Look-Ahead Cyber-Threat Forecasting for Connected and Automated Transport: A Spatio-Temporal Graph Learning Approach

Citation

Amin, Md Al and Ahsan, Mohammad Shafat and Maua, Jannatul and Eva, Arifa Akter and Mridha, M. F. and Hossen, Md. Jakir (2026) Look-Ahead Cyber-Threat Forecasting for Connected and Automated Transport: A Spatio-Temporal Graph Learning Approach. IEEE Open Journal of Intelligent Transportation Systems. p. 1. ISSN 2687-7813

[img] Text
6.pdf - Published Version
Restricted to Repository staff only

Download (5MB)

Abstract

Modern intelligent transportation systems (ITS) increasingly rely on connected electronic control units (ECUs), exposing in-vehicle networks to cyber-attacks such as message injection on the Controller Area Network (CAN) bus. While prior work has focused on post-factum detection, this paper addresses the underexplored task of forecasting cyber-attacks before they occur. We propose a spatio-temporal graph neural network (STGNN) architecture that models CAN traffic as a dynamic graph sequence, where nodes represent active CAN IDs and edges capture statistical co-activation patterns. Each graph snapshot encodes temporal features such as inter-arrival statistics and entropy, and is processed using graph attention layers followed by a multi-head temporal self-attention module. We evaluate the proposed method on two real-world datasets: Car-Hacking and OTIDS, comprising over 6.5 million labeled CAN frames from a Kia Soul under multiple attack scenarios. Experimental results show that STGNN achieves an area under the ROC curve (AUC) of 0.97, F1-score of 0.94, and a Brier score of 0.040 at a 1-second forecasting horizon on Car-Hacking, and maintains strong performance on OTIDS (AUC 0.91, F1 0.87) even though its rule-based labeling may introduce inconsistencies. The model outperforms six baseline methods across all lead times and demonstrates robustness under cross-dataset transfer and architectural variation. These findings confirm the feasibility of accurate, real-time cyberattack forecasting for automotive systems and highlight the utility of spatio-temporal graph learning for predictive cybersecurity in ITS.

Item Type: Article
Uncontrolled Keywords: Cybersecurity, CAN bus, intelligent transportation systems, attack forecasting, graph neural networks, spatio-temporal modeling, vehicular networks
Subjects: T Technology > TL Motor vehicles. Aeronautics. Astronautics > TL1-484 Motor vehicles. Cycles
Divisions: Faculty of Engineering and Technology (FET)
Depositing User: Ms Suzilawati Abu Samah
Date Deposited: 03 Mar 2026 03:26
Last Modified: 03 Mar 2026 03:26
URII: http://shdl.mmu.edu.my/id/eprint/15435

Downloads

Downloads per month over past year

View ItemEdit (login required)