Machine Learning for Cyber-Attack Identification from Traffic Flows

TL;DR

This study investigates the feasibility of detecting cyber-attacks on traffic control systems solely through traffic flow pattern analysis, achieving 85% accuracy despite data challenges.

Contribution

It introduces a simulation framework combining traffic and cyber-attack scenarios to evaluate traffic flow-based intrusion detection methods.

Findings

Achieved 85% detection accuracy using traffic flow data.

Identified occupancy, jam length, and halting durations as key indicators.

Demonstrated effectiveness despite data imbalance and pattern overlap.

Abstract

This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the research questions: are we able to identify cyber attacks by only analyzing traffic flow patterns. In this research, the cyber attacks are focused particularly when lights are randomly turned all green or red at busy intersections by adversarial attackers. Despite challenges stemming from imbalanced data and overlapping traffic patterns, our best model shows 85\% accuracy when detecting intrusions purely using traffic flow statistics. Key indicators for successful detection included occupancy, jam length, and halting durations.