%0 Journal Article %T 铁路通信网络安全的分析测试与可信防御研究<br>Analysis and Testing of Network Security for China Railway Communication Networks and Proposed Architecture Based on Trusted Computing %A 李赛飞 %A 闫连山 %A 李洪赭 %A 郭伟 %A 张卫军 %A 刘清涛< %A br> %A LI Saifei %A YAN Lianshan %A LI Hongzhe %A GUO Wei %A ZHANG Weijun %A LIU Qingtao %J 西南交通大学学报 %D 2018 %R 10.3969/j.issn.0258-2724.2018.06.006 %X 为了保障我国铁路通信系统的网络安全,提出了一种基于可信计算和软件定义网络(software-defined networking,SDN)相结合的铁路通信网安全体系架构.首先,从我国铁路通信系统网络整体架构出发,采用故障树分析方法,以"恶意人员造成铁路业务中断"为故障树的顶事件,对系统所面临的网络安全风险进行分析;其次,进行了仿真测试,根据测试结果拟合了一个恶意人员针对铁路通信系统的威胁场景.通过仿真测试结果和分析表明,本文所提出的架构可以更好地应对大规模、针对性强的网络攻击行为,从而保障和提高我国高速铁路通信网络安全.<br>:China's railway communication networks have been deployed throughout the country and have a complex infrastructure. A security architecture based on trusted computing and software-defined networking (SDN) has thus been proposed for ensuring the security of the railway communication system. The security risks for the complete network were investigated and tested through fault tree analysis. A simulation evaluation was subsequently performed and a threat scenario was simulated for analysing possible intrusions into the railway communication network. The obtained results show that the proposed architecture can help address various organised,targeted,and persistent network attacks %K 铁路通信系统 %K 故障树分析 %K 网络安全 %K 可信计算 %K 软件定义网络 %K < %K br> %K railway communication system %K fault tree analysis %K network security %K trusted computing %K software-defined networking %U http://manu19.magtech.com.cn/Jweb_xnjd/CN/abstract/abstract12670.shtml