An Intrusion Detection Method Based on Machine Learning and State Observer for Train-Ground Communication Systems

The communication-based train control (CBTC) system is a typical cyber physical system in urban rail transit. The train-ground communication system is a very important subsystem of the CBTC system and uses the wireless communication protocols to transmit control commands. However, it faces some potential information security risks. To ensure information security of the train-ground communication system, an intrusion detection method based on machine learning and state observer is proposed to detect and recognize various attacks in this paper. The detection system not only detects the anomalies of the wireless network data, but also detects the anomalies of the train physical states. This method includes two layers. The first layer is used to detect and identify wireless network attacks based on machine learning algorithms, such as the random forest algorithm and the gradient boosted decision tree algorithm. The second layer is used to detect the abnormal physical state of train operation based on a state observer. By combining the results of the above two layers, a comprehensive intrusion detection result is given. The simulation results show that the proposed method is effective and practical.