SPR: Malicious traffic detection model for CTCS-3 in railways

Siyang Zhou , Wenjiang Ji , Xinhong Hei , Zhongwei Chang , Yuan Qiu , Lei Zhu , Xin Wang

High-speed Railway ›› 2025, Vol. 3 ›› Issue (2) : 105 -115.

PDF (8826KB)
High-speed Railway ›› 2025, Vol. 3 ›› Issue (2) : 105 -115. DOI: 10.1016/j.hspr.2025.04.001
Research article
research-article

SPR: Malicious traffic detection model for CTCS-3 in railways

Author information +
History +
PDF (8826KB)

Abstract

The increasingly complex and interconnected train control information network is vulnerable to a variety of malicious traffic attacks, and the existing malicious traffic detection methods mainly rely on machine learning, such as poor robustness, weak generalization, and a lack of ability to learn common features. Therefore, this paper proposes a malicious traffic identification method based on stacked sparse denoising autoencoders combined with a regularized extreme learning machine through particle swarm optimization. Firstly, the simulation environment of the Chinese train control system-3, was constructed for data acquisition. Then Pearson coefficient and other methods are used for pre-processing, then a stacked sparse denoising autoencoder is used to achieve nonlinear dimensionality reduction of features, and finally regularization extreme learning machine optimized by particle swarm optimization is used to achieve classification. Experimental data show that the proposed method has good training performance, with an average accuracy of 97.57 % and a false negative rate of 2.43 %, which is better than other alternative methods. In addition, ablation experiments were performed to evaluate the contribution of each component, and the results showed that the combination of methods was superior to individual methods. To further evaluate the generalization ability of the model in different scenarios, publicly available data sets of industrial control system networks were used. The results show that the model has robust detection capability in various types of network attacks.

Keywords

CTCS-3 / Malicious traffic detection / Generalized features / Stacked sparse denoising autoencoder / Regularized extreme learning machine

Cite this article

Download citation ▾
Siyang Zhou, Wenjiang Ji, Xinhong Hei, Zhongwei Chang, Yuan Qiu, Lei Zhu, Xin Wang. SPR: Malicious traffic detection model for CTCS-3 in railways. High-speed Railway, 2025, 3(2): 105-115 DOI:10.1016/j.hspr.2025.04.001

登录浏览全文

4963

注册一个新账户 忘记密码

CRediT authorship contribution statement

Siyang Zhou: Conceptualization. Wenjiang Ji: Supervision. Xinhong Hei: Supervision. Zhongwei Chang: Supervision. Yuan Qiu: Supervision. Lei Zhu: Supervision. Xin Wang: Visualization, Software.

Data Availability

Data will be made available on request.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

J. Lv, W. Lu, T. Wang, et al., The search-based mutation testing of the Chinese train control system level 3 on board a train control system, IEEE Intell. Transp. Syst. Mag. 14 (5) (2022) 41-58.
[2]

Y. Zhang, H. Wang, T. Yuan, et al., Hybrid online safety observer for CTCS-3 train control system on-board equipment, IEEE Trans. Intell. Transp. Syst. 20 (3) (2019) 925-934.
[3]

Z.J. Yu, T. Tang, K.C. Li, et al., Overview of development trends of intelligent high- speed rail train control systems, J. China Railw. Soc. 46 (1) (2024) 1-12. (in Chinese)
[4]

W. Guo, Z.J. Ren, J. Liu, et al., Signal safety communication protocol for high-speed train control system based on 5G architecture, J. China Railw. Soc. 44 (9) (2022) 55-64. (in Chinese)
[5]

S.W. Zheng, Analysis and discussion on the causes of C2 network storm in Zhengzhou-Xi’an high-speed, Railw. Signal. Commun. 51 (6) (2015) 77-78+ 95. (in Chinese)
[6]

W. Guo, L.S. Yan, X.M. Wang, et al., Security analysis of railway signal safety communication protocol II, J. China Railw. Soc. 38 (8) (2016) 50-56. (in Chinese)
[7]

Y.X. Lai, Z.H. Liu, X.T. Cai, et al., Research on intrusion detection of industrial control system, J. Commun. 38 (2) (2017) 143-156. (in Chinese)
[8]

K.L. Li, Z.L. Zhi, Z.D. Zhou, et al., Decision tree algorithm-based API misuse detection, Comput. Sci. 49 (11) (2022) 30-38. (in Chinese)
[9]

W. Yang, Y. Shan, J. Wang, et al., An industrial network intrusion detection algorithm based on IGWO-GRU, Cluster Comput. 27 (2024) 7199-7217.
[10]

A. Balla, M.H. Habaebi, E.A.A. Elsheikh, et al., Enhanced CNN-LSTM deep learning for SCADA IDS featuring hurst parameter self-similarity, IEEE Access 12 (2024) 6100-6116.
[11]

K. Jin, L. Zhang, Y. Zhang, et al., A network traffic intrusion detection method for industrial control systems based on deep learning, Electronics 12 (2023) 4329.
[12]

D. Sun, L. Zhang, K. Jin, An intrusion detection method based on hybrid machine learning and neural network in the industrial control field, Appl. Sci. 13 (18) (2023) 10455.
[13]

K. Cengiz, S. Lipsa, R.K. Dash, et al., A novel intrusion detection system based on artificial neural network and genetic algorithm with a new dimensionality reduction technique for uav communication, IEEE Access 12 (2024) 4925-4937.
[14]

Y.F. Xie, Q.C. Tian, Intrusion detection analysis of ctcs wireless communication system based on hidden markov model, J.China Railw. Soc. 43 (8) (2021) 73-80. (in Chinese)
[15]

F.Y. Zhang, Automatic detection scheme of abnormal traffic in railway time synchronization network based on classifier combination, Autom. Instrum. (2) (2022) 186-189. (in Chinese)
[16]

Y.P. Zhang, X. Li, L. Lan, et al., Research on big-data-based anomaly detection system of railway time synchronization network, J. Railw. Sci. Eng. 17 (2) (2020) 306-313. (in Chinese)
[17]

Q.C. Li, B. Bu, J.Y. Zhao, et al., Research on situation awareness of train control system based on SVD Entropy and SVM joint algorithm, J. China Railw. Soc. 43 (1) (2021) 100-106. (in Chinese)
[18]

K.Y. Tian, Abnormal behavior detection method of railway signal safety data network, Master’s thesis, Beijing: Beijing Jiaotong University, 2021. (in Chinese)
[19]

R.F. Duo, X.B. Nie, N. Yang, et al., Anomaly detection and attack classification for train real-time Ethernet, IEEE Access 9 (2021) 22528-22541.
[20]

G.B. Huang, Q.Y. Zhu, C.K. Siew, Extreme learning machine: A new learning scheme of feedforward neural networks, 2004 IEEE International Joint Conference on Neural Networks, IEEE, Budapest, 2005.
[21]

F. Jia, L.Z. Kong, et al., Intrusion detection algorithm based on convolutional neural network, Trans. Beijing Inst. Technol 37 (12) (2017) 1271-1275. (in Chinese)
[22]

K.M. He, X.Y. Zhang, S.Q. Ren, et al., Deep residual learning for image recognition, 2016 IEEE Conference on Computer Vision and Pattern Recognition, IEEE, Las Vegas, 2016.
[23]

T. Morris W. Gao Industrial control system traffic data sets for intrusion detection research 8th IFIP WG 11.10 International Conference, ICCIP, Arlington, 2014.
[24]

I. Sharafaldin, A.H. Lashkari, S. Hakak, et al., Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy, 2019 International Carnahan Conference on Security Technology (ICCST), IEEE, Chennai, 2019.
[25]

M. Tavallaee, E. Bagheri, W. Lu, et al., A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, Ottawa, 2009.
[26]

N. Moustafa, J. Slay, The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set, Inf. Secur. J.: A Glob. Perspect. 25 (1-3) (2016) 18-31.
[27]

W.R. Bai, F. Wei, G.Y. Zheng, et al., Study on intrusion detection algorithm based on TCN-BiLSTM, Comput. Sci. 50 (S2) (2023) 941-948. (in Chinese)
[28]

Y.Y. Song, N. Luktarhan, Z. Shi, A novel network intrusion detection method based on TCN, BiGRU and attention mechanism, Electronics 12 (13) (2023) 2849.
[29]

Y. Lin, J. Wang, Y. Tu, et al., Time-related network intrusion detection model: A deep learning method, 2019 IEEE Global Communications Conference (GLOBECOM), IEEE, Waikoloa, 2019.
[30]

B. Cao, C. Li, Y. Song, et al., Network intrusion detection model based on CNN and GRU, Appl. Sci. 12 (9) (2022) 4184.
[31]

J. Gao, Network intrusion detection method combining CNN and BiLSTM in cloud computing environment, Comput. Intell. Neurosci. 2022 (1) (2022) 7272479.
AI Summary AI Mindmap
PDF (8826KB)

368

Accesses

0

Citation

Detail
Sections
Recommended

AI思维导图

/