Design, Development and Implementation of a Network Intrusion Detection Tool for Air Traffic Management Systems

An Air Traffic Management (ATM) relies on a set of critical systems composed of control centers, sensors, communication means and radio navigation systems. These critical systems may be subject to different attacks and thus compromise their security. Indeed as there is a desire to open this system more and more outward and there is a gap between this world and the interconnected world, threats are increasing. The ATM system have particular characteristics as the fact that it is a very distributed system with a lot of real-time applications using proprietary and/or legacy protocols. Thus, the need to have an efficient Intrusion Detection System (IDS) is primordial in terms of reliability (a false negative rate as low as possible) and relevance (a lowest possible false-positive rate). The development of an IDS combining misuse detection (i.e., defining attack scenarios and finding traces of these scenarios in the traffic.) and anomaly detection ( i.e., the construction of a reference model of the behavior of the supervised entity to which we will be able to compare the observed behavior) based on wavelet theory is a promising approach as they are already shown for this type of systems. The detection capability for such complex system could be enhanced using the specific characteristics of its exchanges, use them to enrich its normal signature and reduce the probability of false positive and false negatives. This paper describes the context and the state of the art of the current research direction of the authors with the aim to present the challenges and the future works that the student aims to perform in the next years.