为解决城市轨道交通场景下如何有效应对高级持续性威胁（Advanced Persistent Threat, APT）这一难题。本文提出将攻击溯源图与深度流量学习相结合的方法，集成攻击重构与流量监控，实现对APT 攻击的判断和检测。通过实验结果可知，该模型能够实现对 APT 攻击的有效溯源。在与传统的基于机器学习的APT攻击检测模型的比较中，这种组合模型在检测准确率、精确度、召回率等指标上具有明显的优势。

In order to solve the problem of how to effectively deal with Advanced Persistent Threat (APT) in urban rail transit scenarios.This paper proposes a method that combines attack source graphs with deep traffic learning to integrate attack reconstruction and traffic monitoring to realize the judgment and detection of APT attacks. It can be seen from the experimental results that this model can effectively trace the source of APT attacks. In comparison with traditional APT attack detection models based on sandbox or abnormal characteristics, this combined model has obvious advantages in detection accuracy, precision, recall rate and other indicators.

中国中车科技研究开发计划: 基于网络安全的轨道车辆车载网络系统架构及关键技术研究