Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

Springer Nature Link
Log in

A transfer learning-based intrusion detection system for zero-day attack in communication-based train control system

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Communication-based train control (CBTC) system is a typical cyber-physical system with open wireless communication that is vulnerable to attacks. To protect the security of wireless communication in the CBTC system, machine learning-based intrusion detection system (IDS) has been extensively researched. However, the performance of a machine learning-based IDS highly depends on feature design, and the spatial and temporal correlation of network data attributes makes it difficult to design features manually. Meanwhile, this type of IDS can only detect known attacks that are contained in the training dataset and fail to detect new attacks (i.e., zero-day attacks). To cope with the above issue, we propose a novel IDS based on transfer learning for the CBTC system. The proposed IDS leverages an optimized one-dimensional convolutional neural network block and long short-term memory to automatically extract spatial and temporal features from the original data. Furthermore, a knowledge transfer method is utilized to transfer the features to enable zero-day attack detection. We evaluate the proposed IDS on a dataset representing the CBTC system network data. The results show that the proposed IDS can achieve 99.32% accuracy for known attacks and 93.21% average F1-Score for zero-day attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data availability

No datasets were generated or analysed during the current study.

References

  1. Wang, X., Liu, L., Zhu, L., Tang, T.: Joint security and QoS provisioning in train-centric CBTC systems under sybil attacks. IEEE Access 7, 91169–91182 (2019)

    Article  Google Scholar 

  2. Farooq, J., Soler, J.: Radio communication for communications-based train control (CBTC): a tutorial and survey. IEEE Commun. Surv. Tutor. 19(3), 1377–1402 (2017)

    Article  Google Scholar 

  3. IEEE 802.11: Wireless LANs (2011). http://standards.ieee.org/about/get/802/ 802.11.html

  4. Bu, B., Yu, F.R., Tang, T., Gao, C.: Performance improvements of communication-based train control (CBTC) systems with unreliable wireless networks. Wirel. Netw. 20, 53–71 (2014)

    Article  Google Scholar 

  5. Nazir, R., Laghari, A.A., Kumar, K., David, S., Ali, M.: Survey on wireless network security. Arch. Comput. Methods Eng. 1–20 (2021)

  6. Chopra, S.S., Dillon, T., Bilec, M.M., Khanna, V.: A network-based framework for assessing infrastructure resilience: a case study of the London metro system. J. R. Soc. Interface 13(118), 20160113 (2016)

    Article  Google Scholar 

  7. Kour, R., Aljumaili, M., Karim, R., Tretten, P.: eMaintenance in railways: issues and challenges in cybersecurity. Proc. Inst. Mech. Eng. Part F J. Rail Rapid Transit 233(10), 1012–1022 (2019)

    Article  Google Scholar 

  8. Gao, B., Bu, B.: A novel intrusion detection method in train-ground communication system. IEEE Access 7, 178726–178743 (2019)

    Article  Google Scholar 

  9. Zhao, Y., Yu, H., Liang, Y., Jiang, H., Marine, G., Ren, Y.: Sanitizable cross-system authorization for secure communication in intelligent connected vehicle. IEEE Trans. Veh. Technol. (2023)

  10. Jiang, H., Ren, Y., Fang, J., Yang, Y., Xu, L., Yu, H.: Ship: a state-aware hybrid incentive program for urban crowd sensing with for-hire vehicles. IEEE Trans. Intell. Transp. Syst. (2023)

  11. Zhao, Y., Yu, H., Liang, Y., Conti, M., Bazzi, W., Ren, Y.: A sanitizable access control with policy-protection for vehicular social networks. IEEE Trans. Intell. Transp. Syst. (2023)

  12. Ren, Y., Lan, Z., Liu, L., Yu, H.: Emsin: enhanced multi-stream interaction network for vehicle trajectory prediction. IEEE Trans. Fuzzy Syst. (2024)

  13. Ren, Y., Jiang, H., Feng, X., Zhao, Y., Liu, R., Yu, H.: ACP-based modeling of the parallel vehicular crowd sensing system: framework, components and an application example. IEEE Trans. Intell. Veh. 8(2), 1536–1548 (2022)

    Article  Google Scholar 

  14. Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. (CSUR) 47(4), 1–33 (2015)

    Article  Google Scholar 

  15. Heidari, A., Jabraeil Jamali, M.A.: Internet of things intrusion detection systems: a comprehensive review and future directions. Cluster Comput. 1–28 (2022)

  16. Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686–728 (2018)

    Article  Google Scholar 

  17. Kong, X.-Y., Yang, G.-H.: An intrusion detection method based on self-generated coding technology for stealthy false data injection attacks in train-ground communication systems. IEEE Trans. Ind. Electron. (2022). https://doi.org/10.1109/TIE.2022.3213899

    Article  Google Scholar 

  18. Gao, B., Bu, B., Zhang, W., Li, X.: An intrusion detection method based on machine learning and state observer for train-ground communication systems. IEEE Trans. Intell. Transp. Syst. 23(7), 6608–6620 (2021)

    Article  Google Scholar 

  19. Song, Y., Bu, B., Zhu, L.: A novel intrusion detection model using a fusion of network and device states for communication-based train control systems. Electronics 9(1), 181 (2020)

    Article  Google Scholar 

  20. Dwivedi, S., Vardhan, M., Tripathi, S.: Building an efficient intrusion detection system using grasshopper optimization algorithm for anomaly detection. Cluster Comput. 1–20 (2021)

  21. Han, X., Yin, R., Lu, Z., Jiang, B., Liu, Y., Liu, S., Wang, C., Li, N.: Stidm: a spatial and temporal aware intrusion detection model. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 370–377 (2020). IEEE

  22. Lo, W., Alqahtani, H., Thakur, K., Almadhor, A., Chander, S., Kumar, G.: A hybrid deep learning based intrusion detection system using spatial-temporal representation of in-vehicle network traffic. Veh. Commun. 35, 100471 (2022)

    Google Scholar 

  23. Yang, L., Shami, A.: A transfer learning and optimized CNN based intrusion detection system for internet of vehicles. In: ICC 2022-IEEE International Conference on Communications, pp. 2774–2779 (2022). IEEE

  24. Yosinski, J., Clune, J., Bengio, Y., Lipson, H.: How transferable are features in deep neural networks? Adv. Neural Inf. Process. Syst. 27 (2014)

  25. Xiao, J., Xiao, Y., Li, J., Gong, C., Nie, X., Gao, H., Sun, B., Liu, H., Wang, G.: Advanced nanoengineering strategies endow high-performance layered transition-metal oxide cathodes for sodium-ion batteries, SmartMat, 4, e1211 (2023)

  26. Li, X., Hu, Z., Xu, M., Wang, Y., Ma, J.: Transfer learning based intrusion detection scheme for internet of vehicles. Inf. Sci. 547, 119–135 (2021)

    Article  Google Scholar 

  27. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)

    Article  Google Scholar 

  28. Yin, B., Bu, B., Gao, B., Li, Q.: A hybrid intrusion detection method using improved stacking ensemble algorithm and false positive elimination strategy for CBTC. In: 2022 IEEE 25th International Conference on Intelligent Transportation Systems (ITSC), pp. 4253–4258 (2022). IEEE

  29. California, I.: KDDCup1999 (2007). http://kdd.ics.uci.edu/databases /kddcup99/KDDCUP99

  30. Wang, Z., Xie, X., Chen, L., Song, S., Wang, Z.: Intrusion detection and network information security based on deep learning algorithm in urban rail transit management system. IEEE Trans. Intell. Transp. Syst. 24(2), 2135–2143 (2023)

    Article  Google Scholar 

  31. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Commun. ACM 60(6), 84–90 (2017)

    Article  Google Scholar 

  32. Goikolea, E., Palomares, V., Wang, S., de Larramendi, I.R., Guo, X., Wang, G., Rojo, T.: Na-Ion Batteries–Approaching Old and New Challenges. Adv. Energy Mater. 10, 2002055 (2020)

  33. Kasim, Ö.: A robust DNS flood attack detection with a hybrid deeper learning model. Comput. Electr. Eng. 100, 107883 (2022)

    Article  Google Scholar 

  34. Kim, J., Kim, J., Kim, H., Shim, M., Choi, E.: CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020)

    Article  Google Scholar 

  35. Kasim, Ö.: An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks. Comput. Netw. 180, 107390 (2020)

    Article  Google Scholar 

  36. Aktar, S., Nur, A.Y.: Towards DDoS attack detection using deep learning approach. Comput. Secur. 129, 103251 (2023)

    Article  Google Scholar 

  37. Guo, Y.: A review of machine learning-based zero-day attack detection: challenges and future directions. Comput. Commun. 198, 175–185 (2023)

    Article  Google Scholar 

  38. Mbona, I., Eloff, J.H.: Detecting zero-day intrusion attacks using semi-supervised machine learning approaches. IEEE Access 10, 69822–69838 (2022)

    Article  Google Scholar 

  39. Soltani, M., Ousat, B., Siavoshani, M.J., Jahangir, A.H.: An adaptable deep learning-based intrusion detection system to zero-day attacks. J. Inf. Secur. Appl. 76, 103516 (2023)

    Google Scholar 

  40. Hindy, H., Atkinson, R., Tachtatzis, C., Colin, J.-N., Bayne, E., Bellekens, X.: Utilising deep learning techniques for effective zero-day attack detection. Electronics 9(10), 1684 (2020)

    Article  Google Scholar 

  41. Mehedi, S.T., Anwar, A., Rahman, Z., Ahmed, K., Islam, R.: Dependable intrusion detection system for IoT: a deep transfer learning based approach. IEEE Trans. Ind. Inf. 19(1), 1006–1017 (2022)

    Article  Google Scholar 

  42. Zhu, L., Yu, F.R., Ning, B., Tang, T.: Cross-layer handoff design in MIMO-enabled WLANs for communication-based train control (CBTC) systems. IEEE J. Sel. Areas Commun. 30(4), 719–728 (2012)

    Article  Google Scholar 

  43. Kiranyaz, S., Avci, O., Abdeljaber, O., Ince, T., Gabbouj, M., Inman, D.J.: 1d convolutional neural networks and applications: a survey. Mech. Syst. Signal Process. 151, 107398 (2021)

    Article  Google Scholar 

  44. Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: International Conference on Machine Learning, pp. 448–456 (2015). PMLR

  45. Cho, K., Van Merriënboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H., Bengio, Y.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv preprint arXiv:1406.1078 (2014)

  46. Gupta, A., Tatbul, N., Marcus, R., Zhou, S., Lee, I., Gottschlich, J.: Class-weighted evaluation metrics for imbalanced data classification. arXiv preprint arXiv:2010.05995 (2020)

  47. Yang, L., Shami, A.: On hyperparameter optimization of machine learning algorithms: theory and practice. Neurocomputing 415, 295–316 (2020)

    Article  Google Scholar 

  48. Bergstra, J., Bengio, Y.: Random search for hyper-parameter optimization. J. Mach. Learn. Res. 13(2) (2012)

  49. Kirkpatrick, S., Gelatt, C.D., Jr., Vecchi, M.P.: Optimization by simulated annealing. Science 220(4598), 671–680 (1983)

    Article  MathSciNet  Google Scholar 

  50. Harris, C.R., Millman, K.J., Van Der Walt, S.J., Gommers, R., Virtanen, P., Cournapeau, D., Wieser, E., Taylor, J., Berg, S., Smith, N.J.: Array programming with NumPy. Nature 585(7825), 357–362 (2020)

    Article  Google Scholar 

  51. Reback, J., McKinney, W., Van Den Bossche, J., Augspurger, T., Cloud, P., Klein, A., Hawkins, S., Roeschke, M., Tratner, J., She, C., et al.: pandas-dev/pandas: Pandas 1.0. 5. Zenodo (2020)

  52. Paszke, A., Gross, S., Massa, F., Lerer, A., Bradbury, J., Chanan, G., Killeen, T., Lin, Z., Gimelshein, N., Antiga, L., et al.: Pytorch: an imperative style, high-performance deep learning library. Adv. Neural Inf. Process. Syst. 32 (2019)

  53. Rosay, A., Carlier, F., Leroux, P.: Mlp4nids: an efficient mlp-based network intrusion detection for cicids2017 dataset. In: Machine Learning for Networking: Second IFIP TC 6 International Conference, MLN 2019, Paris, France, 3–5 Dec, 2019, Revised Selected Papers 2, pp. 240–254 (2020). Springer

  54. Li, W., Yan, Z., He, R., Zong, L., Zhang, F., Zhan, Y.: A novel machine learning based intrusion detection method for 5g empowered CBTC systems. In: 2022 International Wireless Communications and Mobile Computing (IWCMC), pp. 211–216 (2022). IEEE

  55. Kolias, C., Kambourakis, G., Stavrou, A., Gritzalis, S.: Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Surv. Tutor. 18(1), 184–208 (2015)

    Article  Google Scholar 

  56. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)

    Google Scholar 

  57. Rosay, A., Carlier, F., Leroux, P.: Feed-forward neural network for network intrusion detection. In: 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), pp. 1–6 (2020). IEEE

  58. Cui, J.-F., Xia, H., Zhang, R., Hu, B.-X., Cheng, X.-G.: Optimization scheme for intrusion detection scheme GBDT in edge computing center. Comput. Commun. 168, 136–145 (2021)

    Article  Google Scholar 

  59. Navya, V., Adithi, J., Rudrawal, D., Tailor, H., James, N.: Intrusion detection system using deep neural networks (DNN). In: 2021 International Conference on Advancements in Electrical, Electronics, Communication, Computing and Automation (ICAECA), pp. 1–6 (2021). IEEE

  60. Yang, L., Moubayed, A., Shami, A.: MTH-IDS: a multitiered hybrid intrusion detection system for internet of vehicles. IEEE Internet Things J. 9(1), 616–632 (2021)

    Article  Google Scholar 

  61. Zavrak, S., İskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020)

    Article  Google Scholar 

  62. Neuschmied, H., Winter, M., Stojanović, B., Hofer-Schmitz, K., Božić, J., Kleb, U.: Apt-attack detection based on multi-stage autoencoders. Appl. Sci. 12(13), 6816 (2022)

    Article  Google Scholar 

Download references

Funding

This study was supported by the Beijing Municipal Natural Science Foundation (No. L211003).

Author information

Authors and Affiliations

  1. School of Transportation Science and Engineering, Beihang University, Beijing, 100191, China

    He Lu, Yanan Zhao, Yang Yang, Guanjie He, Haiyang Yu & Yilong Ren

  2. Control Technology Co., Ltd, Beijing, 100191, China

    Yajing Song

  3. Beihang Hangzhou Innovation Institute, Beihang University, Beijing, 310023, China

    Haiyang Yu & Yilong Ren

  4. Zhongguancun Laboratory, Beijing, 100083, China

    Haiyang Yu & Yilong Ren

  5. State Key Lab of Intelligent Transportation System, Beijing, 100191, China

    Haiyang Yu & Yilong Ren

  6. Hefei Innovation Research Institute, Beihang University, Hefei, 230013, China

    Haiyang Yu & Yilong Ren

Authors
  1. He Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanan Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yajing Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guanjie He
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Haiyang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yilong Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

HL: Conceptualization, Methodology, Investigation, Software, Validation, Visualization, Writing—original draft. YZ: Investigation, Validation. YS: Methodology, Validation. YY: Software, Writing—review & editing. GH: Investigation, Writing—review & editing. HY: Investigation, Writing—review & editing. YR: Supervision, Funding acquisition, Writing—review & editing.

Corresponding author

Correspondence to Yilong Ren.

Ethics declarations

Conflict of interest

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lu, H., Zhao, Y., Song, Y. et al. A transfer learning-based intrusion detection system for zero-day attack in communication-based train control system. Cluster Comput 27, 8477–8492 (2024). https://doi.org/10.1007/s10586-024-04376-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-024-04376-9

Keywords

Search

Navigation