Arrêt de service lundi 11 juillet de 12h30 à 13h : tous les sites du CCSD (HAL, Epiciences, SciencesConf, AureHAL) seront inaccessibles (branchement réseau à modifier)
Accéder directement au contenu Accéder directement à la navigation
Communication dans un congrès

Characterizing Radar Network Traffic: a first step towards spoofing attack detection

Abstract : An Air Traffic Management (ATM) Surveillance System is used to provide services to perform Air Traffic Control (ATC) (e.g., horizontal separation between aircraft). This sytem carries messages containing aircraft's position from a collection of radars of an Air Navigation Service Provider (ANSP) through its network. Then Radar traffic is one of the most important sources of information for this system. The format of the radar messages is defined by a specific application-layer protocol entitled ASTERIX. The evolution of the security policy and technologies used makes existing radar systems, once considered safe, now potentially open to attack. Both safety and security of ATM system could be impacted by any kind of attack into the network traffic, who could maliciously modified information about aicrafts, in particular thanks to Spoofing Attack. To counter this risk, there is need to detect intrusion and then to have anomaly detection modules for this safety-critical network traffic, that can be deployed in a security appliance. In order to design this module, we did a statistical analysis to have an overview of the traffic to better know what we need to protect. Specifically, we studied radar network traffic in order to extract high level statistic characteristics of normal radar traffic. This allowed us to identify a trend in the evolution of this traffic. We were then able to inject a spoofing attack (when a malicious party impersonates another device or network user for the purpose of altering the data) into this traffic to modify the nominal traffic. Thereafter, we were able to detect this attack using our method, which consists of the use of a machine learning detection method, using a Long-Short Term Memory (LSTM) mechanism. This is the subject of our paper, an overview of radar traffic and a method to detect spoofing attack in this traffic. This would help to develop an ATM IDS especially as this type of attack could remain invisible for air traffic controller.
Liste complète des métadonnées

Littérature citée [24 références]  Voir  Masquer  Télécharger

https://hal-enac.archives-ouvertes.fr/hal-02890995
Contributeur : Théobald de Riberolles Connectez-vous pour contacter le contributeur
Soumis le : lundi 6 juillet 2020 - 16:51:19
Dernière modification le : lundi 4 juillet 2022 - 08:45:03
Archivage à long terme le : : vendredi 27 novembre 2020 - 11:53:36

Fichier

Aeroconf_Enac.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Theobald de Riberolles, Jiefu Song, yunkai Zou, Guthemberg Silvestre, Nicolas Larrieu. Characterizing Radar Network Traffic: a first step towards spoofing attack detection. AeroConf 2020, IEEE Aerospace Conference, Mar 2020, Big Sky, United States. pp.ISBN:978-1-7281-2734-7, ⟨10.1109/AERO47225.2020.9172292⟩. ⟨hal-02890995⟩

Partager

Métriques

Consultations de la notice

103

Téléchargements de fichiers

429