Explainable Machine Learning for Cyberattack Identification from Traffic Flows Article Swipe
Yujing Zhou
,
Marc L. Jacquet
,
Robel Dawit
,
Skyler Fabre
,
Dev Sarawat
,
Faheem Khan
,
Madison Newell
,
Yongxin Liu
,
Dahai Liu
,
Hongyun Chen
,
Jian Wang
,
Huihui Wang
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2505.01488
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2505.01488
The increasing automation of traffic management systems has made them prime targets for cyberattacks, disrupting urban mobility and public safety. Traditional network-layer defenses are often inaccessible to transportation agencies, necessitating a machine learning-based approach that relies solely on traffic flow data. In this study, we simulate cyberattacks in a semi-realistic environment, using a virtualized traffic network to analyze disruption patterns. We develop a deep learning-based anomaly detection system, demonstrating that Longest Stop Duration and Total Jam Distance are key indicators of compromised signals. To enhance interpretability, we apply Explainable AI (XAI) techniques, identifying critical decision factors and diagnosing misclassification errors. Our analysis reveals two primary challenges: transitional data inconsistencies, where mislabeled recovery-phase traffic misleads the model, and model limitations, where stealth attacks in low-traffic conditions evade detection. This work enhances AI-driven traffic security, improving both detection accuracy and trustworthiness in smart transportation systems.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2505.01488
- https://arxiv.org/pdf/2505.01488
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4415026120
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4415026120Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2505.01488Digital Object Identifier
- Title
-
Explainable Machine Learning for Cyberattack Identification from Traffic FlowsWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-05-02Full publication date if available
- Authors
-
Yujing Zhou, Marc L. Jacquet, Robel Dawit, Skyler Fabre, Dev Sarawat, Faheem Khan, Madison Newell, Yongxin Liu, Dahai Liu, Hongyun Chen, Jian Wang, Huihui WangList of authors in order
- Landing page
-
https://arxiv.org/abs/2505.01488Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2505.01488Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2505.01488Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4415026120 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2505.01488 |
| ids.doi | https://doi.org/10.48550/arxiv.2505.01488 |
| ids.openalex | https://openalex.org/W4415026120 |
| fwci | |
| type | preprint |
| title | Explainable Machine Learning for Cyberattack Identification from Traffic Flows |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T10400 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9627000093460083 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1705 |
| topics[0].subfield.display_name | Computer Networks and Communications |
| topics[0].display_name | Network Security and Intrusion Detection |
| topics[1].id | https://openalex.org/T11512 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9520999789237976 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1702 |
| topics[1].subfield.display_name | Artificial Intelligence |
| topics[1].display_name | Anomaly Detection Techniques and Applications |
| topics[2].id | https://openalex.org/T12034 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9336000084877014 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1710 |
| topics[2].subfield.display_name | Information Systems |
| topics[2].display_name | Digital and Cyber Forensics |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2505.01488 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2505.01488 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2505.01488 |
| locations[1].id | doi:10.48550/arxiv.2505.01488 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2505.01488 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5101499904 |
| authorships[0].author.orcid | https://orcid.org/0000-0001-7536-8705 |
| authorships[0].author.display_name | Yujing Zhou |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Zhou, Yujing |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5118792061 |
| authorships[1].author.orcid | |
| authorships[1].author.display_name | Marc L. Jacquet |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Jacquet, Marc L. |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5118792062 |
| authorships[2].author.orcid | |
| authorships[2].author.display_name | Robel Dawit |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Dawit, Robel |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5054659936 |
| authorships[3].author.orcid | |
| authorships[3].author.display_name | Skyler Fabre |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Fabre, Skyler |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5118792063 |
| authorships[4].author.orcid | |
| authorships[4].author.display_name | Dev Sarawat |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Sarawat, Dev |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5071662846 |
| authorships[5].author.orcid | https://orcid.org/0000-0001-6220-0225 |
| authorships[5].author.display_name | Faheem Khan |
| authorships[5].author_position | middle |
| authorships[5].raw_author_name | Khan, Faheem |
| authorships[5].is_corresponding | False |
| authorships[6].author.id | https://openalex.org/A5118792064 |
| authorships[6].author.orcid | |
| authorships[6].author.display_name | Madison Newell |
| authorships[6].author_position | middle |
| authorships[6].raw_author_name | Newell, Madison |
| authorships[6].is_corresponding | False |
| authorships[7].author.id | https://openalex.org/A5100765920 |
| authorships[7].author.orcid | https://orcid.org/0000-0003-4527-8623 |
| authorships[7].author.display_name | Yongxin Liu |
| authorships[7].author_position | middle |
| authorships[7].raw_author_name | Liu, Yongxin |
| authorships[7].is_corresponding | False |
| authorships[8].author.id | https://openalex.org/A5025536132 |
| authorships[8].author.orcid | https://orcid.org/0000-0003-0482-7083 |
| authorships[8].author.display_name | Dahai Liu |
| authorships[8].author_position | middle |
| authorships[8].raw_author_name | Liu, Dahai |
| authorships[8].is_corresponding | False |
| authorships[9].author.id | https://openalex.org/A5102934471 |
| authorships[9].author.orcid | https://orcid.org/0000-0001-8044-7256 |
| authorships[9].author.display_name | Hongyun Chen |
| authorships[9].author_position | middle |
| authorships[9].raw_author_name | Chen, Hongyun |
| authorships[9].is_corresponding | False |
| authorships[10].author.id | https://openalex.org/A5100711285 |
| authorships[10].author.orcid | https://orcid.org/0000-0002-7701-8511 |
| authorships[10].author.display_name | Jian Wang |
| authorships[10].author_position | middle |
| authorships[10].raw_author_name | Wang, Jian |
| authorships[10].is_corresponding | False |
| authorships[11].author.id | https://openalex.org/A5100371068 |
| authorships[11].author.orcid | https://orcid.org/0000-0001-9518-679X |
| authorships[11].author.display_name | Huihui Wang |
| authorships[11].author_position | last |
| authorships[11].raw_author_name | Wang, Huihui |
| authorships[11].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2505.01488 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Explainable Machine Learning for Cyberattack Identification from Traffic Flows |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T10400 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9627000093460083 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1705 |
| primary_topic.subfield.display_name | Computer Networks and Communications |
| primary_topic.display_name | Network Security and Intrusion Detection |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2505.01488 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2505.01488 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2505.01488 |
| primary_location.id | pmh:oai:arXiv.org:2505.01488 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2505.01488 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2505.01488 |
| publication_date | 2025-05-02 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 30, 48, 52, 62 |
| abstract_inverted_index.AI | 89 |
| abstract_inverted_index.In | 41 |
| abstract_inverted_index.To | 83 |
| abstract_inverted_index.We | 60 |
| abstract_inverted_index.in | 47, 122, 139 |
| abstract_inverted_index.of | 3, 80 |
| abstract_inverted_index.on | 37 |
| abstract_inverted_index.to | 26, 56 |
| abstract_inverted_index.we | 44, 86 |
| abstract_inverted_index.Jam | 75 |
| abstract_inverted_index.Our | 100 |
| abstract_inverted_index.The | 0 |
| abstract_inverted_index.and | 17, 73, 96, 116, 137 |
| abstract_inverted_index.are | 23, 77 |
| abstract_inverted_index.for | 12 |
| abstract_inverted_index.has | 7 |
| abstract_inverted_index.key | 78 |
| abstract_inverted_index.the | 114 |
| abstract_inverted_index.two | 103 |
| abstract_inverted_index.Stop | 71 |
| abstract_inverted_index.This | 127 |
| abstract_inverted_index.both | 134 |
| abstract_inverted_index.data | 107 |
| abstract_inverted_index.deep | 63 |
| abstract_inverted_index.flow | 39 |
| abstract_inverted_index.made | 8 |
| abstract_inverted_index.that | 34, 69 |
| abstract_inverted_index.them | 9 |
| abstract_inverted_index.this | 42 |
| abstract_inverted_index.work | 128 |
| abstract_inverted_index.(XAI) | 90 |
| abstract_inverted_index.Total | 74 |
| abstract_inverted_index.apply | 87 |
| abstract_inverted_index.data. | 40 |
| abstract_inverted_index.evade | 125 |
| abstract_inverted_index.model | 117 |
| abstract_inverted_index.often | 24 |
| abstract_inverted_index.prime | 10 |
| abstract_inverted_index.smart | 140 |
| abstract_inverted_index.urban | 15 |
| abstract_inverted_index.using | 51 |
| abstract_inverted_index.where | 109, 119 |
| abstract_inverted_index.model, | 115 |
| abstract_inverted_index.public | 18 |
| abstract_inverted_index.relies | 35 |
| abstract_inverted_index.solely | 36 |
| abstract_inverted_index.study, | 43 |
| abstract_inverted_index.Longest | 70 |
| abstract_inverted_index.analyze | 57 |
| abstract_inverted_index.anomaly | 65 |
| abstract_inverted_index.attacks | 121 |
| abstract_inverted_index.develop | 61 |
| abstract_inverted_index.enhance | 84 |
| abstract_inverted_index.errors. | 99 |
| abstract_inverted_index.factors | 95 |
| abstract_inverted_index.machine | 31 |
| abstract_inverted_index.network | 55 |
| abstract_inverted_index.primary | 104 |
| abstract_inverted_index.reveals | 102 |
| abstract_inverted_index.safety. | 19 |
| abstract_inverted_index.stealth | 120 |
| abstract_inverted_index.system, | 67 |
| abstract_inverted_index.systems | 6 |
| abstract_inverted_index.targets | 11 |
| abstract_inverted_index.traffic | 4, 38, 54, 112, 131 |
| abstract_inverted_index.Distance | 76 |
| abstract_inverted_index.Duration | 72 |
| abstract_inverted_index.accuracy | 136 |
| abstract_inverted_index.analysis | 101 |
| abstract_inverted_index.approach | 33 |
| abstract_inverted_index.critical | 93 |
| abstract_inverted_index.decision | 94 |
| abstract_inverted_index.defenses | 22 |
| abstract_inverted_index.enhances | 129 |
| abstract_inverted_index.misleads | 113 |
| abstract_inverted_index.mobility | 16 |
| abstract_inverted_index.signals. | 82 |
| abstract_inverted_index.simulate | 45 |
| abstract_inverted_index.systems. | 142 |
| abstract_inverted_index.AI-driven | 130 |
| abstract_inverted_index.agencies, | 28 |
| abstract_inverted_index.detection | 66, 135 |
| abstract_inverted_index.improving | 133 |
| abstract_inverted_index.patterns. | 59 |
| abstract_inverted_index.security, | 132 |
| abstract_inverted_index.automation | 2 |
| abstract_inverted_index.conditions | 124 |
| abstract_inverted_index.detection. | 126 |
| abstract_inverted_index.diagnosing | 97 |
| abstract_inverted_index.disrupting | 14 |
| abstract_inverted_index.disruption | 58 |
| abstract_inverted_index.increasing | 1 |
| abstract_inverted_index.indicators | 79 |
| abstract_inverted_index.management | 5 |
| abstract_inverted_index.mislabeled | 110 |
| abstract_inverted_index.Explainable | 88 |
| abstract_inverted_index.Traditional | 20 |
| abstract_inverted_index.challenges: | 105 |
| abstract_inverted_index.compromised | 81 |
| abstract_inverted_index.identifying | 92 |
| abstract_inverted_index.low-traffic | 123 |
| abstract_inverted_index.techniques, | 91 |
| abstract_inverted_index.virtualized | 53 |
| abstract_inverted_index.cyberattacks | 46 |
| abstract_inverted_index.environment, | 50 |
| abstract_inverted_index.inaccessible | 25 |
| abstract_inverted_index.limitations, | 118 |
| abstract_inverted_index.transitional | 106 |
| abstract_inverted_index.cyberattacks, | 13 |
| abstract_inverted_index.demonstrating | 68 |
| abstract_inverted_index.necessitating | 29 |
| abstract_inverted_index.network-layer | 21 |
| abstract_inverted_index.learning-based | 32, 64 |
| abstract_inverted_index.recovery-phase | 111 |
| abstract_inverted_index.semi-realistic | 49 |
| abstract_inverted_index.transportation | 27, 141 |
| abstract_inverted_index.trustworthiness | 138 |
| abstract_inverted_index.inconsistencies, | 108 |
| abstract_inverted_index.interpretability, | 85 |
| abstract_inverted_index.misclassification | 98 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 12 |
| citation_normalized_percentile |