A Probabilistic Intelligence-Driven Framework for Predictive Cyber Defense in Railway Systems

The rapid digital transformation of railway systems through automation, system integration, and enhanced connectivity has significantly improved operational efficiency, safety, and reliability. However, this digitalization has simultaneously expanded the cyber-attack surface, introducing new vulnerabilities in signalling, communication, and control systems. As critical national infrastructure, railways require robust protection against cyber threats to maintain operational resilience and public safety. Railway cyber-physical environments present unique challenges distinct from traditional IT systems, characterized by strong interdependencies between digital and physical components where a single breach can cascade across subsystems, causing widespread disruption, safety hazards, and financial loss. Existing cybersecurity frameworks, often static and rule-based, are inadequate for representing the dynamic, probabilistic nature of modern cyber threats, necessitating data-informed, adaptive approaches capable of modeling complex dependencies and supporting timely decision-making. This research develops a probabilistic modeling framework for assessing and mitigating cybersecurity risks in railway systems. The core methodology employs Bayesian Networks (BNs) to capture conditional dependencies among key threat variables, integrating both empirical data and expert knowledge to infer system vulnerabilities and potential attack outcomes. To address evolving threats, the framework extends to Dynamic Bayesian Networks (DBNs), incorporating temporal relationships that model cyberattack progression over time, enabling early threat detection and proactive defense strategies. A central innovation is the integration of MITRE ATT&CK cyber threat intelligence, encoding real-world adversarial tactics, techniques, and procedures (TTPs) into the BN/DBN structures to enhance model realism and predictive accuracy. This research addresses three key questions: how Bayesian and Dynamic Bayesian Networks can model probabilistic relationships and temporal progression of railway cyber threats; how MITRE ATT&CK intelligence can be integrated to capture realistic adversarial behaviors; and how the proposed framework can support proactive cybersecurity risk assessment and decision-making. The resulting framework provides a systematic, interpretable foundation for probabilistic railway cybersecurity analysis, helping operators and policymakers anticipate and respond to emerging threats.

Language

• English

Project

• Status: Active
• Funding: $60,000.00
• Contract Numbers:

  69A3552348323

• Sponsor Organizations:

  Office of the Assistant Secretary for Research and Technology

  University Transportation Centers Program
  Department of Transportation
  Washington, DC  United States  20590
• Managing Organizations:

  Howard University

  2400 6th Street, NW
  Washington, DC  United States  20059
• Project Managers:

  Bruner, Britain

• Performing Organizations:

  University of Maryland, College Park

  Department of Civil and Environmental Engineering
  College Park, MD  United States  20742
• Principal Investigators:

  Attoh-Okine, Nii

• Start Date: 20260102
• Expected Completion Date: 20260930
• Actual Completion Date: 0
• USDOT Program: University Transportation Centers Program

Subject/Index Terms

• TRT Terms: Bayes' theorem; Computer security; Predictive models; Railroads; Risk assessment
• Subject Areas: Data and Information Technology; Planning and Forecasting; Railroads; Security and Emergencies;

Filing Info

• Accession Number: 01976731
• Record Type: Research project
• Source Agency: Research and Education for Promoting Safety (REPS) University Transportation Center
• Contract Numbers: 69A3552348323
• Files: UTC, RIP
• Created Date: Jan 20 2026 2:16PM