Penetration of connected vehicles and crowdsourced mapping applications give rise to security vulnerabilities in transportation networks. Accurate detection of cyber-attacks on transportation networks is critical to minimize impacts on transportation systems. This task is particularly challenging because the impacts of regional cyber-attacks can be invisible on aggregated traffic data, especially when only sensor data is accessible to transportation agencies. We propose an analytical framework that leverages real-time road link sensory data to conduct online data-driven transportation network anomaly detection using non-parametric long short-term memory (LSTM) and parametric Gaussian process model. The online anomaly detection models can continuously update model coefficients as real-time sensory data arrives. We utilize a city-scale microscopic traffic simulation to validate our cyber-attack detecting framework. The cyber-attack detection model achieves a $F_1$ score, which is a harmonic mean of the precision and recall of classifiers, between 84% to 96% considering different initial training data sizes. We compare with major offline models to demonstrate the effectiveness and robustness of online models. In addition, we devised a meta-heuristic method to solve the multi-objective sensor location problem to simultaneously enhance anomaly detection efficiency and maximize traffic information gain. This study demonstrates a systematic approach to address the emerging concerns of cyber-security in transportation networks with minimum requirements for infrastructure upgrades. Our results can help transportation security authorities identify potential cyber-attacks and protect transportation infrastructure from malicious cyber-hackers.

联网车辆和众包地图应用程序的普及导致了交通网络中的安全漏洞。准确检测对交通网络的网络攻击对于最大程度地减少对交通系统的影响至关重要。这项任务特别具有挑战性，因为区域网络攻击的影响在聚合交通数据上可能是不可见的，尤其是当运输机构只能访问传感器数据时。我们提出了一个分析框架，该框架利用实时道路链路传感数据，使用非参数长短期记忆 (LSTM) 和参数高斯过程模型进行在线数据驱动的交通网络异常检测。在线异常检测模型可以随着实时传感数据的到来不断更新模型系数。我们利用城市规模的微观交通模拟来验证我们的网络攻击检测框架。网络攻击检测模型实现了$F_{\mathrm{1个}}$分数是分类器精度和召回率的调和平均值，考虑到不同的初始训练数据大小，它在 84% 到 96% 之间。我们与主要的离线模型进行比较，以证明在线模型的有效性和稳健性。此外，我们设计了一种元启发式方法来解决多目标传感器定位问题，以同时提高异常检测效率并最大化交通信息增益。本研究展示了一种系统的方法来解决交通网络中新出现的网络安全问题，同时对基础设施升级的要求最低。我们的结果可以帮助交通安全部门识别潜在的网络攻击，并保护交通基础设施免受恶意网络黑客的攻击。