Ruifeng Duo scite author profile

Ruifeng Duo

4Publications

30Citation Statements Received

94Citation Statements Given

How they've been cited

How they cite others

101

Affiliations

Beijing Jiaotong University

Publications

Order By: Most citations

An Ensemble Intrusion Detection Method for Train Ethernet Consist Network Based on CNN and RNN

Yue

Wang

et al. 2021

IEEE Access

View full text Add to dashboard Cite

The train Ethernet Consist Network (ECN) undertakes the task of transmitting critical train control instructions. With the increasing interactions between the train network and the outside environment, masses of network intrusions are threatening the data security of railway vehicles. The intrusion detection system has been proved to be an efficient method to detect network attacks. In this paper, a novel ensemble intrusion detection method is proposed to defense network attacks against the train ECN, in particular IP Scan, Port Scan, Denial of Service (DoS) and Man in the Middle (MITM). Thirty-four features of different protocol contents are extracted from the raw data generated from our ECN testbed to form a specific dataset. A data imaging method and a temporal sequence building method are designed to optimize the dataset. Six base classifiers are built based on several typical convolutional neural networks and recurrent neural networks: LeNet-5, AlexNet, VGGNet, SimpleRNN, LSTM and GRU. A dynamic weight matrix voting method is proposed to integrate all the base classifiers. The proposed method is evaluated based on our dataset. The experiment results show that our method has an outstanding ability to aggregate advantages of all the base classifiers and achieves a superior detection performance with the accuracy of 0.975.INDEX TERMS Train Ethernet Consist Network, industrial cyber security, intrusion detection system, ensemble method.

show abstract

Anomaly Detection and Attack Classification for Train Real-Time Ethernet

et al. 2021

View full text Add to dashboard Cite

Real-time Ethernet has been applied to train control and management system (TCMS) of 250km/h Fuxing Electric Multiple Units (EMUs) and some urban rail vehicles. The openness of the Ethernet communication protocol poses a risk of intrusion attacks on the train communication network. It is, therefore, necessary that a safety protection technology is introduced to the train communication network based on real-time Ethernet. In this paper, a train communication network intrusion detection system based on anomaly detection and attack classification is proposed. Firstly, the paper built an anomaly detection model based on support vector machines (SVM). The particle swarm optimization-support vector machines (PSO-SVM), and genetic algorithm-support vector machines (GA-SVM) optimization algorithms are used to optimize the kernel function parameters of SVM. Secondly, the paper built two attack classification models based on random forest. They are iterative dichotomiser3 (ID3) and classification and regression tree (CART). And then, the built intrusion detection and attack classification model is tested by using the public data set knowledge discovery and data mining-99(KDD-99) and the data set of the simulation train real-time Ethernet test bench. PSO-SVM improves the intrusion detection accuracy from 90.3% to 95.75%, GA-SVM improves the detection accuracy from 90.3% to 95.85%. The training time of the PSO-SVM algorithm was higher than that of the GA-SVM algorithm, and much higher than that of the SVM, without optimization. Both ID3 and CART models are verified valid in the attack classification, while the ID3 algorithm obtained 100% accuracy on the training set, and only 32.89% accuracy on the test set, ID3 has a poor classification accuracy of the data outside of the training set. Also, the classification time is very long for ID3 compared with CART. So the comprehensive experimental results show that the intrusion detection system of train real-time Ethernet can use the GA-SVM model for detection of abnormal data. After passing the normal data, the CART model can be used to distinguish between the types of attacks to better complete subsequent responses and operations. Compared with the anomaly detection model based on SVM, the proposed model improves intrusion detection accuracy. And the proposed attack classification algorithm based on CART can improve the computing speed while ensuring the precision of classification.

show abstract

Detecting Temporal Attacks: An Intrusion Detection System for Train Communication Ethernet Based on Dynamic Temporal Convolutional Network

Yue

Wang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The train communication Ethernet (TCE) of modern intelligent trains is under an ever-increasing threat of serious network attacks. Denial of service (DoS) and man in the middle (MITM), the two most destructive attacks against TCE, are difficult to detect by conventional methods. Aiming at their highly time-correlated properties, a novel dynamic temporal convolutional network-based intrusion detection system (DyTCN-IDS) is proposed in this paper to detect these temporal attacks. A semiphysical TCE testbed that is capable of simulating real situations in TCE-based trains is first built to generate an effective dataset for training and testing. DyTCN-IDS consists of two phases, and in the first phase, systematic feature engineering is designed to optimize the dataset. In the second phase, a basic detection model that is good at dealing with temporal features is first built by utilizing the temporal convolutional network with several architectural optimizations. Then, in order to decrease the computational consumption waste on network packet sequences with different lengths of inner temporal relationships, dynamic neural network technology is further adopted to optimize the basic detection model. Diverse experiments were carried out to evaluate the proposed system from different angles. The experimental results indicate that our system is easy to train, converges fast, costs less computational resources, and achieves satisfying detection performance with a macro false alarm rate of 0.09%, a macro F-score of 99.39%, and an accuracy of 99.40%. Compared to some canonical DL-based IDS and some latest IDS, our system acquires the best overall detection performance as well.

show abstract

Denial of Service Attacks Penetration Testing for Ethernet-Based Train Communication Network

Yue

Wang

Duo

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ruifeng Duo

An Ensemble Intrusion Detection Method for Train Ethernet Consist Network Based on CNN and RNN

Anomaly Detection and Attack Classification for Train Real-Time Ethernet

Detecting Temporal Attacks: An Intrusion Detection System for Train Communication Ethernet Based on Dynamic Temporal Convolutional Network

Denial of Service Attacks Penetration Testing for Ethernet-Based Train Communication Network

Contact Info

Product

Resources

About