CYBER SECURITY FOR AVIATION OPERATIONS DR ELENA SITNIKOVA, PHD, BE (HONS), CSSLP, SFHEA CRITICAL INFRASTRUCTURE PROTECTION, RESEARCH LEADER THE SPITFIRE MEMORIAL DEFENCE FELLOW UNSW CANBERRA @ ADFA E.SITNIKOVA@ADFA.EDU.AU
BACKGROUND TECHNOLOGICAL NEED FOR ADVANCEMENTS: CYBERSECURITY FOR OPPORTUNITIES AND AVIATION OPERATIONS CHALLENGES OUTLINE SPITFIRE DEFENCE FUTURE RESEARCH Q/A MEMORIAL FELLOWSHIP INITIATIVES – 2019 PROJECT
THE AUSTRALIA’S CYBER SECURITY STRATEGY 2020 • Investing $1.67 billion over 10 years to achieve a more secure online world for Australians, their businesses and the essential services • Ensuring Australians are secure online is a shared responsibility • UNSW Canberra Cyber looks forward to contributing to the Strategy’s success. • research in cybersecurity, intelligent defence, cyber- physical systems, IIoT • education to build Australia’s cyber skills pipeline
The typical commercial UAV is a remote- controlled aircraft with an off the shelf flight computer capable of autonomous operation that is carrying an optical sensor payload. It is an inexpensive airframe running an inexpensive computer that is designed BACKGROUND carry low cost, low power, high fidelity sensors to collect data for real time and post processing. The most important growth of UAVs will not be in hardware, it will be in software and data analysis, development of innovate AI-enabled cyber defences for protecting UAV’s hardware and software.
USE OF UAVS The MQ-25 Stingray MQ-9 Reaper [Predator B] The Loyal Wingman
SYSTEMATIC WORKFLOW OF UAV
CHALLENGES FOR AVIATION ECOSYSTEMS • The increasing prevalence of Unmanned Autonomous Vehicles (UAVs) in the military and civilian sectors, has been accompanied by an increase in sophisticated malicious activities. • Since UAVs comprise a complex infrastructure as piloted aircraft without an onboard operator, they still need a resilient security control to ensure their safe operation. • Global connections and complexity (new and legacy systems), Io(F)T • Handling heterogenous data sources through e-operations from UAVs and their network communications • UAV’s devices with constrained or limited hardware resources (precluding certain basic or “common - sense” security measures) • Lightweight and adaptive AI-enabled cyber defence models are still not mature • New advanced persistent threats such as DDoS, hijacking, and botnets, can not be easily discovered
SPACE INFRASTRUCTURE CYBERSECURITY • Global connections and complexity • UAS rely on satellite communications, GPS
HIJACK OF UAV • Various commercial UAVs use WiFi for command & control and data. • A user can identify the SSID, deauthenticate the UAV, and then capture the UAVs attempt to reestablish the link. • Once the link is established, they can control the UAV, download telemetry, or download sensor data. • Other commercial solutions use 915Mhz links using the MavLink protocol which can also be hijacked. • An assume control attack has been demonstrated on most of the consumer/commercial remote controllers independent of the data link • If you have access to the C2 or data link, you can also change waypoints and other mission parameters
ADF UNMANNED AERIAL SYSTEMS • ADF investment in unmanned aerial systems is increasing and is expected to exceed $20 billion over the next decade • The UAS platforms range from the smallest hand held devices to full-scale aircraft and each present challenges in their effective use and support • The UAS are ideal for “ Dull, Dirty, or Dangerous ” missions
UNSW CANBERRA RESEARCH ON AUTONOMOUS OPERATIONS FOR A CYBER-PHYSICAL UAV DISTRIBUTED ANOMALY DETECTION SYSTEM * • This research promotes awareness of cybersecurity in autonomous aviation operations and related confidentiality-integrity- availability (CIA-triad) issues across the Australian Defence Force. It addresses the following question: How to identify malicious attacks through anomaly detection in ways that will make UAV’s mission -critical systems resilient to cyber-attacks? * Supported by the Spitfire Defence Memorial Association's Fellowship grant to lead this research project ( PS39150)
STAGE 1- DESIGNING A REALISTIC ARCHITECTURE OF A UAV NETWORK AT THE IOT LAB
THE ARCHITECTURE OF UAV NETWORK TESTBED LINKED TO CLOUD AND FOG SYSTEMS UAV Network Communication Network Communication Cloud computing Cloud computing d paradigm e paradigm s o p o Network r P k r o to store data collected w to store data collected e Communication m a r f Physical-digital Anomaly Flight control detection Network Serial commuincation Communication framework Approaches and Position control Fog computing Fog computing models Network Communication to decrease to decrease Velocity control computational resources computational resources at the network edges at the network edges Attitude control Human Machine Sensors Interface (HMI)/API
STAGE 2- LAUNCHING DIFFERENT ATTACKING SCENARIOS AND NORMAL OPERATIONS • Scanning/probing - Nessus tool to scan the vulnerabilities of the entire systems in the testbed including the Ubuntu server, Security Onion, and UAV system. The aim: a hacker collects information about systems such as open services and protocols, types of operating systems, and weaknesses. Then, the hacker uses other exploits to breach the open the vulnerabilities of systems, such as using DoS and DDoS to corrupt services. • Denial-of-Service (DoS) attack - is a cyber-attack to corrupt services of a targeted system, e.g hacking a UAV system to stop it from moving and corrupt its control unit. We used Metasploit and Scapy platforms installed at the Kali to exploit the systems of the UAV, Security Onion and Ubuntu server. Once we launched the hacking activities, there was a floodof traffic targeting the systems of the testbed, with superfluous requests to overload systems and prevent them from executing any normal action. • Distributed Denial-of-Service (DDoS) attack - is a cyber-attack of multiple sources of DoS to disrupt normal traffic of the targeted systems (i.e., the UAV system, Security Onion, and Ubuntu server) by sending massive flooding traffic from several zombie machines. DDoS attacks accomplish efficiency by using many compromised systems as sources of attack traffic. We used the virtual machine of Kali Linux using the Metasploit framework to exploit the entire testbed network of the UAV system for corrupting its legitimate operations such as movement and flying. • Normal traffic generation - Ostinato tool is a packet generator and network traffic generator that has a graphic user interface that supports the process of normal operation such as generating TCP traffic in a predefined range of IP addresses and protocols with the subnet of the testbed network. We simulated different network protocol cases either ethernet or WIFI traffic to mimic a real UAV system network.
STAGE 3- COLLECTING AND LABELING LEGITIMATE AND ATTACK EVENTS • used the Security Onion platform, which is a free and open-source Linux distribution. • Security Onion’s services: intrusion detection, enterprise security monitoring, and log management. • utilized the snort agent as a logger to collect pcap files that include normal and attack traffic. Then, we used the Argus tool to generate network header information such as source and destination IP addresses. The Argus tool was configured to log the network packets in the MySQL database. • ~2 million records of normal and various attack events of Probing, DoS and DDoS collected • added a new column in the database, named Class, which was used to label or tag each record as normal or attack. • used an update command of SQL that allows the automation process of labeling. • We considered a record to be an attack when we found the source or destination IP addresses of the Kali system (i.e., the hacking machine), otherwise we considered the record to be normal. • This process is the initial stage of applying anomaly detection-based machine learning, whereby the labeling process is the only way to train and validate the performance of machine learning algorithms and determine their credibility of discovering attacking events.
STAGE 4 - MACHINE LEARNING MODELS FOR INTRUSION DETECTION • Machine Learning (ML) models have great potential to discover cyber- attacks against UAV’s networks. We developed ML techniques: Decision Tree, K-Nearest Neighbours, Multi-Layer Perceptron, Naïve Bayes and Support Vector Machine, using Python scripts. • The sklearn package in Python was used for implementing the models, which were not optimized, as no hyperparameters were altered. • For training and testing ML models, the original generated dataset was split into a training set (70%) and testing set (30%) to determine their performance of discovering attack events from the UAV’s network. • Next, we present the confusion matrices that were generated post-testing. Additionally, five metrics are also provided, to better depict the performance of the classifiers.
Recommend
More recommend
