Cyber-Physical Incident Attribution in UAV/Rail Attacks

Abstract

As unmanned aerial vehicles (UAVs) and smart rail systems become increasingly integrated into critical
logistics infrastructure, they also present new surfaces for hybrid cyber-physical attacks. Coordinated adversarial
actions such as cyber intrusions that manipulate physical trajectories, sensor spoofing, or disruptions to control
systems pose significant challenges for real-time detection and post-incident analysis. Effective attribution of such
incidents is crucial not only for identifying responsible parties but also for enhancing resilience and enabling
coordinated defense responses across infrastructure operators, governments, and private stakeholders. This paper
examines the problem of cyber-physical incident attribution in the context of combined UAV/rail attacks, where
attack vectors may span networked systems, edge devices, and physical actuators. We propose a layered
attribution framework that fuses telemetry from cyber logs, UAV flight data, rail signaling systems, and
environmental sensors to reconstruct the sequence and origin of coordinated attacks. The system leverages graph-
based causality analysis, trust scoring mechanisms, and cross-domain forensic correlation to associate anomalies
with likely sources and attack pathways. Our approach combines both deterministic rules and machine learning
models trained on simulated and real-world incident data to balance explainability and adaptive intelligence. This
paper, overall, adopts an exploratory perspective, examining foundational challenges and design trade-offs
involved in attributing cyber-physical incidents within a multimodal UAV/rail logistics environment. Rather than
proposing a finalized solution, the work seeks to identify key data-fusion requirements, threat-modeling gaps, and
policy implications to inform future technical and legal frameworks for attribution. Preliminary results from
simulated hybrid attacks using a digital twin environment show promising attribution accuracy, particularly when
incorporating temporal patterns and system interdependencies. However, limitations in sensor coverage and
adversarial evasion tactics underscore the need for multi-source trust validation and international collaboration in
standardizing attribution protocols. Ultimately, this research aims to lay groundwork for a scalable, context-aware
attribution system that can support accountability, deterrence, and rapid response in the evolving landscape of
autonomous transportation.