Visible to the public Intrusion Detection System for the MIL-STD-1553 Communication Bus

Submitted by aekwall on Wed, 08/11/2021 - 2:29pm
TitleIntrusion Detection System for the MIL-STD-1553 Communication Bus
Publication TypeJournal Article
Year of Publication2020
AuthorsStan, Orly, Cohen, Adi, Elovici, Yuval, Shabtai, Asaf
JournalIEEE Transactions on Aerospace and Electronic Systems
Volume56
Pagination3010–3027
ISSN1557-9603
Keywordsanomaly detection, authentication, communication bus security, composability, Intrusion detection, intrusion tolerance, machine learning, machine learning algorithms, Markov chain, MIL-STD-1553, Military standards, pubcrawl, Resiliency, Timing, Vegetation
AbstractMIL-STD-1553 is a military standard that defines the specification of a serial communication bus that has been implemented in military and aerospace avionic platforms for over 40 years. MIL-STD-1553 was designed for a high level of fault tolerance while less attention was paid to cyber security issues. Thus, as indicated in recent studies, it is exposed to various threats. In this article, we suggest enhancing the security of MIL-STD-1553 communication buses by integrating a machine learning-based intrusion detection system (IDS); such anIDS will be capable of detecting cyber attacks in real time. The IDS consists of two modules: 1) a remote terminal (RT) authentication module that detects illegitimately connected components and data transfers and 2) a sequence-based anomaly detection module that detects anomalies in the operation of the system. The IDS showed high detection rates for both normal and abnormal behavior when evaluated in a testbed using real 1553 hardware, as well as a very fast and accurate training process using logs from a real system. The RT authentication module managed to authenticate RTs with +0.99 precision and +0.98 recall; and detect illegitimate component (or a legitimate component that impersonates other components) with +0.98 precision and +0.99 recall. The sequence-based anomaly detection module managed to perfectly detect both normal and abnormal behavior. Moreover, the sequencebased anomaly detection module managed to accurately (i.e., zero false positives) model the normal behavior of a real system in a short period of time ( 22 s).
DOI10.1109/TAES.2019.2961824
Citation Keystan_intrusion_2020
Groups: