An Intrusion Detection Method Based on Machine Learning and State Observer for Train-Ground Communication Systems
ABSTARCT :
The communication-based train control (CBTC) system is a typical cyber physical system in urban rail transit.The train-ground communication system is a very important subsystem of the CBTC system and uses the wireless communication protocols to transmit control commands.However, it faces some potential information security risks.To ensure information security of the train-ground communication system, an intrusion detection method based on machine learning and state observer is proposed to detect and recognize various attacks in this paper. The detection system not only detects the anomalies of the wireless network data, but also detects the anomalies of the train physical states.This method includes two layers. The first layer is used to detect and identify wireless network attacks based on machine learning algorithms, such as the random forest algorithm and the gradient boosted decision tree algorithm. The second layer is used to detect the abnormal physical state of train operation based on a state observer. By combining the results of the above two layers, a comprehensive intrusion detection result is given.The simulation results show that the proposed method is effective and practical.
EXISTING SYSTEM :
? The ROC curve is a graphical plot tool that shows the binary classifier’s diagnostic potential as its discrimination threshold is varied and this result denotes the plot of true positive rate (sensitivity) as against false positive rate (1-specificity).
? In the simulation setting in this scenario, we train the methods on Bias and Instant anomaly and then carry out detection process of these trained methods on gradual drift anomaly to validate and generalize the performance of the proposed approach. we observe that the proposed approach shows superior performances over the existing approaches.
DISADVANTAGE :
? IDSs can leverage several techniques to carry out the detection, which can be highly variable in terms of required computational resources. However also edge nodes show high computational resource variability, which could range from a commodity PC with specialized hardware to a Raspberry Pi.
? The problem that may arise is that the requested resources for the IDS to work are too high for the edge node which is running the system, which could add communication latency and could block the whole system execution. On the other hand, an edge node that offers much resources costs more, and if the resources are not exploited by the IDS the extra cost is wasted.
PROPOSED SYSTEM :
? The proposed approach is robust with the aid of DWT and the automatic relevant determination (ARD) mechanism of BDL, and shows an adequate care of the instances of noise/outliers that can cause the detection function to exceed the threshold, assuming that the proposed methodology is devoid of complexity based on the fact that BDL operates with optimized weight as a result of addition of prior to weight of neural network (NN).
? In addition, single and multiple anomalies are considered to access the reliability and robustness of our approach in a realistic network setting.
ADVANTAGE :
? A right choice of the kernel is crucial for obtaining good performance from a SVM.
? However, depending on the data, a good choice for the kernel transformation may be not obvious.
? In the context of IDSs, SVMs have been extensively used. With the soft-margin learning strategy and the exploit of the kernel trick, the SVM technique is a powerful and flexible tool for Supervised Learning systems.
? The SVM requires a fair amount of computational resources during training, not as much of an Artificial Neural Network but more than an instance-based classifier.
|