Rule-based Anomaly Detection for Railway Signalling Networks
This addresses security and safety issues in railway systems, but it is incremental as it applies existing safety principles to a specific domain.
The authors tackled the problem of detecting attacks on railway signalling networks by proposing a rule-based anomaly detection system that prevents train derailments and collisions, achieving detection of all modeled attacks with no false positives and minimal overhead.
We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands and to perform semantic attacks. The system as well mitigates the effects of a compromised signal box that an attacker uses to issue licit but mistimed control messages. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects all attacks of our model without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.