Anomalous Behavior Detection in Aircraft based Automatic Dependent Surveillance–Broadcast (ADS-B) system using Deep Graph Convolution and Generative model (GA-GAN)

Abstract: The Automatic Dependent Surveillance-Broadcast (ADS-B) is a key component of the Next Generation Air Transportation System (Next Gen) that manages the increasingly congested airspace and operation. From Jan 2020, the U.S. Federal Aviation Administration (FAA) mandated the use of (ADS-B) as a key component of Next Gen project. ADS-Bprovides accurate aircraft localization via satellite navigation and efficient air traffic management, and also improves the safety of thousands of passengers travelling worldwide. While the benefits of ADS-B are well known, the fact that ADS-B is an open protocol introduces various exploitable security vulnerabilities. One practical threat is the ADS-B spoofing attack that targets the ground station, in which the ground-based attacker manipulates the International Civil Aviation Organization (ICAO) address (which is a unique identifierfor each aircraft) in the ADS-B forwarded messages to fake the appearance of non-existent aircraft or masquerade as a trusted aircraft. As a result, this type of attack can confuseand misguide the aircraft pilots or the air traffic control personnel and cause dangerous maneuvers. In this project, we intend to build a robust Intrusion Detection System (IDS) to detectanomalous behavior and classify attacks in an aircraft ADS-B protocol in real time duringair-ground communication. The IDS system we propose is a 3 stage deep learning framework built using Spatial Graph Convolution Networks and Deep auto-regressive generative model. In stage 1 we use a Graph convolution network architecture to classify the dataas attacked or normal in the entire airspace of an operating aircraft. In stage 2 we analyze the sequences of air-space states to identify anomalies using a generative Wavenet modeland simultaneously output feature under attack. Final stage consist of aircraft (ICAO) classification module based on unique RF transmitter signal characteristics of an aircraft. This allows the ground station operator to examine each incoming message based on the Phylayer features as well as message data field (such as, position, velocity, altitude) and flagsuspicious messages. The model is trained in a supervised fashion using federated learning where the data remains private to the data owner, i.e.: aircraft-ground station without data being explicitly sent to the cloud server. The server only receives the learned parameters for inference, there by training the entire model on the edge, thus preserving data-privacyand potential adversarial attacks. We aim to achieve a high precision real-time IDS system, with very low false alarm rate for real world deployment