An intrusion detection method based on system call sequence for train-mounted host devices
Linux embedded operating system is installed on the host devices on the train. All the external applications need to access the kernel via system calls. With the increasing compatibility and openness of the train communication network, there is a risk of cyberattacks on the train-mounted host device...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Electric Drive for Locomotives
2023-11-01
|
| Series: | 机车电传动 |
| Subjects: | |
| Online Access: | http://edl.csrzic.com/thesisDetails#10.13890/j.issn.1000-128X.2023.06.013 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Linux embedded operating system is installed on the host devices on the train. All the external applications need to access the kernel via system calls. With the increasing compatibility and openness of the train communication network, there is a risk of cyberattacks on the train-mounted host devices. In case of a cyberattack, the malware will interact with the kernel via the system call and leave a trace. Therefore, the train-mounted host device intrusion can be detected based on system call sequence. In this paper, the structure of Linux system and the principle of system call sequence were analyzed, the original data feature processing methods including feature extraction, bag-of-words, inverse-frequency processing and dimension reduction were designed, and an intrusion detection model based on Grid Search-K-Nearest Neighbor (GS-KNN) was created. The experimental results show that the accuracy of the method designed in this paper is 96.62%, and the method has certain advantages compared with other lightweight algorithms and can detect the network intrusion effectively. |
|---|---|
| ISSN: | 1000-128X |