Research on Technical Solution for Railway Advanced Persistent Threat Detection and Traceability

doi:10.3969/j.issn.1673-4440.2024.08.004

Railway Signalling & Communication Engineering ›› 2024, Vol. 21 ›› Issue (8): 21-28.DOI: 10.3969/j.issn.1673-4440.2024.08.004

Previous Articles Next Articles

Research on Technical Solution for Railway Advanced Persistent Threat Detection and Traceability

Hao Jinhui^{1, 2}, Jiang Ming^{1, 2}, Feng Kai^{1, 2}

1. CRSC Research & Design Institute Group Co., Ltd., Beijing 100070, China; 2. Engineering Research Center of Railway Industry of Intelligent and Autonomous Train Control, Beijing 100070, China

Received:2024-03-27 Revised:2024-08-10 Online:2024-08-25 Published:2024-08-25

铁路APT攻击检测和溯源技术方案研究

郝锦晖^1,2，江明^1,2，冯凯^1,2

1．北京全路通信信号研究设计院集团有限公司，北京 100070；
2．列车自主运行智能控制铁路行业工程研究中心，北京 100070

作者简介:郝锦晖（1987—），男，工程师，本科，主要研究方向：铁路信号，邮箱：haojinhui@crscd.com.cn。
基金资助:
国家自然科学基金项目（U2034211）

Abstract

Abstract: Addressing the limitations of traditional defense technologies, and considering the characteristics of railway systems, this research adopts an integrated security defense strategy and achieves organic integration before, during and after an attack event. On the basis of the layered architecture of the railway network, a distributed and hierarchical defense-in-depth design is proposed, and a technical solution for railway network threat perception and traceability for APT is proposed, which achieves the integration of "distributed monitoring-intelligent identification-cross network traceability". Moreover, the laboratory environment for verification is built, which can effectively improve the prevention capabilities of railway systems against APT attacks.

Key words: network security, APT attacks, attack detection, traceability

摘要： 针对传统防御技术的局限性，结合铁路系统特点，采用事前、事中、事后于一体安全防御策略，并将事前、事中、事后有机整合，按照铁路网分层架构，进行分布式、层级化纵深防御设计，提出“分布监测-智能识别-跨网溯源”为一体的铁路APT网络威胁感知与溯源技术方案，并在实验室搭建环境进行验证，可有效提升铁路系统针对APT攻击的防范能力。

关键词: 网络安全, APT攻击, 攻击检测, 溯源

CLC Number:

U284

Hao Jinhui, Jiang Ming, Feng Kai. Research on Technical Solution for Railway Advanced Persistent Threat Detection and Traceability[J]. Railway Signalling & Communication Engineering, 2024, 21(8): 21-28.

郝锦晖, 江明, 冯凯. 铁路APT攻击检测和溯源技术方案研究[J]. 铁路通信信号工程技术, 2024, 21(8): 21-28.

Figures/Tables 5

References

[1]国务院.“十四五”现代综合交通运输体系发展规划[EB/OL].（2021-12-09）[2024-03-27]. https://www.gov.cn/zhengce/content/2022-01/18/content_5669049.htm.
[2]罗铭，张日新，李祥，等.城轨交通列控系统渗透测试方法研究[J].中国铁路，2019（2）：94-100.
Luo Ming, Zhang Rixin, Li Xiang, et al. Penetration Test Method for URT Train Control System[J]. China Railway, 2019(2): 94-100.
[3]马俊.高级持续性网攻威胁我国多行业[N/OL]. (2024-01-31)[2024-03-27].https://new.qq.com/rain/a/20240131A00OA500.
[4]杨钰杰，霍云龙.基于Cyber Kill Chain的铁路信息网络安全防御研究[J].铁路计算机应用，2021，30（11）：64-67.
Yang Yujie, Huo Yunlong. Railway Information Network Security Defense Based on Cyber Kill Chain[J]. Railway Computer Application, 2021, 30(11): 64-67.
[5]李想，赵京京.铁路信号安全数据网网络管理系统优化方案研究[J].铁路通信信号工程技术，2023，20（12）：26-30.
Li Xiang, Zhao Jingjing.Research on Optimization Scheme of Network Management System for Railway Vital Signalling Data Networks[J].Railway Signalling & Communication Engineering, 2023,20（12）：26-30.
[6]高思凡，胡立强.城市轨道交通通信系统网络攻击分析与检测[J].城市轨道交通研究，2022，25（8）：93-96.
Gao Sifan, Hu Liqiang. Analysis and Detection of Urban Rail Transit Communication System Network Attack[J]. Urban Mass Transit, 2022, 25(8): 93-96.
[7]田小芳.基于路径追踪的轨道交通系统APT攻击检测研究[J].网络空间安全，2023，14（3）：85-90.
Tian Xiaofang. Research on APT Attack Detection in Railway Transportation Systems Based on Path Tracking[J]. Cyberspace Security, 2023, 14(3): 85-90.
[8]张威武，朱江，马峥巍，等.基于沙箱的恶意文件与APT攻击检测方法改进研究[J].智能物联技术，2022，5（5）：23-31，42.
Zhang Weiwu, Zhu Jiang, Ma Zhengwei, et al. Improvement of Detection Method for Malicious Files and APT Attacks Based on Sandbox[J]. Technology of IoT & AI, 2022, 5(5): 23-31, 42.
[9]刘洋.铁路重载货车检修工控网络安全态势感知平台方案研究[J].信息安全研究, 2019,5(8):673-678.
Liu Yang. Research on Security Situation Awareness Platform of Industrial Control Network for Railway Heavy-Haul Truck Overhaul[J]. Journal of Information Securyity Research, 2019,5(8):673-678.
[10]魏帅，于洪，顾泽宇，等.面向工控领域的拟态安全处理机架构[J].信息安全学报，2017，2（1）：54-73.
Wei Shuai, Yu Hong, Gu Zeyu, et al. Architecture of Mimic Security Processor for Industry Control System[J].Journal of Cyber Security, 2017, 2(1): 54-73.
[11]孙易安,井柯,汪义舟.工业控制系统安全网络防护研究[J].信息安全研究，2017，3（2）：171-176.
Sun Yian, Jing Ke, Wang Yizhou.A Network Security Protection Research for Industrial Control Systems[J].Journal of Information Securyity Research, 2017, 3(2):171-176.
[12]赵澄, 方建辉, 姚明海.工业控制网络中APT攻击检测系统设计[J].计算机测量与控制, 2018, 26(10): 250-254.
Zhao Cheng, Fang Jianhui, Yao Minghai.Design of APT Attack Detection System in Industrial Control Network[J].Computer Measurement & Control,2018,26(10):250-254.
[13]姚星昆，郑先伟.全流量回溯结合APT建模分析技术[J].福州大学学报（自然科学版），2023，51（5）：639-646.
Yao Xingkun, Zheng Xianwei. Full Packet Capture and Retrospective Forensics Combined with APT Modeling and Analysis Technology[J]. Journal of Fuzhou University (Natural Science Edition), 2023, 51(5): 639-646.
[14]魏姗姗.网络攻击追踪溯源技术研究[J].保密科学技术，2023（7）：40-48.
[15]任高明，李纪鑫，孙瑜，等.基于树形计数器的流量测量新方法[J].电子设计工程，2020，28（6）：125-129.
Ren Gaoming, Li Jixin, Sun Yu, et al. A New Method of Flow Measurement Based on Tree Counter[J]. Electronic Design Engineering, 2020, 28(6): 125-129.
[16]刘潮歌，方滨兴，刘宝旭，等.定向网络攻击追踪溯源层次化模型研究[J].信息安全学报，2019，4（4）：1-18.
Liu Chaoge, Fang Binxing, Liu Baoxu, et al. A Hierarchical Model of Targeted Cyber Attacks Attribution[J]. Journal of Cyber Security, 2019, 4(4): 1-18.
[17]魏旻.铁路通信综合网络管理系统网络安全建设的研究[J].铁路通信信号工程技术，2024，21（3）：42-46,88.
Wei Min.Research on Cyber-security of Integrated Network Management System for Railway Communication[J].Railway Signalling & Communication Engineering, 2023, 21(3):42-46,88.

Research on Technical Solution for Railway Advanced Persistent Threat Detection and Traceability

铁路APT攻击检测和溯源技术方案研究

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References

Related Articles 4

Recommended Articles

Metrics

Comments

[1]	Tang Lu. Discussion on Application of Virtual Firewall Technology to Network Security in Railway Communication Network Management [J]. Railway Signalling & Communication Engineering, 2023, 20(12): 61-65.
[2]	Wang Airong. Design and Implementation of Digital Test Information Management System [J]. Railway Signalling & Communication Engineering, 2021, 18(7): 58-62.
[3]	Wang Ying, Zhao Jingjing. Research on Network Security System Solution of Railway Signaling Safety Data Network [J]. Railway Signalling & Communication Engineering, 2021, 18(5): 72-76.
[4]	Tang Zilin, Xiao Lizhi, Wu Yue, Zhou Xuedong. Design of LKJ Wireless Security Communication Device [J]. Railway Signalling & Communication Engineering, 2021, 18(4): 39-42,70.