Automatic Dependent Surveillance-Broadcast (ADS-B) is an important part of the next generation air transportation system. It is a critical communication and monitoring technology in the new navigation system, but its protocol does not provide relevant authentication and data encryption, so it is extremely vulnerable to various spoofing attack. Based on the data characteristics, this paper uses the deep learning seq2seq model to reconstruct the ADS-B time series, and the reconstruction error can detect the anomalous ADS-B messages. Extending the feature space of time series enables the model to better capture the time dependence to further improve the effect of anomaly detection. The experimental results show that the proposed method is superior to traditional machine learning methods and time series enrichment can improve detection results. Compared with the existing spoofing attack detection method, the proposed method does not need to change the ADS-B protocol and does not require additional participating nodes or sensors, and has certain adaptability and flexibility.
[1] SCHÄFER M, LENDERS V, MARTINOVIC I. Experimental analysis of attacks on next generation air traffic communication[C]//International Conference on Applied Cryptography and Network Security. Berlin:Heidelberg, 2013:253-271.
[2] YANG H, HUANG R, WANG X, et al. EBAA:An efficient broadcast authentication scheme for ADS-B communication based on IBS-MR[J]. Chinese Journal of Aeronautics, 2014, 27(3):688-696.
[3] BAEK J, HABLEEL E, BYON Y J, et al. How to protect ADS-B:Confidentiality framework and efficient realization based on staged identity-based encryption[J]. IEEE Transactions on Intelligent Transportation Systems, 2016, 18(3):690-700.
[4] STROHMEIER M, MARTINOVIC I. On passive data link layer fingerprinting of aircraft transponders[C]//Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York:ACM, 2015:1-9.
[5] JOHNSON J, NEUFELDT H, BEYER J. Wide area multilateration and ADS-B proves resilient in Afghanistan[C]//2012 Integrated Communications, Navigation and Surveillance Conference. Piscataway, NJ:IEEE Press, 2012:A6-1-A6-8.
[6] 颜可壹, 吕泽均, 时宏伟,等. 基于TDOA/TSOA的ADS-B系统防欺骗技术[J]. 计算机应用研究, 2015, 32(8):2272-2275. YAN K Y, LV Z J, SHI H W, et al. ADS-B system anti cheat technology based on TDOA/TSOA[J]. Application research of Computers, 2015, 32(8):2272-2275(in Chinese).
[7] KAUNE R, STEFFES C, RAU S, et al. Wide area multilateration using ADS-B transponder signals[C]//2012 15th International Conference on Information Fusion. Piscataway, NJ:IEEE Press, 2012:727-734.
[8] KACEM T, WIJESEKERA D, COSTA P, et al. An ADS-B intrusion detection system[C]//2016 IEEE Trustcom/BigDataSE/ISPA. Piscataway, NJ:IEEE Press, 2016:544-551.
[9] STROHMEIER M, MARTINOVIC I, LENDERS V. A k-NN-based localization approach for crowdsourced air traffic communication networks[J]. IEEE Transactions on Aerospace and Electronic Systems, 2018, 54(3):1519-1529.
[10] 侯明正, 冯子亮, 潘卫军, 等. 一种检测ADS-B虚假目标的方法.中国:CN102323567A[P].2012. HOU M Z, FENG Z L, PAN W J, et al. A method for detecting ADS-B false targets. China:CN102323567A[P]. 2012(in Chinese)
[11] 陈蕾, 吴仁彪, 卢丹. 利用多普勒效应的ADS3B欺骗式干扰检测方法[J]. 信号处理, 2018, 34(6):722-728. CHEN L, WU R B, LU D. ADS-B spoofing detection method using doppler effect[J]. Journal of Signal Processing, 2018, 34(6):722-728(in Chinese).
[12] WANG W, CHEN G, WU R, et al. A low-complexity spoofing detection and suppression approach for ADS-B[C]//2015 Integrated Communication, Navigation and Surveillance Conference. Piscataway, NJ:IEEE Press, 2015:K2-1-K2-8.
[13] AHMAD S, LAVIN A, PURDY S, et al. Unsupervised real-time anomaly detection for streaming data[J]. Neurocomputing, 2017, 262:134-147.
[14] TERZI D S, TERZI R, SAGIROGLU S. Big data analytics for network anomaly detection from netflow data[C]//2017 International Conference on Computer Science and Engineering. Piscataway, NJ:IEEE Press, 2017:592-597.
[15] XU H, CHEN W, ZHAO N, et al. Unsupervised anomaly detection via variational auto-encoder for seasonal kpis in web applications[C]//Proceedings of the 2018 World Wide Web Conference, 2018:187-196.
[16] LAPTEV N, AMIZADEH S, FLINT I. Generic and scalable framework for automated time-series anomaly detection[C]//Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York:ACM, 2015:1939-1947.
[17] LIU D, ZHAO Y, XU H, et al. Opprentice:Towards practical and automatic anomaly detection through machine learning[C]//Proceedings of the 2015 Internet Measurement Conference. New York:ACM, 2015:211-224.
[18] GÖRNITZ N, KLOFT M, RIECK K, et al. Toward supervised anomaly detection[J]. Journal of Artificial Intelligence Research, 2013, 46:235-262.
[19] PENG H K, MARCULESCU R. Multi-scale compositionality:Identifying the compositional structures of social dynamics using deep learning[J]. PloS one, 2015, 10(4):e0118309.
[20] JAVAID A, NIYAZ Q, SUN W, et al. A deep learning approach for network intrusion detection system[C]//Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies, 2016:21-26.
[21] CHO K, VAN MERRIËNBOER B, GULCEHRE C, et al. Learning phrase representations using RNN encoder-decoder for statistical machine translation[J]. arXiv preprint arXiv:1406.1078, 2014.
[22] STROHMEIER M, LENDERS V, MARTINOVIC I. On the security of the automatic dependent surveillance-broadcast protocol[J]. IEEE Communications Surveys & Tutorials, 2014, 17(2):1066-1087.
[23] MANESH M R, KAABOUCH N. Analysis of vulnerabilities, attacks, countermeasures and overall risk of the Automatic Dependent Surveillance-Broadcast (ADS-B) system[J]. International Journal of Critical Infrastructure Protection, 2017, 19:16-31.
[24] CHAN-TIN E, HEORHIADI V, HOPPER N, et al. The frog-boiling attack:Limitations of secure network coordinate systems[J]. ACM Transactions on Information and System Security, 2011, 14(3):27.
[25] DONG W, YUAN T, YANG K, et al. Autoencoder regularized network for driving style representation learning[EB/OL]. (2017-01-05)[2019-06-14].https://arxiv.org/abs/1701.01272.
[26] KIEU T, YANG B, JENSEN C S. Outlier detection for multidimensional time series using deep neural networks[C]//2018 19th IEEE International Conference on Mobile Data Management. Piscataway, NJ:IEEE Press, 2018:125-134.
[27] HOCHREITER S, SCHMIDHUBER J. Long short-term memory[J]. Neural computation, 1997, 9(8):1735-1780.
[28] GRAVES A, SCHMIDHUBER J. Framewise phoneme classification with bidirectional LSTM and other neural network architectures[J]. Neural Networks, 2005, 18(5-6):602-610.