FraudMove: Fraud Drivers Discovery Using Real-Time Trajectory Outlier Detection

Taxicabs and rideshare cars nowadays are equipped with GPS devices that enable capturing a large volume of traces. These GPS traces represent the moving behavior of the car drivers. Indeed, the real-time discovery of fraud drivers earlier is a demand for saving the passenger’s life and money. For this purpose, this paper proposes a novel time-based system, namely FraudMove, to discover fraud drivers in real-time by identifying outlier active trips. Mainly, the proposed FraudMove system computes the time of the most probable path of a trip. For trajectory outlier detection, a trajectory is considered an outlier trajectory if its time exceeds the time of this computed path by a specified threshold. FraudMove employs a tunable time window parameter to control the number of checks for detecting outlier trips. This parameter allows FraudMove to trade responsiveness with efficiency. Unlike other related works that wait until the end of a trip to indicate that it was an outlier, FraudMove discovers outlier trips instantly during the trip. Extensive experiments conducted on a real dataset confirm the efficiency and effectiveness of FraudMove in detecting outlier trajectories. The experimental results prove that FraudMove saves the response time of the outlier check process by up to 65% compared to the state-of-the-art systems

A method for detecting abnormal behavior of ships based on multi-dimensional density distance and an abnormal isolation mechanism

Abnormal ship behavior detection is essential for maritime navigation safety. Most existing abnormal ship behavior detection methods only build A ship trajectory position outlier detection model; however, the construction of a ship speed outlier detection model is also significant for maritime navigation safety. In addition, in most existing methods for detecting a ship's abnormal behavior based on abnormal thresholds, one unsuitable threshold leads to the risk of the ship not being minimized as much as possible. In this paper, we proposed an abnormal ship behavior detection method based on distance measurement and an isolation mechanism. First, to address the problem of traditional trajectory compression methods and density clustering methods only using ship position information, the minimum description length principle based on acceleration (AMDL) algorithm and Multi-Dimensional Density Clustering (MDDBSCAN) algorithm is used in this study. These algorithms not only considered the position information of the ship, but also the speed information. Second, regarding the issue of the difficulty in determining the anomaly threshold, one method for determining the anomaly threshold based on the relationship between the velocity weights and noise points of the MDDBSCAN algorithm has been introduced. Finally, due to the randomness issue of the selected segmentation value in iForest, a strategy of selectively constructing isolated trees was proposed, thus further improving the efficiency of abnormal ship behavior detection. The experimental results on the historical automatic identification system data set of Xiamen port prove the practicality and effectiveness of our proposed method. Our experiment results show that the proposed method achieves an improvement of about 10% over the trajectory outlier detection based on the local outlier fraction method, about 14% over the isolation-based online anomalous trajectory method in terms of the accuracy of ship position information anomaly detection, and about 3% over the feature fusion method in terms of the accuracy of ship speed anomaly detection. This method improves algorithm efficiency by about 5% compared to the traditional isolation forest anomaly detection algorithm

Cyber Security of Traffic Signal Control Systems with Connected Vehicles

Our world is becoming increasingly connected through smart technologies. The same trend is emerging in transportation systems, wherein connected vehicles (CVs) and transportation infrastructure are being connected through advanced wireless communication technologies. CVs have great potential to improve a variety of mobility applications, including traffic signal control (TSC), a critical component in urban traffic operations. CV-based TSC (CV-TSC) systems use trajectory data to make more informed control decisions, therefore can accommodate real-time traffic fluctuations more efficiently. However, vehicle-infrastructure connectivity opens new doors to potential cyber attacks. Malicious attackers can potentially send falsified trajectory data to CV-TSC systems and influence signal control decisions. The benefit of CV-TSC systems can be realized only if the systems are secure in cyberspace. Although many CV-TSC systems have been developed within the past decade, few consider cyber security in their system design. It remains unclear exactly how vulnerable CV-TSC systems are, how cyber attacks may be perpetrated, and how engineers can mitigate cyber attacks and protect CV-TSC systems. Therefore, this dissertation aims to systematically understand the cyber security problems facing CV-TSC systems under falsified data attacks and provide a countermeasure to safeguard CV-TSC systems. These objectives are accomplished through four studies. The first study evaluates the effects of falsified data attacks on TSC systems. Two TSC systems are considered: a conventional actuated TSC system and an adaptive CV-TSC system. Falsified data attacks are assumed to change the input data to these systems and therefore influence control decisions. Numerical examples show that both systems are vulnerable to falsified data attacks. The second study investigates how falsified data attacks may be perpetrated in a realistic setting. Different from prior research, this study considers a more realistic but challenging black-box attack scenario, in which the signal control model is unavailable to the attacker. Under this constraint, the attacker has to learn the signal control model using a surrogate model. The surrogate model predicts signal timing plans based on critical traffic features extracted from CV data. The attacker can generate falsified CV data (i.e., falsified vehicle trajectories) to alter the values of critical traffic features and thus influence signal control decisions. In the third study, a data-driven method is proposed to protect CV-TSC systems from falsified data attacks. Falsified trajectories are behaviorally distinct from normal trajectories because they must accomplish a certain attack goal; thus, the problem of identifying falsified trajectories is considered an abnormal trajectory identification problem. A trajectory-embedding model is developed to generate vector representations of trajectory data. The similarity (distance) between each pair of trajectories can be computed based on these vector representations. Hierarchical clustering is then applied to identify abnormal (i.e., falsified) trajectories. In the final study, a testing platform is built upon a virtual traffic simulator and real-world transportation infrastructure in Mcity. The testing platform integrates the attack study and defense study in a unified framework and is used to evaluate the real-world impact of cyber attacks on CV-TSC systems and the effectiveness of defense strategies.PHDCivil EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162931/1/edhuang_1.pd