key: cord-0045828-26ttagg8 authors: Andrysiak, Tomasz; Saganowski, Łukasz title: Maintenance and Security System for PLC Railway LED Sign Communication Infrastructure date: 2020-05-23 journal: Computational Science - ICCS 2020 DOI: 10.1007/978-3-030-50423-6_13 sha: 4a8563e059842e9e5ed890d157a805cefbbdd936 doc_id: 45828 cord_uid: 26ttagg8 LED marking systems are currently becoming key elements of every Smart Transport System. Ensuring proper level of security, protection and continuity of failure-free operation seems to be not a completely solved issue. In the article, a system is present allowing to detect different types of anomalies and failures/damage in critical infrastructure of railway transport realized by means of Power Line Communication. There is also described the structure of the examined LED Sign Communications Network. Other discussed topics include significant security problems and maintenance of LED sign system which have direct impact on correct operation of critical communication infrastructure. A two-stage method of anomaly/damage detection is proposed. In the first step, all the outlying observations are detected and eliminated from the analysed network traffic parameters by means of the Cook’s distance. So prepared data is used in stage two to create models on the basis of autoregressive neural network describing variability of the analysed LED Sign Communications Network parameters. Next, relations between the expected network traffic and its real variability are examined in order to detect abnormal behaviour which could indicate an attempt of an attack or failure/damage. There is also proposed a procedure of recurrent learning of the exploited neural networks in case there emerge significant fluctuations in the real PLC traffic. A number of scientific research was realized, which fully confirmed efficiency of the proposed solution and accuracy of autoregressive type of neural network for prediction of the analysed time series. Intelligent Transport Systems (ITS) are different types of solutions which are an answer to increasing demand for goods and human mobility. By their means we can create vast, fully-functional and efficient systems of managing transport in real time. To achieve these aims, there are used diverse information and telecommunication technologies (e.g. Internet of Things (IoT), Wireless Sensor Network (WSN) or Power Line to the problem are methods for finding anomalies in gas consumption that can identify causes of wasting energy, presented in [14] . Power Line Communication technology so far was used mainly in smart lights and smart metering systems [5, 7] where the requirements regarding safety and speed of operation are much smaller than in railway critical infrastructure application [15] . In the article we propose original solution for control, maintenance and security of railway signs critical infrastructure. So far, new LED based signalization devices usually replace old signalization without additional functionalities for control and maintenance. Railway automation systems control only level of current consumption for such devices and detect only on/off and failure states of a signalization device. Such solutions are provided today by main suppliers of railway automation systems, like Bombardier Transportation [16] . Even in computer based railway, automation systems' state of railway signs is controlled by means of current level measurement by microcontroller cards dedicated for a given railway sign circuit. That is why we have noticed the need for proposing and implementing solution of LED railway signs with new control and maintenance functionalities. We can control the state of the railway sign and transmit by means of Power Line Communication technology packets between LED sign and LED sign controller interface maintenance information to railway automation system without additional investments in cable infrastructure. In the article we propose solution for improving safety and maintenance functionalities in the network consisting of the proposed railway PLC LED signs. Traffic from railway LED signs is transmitted by means of PLC point to point links between a LED sign controller and a LED sign. We collected cumulative PLC traffic from point to point links with the use of LED signs controllers interfaces (e.g. RS232, RS485, Ethernet depending on installation). There are two main steps in the proposed method (see Fig. 1 ). In the first step we calculated railway PLC signs traffic models for cumulative traffic of railway signs. At the beginning we select and calculate traffic in a form of univariate time series of PLC traffic features presented in Table 1 . Next, all the outlying observations are detected and eliminated from the analyzed network traffic parameters by means of the Cook's distance (see Sect. 3.1). Subsequently, traffic features' time series are used for neural network autoregression learning (see Sect. 3.2). Based on neural network prediction intervals and Bollinger bands, we achieve models of variability for every railway PLC sign traffic feature (see Sect. 3.3) . Second branch of the proposed method consist of real time steps for railway LED signs anomaly/attack detection method. First, we select and calculate traffic features from cumulative traffic of railway PLC signs. Next, we check if every value of univariate time series representing traffic feature does not exceed boundaries represented by calculated models in the first step of the proposed method. If values are outside boundaries set for a given traffic feature, we generate detection report. The proposed methodology has also possibility of traffic model recalculation in case of significant changes in traffic characteristic of the examined network. Condition of models recalculation/update is presented in Sect. 3.4. The Cook's Distance [17] was chosen to recognize outliers in the examined PLC traffic parameters. By means of this approach we calculate the distance stating the level of data corresponding for two models: (i) a full model with all observations from the learning set, and (ii) a model lacking one observation i from its data set whereŶ j is the forecasted value of x variable for observations number j in the full model, i.e. built on the complete learning set;Ŷ j i ð Þ is the predicted value of x variable for observations number j in the model built on the set in which the i -number observation was temporarily deactivated, MSE is the mean-model error, and m is the number of parameters used in the analyzed model. For the Cook's distance D i threshold value, over which the given observation should be understood as an outlier, according to criterion (1), 1 is accepted, or alternatively 4= n À m À 2 ð Þ , where n is the number of observations in the learning set. The above rules are performed in order to detect and eliminate outliers from the PLC network traffic parameters. So prepared data is ready for stage of creating models. The nonlinear autoregressive model of order p, NAR p ð Þ, defined as is a direct generalization of linear AR model, where h Á ð Þ is a nonlinear known function [18] . It is presumed that 2 t f g is a sequence of random independent variables identically distributed with zero mean and finite variance r 2 . The autoregressive neural network (NNAR) is a feedforward network and constitutes a nonlinear approximation h Á ð Þ, which is defined as where f Á ð Þ is the activation function, and H ¼ b 0 ; . . .; b I ; a 1 ; . . .; a I ; x 11 ; . . .; x IP ð Þ is the parameters vector, p denotes the number of neurons in the hidden layers [18] . The NNAR model is a parametric non-linear model of forecasting. The process of forecasting is conducted in two steps. In the first stage, we determine the autoregression order for the examined time series. It indicates the number of former values on which the current values of time series depend. In the second stage, we train the NN by means of the set previously prepared with order of auto-regression. Next, we determine the total of input nodes in the auto-regression order, the inputs to the NN being the former, lagged observations in forecasting of univariate time series. Finally, the forecasted values constitute the NN model's output. There are two possibilities to check for hidden nodes, namely, trial-and-error and experimentation, as there is no constituted theoretical ground for their selection. It is crucial though that the number of iterations is correct not to meet the issue of over-fitting [19] . Bollinger's Bands is a tool of technical analysis invented at the beginning of 1980-ties [20] . The main idea of this tool is the condition that when variability of data is low (their standard variation is decreasing) then the bands are shrinking. On the other hand, in case of increase of data changeability, the bands are expanding. Therefore, this tool presents dynamics of data variation in a given time window. In the presented solution, we used the Bollinger's Bands to estimate changeability of forecasts of the used models. As the middle band (not presented in the pictures) we accepted the calculated values of used models' forecasts, and with upper and lower bands we tied their double standard variation [21] . It is highly likely that the character and nature of the examined parameters of the railway LED Sign Communication Network imply possibility of appearance of significant data variabilities in the analyzed time series. The reasons of such phenomenon are to be found in possible changes in the communication infrastructure (ageing of devices, exchange into new/different models, or extension/modification of already existing infrastructure). Therefore, the following statistical condition can be formulated, fulfilling of which should cause launching of the recurrent learning procedure of the neural network where x 1 ; x 2 ; . . .; x n f gis time series limited by n elements' analysis window, l is mean estimated from forecasts of the neural network in the analysis window, and r is standard deviation of elements of the examined time series in reference to such mean. The proposed new solution of railway LED Sign Communicating through PLC link is implemented to work with existing solutions of rail automation systems [16] . A PLC sign controller can work with classic analog systems and computer based systems. The novelty of the proposed solutions comes from the fact of existence of digital transmission with actual signaling cables to signs used for railway traffic control. In existing analog or computer based rail automation system the interface is analog (the state of device is controlled by level of current consumption [16] . In this article we put emphasis on security and maintenance issues of the proposed solution. In Fig. 2 we presented placing of our PLC controlled LED signs in typical part of rail automation system responsible for control and maintenance of railway signs. Every sign controller is connected to a dedicated interface responsible for a given LED sign. The railway sign is mounted on a railway pole on the one side of railway track. Communication between the sign controller and the LED sign is performed through standard signalization cable so the proposed solution can be implemented without big investments in new cable infrastructure. In Fig. 3 we can see internal block scheme of railway sign controller, LED signs and transmission links between signs and controllers. Every pair of a sign and a controller is connected by a PLC communication link where typical distance is approximately 1 km. Every sign controller is supplied from common power source (transformer). Between a sign controller and a LED sign, the packets are transmitted through point to point link. Every point-to-point link is separated by proposed by authors PLC transmission separation filter. Such a filter isolates transmission of PLC packets in common medium (signaling cable) for a given point-to-point link and avoids to reach packets from one point-to-point link to another point-to-point links connected to the same common medium (see Fig. 3 ). Separation of transmission is necessary to ensure safety and reliability in signs critical infrastructure. Sign's controller may be equipped with different communication interfaces (e.g. relay, RS232, RS485, CAN etc.) depending on railway automation system type. A sign controller and LED sign is constructed in order to meet highest Safety Integrity Level 4 (SIL4) standard [15] . For analysis of PLC railway signs traffic's anomaly and attack detection we captured traffic features that are connected to network features (data link and network layers) from Table 1 and for maintenance purposes (see Table 2 ). Traffic features are processed into form of univariate time series where every sample arrives in constant period of time. After traffic features selection and calculation time series are used for neural network auto-regression models' learning. Part of experimental test bed used for the proposed methodology verification is presented in Fig. 4 . We can see there an example set of devices communicating through signaling cable where we can set point-to-point link from 1 to 5 km. We gathered traffic features connected with physical PLC signal parameters like SF1P (RSSIP: received signal strength indication for PLC), SF2P (SNRP: signal-tonoise ratio) and features related to transmission protocol e.g. SF3P (NPRP: number of packet retransmissions) or SF6P (ACKPRP: Number of acknowledgements of proper packet receiving and configuration). Table 2 are mainly used by railway automation system staff to assess railway LED signs condition and to plan mandatory technical inspections. Maintenance features are connected to status information sent by LED sign in packet payload to a sign controller. As an example, we can mention MF1P TOT: Railway LED sign total operation time for a given railway LED sign . We can also see there examples of 20 samples prediction intervals calculated by neural network auto-regression model in order to assess how this type of neural network manages with examined signals (time series). Two intervals represent 80% (narrower) and 90% (wider) prediction intervals. Proposed maintenance and security system is complementary to functions available inherently in railway automation system. We have to mention here that our solution is an advisory element for maintenance staff but for physical on/off operations is responsible railway automation system. First of all our additional system can't be responsible for increasing number of railway traffic stops and in consequence substantial economic losses caused by alarms from our systems. That's why prediction intervals from our traffic model have to be wide enough even in unusual situations caused by testing scenarios TS1-TS3. In standard work condition of our PLC signs network our anomaly detection system won't trigger an alarm. For every traffic feature we used these prediction intervals in order to achieve variability of traffic feature for a given traffic feature. In order to evaluate neural network prediction accuracy we presented in Table 3 Root Mean Square Error Variability for SF1P -SF3P traffic features are presented on the right sides of Fig. 5, 6 and 7 . The final PLC railway signs traffic model can be generated based on one on more traffic feature variability time series depending on observation period of time. When more than one set of Bollinger bands is calculated for given period of time for a given traffic feature then final boundaries are calculated as a time series representing maximum or minimum values for higher or down boundary respectively (see Sect. 3.3). Variabilities of traffic features represent models of traffic feature behavior in our case. Online steps of our algorithm start with railway traffic features selection and calculation. Selected values of time series for a given traffic feature is subsequently compared to calculated models representing traffic features variability. If value of traffic feature exceeds boundaries set by calculated model then we generate detection report for a given railway sign and traffic feature. We also propose condition for models recalculation (see Sect. 3.4). Models recalculation is necessary in case of significant change of railway signs PLC traffic behavior or changes in physical structure of the examined network. Without models recalculation false positive values would rise to unacceptable levels. In order to evaluate anomaly/attack detection solution we proposed subsequent Testing Scenarios TS1-TS3: First testing methodology requires generation of disturbance signals by means of equipment used for Electromagnetic Compatibility (EMC) conformance tests. Tests were performed by generating for example Electrical Fast Transient (EFT)/Burst disturbance signal according to IEC 61000-4-4 or Radio Frequency disturbances by current injection clamp according to IEC 61000-4-6 standard. Simpler attack may be performed also by connecting capacitor close to PLC modems. These methods are used for attacking Physical layer of PLC signs communication link. As a result of the proposed attacks, we are degrading physical parameters of PLC transmission line. Week parameters of PLC transmission signal has a big impact on communication reliability also in higher layers of PLC communication protocol stack. Next testing scenario is based on connecting additional PLC communication device to railway sign communication link. Fake transmission node with PLC modem generates and transmits random packets. In different mode untrusted device capture arriving PLC packets, change/disturb them and retransmit to railway PLC sign modems. These packets disturb communication process between PLC sign controller and LED sign. Influence of this type of attack can be observed especially for traffic features connected to data link and network layers. Subsequent testing scenario requires adding devices that create untrusted communication tunnel with the use of the same carrier frequency that is used by railway sign modems. One of the fake PLC node captures arriving packets and transmit them to other untrusted device. Another fake communication tunnel has an impact on reliability of communication between PLC sign controller and LED sign. Another way of attack is a replay attack where untrusted device copy the received PLC packets that arrive to its PLC modem and transmit copy of this packet to legitimate PLC modems with certain delay. Abuses described in this scenario have the biggest impact especially on traffic features connected to data link and network layer and may have indirect influence on some maintenance features. Taking into consideration all simulated attack or anomalies described in Testing Scenarios TS1-TS3, we achieve cumulative results presented in Table 4 . Detection rate (DR) changes from 98.22%-90.14%, while false positive (FP) 5.83%-2.82%. The best results were achieved for SF4P (PERP: packet error rate per time interval) and SF2P (SNRP: signal-to-noise ratio in [dBu] ). Based on literature analysis and solutions proposed by railway industry [16] we couldn't make straight comparison to similar solution for railway LED signs controlling. Present used interfaces for railway LED signs are based on analog interface to digital railway automation systems [16] . Our solution based on PLC transmission for railway LED signs is our novel proposition to digital control of railway LED signs signalization by existing railway infrastructure (classic signalization cable). From these reasons we can only indirectly compare our solution to anomaly/attack detections systems which utilize PLC transmission as a communication. For anomaly detection class systems (which also utilize PLC transmission) where we try to recognize abuses with unknown behavior signature, false positive values about 5% are treated as acceptable [10, 22] . We have to mention that anomaly detection class systems try to recognize unknown traffic behavior (so called 0 day attacks) on the contrary to the Intrusion Detection Systems (IDS) where patterns of malicious activity are already known. That's why false positive indications from anomaly detection system can be higher than in case of IDS systems. There can also be observed some correlations between different types of testing scenarios. For example generation of electromagnetic disturbances or hardware modifications have an impact on testing scenarios TS2 and TS3 by disturbing packet exchange process in data link and network layers by sign controller and LED sign. The same type of coincidences can also be observed between different traffic features. For example, when values of SF2P (SNRP: signal-to-noise ratio in [dBu]) decrease in Continuous monitoring of resources and systems of critical infrastructures in order to ensure proper level of security and protection is currently a field of intense research. It is apparent that due to their nature, rail marking systems, especially those based on PLC technology, are susceptible to a great number of threats originating both inside and outside their own infrastructure. Significant problems connected to their safety are caused by attacks with increasingly great range and complexity level, as well as failures and damage of communication infrastructure elements. Most often implemented solutions which are supposed to ensure adequate level of security and protection are methods of detection and classification which allow to identify untypical behaviors reflected in the analyzed network traffic. In the present work, there were provided proposals of a system allowing to detect different types of anomalies and failures/damage in critical infrastructure of rail transport realized with the use of PLC technology. The structure and features of the examined LED Sign Communication Network were described. Furthermore, key aspects of security and system maintenance were analyzed, which influence correct operation of the critical communication infrastructure. There were also performed numerous experiments which confirmed effectiveness and efficiency of the proposed solution. We evaluated proposed solution by means of real world railway LED signs test bed. We analyzed 7 network features and 5 maintenance features in order to detect anomaly or attack in network of LED signs. Achieved DR changes from 98.22%-90.14%, while FP 5.83%-2.82%. A survey of intelligent transportation systems A survey on intelligent transportation systems Anomaly detection on ITS data via view association Anomaly detection in smart grid data: an experience report An integrated IoT architecture for smart metering Design of smart LED streetlight system for smart city with web-based management system A hierarchical smart street lighting system with brute-force energy optimization Attack classification schema for smart city WSNs A smart city application: a fully controlled street lighting isle based on Raspberry-Pi card, a ZigBee sensor network and WiMAX Anomaly detection in wireless sensor networks: a survey Anomaly detection in wireless sensor networks Detecting anomalous behavior of PLC using semi-supervised machine learning Clustering and support vector regression for water demand forecasting and anomaly detection Short-term anomaly detection in gas consumption through ARIMA and artificial neural network forecast Detection of influential observations in linear regression Are neural networks able to forecast nonlinear time series with moving average components? IEEE Lat A simulation study of artificial neural networks for nonlinear time series forecasting Smoothing the Bollinger bands A comparative study of anomaly detection techniques for smart city wireless sensor networks