This work proposes the use of machine learning (ML) as a candidate for the detection of various types of message injection attacks against automatic dependent surveillance-broadcast (ADSB) messaging systems. Authentic ADS-B messages from a high-traffic area are collected from an open-source platform. These messages are combined with others imposing path modification, ghost aircraft injection, and velocity drift obtained from simulations. Then, ADS-B-related features are extracted from such messages and used to train different ML models for binary classification. For this purpose, authentic ADS-B data is considered as Class 1 (i.e., no attack), while the injection attacks are considered as Class 2 (i.e., presence of attack). The performance of the models is analyzed with metrics, including detection, misdetection, and false alarm rates, as well as validation accuracy, precision, recall, and Fl-score. The resulting models enable identifying the presence of injection attacks with a detection rate of 99.05%, and false alarm and misdetection rates of 0.76% and 1.10%, respectively.
more »
« less
ADS-B Message Injection Attack on UAVs: Assessment of SVM-based Detection Techniques
As more aircraft are using the Automatic Dependent Surveillance-Broadcast (ADS-B) devices for navigation and surveillance, the risks of injection attacks are highly increasing. The exchanged ADS-B messages are neither encrypted nor authenticated while containing valuable operational information, which imposes high risk on the safety of the airspace. For this reason, we propose in this paper an SVM-based ADS-B message injection attack detection technique for UAV onboard implementation. First, we simulated several message injection attacks on real raw ADS-B data. Then, three Support Vector Machine (SVM) models were examined in terms of two types of assessment criteria, detection efficiency and model performance. The results show that the C-SVM model is the best fit for our application, with an accuracy of 95.32%.
more »
« less
- Award ID(s):
- 2006674
- PAR ID:
- 10354439
- Date Published:
- Journal Name:
- IEEE Electro/Information Technology Conference
- Page Range / eLocation ID:
- 405 to 410
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The Automatic Dependent Surveillance Broadcast (ADS-B) system is a critical communication and surveillance technology used in the Next Generation (NextGen) project as it improves the accuracy and efficiency of air navigation. These systems allow air traffic controllers to have more precise and real-time information on the location and movement of aircraft, leading to increased safety and improved efficiency in the airspace. While ADS-B has been made mandatory for all aircraft in the Federal Aviation Administration (FAA) monitored airspace, its lack of security measures leaves it vulnerable to cybersecurity threats. Particularly, ADS-B signals are susceptible to false data injection attacks due to the lack of authentication and integrity measures, which poses a serious threat to the safety of the National Airspace System (NAS). Many studies have attempted to address these vulnerabilities; however, machine learning and deep learning approaches have gained significant interest due to their ability to enhance security without modifying the existing infrastructure. This paper investigates the use of Recurrent Neural Networks for detecting injection attacks in ADS-B data, leveraging the time-dependent nature of the data. The paper reviews previous studies that used different machine learning and deep learning techniques and presents the potential benefits of using RNN algorithms to improve ADS-B security.more » « less
-
Cyber-physical system security is a significant concern in the critical infrastructure. Strong interdependencies between cyber and physical components render cyber-physical systems highly susceptible to integrity attacks such as injecting malicious data and projecting fake sensor measurements. Traditional security models partition cyber-physical systems into just two domains – high and low. This absolute partitioning is not well suited to cyber-physical systems because they comprise multiple overlapping partitions. Information flow properties, which model how inputs to a system affect its outputs across security partitions, are important considerations in cyber-physical systems. Information flows support traceability analysis that helps detect vulnerabilities and anomalous sources, contributing to the implementation of mitigation measures. This chapter describes an automated model with graph-based information flow traversal for identifying information flow paths in the Automatic Dependent Surveillance-Broadcast (ADS-B) system used in civilian aviation, and subsequently partitioning the flows into security domains. The results help identify ADS-B system vulnerabilities to failures and attacks, and determine potential mitigation measures.more » « less
-
In recent years, web-based platforms and business applications have been rising in popularity deeming themselves indispensable as they constitute the main backbone of business processes and in- formation sharing. However, the unprecedented increased number of cyber-attacks have been threatening their day-to-day opera- tions. In particular, the Standard Query Language Injection Attack (SQLIA) remains one of the most prevalent cyber attacks targeting web-based applications. As a consequence, the SQLIA detection techniques need to be constantly revamped and stay up-to-date in order to achieve the full potential of mitigating such threats. In this paper, we propose an artificial intelligence model based on super- vised machine learning techniques to detect SQLIA. As part of the proposed model, we introduce an input string validation technique as a primary anomaly identifier using pattern matching for SQL Query data with anomalies-injections. To evaluate our approach we injected one type of SQLIA that is tautology attacks and measured the performance of our model. We used three main classifiers in our model and our findings indicate a model prediction accuracy of 98.3605% for Support Vector Machine (SVM), 96.296% for K-Nearest Neighbors (KNN), and 97.530% for Random Forest. The approach proposed in this paper has the potential of being used to integrate an automated SQL Injection detection mechanism with Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS).more » « less
-
Unmanned Aerial Systems (UAS) heavily depend on the Global Positioning System (GPS) for navigation. However, the unencrypted civilian GPS signals are subject to different types of threats, including GPS spoofing attacks. In this paper, we evaluate five instance-based learning models for GPS spoofing detection in UAS, namely K Nearest Neighbor, Radius Neighbor, Linear Support Vector Machine (SVM), C-SVM, and Nu-SVM. We used software-defined radio units to collect and extract features from satellite signals. Then, we simulated three types of GPS spoofing attacks specifically the simplistic, intermediate, and sophisticated attacks. The evaluation results show that Nu-SVM outperforms the other instance learning classifiers in terms of accuracy, probability of detection, probability of false alarm, and probability of misdetection. In addition, the model shows good computational performance regarding memory usage and processing time in the detection phase.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/eIT53891.2022.9813819
