Ontology-Based Anomaly Detection for Air Traffic Control Systems

TL;DR

This paper introduces ATC-Sense, an ontology-based system for detecting falsified ADS-B messages in air traffic control, enhancing safety by identifying spoofing attacks without requiring protocol updates.

Contribution

The paper presents a novel ontology-based anomaly detection system for ADS-B communications, enabling real-time spoofing detection in air traffic control environments.

Findings

Effective detection of ADS-B spoofing attacks in simulations

Demonstrated real-time anomaly detection capabilities

Identified computational performance challenges and future directions

Abstract

The Automatic Dependent Surveillance-Broadcast (ADS-B) protocol is increasingly being adopted by the aviation industry as a method for aircraft to relay their position to Air Traffic Control (ATC) monitoring systems. ADS-B provides greater precision compared to traditional radar-based technologies, however, it was designed without any encryption or authentication mechanisms and has been shown to be susceptible to spoofing attacks. A capable attacker can transmit falsified ADS-B messages with the intent of causing false information to be shown on ATC displays and threaten the safety of air traffic. Updating the ADS-B protocol will be a lengthy process, therefore, there is a need for systems to detect anomalous ADS-B communications. This paper presents ATC-Sense, an ADS-B anomaly detection system based on ontologies. An ATC ontology is used to model entities in a simulated controlled airspace and is used to detect falsified ADS-B messages by verifying that the entities conform to aviation constraints related to aircraft flight tracks, radar readings, and flight reports. We evaluate the computational performance of the proposed constraints-based detection approach with several ADS-B attack scenarios in a simulated ATC environment. We demonstrate how ontologies can be used for anomaly detection in a real-time environment and call for future work to investigate ways to improve the computational performance of such an approach.