An Ensemble Intrusion Detection Method for Train Ethernet Consist Network Based on CNN and RNN

An Ensemble Intrusion Detection Method for Train Ethernet Consist Network Based on CNN and RNN

Abstract:

The train Ethernet Consist Network (ECN) undertakes the task of transmitting critical train control instructions. With the increasing interactions between the train network and the outside environment, masses of network intrusions are threatening the data security of railway vehicles. The intrusion detection system has been proved to be an efficient method to detect network attacks. In this paper, a novel ensemble intrusion detection method is proposed to defense network attacks against the train ECN, in particular IP Scan, Port Scan, Denial of Service (DoS) and Man in the Middle (MITM). Thirty-four features of different protocol contents are extracted from the raw data generated from our ECN testbed to form a specific dataset. A data imaging method and a temporal sequence building method are designed to optimize the dataset. Six base classifiers are built based on several typical convolutional neural networks and recurrent neural networks: LeNet-5, AlexNet, VGGNet, SimpleRNN, LSTM and GRU. A dynamic weight matrix voting method is proposed to integrate all the base classifiers. The proposed method is evaluated based on our dataset. The experiment results show that our method has an outstanding ability to aggregate advantages of all the base classifiers and achieves a superior detection performance with the accuracy of 0.975