MSRNet-GLAM: A novel intrusion detection method for train communication network

IF 3.5 2区计算机科学 Q2 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Simulation Modelling Practice and Theory Pub Date : 2024-11-15 DOI:10.1016/j.simpat.2024.103040

Qilin Chen , Deqiang He , Zhenzhen Jin , Ziyang Ren , Tiexiang Liu , Sheng Shan

{"title":"MSRNet-GLAM: A novel intrusion detection method for train communication network","authors":"Qilin Chen , Deqiang He , Zhenzhen Jin , Ziyang Ren , Tiexiang Liu , Sheng Shan","doi":"10.1016/j.simpat.2024.103040","DOIUrl":null,"url":null,"abstract":"<div><div>Intrusion detection techniques play an important role in the security measures of train communication network (TCN). Due to the increasing openness of TCN, its security risk is also increasing, which makes TCN intrusion detection techniques receive more attention. Currently, there is an inherent class imbalance problem in the data samples for TCN intrusion detection. In addition, with the development of intrusion methods, intrusion traffic becomes more stealthy and the boundaries between intrusion traffic and normal traffic become increasingly ambiguous. Together, these issues contribute to the degradation of TCN intrusion detection performance. To address these challenges, A TCN intrusion detection method based on a multi-scale residual network with global and local attention mechanism (MSRNet-GLAM) is proposed. First, a multi-scale residual network is utilized to enhance the model's ability to extract different deep features of network traffic, thus better capturing the differences between categories. Then, the model is guided to focus on learning key information in global and local features by introducing the global and local attention mechanism (GLAM), which reduces the fitting of redundant information in the majority class samples and improves the model's generalization ability and sensitivity to the detection of the minority class samples. In addition, an improved focus loss function (IFL) is introduced to further improve the model's detection ability for minority class samples and stealthy intrusion samples with ambiguous class boundaries by increasing the loss weights of difficult-to-classify samples. A simulation network platform is built to simulate the scenario of TCN under intrusion, and data are collected for the training and validation of the intrusion detection model. Through testing on the simulation platform, the proposed method achieves 99.51 %, 98.98 %, 99.54 %, and 99.26 % in accuracy, precision, recall, and F1 score, respectively, which validates the effectiveness and superiority of the method in TCN intrusion detection.</div></div>","PeriodicalId":49518,"journal":{"name":"Simulation Modelling Practice and Theory","volume":"138 ","pages":"Article 103040"},"PeriodicalIF":3.5000,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Simulation Modelling Practice and Theory","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1569190X24001540","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Intrusion detection techniques play an important role in the security measures of train communication network (TCN). Due to the increasing openness of TCN, its security risk is also increasing, which makes TCN intrusion detection techniques receive more attention. Currently, there is an inherent class imbalance problem in the data samples for TCN intrusion detection. In addition, with the development of intrusion methods, intrusion traffic becomes more stealthy and the boundaries between intrusion traffic and normal traffic become increasingly ambiguous. Together, these issues contribute to the degradation of TCN intrusion detection performance. To address these challenges, A TCN intrusion detection method based on a multi-scale residual network with global and local attention mechanism (MSRNet-GLAM) is proposed. First, a multi-scale residual network is utilized to enhance the model's ability to extract different deep features of network traffic, thus better capturing the differences between categories. Then, the model is guided to focus on learning key information in global and local features by introducing the global and local attention mechanism (GLAM), which reduces the fitting of redundant information in the majority class samples and improves the model's generalization ability and sensitivity to the detection of the minority class samples. In addition, an improved focus loss function (IFL) is introduced to further improve the model's detection ability for minority class samples and stealthy intrusion samples with ambiguous class boundaries by increasing the loss weights of difficult-to-classify samples. A simulation network platform is built to simulate the scenario of TCN under intrusion, and data are collected for the training and validation of the intrusion detection model. Through testing on the simulation platform, the proposed method achieves 99.51 %, 98.98 %, 99.54 %, and 99.26 % in accuracy, precision, recall, and F1 score, respectively, which validates the effectiveness and superiority of the method in TCN intrusion detection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

MSRNet-GLAM：列车通信网络的新型入侵检测方法

入侵检测技术在列车通信网络（TCN）的安全措施中发挥着重要作用。由于 TCN 的开放性不断提高，其安全风险也在不断增加，这使得 TCN 入侵检测技术受到更多关注。目前，TCN 入侵检测的数据样本存在固有的类不平衡问题。此外，随着入侵方法的发展，入侵流量变得更加隐蔽，入侵流量和正常流量之间的界限变得越来越模糊。这些问题共同导致了 TCN 入侵检测性能的下降。为了应对这些挑战，本文提出了一种基于多尺度残差网络与全局和局部关注机制（MSRNet-GLAM）的 TCN 入侵检测方法。首先，利用多尺度残差网络增强模型提取网络流量不同深度特征的能力，从而更好地捕捉类别之间的差异。然后，通过引入全局和局部关注机制（GLAM），引导模型重点学习全局和局部特征中的关键信息，从而减少多数类样本中冗余信息的拟合，提高模型的泛化能力和对少数类样本检测的灵敏度。此外，还引入了改进的焦点损失函数（IFL），通过增加难以分类样本的损失权重，进一步提高了模型对少数类样本和具有模糊类边界的隐性入侵样本的检测能力。建立仿真网络平台，模拟 TCN 遭到入侵的场景，并收集数据用于入侵检测模型的训练和验证。通过在仿真平台上的测试，所提出的方法在准确率、精确度、召回率和 F1 分数上分别达到了 99.51 %、98.98 %、99.54 % 和 99.26 %，验证了该方法在 TCN 入侵检测中的有效性和优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Simulation Modelling Practice and Theory 工程技术-计算机：跨学科应用

CiteScore

9.80

自引率

4.80%

发文量

142

审稿时长

21 days

期刊介绍： The journal Simulation Modelling Practice and Theory provides a forum for original, high-quality papers dealing with any aspect of systems simulation and modelling. The journal aims at being a reference and a powerful tool to all those professionally active and/or interested in the methods and applications of simulation. Submitted papers will be peer reviewed and must significantly contribute to modelling and simulation in general or use modelling and simulation in application areas. Paper submission is solicited on: • theoretical aspects of modelling and simulation including formal modelling, model-checking, random number generators, sensitivity analysis, variance reduction techniques, experimental design, meta-modelling, methods and algorithms for validation and verification, selection and comparison procedures etc.; • methodology and application of modelling and simulation in any area, including computer systems, networks, real-time and embedded systems, mobile and intelligent agents, manufacturing and transportation systems, management, engineering, biomedical engineering, economics, ecology and environment, education, transaction handling, etc.; • simulation languages and environments including those, specific to distributed computing, grid computing, high performance computers or computer networks, etc.; • distributed and real-time simulation, simulation interoperability; • tools for high performance computing simulation, including dedicated architectures and parallel computing.