Intrusion Detection For The Controller Pilot Data Link Communication : Detecting CPDLC attacks using machine learning

Abstract: Controller Pilot Data Link Communications (CPDLC) is a system for text-based communication between air traffic control and flight crew. It currently lacks protection against many common types of attacks, making the system vulnerable to attackers. This can have severe consequences for the safety and reliability of air travel. One such attack is alteration attacks. This thesis focuses on detecting alteration attacks with the use of machine learning. It also goes over how CPDLC messages are structured and how to prepare a dataset of CPDLC messages before applying machine learning models. Using Datawig for data imputation made it possible to prepare the dataset by filling in missing values, which could be used for machine learning. With the prepared dataset, two deep learning models, RNN and LSTM, were trained on the dataset to identify genuine and fabricated messages. The dataset consists of a combination of real and altered CPDLC messages. It was found that both models could be used, with high accuracy, to identify real and fake CPDLC messages from the dataset. The implication of this means it is possible to build and train models to detect and differentiate altered messages from genuine messages, which could be further built upon to develop a system for both detecting and preventing alteration attacks.