Research on Railway Network Security Performance Based on APT Characteristics

doi:10.3969/j.issn.1671-1122.2024.05.013

Abstract

Abstract:

In order to explore the impact of APT attacks on railway network security under the new network security situation, the article first analyzed the characteristics of APT attack, proposed the killing chain model integrating APT process, and summarized the characteristics of APT and its possible impact on railway network security based on this. Then analyzed the railway network architecture, selected the railway external network architecture. Finally, based on the proposed railway network model diagram, conducted APT attack modeling, analyzed the connection process and connection index in detail, reflected network performance through the connection index, and then demonstrated the impact of network attacks on network security performance. The simulation experiment results indicate that, the initiation of APT attacks has a significant adverse impact on network performance, After the APT attack, the average network connection index of illegal users increased by more than 5 times. Comparative experiments have shown that, after the occurrence of APT attacks, the connection index of illegal users is more than twice that of ordinary network attacks on average, indicating that the impact of APT attacks is more severe.

Key words: APT attack, railway network system, network performance, connection index

CLC Number:

TP309

GUO Zimeng, ZHU Guangjie, YANG Yijie, SI Qun. Research on Railway Network Security Performance Based on APT Characteristics[J]. Netinfo Security, 2024, 24(5): 802-811.

Figures/Tables 9

References 18

[1]	XIE Lixia, LI Xueou, YANG Hongyu, et al. Multi-Stage Detection Method for APT Attack Based on Sample Feature Reinforcement[J]. Journal on Communications, 2022, 43(12): 66-76. doi: 10.11959/j.issn.1000-436x.2022238
	谢丽霞, 李雪鸥, 杨宏宇, 等. 基于样本特征强化的APT攻击多阶段检测方法[J]. 通信学报, 2022, 43(12):66-76. doi: 10.11959/j.issn.1000-436x.2022238
[2]	LIN Yukun, YU Xinhui, LI Yuancheng, et al. APT Attack Detection of New Type Power Systems Based on Improved CNN[J]. Electric Power Information and Communication Technology, 2023, 21(6): 1-7.
	林玉坤, 于新会, 李元诚, 等. 基于改进CNN的新型电力系统APT攻击检测[J]. 电力信息与通信技术, 2023, 21(6):1-7.
[3]	HOSSAIN M N, MILAJERDI S M, WANG Junao, et al. SLEUTH: Real-Time Attack Scenario Reconstruction from COTS Audit Data[EB/OL]. (2018-01-06)[2024-01-11]. http://arxiv.org/abs/1801.02062v1.
[4]	DONG Chengyu, LYU Mingqi, CHEN Tieming, et al. Heterogeneous Provenance Graph Learning Model Based APT Detection[J]. Computer Science, 2023, 50(4): 359-368. doi: 10.11896/jsjkx.220300040
	董程昱, 吕明琪, 陈铁明, 等. 基于异构溯源图学习的APT攻击检测方法[J]. 计算机科学, 2023, 50(4):359-368. doi: 10.11896/jsjkx.220300040
[5]	LYU Shaohua. Intrusion Prediction Based on Recurrent Neural Networks[D]. Beijing: Beijing Jiaotong University, 2019.
	吕少华. 基于循环神经网络的攻击行为预测研究[D]. 北京: 北京交通大学, 2019.
[6]	LAI Jianhua, TANG Min. Research and Application of User Abnormal Behavior Analysis Method[J]. Software Guide, 2019, 1(8): 181-185.
	赖建华, 唐敏. 用户异常行为分析方法研究与应用[J]. 软件导刊, 2019, 1(8):181-185.
[7]	SUN Yiding, LI Qiang. Towards Discovering Compromised Hosts with Temporal-Spatial Behaviors in Advanced Persistent Threats[J]. Application Research of Computers, 2022, 39(6): 1860-1864.
	孙一丁, 李强. 面向APT时空行为的受损主机检测[J]. 计算机应用研究, 2022, 39(6):1860-1864.
[8]	LIANG He, LI Xin, YIN Nannan, et al. APT Attack Detection Method Combining Dynamic Behavior and Static Characteristics[J]. Computer Engineering and Applications, 2023, 59(18): 249-259. doi: 10.3778/j.issn.1002-8331.2204-0239
	梁鹤, 李鑫, 尹南南, 等. 结合动态行为和静态特征的APT攻击检测方法[J]. 计算机工程与应用, 2023, 59(18):249-259. doi: 10.3778/j.issn.1002-8331.2204-0239
[9]	JI Wenping, WANG Jian, HE Xudong, et al. Malware Analysis Method Based Random Access Memory in Android[C]// Springer. Applications and Techniques in Information Security:11th International Conference, ATIS 2020. Heidelberg: Springer, 2020: 78-94.
[10]	YEOM S, KIM K. Improving Performance of Collaborative Source-Side DDoS Attack Detection[EB/OL]. (2020-10-23)[2024-01-10]. https://ieeexplore.ieee.org/document/9237014.
[11]	ZHOU Xiuying, YE Fanggai, REN Zhu. Security State Estimation and Detection for Denial of Service Attacks[J]. Journal of lnformation Security Research, 2021, 7(1): 69-74.
[12]	YANG Yijie, ZHU Guangjie, YAO Honglei, et al. Analyses of Network Connection Performance under Dynamic Uncertainty of Attack Mode[J]. Computer Simulation, 2024, 41(1): 462-466.
	杨轶杰, 朱广劼, 姚洪磊, 等. 攻击方式动态不确定条件下网络连接性能分析[J]. 计算机仿真, 2024, 41(1):462-466.
[13]	ZHANG Yongzheng, YUN Xiaochun. Network Operation Security Index Classification Model with Multidimensional Attributes[J]. Chinese Journal of Computers, 2012, 35(8): 1666-1674.
	张永铮, 云晓春. 网络运行安全指数多维属性分类模型[J]. 计算机学报, 2012, 35(8):1666-1674.
[14]	Joint Task Force Transformation Initiative. Managing Information Security Risk: Organization, Mission, and Information System View[R]. Gaithersburg: National Institute of Standards and Technology, NIST SP 800-39, 2011.
[15]	ALSHAMRANI A, MYNENI S, CHOWDHARY A, et al. A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities[J]. IEEE Communications Surveys & Tutorials, 2019, 21(2): 1851-1877.
[16]	LYU Guangxu. Research on the Method of APT Attack Traffic Anomaly Detection Based on Machine Learning[D]. Langfang: Institute of Disaster Prevention, 2023.
	吕广旭. 基于机器学习的APT攻击流量异常检测方法研究[D]. 廊坊: 防灾科技学院, 2023.
[17]	FU Yu, LI Hongcheng, WU Xiaoping, et al. Detecting APT Attacks: A Survey from the Perspective of Big Data Analysis[J]. Journal on Communications, 2015, 36(11): 1-14.
	付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11):1-14.
[18]	ZHU Yongsheng, WEI Changshui, ZHANG Xiao. Railway Private Network Architecture and Security Deployment Scheme Based on 5G Public Network[J]. Railway Signalling & Communication, 2023, 59(1): 13-18.
	祝咏升, 魏长水, 张骁. 5G公网铁路专用网络架构及安全部署方案[J]. 铁道通信信号, 2023, 59(1):13-18.

	合法用户	非法用户	疑似非法用户
合法用户	${{P}_{00}}$	${{P}_{01}}$	${{P}_{02}}$
非法用户	${{P}_{10}}$	${{P}_{11}}$	${{P}_{12}}$

	合法用户	非法用户	疑似非法用户
合法用户	${{P}_{00}}$	${{P}_{01}}$	${{P}_{02}}$
非法用户	${{P}_{10}}=1-\gamma {{P}_{11}}+\gamma {{P}_{12}}$	${{P}_{11}}=\gamma {{P}_{11}}$	${{P}_{12}}=\gamma {{P}_{12}}$