Contextual Embedding-Based Railway Communication Threat Detection with Transparent AI Models

Abstract

In modern railway networks, real-time monitoring and secure control communications are essential for ensuring operational safety, efficiency, and reliability. Critical operations such as signal control, train scheduling, and automated track switching generate large volumes of data that must be analysed instantly to prevent system failures or malicious intrusions. Traditional approaches relying on manual inspections or rule-based systems are often slow, error-prone, and inadequate for handling highvolume, dynamic communication data. To address these limitations, this research proposes a robust, automated anomaly detection framework for accurate real-time classification. Existing methods, including Decision Tree with Cost Complexity Pruning (DTCCP) and Deep Neural Decision Tree (DNDT), offer interpretability and moderate accuracy. However, DTCCP tends to overfit complex sequential data, while DNDT struggles to capture subtle contextual relationships, resulting in missed anomalies and false alarms. The proposed framework employs a RuleFit classifier (RF) that combines linear rules with decision tree logic, enhanced by semantic embeddings generated using Sentence Bidirectional Encoder Representations from Transformers (SBERT). This hybrid model effectively learns both hierarchical decision boundaries and contextual patterns within communication sequences. Performance evaluation is conducted using metrics such as accuracy, precision, recall, F1-score, confusion matrix, and Receiver Operating Characteristic (ROC) curves. Experimental results demonstrate that the RF-based approach significantly outperforms DTCCP and DNDT, achieving improved anomaly detection accuracy, reduced false positives, and reliable real-time classification of secure and insecure rail communications, thereby enhancing overall railway network safety and operational efficiency.