Detecting anomalies in metro systems

In an autonomous vehicle system, a secure control between vehicles and instruments is critical. Particularly, in a metro or underground system, the control is done through a Supervisory Control and Data Acquisition (SCADA) network which is wired and close system. However, this does not imply that the system is safe from attack as an attack can come from insider by sending more command or less command. This attack can be detected by comparing the features extracted from the traffic happening to the heuristic and proper data set. The comparison done is not only by comparing the distribution of the data transferred but also looking at the correlation between each instrument. The correlation is needed since several instruments might work dependently while others might work independently. Data that are compared in the analysis are the features of each instrument from the traffic which are number of command transfer, number of handshake transfer, and the ratio of command transfer to the command transfer median from the samples. These three features are then analyzed and the results will show whether there is an anomaly in a certain period.