Using LSTM Encoder-Decoder Algorithm for Detecting Anomalous ADS-B Messages

TL;DR

This paper presents an LSTM encoder-decoder based method for detecting spoofed or manipulated ADS-B messages by modeling legitimate flight routes and identifying anomalies, offering a practical security enhancement without protocol modifications.

Contribution

The study introduces a novel LSTM-based anomaly detection approach for ADS-B messages that does not require changes to existing protocol infrastructure.

Findings

Successfully detected all injected anomalies in test datasets.

Achieved an average false alarm rate of 4.3%.

Effective in modeling and identifying deviations in flight paths.

Abstract

Although the ADS-B system is going to play a major role in the safe navigation of airplanes and air traffic control (ATC) management, it is also well known for its lack of security mechanisms. Previous research has proposed various methods for improving the security of the ADS-B system and mitigating associated risks. However, these solutions typically require the use of additional participating nodes (or sensors) (e.g., to verify the location of the airplane by analyzing the physical signal) or modification of the current protocol architecture (e.g., adding encryption or authentication mechanisms.) Due to the regulation process regarding avionic systems and the fact that the ADS-B system is already deployed in most airplanes, applying such modifications to the current protocol at this stage is impractical. In this paper we propose an alternative security solution for detecting anomalous ADS-B messages aimed at the detection of spoofed or manipulated ADS- B messages sent by an attacker or compromised airplane. The proposed approach utilizes an LSTM encoder-decoder algorithm for modeling flight routes by analyzing sequences of legitimate ADS-B messages. Using these models, aircraft can autonomously evaluate received ADS-B messages and identify deviations from the legitimate flight path (i.e., anomalies). We examined our approach on six different flight route datasets to which we injected different types of anomalies. Using our approach we were able to detect all of the injected attacks with an average false alarm rate of 4.3% for all of datasets.