Detecting Intrusions in Railway Signal Safety Data Networks with DBSCAN-ARIMA

Railway Signal Safety Data Network (SSDN) is an important part of railway signal system, and its security directly affects the safety of passengers. However, with the continuous improvement of information and automation level of Chinese Train Control System Level 3 (CTCS-3), there are more and more interfaces between SSDN and other systems. The data sharing among the equipment has become increasingly frequent, the content has become increasingly abundant, and the data volume has become increasingly larger. While the operation efficiency of SSDN is improved, its information security risk increased too. In order to secure SSDN, the intrusions should be detected accurately. In this work, we proposed an intrusion detection method based on DBSCAN-ARIMA. In the algorithm, K-Average Nearest Neighbor (KANN) algorithm is used to determine the parameters of Density-Based Spatial Clustering of Applications with Noise (DBSCAN) clustering algorithm, calibrate the clustering results, and then improve the TPR by Multiple Seasonal Autoregressive Integrated Moving Average (ARIMA) model. The experimental results show that our method outperforms other existing methods, with an average TPR of 98.9501%.