Using LSTM encoder-decoder algorithm for detecting anomalous ADS-B messages

Although the ADS-B system is expected to play a major role in the safe navigation of airplanes and air traffic control (ATC) management, it is also well known for its lack of security mechanisms. Previous research has proposed various methods for improving the security of the ADS-B system and mitigating associated risks. However, these solutions typically require the use of additional participating nodes or sensors (e.g., to verify the location of the airplane by analyzing the physical signal) or modification of the current protocol architecture (e.g., adding encryption or authentication mechanisms). Due to the regulation process regarding avionic systems and the fact that the ADS-B system is already deployed in most airplanes, applying such modifications to the current protocol at this stage is impractical. In this paper we propose an alternative security solution for detecting anomalous ADS-B messages, which is aimed at the detection of spoofed or manipulated ADS-B messages sent by an attacker or compromised airplane. The proposed approach utilizes an LSTM encoder-decoder algorithm for modeling flight routes by analyzing sequences of legitimate ADS-B messages. Using these models, aircraft can autonomously evaluate ADS-B messages received and identify deviations from the legitimate flight path (i.e., anomalies). We examined our approach on thirteen different flight route datasets into which we injected different types of anomalies. In addition, we compared our proposed method with five commonly used anomaly detection algorithms: GMM-HMM, DBSTREAM, one class SVM, LOF and Isolation Forest. Our experiments show that by using our approach, we were able to detect all of the injected attacks with an average false alarm rate of 4.5%. Moreover, in all cases, the performance of the LSTM encoder-decoder algorithm outperformed the other algorithms. (C) 2018 Elsevier Ltd. All rights reserved.