CANSat-IDS: An adaptive distributed Intrusion Detection System for satellites, based on combined classification of CAN traffic

The increasing dependence on satellite technology for critical applications, such as telecommunications, Earth observation, and navigation, underscores the need for robust security measures to safeguard these assets from potential cyber threats. Moreover, as many satellite systems rely on the Controller Area Network (CAN) protocol for efficient data exchange among onboard subsystems, they become prime targets for cyberattacks. While contributions present various options for detecting attacks in the CAN bus, no one proposes an architecture suitable for satellite systems. To address this concern, this paper presents a novel approach to develop an adaptive distributed Intrusion Detection System (IDS) for satellites, which integrates machine and deep learning techniques for the classification of CAN frames. This system is specifically designed to overcome the inherent power and computational challenges of satellite operations by executing time-based anomaly detection on board, and content-based detection at the ground segment. To evaluate the effectiveness of the proposed solution, experiments are conducted using representative Datasets. The obtained results demonstrate that the distributed IDS presented in this research offers a promising solution to improve the security of satellite systems by achieving high detection rates ranging from 91.12% to 99.86% (F1-score).