Detecting ADS-B Spoofing Attacks using Deep Neural Networks

The Automatic Dependent Surveillance-Broadcast (ADS-B) system is a key component of the Next Generation Air Transportation System (NextGen) that manages the increasingly congested airspace. It provides accurate aircraft localization and efficient air traffic management and also improves the safety of billions of current and future passengers. While the benefits of ADS-B are well known, the lack of basic security measures like encryption and authentication introduces various exploitable security vulnerabilities. One practical threat is the ADS-B spoofing attack that targets the ADS-B ground station, in which the ground-based or aircraft-based attacker manipulates the International Civil Aviation Organization (ICAO) address (a unique identifier for each aircraft) in the ADS-B messages to fake the appearance of non-existent aircraft or masquerade as a trusted aircraft. As a result, this attack can confuse the pilots or the air traffic control personnel and cause dangerous maneuvers. In this paper, we introduce SODA - a two-stage Deep Neural Network (DNN)-based spoofing detector for ADS-B that consists of a message classifier and an aircraft classifier. It allows a ground station to examine each incoming message based on the PHY-layer features (e.g., IQ samples and phases) and flag suspicious messages. Our experimental results show that SODA detects ground-based spoofing attacks with a probability of 99.34%, while having a very small false alarm rate (i.e., 0.43%). It outperforms other machine learning techniques such as XGBoost, Logistic Regression, and Support Vector Machine. It further identifies individual aircraft with an average F-score of 96.68% and an accuracy of 96.66%, with a significant improvement over the state-of-the-art detector.Comment: Accepted to IEEE CNS 201

RadArnomaly: Protecting Radar Systems from Data Manipulation Attacks

Radar systems are mainly used for tracking aircraft, missiles, satellites, and watercraft. In many cases, information regarding the objects detected by the radar system is sent to, and used by, a peripheral consuming system, such as a missile system or a graphical user interface used by an operator. Those systems process the data stream and make real-time, operational decisions based on the data received. Given this, the reliability and availability of information provided by radar systems has grown in importance. Although the field of cyber security has been continuously evolving, no prior research has focused on anomaly detection in radar systems. In this paper, we present a deep learning-based method for detecting anomalies in radar system data streams. We propose a novel technique which learns the correlation between numerical features and an embedding representation of categorical features in an unsupervised manner. The proposed technique, which allows the detection of malicious manipulation of critical fields in the data stream, is complemented by a timing-interval anomaly detection mechanism proposed for the detection of message dropping attempts. Real radar system data is used to evaluate the proposed method. Our experiments demonstrate the method's high detection accuracy on a variety of data stream manipulation attacks (average detection rate of 88% with 1.59% false alarms) and message dropping attacks (average detection rate of 92% with 2.2% false alarms)

Air traffic modernization and control: ADS-B system implementation update 2022: A review

Automatic Dependent Surveillance-Broadcast (ADS-B) is a multiparameter surveillance system designed to improve key segments of air traffic: enabling real-time surveillance, raising safety and efficiency levels, and improving flight information and weather services. ADS-B consists of two subsystems, ADS-B Out and ADS-B In. Although only a complete system, ADS-B In/Out provides numerous benefits (additional situational awareness, more efficient oceanic routing, etc.) FAA and EASA only require ADS-B Out (by January and June 2020, respectively), whereby ADS-B In remains optional. Because of its many advantages, ADS-B In/Out will be popular, but there are some weaknesses, which are primarily related to its cyber vulnerabilities due to insufficient authentication and encryption in the applied protocol. In this paper, an overview of the ADS-B system is presented as an aid to understanding the security problems and the different ways of potential attack. In addition, this review deals with the current state of ADS-B deployment and its future perspective and challenges

Detecting ADS-B Spoofing Attacks Using Deep Neural Networks

The Automatic Dependent Surveillance-Broadcast (ADS-B) system is a key component of the Next Generation Air Transportation System (NextGen) that manages the increasingly congested airspace. It provides accurate aircraft localization and efficient air traffic management and also improves the safety of billions of current and future passengers. While the benefits of ADS-B are well known, the lack of basic security measures like encryption and authentication introduces various exploitable security vulnerabilities. One practical threat is the ADS-B spoofing attack that targets the ADS-B ground station, in which the ground-based or aircraft-based attacker manipulates the International Civil Aviation Organization (ICAO) address (a unique identifier for each aircraft) in the ADS-B messages to fake the appearance of non-existent aircraft or masquerade as a trusted aircraft. As a result, this attack can confuse the pilots or the air traffic control personnel and cause dangerous maneuvers. In this paper, we introduce SODA - a two-stage Deep Neural Network (DNN)-based spoofing detector for ADS-B that consists of a message classifier and an aircraft classifier. It allows a ground station to examine each incoming message based on the PHY-layer features (e.g., IQ samples and phases) and flag suspicious messages. Our experimental results show that SODA detects ground-based spoofing attacks with a probability of 99.34%, while having a very small false alarm rate (i.e., 0.43%). It outperforms other machine learning techniques such as XGBoost, Logistic Regression, and Support Vector Machine. It further identifies individual aircraft with an average F-score of 96.68% and an accuracy of 96.66%, with a significant improvement over the state-of-the-art detector. Comment: Accepted to IEEE CNS 201

Detecting ADS-B Spoofing Attacks Using Deep Neural Networks

The Automatic Dependent Surveillance-Broadcast (ADS-B) system is a key component of the Next Generation Air Transportation System (NextGen) that manages the increasingly congested airspace. It provides accurate aircraft localization and efficient air traffic management and also improves the safety of billions of current and future passengers. While the benefits of ADS-B are well known, the lack of basic security measures like encryption and authentication introduces various exploitable security vulnerabilities. One practical threat is the ADS-B spoofing attack that targets the ADS-B ground station, in which the ground-based or aircraft-based attacker manipulates the International Civil Aviation Organization (ICAO) address (a unique identifier for each aircraft)in the ADS-B messages to fake the appearance of non-existent aircraft or masquerade as a trusted aircraft. As a result, this attack can confuse the pilots or the air traffic control personnel and cause dangerous maneuvers. In this paper, we introduce SODA-a two-stage Deep Neural Network (DNN)-based spoofing detector for ADS-B that consists of a message classifier and an aircraft classifier. It allows a ground station to examine each incoming message based on the PHY-layer features (e.g., IQ samples and phases) and flag suspicious messages. Our experimental results show that SODA detects ground-based spoofing attacks with a probability of 99.34%, while having a very small false alarm rate (i.e., 0.43%). It outperforms other machine learning techniques such as XGBoost, Logistic Regression, and Support Vector Machine. It further identifies individual aircraft with an average F-score of 96.68 % and an accuracy of 96.66%, with a significant improvement over the state-of-The-Art detector

Industrial control systems cybersecurity analysis and countermeasures

Industrial Control Systems (ICS) are frequently used in the manufacturing industry and critical infrastructures, such as water, oil and transportation. Disruption of these industries could have disastrous consequences, leading to financial loss or even human lives. Over time, technological development has improved ICS components; however, little research has been done to improve its security posture. In this research, a novel attack vector addressed to the Input and Output memory of the latest SIMATIC S7-1500 PLC is presented. The results obtained during the experimentation process show that attacks on the PLC memory can have a significantly detrimental effect on the operations of the control system. Furthermore, this research describes implements and evaluates the physical, hybrid and virtual model of a Clean Water Supply System developed for the cybersecurity analysis of the Industrial Control System. The physical testbed is implemented on the Festo MPA platform, while the virtual representation of this platform is implemented in MATLAB. The results obtained during the evaluation of the three testbeds show the strengths and weaknesses of each implementation. Likewise, this research proposes two approaches for Industrial Control Systems cyber-security analysis. The first approach involves an attack detection and mitigation mechanism that focuses on the input memory of PLC and is implemented as part of its code. The response mechanism involves three different techniques: optimized data blocks, switching between control strategies, and obtaining sensor readings directly from the analogue channel. The Clean Water Supply System described above is employed for the practical evaluation of this approach. The second approach corresponds to a supervised energy-based system to anomaly detection using a novel energy-based dataset. The results obtained during the experimentation process show that machine learning algorithms can classify the variations of energy produced by the execution of cyber-attacks as anomalous. The results show the feasibility of the approach presented in this research by achieving an F1-Score of 95.5%, and 6.8% FNR with the Multilayer Perceptron Classifier