Run-Time Monitoring of ERTMS/ETCS Control Flow by Process Mining

• URL: http://arxiv.org/abs/2509.10419v1
• Date: Fri, 12 Sep 2025 17:17:35 GMT
• Title: Run-Time Monitoring of ERTMS/ETCS Control Flow by Process Mining
• Authors: Francesco Vitale, Tommaso Zoppi, Francesco Flammini, Nicola Mazzocca,
• Abstract summary: This paper explores run-time control-flow anomaly detection using process mining to enhance the resilience of ERTMS/ETCS L2.<n>Process mining allows learning the actual control flow of the system from its execution traces, thus enabling run-time monitoring.<n>In addition, anomaly localization is performed through unsupervised machine learning to link relevant deviations to critical system components.
• Score: 5.244510914441487
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Ensuring the resilience of computer-based railways is increasingly crucial to account for uncertainties and changes due to the growing complexity and criticality of those systems. Although their software relies on strict verification and validation processes following well-established best-practices and certification standards, anomalies can still occur at run-time due to residual faults, system and environmental modifications that were unknown at design-time, or other emergent cyber-threat scenarios. This paper explores run-time control-flow anomaly detection using process mining to enhance the resilience of ERTMS/ETCS L2 (European Rail Traffic Management System / European Train Control System Level 2). Process mining allows learning the actual control flow of the system from its execution traces, thus enabling run-time monitoring through online conformance checking. In addition, anomaly localization is performed through unsupervised machine learning to link relevant deviations to critical system components. We test our approach on a reference ERTMS/ETCS L2 scenario, namely the RBC/RBC Handover, to show its capability to detect and localize anomalies with high accuracy, efficiency, and explainability.

Related papers

• Detecting Object Tracking Failure via Sequential Hypothesis Testing [80.7891291021747]
  Real-time online object tracking in videos constitutes a core task in computer vision.<n>We propose interpreting object tracking as a sequential hypothesis test, wherein evidence for or against tracking failures is gradually accumulated over time.<n>We propose both supervised and unsupervised variants by leveraging either ground-truth or solely internal tracking information.
  arXiv  Detail & Related papers  (2026-02-13T14:57:15Z)
• Architecting software monitors for control-flow anomaly detection through large language models and conformance checking [4.824526467228295]
  We propose a methodology to develop software monitors for control-flow anomaly detection.<n>The methodology builds on existing software development practices to maintain traditional V&V.<n>We test the methodology on a case-study scenario from the European Railway Traffic Management System / European Train Control System.
  arXiv  Detail & Related papers  (2025-11-14T01:11:26Z)
• Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs [0.0]
  AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems.<n>This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning (ML) for real-time anomaly detection.
  arXiv  Detail & Related papers  (2025-08-29T13:13:43Z)
• WATCH: Adaptive Monitoring for AI Deployments via Weighted-Conformal Martingales [22.789611187514975]
  Methods for nonparametric sequential testing -- especially conformal test martingales (CTMs) and anytime-valid inference -- offer promising tools for this monitoring task.<n>Existing approaches are restricted to monitoring limited hypothesis classes or alarm criteria''
  arXiv  Detail & Related papers  (2025-05-07T17:53:47Z)
• Code-as-Monitor: Constraint-aware Visual Programming for Reactive and Proactive Robotic Failure Detection [56.66677293607114]
  We propose Code-as-Monitor (CaM) for both open-set reactive and proactive failure detection.<n>To enhance the accuracy and efficiency of monitoring, we introduce constraint elements that abstract constraint-related entities.<n>Experiments show that CaM achieves a 28.7% higher success rate and reduces execution time by 31.8% under severe disturbances.
  arXiv  Detail & Related papers  (2024-12-05T18:58:27Z)
• Runtime Verification via Rational Monitor with Imperfect Information [2.7323347531070974]
  Traditional verification assumes perfect information, meaning the monitoring component perceives everything accurately. This assumption often fails, especially with autonomous systems operating in real-world environments. We extend standard RV of Linear Temporal Logic properties to accommodate scenarios where the monitor has imperfect information and behaves rationally.
  arXiv  Detail & Related papers  (2024-08-21T13:56:06Z)
• Intrusion Tolerance for Networked Systems through Two-Level Feedback Control [0.0]
  We formulate intrusion tolerance for a system with service replicas as a two-level optimal control problem. On the local level node controllers perform intrusion recovery, and on the global level a system controller manages the replication factor. Based on this formulation, we design TOLERANCE, a novel control architecture for intrusion-tolerant systems.
  arXiv  Detail & Related papers  (2024-04-02T09:00:45Z)
• Monitoring ROS2: from Requirements to Autonomous Robots [58.720142291102135]
  This paper provides an overview of a formal approach to generating runtime monitors for autonomous robots from requirements written in a structured natural language. Our approach integrates the Formal Requirement Elicitation Tool (FRET) with Copilot, a runtime verification framework, through the Ogma integration tool.
  arXiv  Detail & Related papers  (2022-09-28T12:19:13Z)
• Ranking-Based Physics-Informed Line Failure Detection in Power Grids [66.0797334582536]
  Real-time and accurate detecting of potential line failures is the first step to mitigating the extreme weather impact and activating emergency controls. Power balance equations nonlinearity, increased uncertainty in generation during extreme events, and lack of grid observability compromise the efficiency of traditional data-driven failure detection methods. This paper proposes a Physics-InformEd Line failure Detector (FIELD) that leverages grid topology information to reduce sample and time complexities and improve localization accuracy.
  arXiv  Detail & Related papers  (2022-08-31T18:19:25Z)
• Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
  We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers. We then present the pointwise feasibility conditions of the resulting safety controller. We use these conditions to devise an event-triggered online data collection strategy.
  arXiv  Detail & Related papers  (2022-08-23T05:02:09Z)
• Improving the Performance of Robust Control through Event-Triggered Learning [74.57758188038375]
  We propose an event-triggered learning algorithm that decides when to learn in the face of uncertainty in the LQR problem. We demonstrate improved performance over a robust controller baseline in a numerical example.
  arXiv  Detail & Related papers  (2022-07-28T17:36:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.