Rule-based anomaly detection for railway signalling networks

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI:10.1016/j.ijcip.2023.100603

Markus Heinrich , Arwed Gölz , Tolga Arul , Stefan Katzenbeisser

{"title":"Rule-based anomaly detection for railway signalling networks","authors":"Markus Heinrich , Arwed Gölz , Tolga Arul , Stefan Katzenbeisser","doi":"10.1016/j.ijcip.2023.100603","DOIUrl":null,"url":null,"abstract":"<div><p><span>We propose a rule-based anomaly detection<span> system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands to perform semantic attacks by issuing licit but mistimed control messages. The system as well mitigates the effects of a signal box compromised by an attacker with the same effect. We consider an attacker that could cause train derailments and collisions, if our </span></span>countermeasure<span> is not employed. We apply safety principles of railway operation to create a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects mistimed control messages against light signals, points and train detection systems that lead to derailments and collisions without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.</span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100603"},"PeriodicalIF":4.1000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548223000161","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 5

Abstract

We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands to perform semantic attacks by issuing licit but mistimed control messages. The system as well mitigates the effects of a signal box compromised by an attacker with the same effect. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to create a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects mistimed control messages against light signals, points and train detection systems that lead to derailments and collisions without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.

查看原文本刊更多论文

基于规则的铁路信号网络异常检测

我们提出了一种基于规则的铁路信号异常检测系统，该系统可以减轻Dolev Yao攻击者的攻击，该攻击者能够通过发布合法但时机不对的控制消息来注入控制命令以执行语义攻击。该系统还以同样的效果减轻了被攻击者破坏的信号盒的影响。如果我们不采取对策，我们认为攻击者可能会导致列车脱轨和碰撞。我们应用铁路运营的安全原则创建了一个分布式异常检测系统，用于检查信号和点上的传入命令。所提出的异常检测系统针对光信号、点和列车检测系统检测定时错误的控制信息，这些信息会导致脱轨和碰撞，而不会产生误报，而与正常列车运行相比，它只需要少量的网络通信和延迟开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.