欢迎访问铁路通信信号工程技术,今天是 English

铁路通信信号工程技术 ›› 2024, Vol. 21 ›› Issue (8): 21-28.DOI: 10.3969/j.issn.1673-4440.2024.08.004

• • 上一篇    下一篇

铁路APT攻击检测和溯源技术方案研究

郝锦晖1,2,江 明1,2,冯 凯1,2   

  1. 1.北京全路通信信号研究设计院集团有限公司,北京 100070;
    2.列车自主运行智能控制铁路行业工程研究中心,北京 100070
  • 收稿日期:2024-03-27 修回日期:2024-08-10 出版日期:2024-08-25 发布日期:2024-08-25
  • 作者简介:郝锦晖(1987—),男,工程师,本科,主要研究方向:铁路信号,邮箱:haojinhui@crscd.com.cn。
  • 基金资助:
    国家自然科学基金项目(U2034211)

Research on Technical Solution for Railway Advanced Persistent Threat Detection and Traceability

Hao Jinhui1, 2,  Jiang Ming1, 2,  Feng Kai1, 2   

  1. 1. CRSC Research & Design Institute Group Co., Ltd., Beijing 100070, China; 2. Engineering Research Center of Railway Industry of Intelligent and Autonomous Train Control, Beijing 100070, China
  • Received:2024-03-27 Revised:2024-08-10 Online:2024-08-25 Published:2024-08-25

摘要: 针对传统防御技术的局限性,结合铁路系统特点,采用事前、事中、事后于一体安全防御策略,并将事前、事中、事后有机整合,按照铁路网分层架构,进行分布式、层级化纵深防御设计,提出“分布监测-智能识别-跨网溯源”为一体的铁路APT网络威胁感知与溯源技术方案,并在实验室搭建环境进行验证,可有效提升铁路系统针对APT攻击的防范能力。

关键词: 网络安全, APT攻击, 攻击检测, 溯源

Abstract: Addressing the limitations of traditional defense technologies, and considering the characteristics of railway systems, this research adopts an integrated security defense strategy and achieves organic integration before, during and after an attack event. On the basis of the layered architecture of the railway network, a distributed and hierarchical defense-in-depth design is proposed, and a technical solution for railway network threat perception and traceability for APT is proposed, which achieves the integration of "distributed monitoring-intelligent identification-cross network traceability". Moreover, the laboratory environment for verification is built, which can effectively improve the prevention capabilities of railway systems against APT attacks.

Key words: network security, APT attacks, attack detection, traceability

中图分类号: