This paper addresses adversarial attacks in intelligent transportation systems (ITS), where malicious actors hijack traffic signal controllers at intersections—enforcing all-red or all-green phases—to induce abnormal traffic flow. We propose a network-agnostic intrusion detection method relying solely on traffic flow data. Leveraging a high-fidelity simulation environment integrating SUMO, a Raspberry Pi cluster, OPNsense firewall, and Metasploit, we extract discriminative traffic features—including occupancy, congestion length, and stop duration—and design a machine learning classifier robust to class imbalance and pattern overlap. To our knowledge, this is the first empirical validation in a realistic traffic control setting demonstrating that purely traffic-based patterns can reliably detect adversarial signal hijacking—bypassing conventional reliance on network logs or packet payloads. Our optimal model achieves 85% detection accuracy, establishing a lightweight, privacy-preserving paradigm for traffic cybersecurity monitoring.

This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the research questions: are we able to identify cyber attacks by only analyzing traffic flow patterns. In this research, the cyber attacks are focused particularly when lights are randomly turned all green or red at busy intersections by adversarial attackers. Despite challenges stemming from imbalanced data and overlapping traffic patterns, our best model shows 85% accuracy when detecting intrusions purely using traffic flow statistics. Key indicators for successful detection included occupancy, jam length, and halting durations.