Skip to Main content Skip to Navigation
Conference papers

Characterizing Radar Network Traffic: a first step towards spoofing attack detection

Abstract : An Air Traffic Management (ATM) Surveillance System is used to provide services to perform Air Traffic Control (ATC) (e.g., horizontal separation between aircraft). This sytem carries messages containing aircraft's position from a collection of radars of an Air Navigation Service Provider (ANSP) through its network. Then Radar traffic is one of the most important sources of information for this system. The format of the radar messages is defined by a specific application-layer protocol entitled ASTERIX. The evolution of the security policy and technologies used makes existing radar systems, once considered safe, now potentially open to attack. Both safety and security of ATM system could be impacted by any kind of attack into the network traffic, who could maliciously modified information about aicrafts, in particular thanks to Spoofing Attack. To counter this risk, there is need to detect intrusion and then to have anomaly detection modules for this safety-critical network traffic, that can be deployed in a security appliance. In order to design this module, we did a statistical analysis to have an overview of the traffic to better know what we need to protect. Specifically, we studied radar network traffic in order to extract high level statistic characteristics of normal radar traffic. This allowed us to identify a trend in the evolution of this traffic. We were then able to inject a spoofing attack (when a malicious party impersonates another device or network user for the purpose of altering the data) into this traffic to modify the nominal traffic. Thereafter, we were able to detect this attack using our method, which consists of the use of a machine learning detection method, using a Long-Short Term Memory (LSTM) mechanism. This is the subject of our paper, an overview of radar traffic and a method to detect spoofing attack in this traffic. This would help to develop an ATM IDS especially as this type of attack could remain invisible for air traffic controller.
Complete list of metadatas

Cited literature [24 references]  Display  Hide  Download

https://hal-enac.archives-ouvertes.fr/hal-02890995
Contributor : Théobald de Riberolles <>
Submitted on : Monday, July 6, 2020 - 4:51:19 PM
Last modification on : Friday, October 23, 2020 - 10:59:16 AM
Long-term archiving on: : Friday, November 27, 2020 - 11:53:36 AM

File

Aeroconf_Enac.pdf
Files produced by the author(s)

Identifiers

Citation

Theobald de Riberolles, Jiefu Song, Yunkai Zou, Guthemberg Silvestre, Nicolas Larrieu. Characterizing Radar Network Traffic: a first step towards spoofing attack detection. AeroConf 2020, IEEE Aerospace Conference, Mar 2020, Big Sky, United States. pp.ISBN:978-1-7281-2734-7, ⟨10.1109/AERO47225.2020.9172292⟩. ⟨hal-02890995⟩

Share

Metrics

Record views

56

Files downloads

64