Monitoring cyberthreats in railway systems: A hybrid framework for detecting stealthy data tampering attacks

IF 11 1区工程技术 Q1 ENGINEERING, INDUSTRIAL

Reliability Engineering & System Safety Pub Date : 2025-09-26 DOI:10.1016/j.ress.2025.111747

Sara Abdellaoui, Emil Dumitrescu, Cédric Escudero, Eric Zamai

{"title":"Monitoring cyberthreats in railway systems: A hybrid framework for detecting stealthy data tampering attacks","authors":"Sara Abdellaoui, Emil Dumitrescu, Cédric Escudero, Eric Zamai","doi":"10.1016/j.ress.2025.111747","DOIUrl":null,"url":null,"abstract":"<div><div>Railway cybersecurity has become a critical concern as the integration of advanced monitoring systems increases reliance on technology. Cyberattacks targeting railway systems can disrupt operations, compromise data integrity, and mislead maintenance decisions, jeopardizing safety and efficiency. Despite these risks, existing detection methods often struggle to address stealthy data tampering attacks designed to either mask failures or trigger unnecessary maintenance. To remedy this gap, this article proposes a novel framework combining Turnout Lifecycle Analysis (TLA) and Expected Behavior Analysis (EBA), complemented by a weighted, modified Dempster–Shafer theory to integrate threat estimations from both approaches. The proposed framework supports the detection of stealthy cyberattacks and the diagnosis of turnout faults, while enabling resilient decision-making under uncertainty. The framework is validated on simulated cyberattack scenarios, successfully identifying six out of seven attacks while reducing false positives. The results highlight the potential of this framework to give railway maintenance operators more accurate insights, help improve decision-making, and help enhance the safety and resilience of railway operations against cyberthreats.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":"266 ","pages":"Article 111747"},"PeriodicalIF":11.0000,"publicationDate":"2025-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832025009470","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}

引用次数: 0

Abstract

Railway cybersecurity has become a critical concern as the integration of advanced monitoring systems increases reliance on technology. Cyberattacks targeting railway systems can disrupt operations, compromise data integrity, and mislead maintenance decisions, jeopardizing safety and efficiency. Despite these risks, existing detection methods often struggle to address stealthy data tampering attacks designed to either mask failures or trigger unnecessary maintenance. To remedy this gap, this article proposes a novel framework combining Turnout Lifecycle Analysis (TLA) and Expected Behavior Analysis (EBA), complemented by a weighted, modified Dempster–Shafer theory to integrate threat estimations from both approaches. The proposed framework supports the detection of stealthy cyberattacks and the diagnosis of turnout faults, while enabling resilient decision-making under uncertainty. The framework is validated on simulated cyberattack scenarios, successfully identifying six out of seven attacks while reducing false positives. The results highlight the potential of this framework to give railway maintenance operators more accurate insights, help improve decision-making, and help enhance the safety and resilience of railway operations against cyberthreats.

查看原文本刊更多论文

监测铁路系统中的网络威胁：用于检测隐形数据篡改攻击的混合框架

随着先进监控系统的集成越来越依赖技术，铁路网络安全已成为一个关键问题。针对铁路系统的网络攻击会扰乱运营，破坏数据完整性，误导维护决策，危及安全和效率。尽管存在这些风险，但现有的检测方法往往难以应对隐蔽的数据篡改攻击，这些攻击旨在掩盖故障或触发不必要的维护。为了弥补这一差距，本文提出了一个结合道岔生命周期分析（TLA）和预期行为分析（EBA）的新框架，并辅以加权的修正Dempster-Shafer理论，以整合两种方法的威胁估计。所提出的框架支持隐蔽网络攻击的检测和投票率故障的诊断，同时实现不确定性下的弹性决策。该框架在模拟网络攻击场景中进行了验证，成功识别了7次攻击中的6次，同时减少了误报。研究结果凸显了该框架的潜力，可以为铁路维护运营商提供更准确的见解，有助于改善决策，并有助于提高铁路运营的安全性和抵御网络威胁的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Reliability Engineering & System Safety 管理科学-工程：工业

CiteScore

15.20

自引率

39.50%

发文量

621

审稿时长

67 days

期刊介绍： Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.