Rule-based Anomaly Detection for Railway Signalling Networks

12 Aug 2020  ·  Heinrich Markus, Gölz Arwed, Arul Tolga, Katzenbeisser Stefan ·

We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands and to perform semantic attacks. The system as well mitigates the effects of a compromised signal box that an attacker uses to issue licit but mistimed control messages. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects all attacks of our model without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.

PDF Abstract
No code implementations yet. Submit your code now

Categories


Cryptography and Security Networking and Internet Architecture

Datasets


  Add Datasets introduced or used in this paper