Sequential collaborative detection strategy on ADS-B data attack
Introduction
With the increase on flight density and type, difficulties and risks in Air Traffic Management (ATM) are much more severe than before. As the data foundation of the ATM system, air surveillance network is vital on availability and security of the whole system. At present, various surveillance methods, including Primary Surveillance Radar (PSR), Secondary Surveillance Radar (SSR), Wide Area Multilateration (WAM) and Automatic Dependent Surveillance - Broadcast (ADS-B) and so on, are implemented to satisfy the demand of collection, transmission and analysis on flight status data. Specifically, relying on high accuracy, favorable data share and large coverage, ADS-B is becoming the leading surveillance method in the next generation ATM system. As a result, ADS-B is chosen as one of the core technologies in Single European Sky ATM Research (SESAR) and Next Generation Air Transportation System (NEXTGEN) projects. In 2020, ADS-B devices will be equipped under mandatory demands for the majority of countries with developed aviation [1], which will make airplanes qualified to transmit ADS-B signals to construct the surveillance system.
ADS-B surveillance plays a role of data supporter for the majority of key functional subsystems of next generation ATM system [2]. Data asset is the foundation of collaborative decision and intelligent analysis. However, there was no sufficient security consideration on initial ADS-B protocol design [3]. The broadcasted data is absent of data integrity and authentication support, which makes air surveillance network with ADS-B as the main means face with severe security threats. Specifically, with the increase of flight amount and type fast, the scale of flight status data under attacks shows worsening trends. In such a situation, flight status data is vulnerable to be manipulated by various attacks such as data tampering attack, data replay attack and ghost node injection attack. These years it is obvious that the stealth of attacks on ADS-B is reinforced [4], which hinders the surveillance network from sensing and detecting attacks in time to avoid quantitative loss.
Hence, it is necessary to assure security of ADS-B data. ADS-B protocol has been an international standard with RTCA 260B [5], so it is not practical to add extra information or encrypt the whole information [6]. When attacked, air surveillance network should detect the attacks and make efficient responses in time to assure ADS-B data usage within trustworthy scales. Traditional detection methods on ADS-B data attack neglect with full considerations on the temporal and spatial correlations in ADS-B data features when applied to distinguish attack behaviors. As a result, current ADS-B data attack detection is limited on accuracy and efficiency. It is necessary to design efficient detection strategies and deploy reasonable detection systems to accomplish attack detection tasks on ADS-B data. Such a strategy and system will spare more time for defense system to make responses and reduce the influence on data from hidden attacked nodes.
In order to deal with attack detection efficiency and accuracy on ADS-B, we proposed sequential collaborative attack detection strategy. Each flight is regarded as one node with continuous status data and each ground station is regarded as one node with complicated data processing functions. Different detection methods are designed and integrated to improve detection accuracy. Ground station and flight collaborative cooperation are taken into consideration to improve the whole detection system. The main contributions are as following:
- •
The analyses of attack detection condition are implemented and common attack patterns are established abstractly.
- •
Attack detection strategies are designed for flight node and ground station node respectively. The flight node detections consist of Interaction Multiple Model (IMM) residual validation method. Ground station node detections consist of various detection methods, including flight plan validation, single node detection strategies and group node detection strategies, to accomplish the attack detection. For all detection nodes, the detection probabilities are final references for attack judgements. Considering time relevance and space relevance, detection accuracy is improved.
- •
Distributed attack detection system is designed. And ground to ground, ground to air and air to air collaborative detection strategies are proposed to improve the detection performance for flight and ground station nodes.
The rest of paper is organized as follows: Section 2 analyzes the current development of attack detection on ADS-B; Section 3 analyzes the detection condition for attacks and describe common attack pattern models; Section 4 designs the sequential attack detection methods for flight and ground station nodes; Section 5 proposes the distributed detection architecture and collaborative detection strategies; Section 6 implements several experiments to illustrate the accuracy and efficiency of the sequential collaborative detection strategy; Section 7 concludes the advantages and shortages of proposed detection strategy.
Section snippets
ADS-B
ADS-B is the key technology in the next generation surveillance system, which is a dependent cooperative method. The significant feature is the broadcast work scheme. Its transmission flow is as Fig. 1 illustrated.
Global Navigation Satellite System (GNSS) is based on satellite to offer accurate navigation data, which includes flight status information such as longitude, latitude, velocity and so on. Current aircraft receives satellite navigation data by GPS receiver and integrates with
Attack detection condition analysis
When implementing attacks, attackers not only pay attention to how to maximize damages but also consider to enhance concealment. Hence, the detection strategies based on data analysis maybe cannot cover all of attack types [16]. When attackers force the output of systems to mitigate attack features as much as possible, the attacks cannot be detected theoretically [17].
In terms of ADS-B data attacks, the foundation of detection is ADS-B data, which contains current flight status with potential
Sequential data attack detection
Considering the tolerance principles for data processing in air surveillance network, the minority of bad points will not have obvious impacts on air situation sensing. Hence, in terms of the reality of air surveillance network security, some assumptions are put forward before designing surveillance data attack detection strategies.
Collaborative data attack detection
With fast developments of air surveillance, different components in surveillance network are gradually being integrated deeply, interacting tightly with each other. Air surveillance has become the vital data foundation for air surveillance CPS. For air surveillance, only relying on ground or airborne Surveillance Data Processing(SDP) unit to analyze and process data alone, it is difficult to adapt with complex environments to achieve high detection precision. However, if collaborative detection
Dataset
In the experiments, we use ADS-B dataset from OpenSky1 project [23] as analysis foundation. Analyzing the dataset, it shows that the scale of flights per hour is about 6900 and there exists to be attribute data absence phenomenon on location, velocity and altitude in some degree. During experiment analysis, the missing data records are abandoned directly. Considering the high sampling frequency as 2 times per second, such processing procedure is acceptable [24].
Conclusion
Considering the characteristics of air surveillance and ADS-B data, we design sequential data attack detection strategies. Taking consideration of time correlation and space correlation on data security, we design flight node detection and ground station node detection methods. Adapting to next generation ATM developments, we analyze the collaborative function on different components to strengthen the detection accuracy.
However, the focus of our paper is ADS-B data itself, ignoring PSR, SSR,
References (24)
- D. Mccallie, J. Butts, R. Mills, Security analysis of the ads-b implementation in the next generation air...
- K. Y. Baek, H. C. Bang, Ads-b based trajectory prediction and conflict detection for air traffic management,...
- L. Purton, H. Abbass, S. Alam, Identification of ads-b system vulnerabilities and threats, Special Libraries 38 (1)...
- M. R. Manesh, N. Kaabouch, Analysis of vulnerabilities, attacks, countermeasures and overall risk of the automatic...
- R. F. SC-186, Minimum Operational Performance Standards (MOPS) for 1090 MHz Extended Squitter Automatic Dependent...
- K. D. Wesson, T. E. Humphreys, B. L. Evans, Can cryptography secure next generation air traffic surveillance?, IEEE...
- M. Strohmeier, M. Schofer, P. Rui, V. Lenders, I. Martinovic, On perception and reality in wireless air traffic...
- B. S. Ali, System specifications for developing an automatic dependent surveillance-broadcast (ads-b) monitoring...
- M. Strohmeier, V. Lenders, I. Martinovic, On the security of the automatic dependent surveillance-broadcast protocol,...
- M. Strohmeier, V. Lenders, I. Martinovic, Intrusion detection for airborne communication using phy-layer...
Cited by (18)
TTSAD: TCN-Transformer-SVDD Model for Anomaly Detection in air traffic ADS-B data
2024, Computers and SecurityADS-B anomaly data detection model based on VAE-SVDD
2021, Computers and SecurityCitation Excerpt :Attacks such as jamming and message modification suffered by ADS-B data are discussed, also attack difficulty and severity level are analyzed (Strohmeier et al., 2015a). In our previous work, many types of attacks on ADS-B data were analyzed and modeled (Li and Wang, 2019). It shows that USRP (Universal Software Radio Peripheral) device can be used to implement attacks on ADS-B, which proves the simplicity and feasibility of attacks (Costin and Francillon, 2012; Schafer et al., 2013).
Dynamic temporal ADS-B data attack detection based on sHDP-HMM
2020, Computers and SecurityCitation Excerpt :Based on motion laws of flights, the traffic model is set up to validate the collected data (Zhang et al., 2018). Kalman filter is utilized to predict the ADS-B data with one more step (Li and Wang, 2019). Based on the fluctuation of residual error, the attack behaviours are detected.
Online sequential attack detection for ADS-B data based on hierarchical temporal memory
2019, Computers and SecurityCitation Excerpt :At present, it is not possible to detect various attack patterns effectively for each single detection method. Thus, we proposed the sequential collaborative detection strategy (Li and Wang, 2019) to integrate various detection methods with attack probability to improve the adaptive capability on variety and uncertainty of attack behaviors. However, the aforementioned detection methods on ADS-B data are confronted with several deficiencies: (I) the methods cannot mine the knowledge fully of large scale ADS-B data to support attack detection. (
Automatic Dependent Surveillance-Broadcast Deceptive Jamming Detection Method Based on Track Data
2024, Journal of Circuits, Systems and ComputersA Look into the Vulnerabilities of Automatic Dependent Surveillance-Broadcast
2023, 2023 IEEE 13th Annual Computing and Communication Workshop and Conference, CCWC 2023