Machine Learning for Cyber-Attack Identification from Traffic Flows

• URL: http://arxiv.org/abs/2505.01489v1
• Date: Fri, 02 May 2025 17:34:19 GMT
• Title: Machine Learning for Cyber-Attack Identification from Traffic Flows
• Authors: Yujing Zhou, Marc L. Jacquet, Robel Dawit, Skyler Fabre, Dev Sarawat, Faheem Khan, Madison Newell, Yongxin Liu, Dahai Liu, Hongyun Chen, Jian Wang, Huihui Wang,
• Abstract summary: This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL.<n>We try to answer the research questions: are we able to identify cyber attacks by only analyzing traffic flow patterns.
• Score: 5.834276858232939
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the research questions: are we able to identify cyber attacks by only analyzing traffic flow patterns. In this research, the cyber attacks are focused particularly when lights are randomly turned all green or red at busy intersections by adversarial attackers. Despite challenges stemming from imbalanced data and overlapping traffic patterns, our best model shows 85\% accuracy when detecting intrusions purely using traffic flow statistics. Key indicators for successful detection included occupancy, jam length, and halting durations.

Related papers

• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• Explainable Machine Learning for Cyberattack Identification from Traffic Flows [5.834276858232939]
  We simulate cyberattacks in a semi-realistic environment, using a traffic network to analyze disruption patterns.<n>We develop a deep learning-based anomaly detection system, demonstrating that Longest Stop Duration and Total Jam Distance are key indicators of compromised signals.<n>This work enhances AI-driven traffic security, improving both detection accuracy and trustworthiness in smart transportation systems.
  arXiv  Detail & Related papers  (2025-05-02T17:34:14Z)
• PCAP-Backdoor: Backdoor Poisoning Generator for Network Traffic in CPS/IoT Environments [0.6629765271909503]
  We introduce textttPCAP-Backdoor, a novel technique that facilitates backdoor poisoning attacks on PCAP datasets.<n>Experiments on real-world Cyber-Physical Systems (CPS) and Internet of Things (IoT) network traffic datasets demonstrate that attackers can effectively backdoor a model by poisoning as little as 1% or less of the entire training dataset.
  arXiv  Detail & Related papers  (2025-01-26T15:49:34Z)
• Multi-Source Urban Traffic Flow Forecasting with Drone and Loop Detector Data [61.9426776237409]
  Drone-captured data can create an accurate multi-sensor mobility observatory for large-scale urban networks.<n>A simple yet effective graph-based model HiMSNet is proposed to integrate multiple data modalities and learn-temporal correlations.
  arXiv  Detail & Related papers  (2025-01-07T03:23:28Z)
• NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
  We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records.<n>We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
  arXiv  Detail & Related papers  (2024-12-30T00:47:49Z)
• CyberSentinel: Efficient Anomaly Detection in Programmable Switch using Knowledge Distillation [0.0]
  CyberSentinel is a high throughput and accurate anomaly detection system deployed entirely in the programmable switch data plane.<n>To detect unseen network attacks, CyberSentinel uses a novel knowledge distillation scheme that incorporates "learned" knowledge of deep unsupervised ML models.<n>We implement a prototype of CyberSentinel on a testbed with an Intel Tofino switch and evaluate it on various real-world use cases.
  arXiv  Detail & Related papers  (2024-12-21T16:35:44Z)
• Towards Multi-agent Reinforcement Learning based Traffic Signal Control through Spatio-temporal Hypergraphs [19.107744041461316]
  Traffic signal systems (TSCSs) are integral to intelligent traffic management fostering efficient vehicle flow.<n>We propose a novel TSCS framework to realize intelligent traffic edge network.<n>We have crafted a multi-agent soft actor-critic (MA-SAC) reinforcement learning algorithm.
  arXiv  Detail & Related papers  (2024-04-17T02:46:18Z)
• Detecting subtle cyberattacks on adaptive cruise control vehicles: A machine learning approach [4.610653122777888]
  More insidious attacks, which only slightly alter driving behavior, can result in network-wide increases in congestion, fuel consumption, and even crash risk without being easily detected.<n>We present a traffic model framework for three types of potential cyberattacks: malicious manipulation of vehicle control commands, false data injection attacks on sensor measurements, and denial-of-service (DoS) attacks.<n>A novel generative adversarial network (GAN)-based anomaly detection model is proposed for real-time identification of such attacks using vehicle trajectory data.
  arXiv  Detail & Related papers  (2023-10-26T01:22:10Z)
• Infrastructure-based End-to-End Learning and Prevention of Driver Failure [68.0478623315416]
  FailureNet is a recurrent neural network trained end-to-end on trajectories of both nominal and reckless drivers in a scaled miniature city. It can accurately identify control failures, upstream perception errors, and speeding drivers, distinguishing them from nominal driving. Compared to speed or frequency-based predictors, FailureNet's recurrent neural network structure provides improved predictive power, yielding upwards of 84% accuracy when deployed on hardware.
  arXiv  Detail & Related papers  (2023-03-21T22:55:51Z)
• Reinforcement Learning based Cyberattack Model for Adaptive Traffic Signal Controller in Connected Transportation Systems [61.39400591328625]
  In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time. This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes. One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network. An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
  arXiv  Detail & Related papers  (2022-10-31T20:12:17Z)
• Deep traffic light detection by overlaying synthetic context on arbitrary natural images [49.592798832978296]
  We propose a method to generate artificial traffic-related training data for deep traffic light detectors. This data is generated using basic non-realistic computer graphics to blend fake traffic scenes on top of arbitrary image backgrounds. It also tackles the intrinsic data imbalance problem in traffic light datasets, caused mainly by the low amount of samples of the yellow state.
  arXiv  Detail & Related papers  (2020-11-07T19:57:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.