Table of Contents
Fetching ...

Machine Learning for Cyber-Attack Identification from Traffic Flows

Yujing Zhou, Marc L. Jacquet, Robel Dawit, Skyler Fabre, Dev Sarawat, Faheem Khan, Madison Newell, Yongxin Liu, Dahai Liu, Hongyun Chen, Jian Wang, Huihui Wang

TL;DR

This work tackles the resilience of urban traffic control against cyber threats by integrating cyberattack simulations with traffic flow modeling for Daytona Beach. It evaluates both traditional ML and CNN approaches to detect intrusions from traffic statistics alone, identifying Max Halting Duration and jam Length as key indicators. The results show that a CNN with a 10-second observation window can outperform traditional models, while Random Forest remains a strong baseline; the study emphasizes the need to combine anomaly detection with direct hardware/network monitoring for robust security. The framework lays groundwork for real-time cyber-physical security in traffic infrastructure, with future directions including broader connectivity, Dockerization, and unsupervised methods to handle evolving threats.

Abstract

This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the research questions: are we able to identify cyber attacks by only analyzing traffic flow patterns. In this research, the cyber attacks are focused particularly when lights are randomly turned all green or red at busy intersections by adversarial attackers. Despite challenges stemming from imbalanced data and overlapping traffic patterns, our best model shows 85\% accuracy when detecting intrusions purely using traffic flow statistics. Key indicators for successful detection included occupancy, jam length, and halting durations.

Machine Learning for Cyber-Attack Identification from Traffic Flows

TL;DR

This work tackles the resilience of urban traffic control against cyber threats by integrating cyberattack simulations with traffic flow modeling for Daytona Beach. It evaluates both traditional ML and CNN approaches to detect intrusions from traffic statistics alone, identifying Max Halting Duration and jam Length as key indicators. The results show that a CNN with a 10-second observation window can outperform traditional models, while Random Forest remains a strong baseline; the study emphasizes the need to combine anomaly detection with direct hardware/network monitoring for robust security. The framework lays groundwork for real-time cyber-physical security in traffic infrastructure, with future directions including broader connectivity, Dockerization, and unsupervised methods to handle evolving threats.

Abstract

This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the research questions: are we able to identify cyber attacks by only analyzing traffic flow patterns. In this research, the cyber attacks are focused particularly when lights are randomly turned all green or red at busy intersections by adversarial attackers. Despite challenges stemming from imbalanced data and overlapping traffic patterns, our best model shows 85\% accuracy when detecting intrusions purely using traffic flow statistics. Key indicators for successful detection included occupancy, jam length, and halting durations.
Paper Structure (11 sections, 7 figures, 1 table)

This paper contains 11 sections, 7 figures, 1 table.

Figures (7)

  • Figure 1: Abstract network topology of traffic controllers in Daytona Beach, FL
  • Figure 2: Architecture of the simulation framework
  • Figure 3: Architecture of the Convolutional Neural Network (CNN)
  • Figure 4: Data distribution of the simulated attack and normal scenarios. We used Principal Component Analysis (PCA) to project the original data to 2D space with 90% of variance explained.
  • Figure 5: Two Most Important Features in response to intrusions in the Traffic Dataset
  • ...and 2 more figures