DERAIL-ML: DEtecting RAilway Cyber-physicaL Attacks using Machine Learning

João Maria Lopes Inverno

Key information

Authors:

João Maria Lopes Inverno (João Maria Lopes Inverno)

Supervisors:

Carlos Nuno da Cruz Ribeiro (Carlos Nuno da Cruz Ribeiro); Filipe Miguel Marcos Apolinário

Published in

06/30/2025

Abstract

Modern railway systems extend far beyond trains, stations, and tracks. They are now digitalised, utilising sensors and actuators, tracking train positions, and controlling track switches. Operations centres coordinate these systems, managing schedules, passenger information, and speed limits, enhancing productivity and reducing human error-related accidents. However, this increasing digitalisation has introduced vulnerabilities that make railways liable to cyber-attacks. Effective log monitoring is crucial for detecting cyber-physical attacks in critical infrastructures. Logs can document operations and identify anomalies. The challenge lies in distinguishing real threats from false alarms caused by sensor noise and inconsistencies. Anomalies can be detected by establishing sequential relationships between sensor data and actuator actions and then monitoring the system for unexpected behaviour. This work explores machine learning methods to automate the detection of anomalies.

Publication details

Authors in the community:

João Maria Lopes Inverno
ist195601

Supervisors of this institution:

Carlos Nuno da Cruz Ribeiro
ist13499

Fields of Science and Technology (FOS)

electrical-engineering-electronic-engineering-information-engineering - Electrical engineering, electronic engineering, information engineering

Publication language (ISO code)

eng - English

Rights type:

Embargoed access

Date available:

03/29/2026

Institution name

Instituto Superior Técnico