Network Traffic Detection Technology for Railway Ticketing System

doi:10.3969/j.issn.1671-1122.2024.01.014

Abstract

Abstract:

As networks become increasingly complex, the services carried by the network are becoming more and more important. Traditional device-level network management and monitoring are facing increasing challenges. It was difficult to locate problem boundaries and control the business losses caused by faults. More comprehensive monitoring and analytical means control are needed to improve efficiency and capabilities. The traditional network anomaly detection method through static planning and matching is difficult to detect unknown anomalies and attack types in dynamic and complex network environments, and cannot meet the requirements of network security detection. In addition, services in the network, relying on active detection methods, will bring new load pressure to the service server. Especially when the application layer traffic is generated by encryption or private protocols, the inability to decode further increases the difficulty of detection and analysis. Based on the railway ticketing system, this paper proposed a network traffic detection technology for railway ticketing system. It could calculate the information entropy corresponding to the characteristic that affects the traffic, and judge it based on the information entropy value set of historical traffic at multiple checkpoints. Whether it was legal or not, this method comprehensively considers the internal characteristics of traffic and the relationship between traffic, and achieved better business traffic detection results.

Key words: railway ticketing system, information entropy, principal component analysis, checkpoint

CLC Number:

TP309

HU Jinhua. Network Traffic Detection Technology for Railway Ticketing System[J]. Netinfo Security, 2024, 24(1): 143-149.

Figures/Tables 7

References 14

[1]	WANG Huili, YAO Xiangzhen, REN Zejun. Research on Security Protection System of Key Information Infrastructure[J]. Secrecy Science and Technology, 2019(7): 20-24.
	王惠莅, 姚相振, 任泽君. 关键信息基础设施安全防护体系研究[J]. 保密科学技术, 2019(7): 20-24.
[2]	SHAO Jinman. On the Protection of Critical Information Infrastructure[D]. Shanghai: Shanghai Jiao Tong University, 2018.
	邵金满. 试论关键信息基础设施保护[D]. 上海: 上海交通大学, 2018.
[3]	ZHAO Yingming, ZHANG Dedong, CHEN Xun, et al. Research on the Safety Management Center of Railway Ticketing System with Level Protection 2.0[J]. Railway Computer Application, 2020, 29(8): 24-27.
	赵英明, 张德栋, 陈勋, 等. 等级保护2.0的铁路客票系统安全管理中心研究[J]. 铁路计算机应用, 2020, 29(8): 24-27.
[4]	ZHAO Yingming, ZHANG Dedong, XU Dongping, et al. Research on Risk Assessment of Railway Ticket Sales and Booking System[J]. Railway Transport and Economy, 2020, 42(1): 72-76, 83.
	赵英明, 张德栋, 徐东平, 等. 铁路客票发售与预订系统风险评估研究[J]. 铁道运输与经济, 2020, 42(1): 72-76, 83.
[5]	JOGLEKAR S P, TATE S R. Protomon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention[C]//IEEE. International Conference on Information Technology:Coding and Computing (ITCC 2004). New York: IEEE, 2004: 81-88.
[6]	ZHANG Jun, CHEN Xiao, XIANG Yang, et al. Robust Network Traffic Classification[J]. IEEE/ACM Transactions on Networking, 2014, 23(4): 1257-1270. doi: 10.1109/TNET.2014.2320577 URL
[7]	KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: Multilevel Traffic Classification in the Dark[J]. ACM SIGCOMM Computer Communication Review, 2005, 35(4): 229-240. doi: 10.1145/1090191.1080119 URL
[8]	GROVER A, LESKOVEC J. Node2vec: Scalable Feature Learning for Networks[C]// ACM. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM, 2016: 855-864.
[9]	TAYLOR V F, SPOLAOR R, CONTI M, et al. Robust Smartphone App Identification via Encrypted Network Traffic Analysis[J]. IEEE Transactions on Information Forensics and Security, 2017, 13(1): 63-78. doi: 10.1109/TIFS.2017.2737970 URL
[10]	LI Bing, HAN Rui, HE Yigang, et al. Application of Improved Random Forest Algorithm in Fault Diagnosis of Motor Bearings[J]. Proceedings of the CSEE, 2020, 40(4): 1310-1319.
	李兵, 韩睿, 何怡刚, 等. 改进随机森林算法在电机轴承故障诊断中的应用[J]. 中国电机工程学报, 2020, 40(4): 1310-1319.
[11]	ZHOU Yang, WANG Chunlin, GUO Rui. A Data Center Operation and Maintenance Anomaly Alarm Method Based on Random Forest Algorithm[J]. Modern Electronics Technique, 2023, 46(8): 143-148.
	周杨, 王春林, 郭锐. 基于随机森林算法的数据中心运维异常告警方法[J]. 现代电子技术, 2023, 46(8): 143-148.
[12]	HAO Shuai, WANG Huaixiu, LIU Zuiliang. A Collapse Column Identification Model Based on K-Means SMOTE and Random Forest Algorithm[J]. Safety in Coal Mines, 2023, 54(2): 174-180.
	郝帅, 王怀秀, 刘最亮. 基于K-Means SMOTE和随机森林算法的陷落柱识别模型[J]. 煤矿安全, 2023, 54(2): 174-180.
[13]	ZHAO Jiayuan, LU Zhongyu, LIU Xinyu, et al. A Knowledge Retrieval Optimization Algorithm Based on Improved Random Forest[J]. Software Guide, 2023, 22(3): 36-41.
	赵佳媛, 卢中玉, 刘鑫宇, 等. 一种基于改进随机森林的知识检索优化算法[J]. 软件导刊, 2023, 22(3): 36-41.
[14]	DONG Yongfeng, DONG Yanqi, ZHANG Yajuan. Improved SMOTE Algorithm for Imbalanced Datasets[J]. Journal of Hebei University of Technology, 2022, 51(6): 40-46.
	董永峰, 董彦琦, 张亚娟. 面向不平衡数据集的改进SMOTE算法[J]. 河北工业大学学报, 2022, 51(6): 40-46.

实例名称	NVIDIA A10G Tensor Core GPU	VCPU	内存/GB	本地存储/GB	EBS 带宽/Gbps	网络带宽 /Gbps
g5.xlarge	1	4	16	250	最高3.5	最高10
g5.2xlarge	1	8	32	450	最高3.5	最高10
g5.4xlarge	1	16	64	600	8	最高25
g5.8xlarge	1	32	128	1900	16	25
g5.12xlarge	4	48	192	3800	16	40
g5.16xlarge	1	64	256	1900	16	25
g5.24xlarge	4	96	384	3800	19	50
g5.48xlarge	8	192	768	7600	19	100

类别	应用
传输协议	ftps、scp、Skype
浏览器	Firefox、Chrome
邮件	SMTPS、POP3S、IMAPS
聊天	ICQ、AIM、Skype、Facebook、Hangouts、Gmail、voipbuster
音视频	Vimeo、Youtube、Netflix、spotify
语音	Facebook、Skype、Hangouts发起的通话（时长为1h）
Torrent	uTorrent、Transmission