Anomaly Detection of MIL-STD 1553 Traffic: Machine Learning Methods and Realistic Simulation Environment

Sağırkaya, Hüseyin
In this thesis, we evaluate K-Nearest Neighbor (K-NN), Support Vector Machine (SVM), Naïve Bayes, Logistic Regression and Decision Tree machine learning (ML) methods for the anomaly detection of MIL-STD 1553 traffic to support cybersecurity. MIL-STD 1553 is a very widely used communication bus for military avionics systems. The fault tolerance features of MIL-STD 1553 target the safety and robustness of the aircraft. However, there is no built-in support against malicious attacks. Such cybersecurity issues are raised because of the increased connectivity of the MIL-STD 1553 to the outside world particularly for maintenance and diagnostics reasons. An imitated remote terminal and bus controller can behave as a member of the bus to change the data or corrupt the data and traffic to prevent messaging or stop communication. Furthermore, cyber security attacks such as denial-of-service can cause bus scheduling failure. In the scope of this thesis, we identify attack scenarios and MIL-STD 1553 message features that can be used for anomaly detection. We construct a testbed with real avionics hardware and a simulator that can generate attack messages. We inject the messages generated by the simulator into the MIL-STD 1553 bus using a PCIe card that is connected to the PC with the simulator. Furthermore, we employ bus monitoring and analysis tools to collect data. To this end, we modify the driver of the PCIe card and write software to parse and analyze the traffic data.We perform anomaly detection with the selected ML algorithms and compare their results.
Citation Formats
H. Sağırkaya, “Anomaly Detection of MIL-STD 1553 Traffic: Machine Learning Methods and Realistic Simulation Environment,” M.S. - Master of Science, Middle East Technical University, 2023.