Intrusion Detection System for the MIL-STD-1553 Communication Bus

Orly Stan, Adi Cohen, Yuval Elovici, Asaf Shabtai

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

MIL-STD-1553 is a military standard that defines the specification of a serial communication bus that has been implemented in military and aerospace avionic platforms for over 40 years. MIL-STD-1553 was designed for a high level of fault tolerance while less attention was paid to cyber security issues. Thus, as indicated in recent studies, it is exposed to various threats. In this article, we suggest enhancing the security of MIL-STD-1553 communication buses by integrating a machine learning-based intrusion detection system (IDS); such an IDS will be capable of detecting cyber attacks in real time. The IDS consists of two modules: 1) a remote terminal (RT) authentication module that detects illegitimately connected components and data transfers and 2) a sequence-based anomaly detection module that detects anomalies in the operation of the system. The IDS showed high detection rates for both normal and abnormal behavior when evaluated in a testbed using real 1553 hardware, as well as a very fast and accurate training process using logs from a real system. The RT authentication module managed to authenticate RTs with +0.99 precision and +0.98 recall; and detect illegitimate component (or a legitimate component that impersonates other components) with +0.98 precision and +0.99 recall. The sequence-based anomaly detection module managed to perfectly detect both normal and abnormal behavior. Moreover, the sequence-based anomaly detection module managed to accurately (i.e., zero false positives) model the normal behavior of a real system in a short period of time ($\sim$22 s).

Original languageEnglish
Article number8946705
Pages (from-to)3010-3027
Number of pages18
JournalIEEE Transactions on Aerospace and Electronic Systems
Volume56
Issue number4
DOIs
StatePublished - 1 Aug 2020

Keywords

  • Anomaly detection
  • MIL-STD-1553
  • Markov chain
  • communication bus security
  • intrusion detection
  • machine learning

Fingerprint

Dive into the research topics of 'Intrusion Detection System for the MIL-STD-1553 Communication Bus'. Together they form a unique fingerprint.

Cite this