AnoMili: Spoofing Hardening and Explainable Anomaly Detection for the 1553 Military Avionic Bus

Efrat Levy, Nadav Maman, Asaf Shabtai, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

Abstract

MIL-STD-1553, a standard that defines a communication bus for interconnected devices, is widely used in military and aerospace avionic platforms. Due to its lack of security mechanisms, MIL-STD-1553 is exposed to cyber threats. The methods previously proposed to address these threats are very limited, resulting in the need for more advanced techniques. Inspired by the <italic>defense in depth</italic> principle, we propose AnoMili, a protection system for the MIL-STD-1553 bus, which consists of: (i) a physical intrusion detection mechanism that detects unauthorized devices connected to the 1553 bus, even if they are passive (sniffing), (ii) a device fingerprinting mechanism that protects against spoofing attacks (two approaches are proposed: prevention and detection), (iii) a context-based anomaly detection mechanism, and (iv) an anomaly explanation engine responsible for explaining the detected anomalies in real time. To the best of our knowledge, this is the first study in the transportation domain to design a real-time mechanism that produces human-actionable insights regarding the anomalies detected. We evaluate AnoMili&#x0027;s effectiveness and practicality in two real 1553 hardware-based testbeds. The effectiveness of the anomaly explanation engine is also demonstrated. All of the detection and prevention mechanisms employed had high detection rates (over 99.45&#x0025;) with low false positive rates. The context-based anomaly detection mechanism obtained perfect results when evaluated on a dataset used in prior work.

Original languageEnglish
Pages (from-to)1-17
Number of pages17
JournalIEEE Transactions on Aerospace and Electronic Systems
DOIs
StateAccepted/In press - 1 Jan 2024

Keywords

  • Aerospace electronics
  • Anomaly detection
  • anomaly detection
  • avionics security
  • deep learning
  • Engines
  • explainable artificial intelligence
  • Information systems
  • Intrusion detection
  • MIL-STD-1553
  • Military standards
  • Real-time systems
  • Security

ASJC Scopus subject areas

  • Aerospace Engineering
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'AnoMili: Spoofing Hardening and Explainable Anomaly Detection for the 1553 Military Avionic Bus'. Together they form a unique fingerprint.

Cite this