Online transportation network cyber-attack detection based on stationary sensor data

Penetration of connected vehicles and crowdsourced mapping applications give rise to security vulnerabilities in transportation networks. Accurate detection of cyber-attacks on transportation networks is critical to minimize impacts on transportation systems. This task is particularly challenging because the impacts of regional cyber-attacks can be invisible on aggregated traffic data, especially when only sensor data is accessible to transportation agencies. We propose an analytical framework that leverages real-time road link sensory data to conduct online data-driven transportation network anomaly detection using non-parametric long short-term memory (LSTM) and parametric Gaussian process model. The online anomaly detection models can continuously update model coefficients as real-time sensory data arrives. We utilize a city-scale microscopic traffic simulation to validate our cyber-attack detecting framework. The cyber-attack detection model achieves a F₁ score, which is a harmonic mean of the precision and recall of classifiers, between 84% to 96% considering different initial training data sizes. We compare with major offline models to demonstrate the effectiveness and robustness of online models. In addition, we devised a meta-heuristic method to solve the multi-objective sensor location problem to simultaneously enhance anomaly detection efficiency and maximize traffic information gain. This study demonstrates a systematic approach to address the emerging concerns of cyber-security in transportation networks with minimum requirements for infrastructure upgrades. Our results can help transportation security authorities identify potential cyber-attacks and protect transportation infrastructure from malicious cyber-hackers.