300040
	董程昱, 吕明琪, 陈铁明, 等. 基于异构溯源图学习的APT攻击检测方法[J]. 计算机科学, 2023, 50(4):359-368. doi: 10.11896/jsjkx.220300040
[5]	LYU Shaohua. Intrusion Prediction Based on Recurrent Neural Networks[D]. Beijing: Beijing Jiaotong University, 2019.
	吕少华. 基于循环神经网络的攻击行为预测研究[D]. 北京: 北京交通大学, 2019.
[6]	LAI Jianhua, TANG Min. Research and Application of User Abnormal Behavior Analysis Method[J]. Software Guide, 2019, 1(8): 181-185.
	赖建华, 唐敏. 用户异常行为分析方法研究与应用[J]. 软件导刊, 2019, 1(8):181-185.
[7]	SUN Yiding, LI Qiang. Towards Discovering Compromised Hosts with Temporal-Spatial Behaviors in Advanced Persistent Threats[J]. Application Research of Computers, 2022, 39(6): 1860-1864.
	孙一丁, 李强. 面向APT时空行为的受损主机检测[J]. 计算机应用研究, 2022, 39(6):1860-1864.
[8]	LIANG He, LI Xin, YIN Nannan, et al. APT Attack Detection Method Combining Dynamic Behavior and Static Characteristics[J]. Computer Engineering and Applications, 2023, 59(18): 249-259. doi: 10.3778/j.issn.1002-8331.2204-0239
	梁鹤, 李鑫, 尹南南, 等. 结合动态行为和静态特征的APT攻击检测方法[J]. 计算机工程与应用, 2023, 59(18):249-259. doi: 10.3778/j.issn.1002-8331.2204-0239
[9]	JI Wenping, WANG Jian, HE Xudong, et al. Malware Analysis Method Based Random Access Memory in Android[C]// Springer. Applications and Techniques in Information Security:11th International Conference, ATIS 2020. Heidelberg: Springer, 2020: 78-94.
[10]	YEOM S, KIM K. Improving Performance of Collaborative Source-Side DDoS Attack Detection[EB/OL]. (2020-10-23)[2024-01-10]. https://ieeexplore.ieee.org/document/9237014.
[11]	ZHOU Xiuying, YE Fanggai, REN Zhu. Security State Estimation and Detection for Denial of Service Attacks[J]. Journal of lnformation Security Research, 2021, 7(1): 69-74.
[12]	YANG Yijie, ZHU Guangjie, YAO Honglei, et al. Analyses of Network Connection Performance under Dynamic Uncertainty of Attack Mode[J]. Computer Simulation, 2024, 41(1): 462-466.
	杨轶杰, 朱广劼, 姚洪磊, 等. 攻击方式动态不确定条件下网络连接性能分析[J]. 计算机仿真, 2024, 41(1):462-466.
[13]	ZHANG Yongzheng, YUN Xiaochun. Network Operation Security Index Classification Model with Multidimensional Attributes[J]. Chinese Journal of Computers, 2012, 35(8): 1666-1674.
	张永铮, 云晓春. 网络运行安全指数多维属性分类模型[J]. 计算机学报, 2012, 35(8):1666-1674.
[14]	Joint Task Force Transformation Initiative. Managing Information Security Risk: Organization, Mission, and Information System View[R]. Gaithersburg: National Institute of Standards and Technology, NIST SP 800-39, 2011.
[15]	ALSHAMRANI A, MYNENI S, CHOWDHARY A, et al. A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities[J]. IEEE Communications Surveys & Tutorials, 2019, 21(2): 1851-1877.
[16]	LYU Guangxu. Research on the Method of APT Attack Traffic Anomaly Detection Based on Machine Learning[D]. Langfang: Institute of Disaster Prevention, 2023.
	吕广旭. 基于机器学习的APT攻击流量异常检测方法研究[D]. 廊坊: 防灾科技学院, 2023.
[17]	FU Yu, LI Hongcheng, WU Xiaoping, et al. Detecting APT Attacks: A Survey from the Perspective of Big Data Analysis[J]. Journal on Communications, 2015, 36(11): 1-14.
	付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11):1-14.
[18]	ZHU Yongsheng, WEI Changshui, ZHANG Xiao. Railway Private Network Architecture and Security Deployment Scheme Based on 5G Public Network[J]. Railway Signalling & Communication, 2023, 59(1): 13-18.
	祝咏升, 魏长水, 张骁. 5G公网铁路专用网络架构及安全部署方案[J]. 铁道通信信号, 2023, 59(1):13-18.

	合法用户	非法用户	疑似非法用户
合法用户	${{P}_{00}}$	${{P}_{01}}$	${{P}_{02}}$
非法用户	${{P}_{10}}$	${{P}_{11}}$	${{P}_{12}}$

	合法用户	非法用户	疑似非法用户
合法用户	${{P}_{00}}$	${{P}_{01}}$	${{P}_{02}}$
非法用户	${{P}_{10}}=1-\gamma {{P}_{11}}+\gamma {{P}_{12}}$	${{P}_{11}}=\gamma {{P}_{11}}$	${{P}_{12}}=\gamma {{P}_{12}}$

基于APT特征的铁路网络安全性能研究

Research on Railway Network Security Performance Based on APT Characteristics

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 18

相关文章 10

编辑推荐

Metrics

本文评价

[1]	李元诚, 罗昊, 王庆乐, 李建彬. 一种基于ATT&CK的新型电力系统APT攻击建模[J]. 信息网络安全, 2023, 23(2): 26-34.
[2]	高庆官, 张博, 付安民. 一种基于攻击图的高级持续威胁检测方法[J]. 信息网络安全, 2023, 23(12): 59-68.
[3]	刘渊, 乔巍. 云环境下基于Kubernetes集群系统的容器网络研究与优化[J]. 信息网络安全, 2020, 20(3): 36-44.
[4]	张家伟, 张冬梅, 黄偲琪. 一种抗APT攻击的可信软件基设计与实现[J]. 信息网络安全, 2017, 17(6): 49-55.
[5]	程三军, 王宇. APT攻击原理及防护技术分析[J]. 信息网络安全, 2016, 16(9): 118-123.
[6]	谈诚, 邓入弋, 王丽娜, 马婧. 针对APT攻击中恶意USB存储设备的防护方案研究[J]. 信息网络安全, 2016, 16(2): 7-8.
[7]	李凤海，李爽，张佰龙，宋衍. 高等级安全网络抗APT攻击方案研究[J]. 信息网络安全, 2014, 14(9): 109-114.
[8]	翟立东;李跃;贾召鹏;郭莉. 融合网络空间的APT威胁检测与防护[J]. , 2013, 13(3): 0-0.
[9]	刘雪飞;王雪飞;王申强. 网络线路数据流量监视的实现[J]. , 2012, 12(11): 0-0.
[10]	苏红旗;王佳;李晓燕. 网络性能测量系统及其架构设计研究[J]. , 2011, 11(6): 0-0.