Signal control in intelligent transportation systems (ITS) is vulnerable to cyberattacks, yet traffic authorities often lack network-layer access for conventional intrusion detection. Method: This paper proposes an interpretable deep learning–based anomaly detection method relying solely on traffic flow data. We construct a multi-scenario attack dataset via virtualized traffic simulation and perform traffic feature engineering; crucially, we identify “maximum stop duration” and “total congestion distance” as key discriminative indicators of attacks. To address label inconsistency during transitional periods and low-traffic stealthy attacks, we integrate eXplainable AI (XAI) techniques to diagnose model misclassification roots. Contribution/Results: Experiments demonstrate that our approach significantly improves attack detection accuracy and decision interpretability without requiring network logs, enabling transportation agencies to achieve autonomous, transparent, and robust real-time security monitoring.

The increasing automation of traffic management systems has made them prime targets for cyberattacks, disrupting urban mobility and public safety. Traditional network-layer defenses are often inaccessible to transportation agencies, necessitating a machine learning-based approach that relies solely on traffic flow data. In this study, we simulate cyberattacks in a semi-realistic environment, using a virtualized traffic network to analyze disruption patterns. We develop a deep learning-based anomaly detection system, demonstrating that Longest Stop Duration and Total Jam Distance are key indicators of compromised signals. To enhance interpretability, we apply Explainable AI (XAI) techniques, identifying critical decision factors and diagnosing misclassification errors. Our analysis reveals two primary challenges: transitional data inconsistencies, where mislabeled recovery-phase traffic misleads the model, and model limitations, where stealth attacks in low-traffic conditions evade detection. This work enhances AI-driven traffic security, improving both detection accuracy and trustworthiness in smart transportation systems.