An AI based Approach to Secure SDN Enabled Future Avionics Communications Network Against DDoS Attacks

Abstract

The security has always been an important part of the telecommunication systems, which require consideration with high priority and appropriate countermeasures by network operators. In avionics communication systems the consideration of security is even more important, provided the fact that a minor security breach in avionics communication system can lead to a catastrophic incident which is never acceptable in any circumstances. Like other terrestrial networks the evolution of avionics communication networks is also incorporating new technologies such as heterogeneous networking for multilink communications, software defined radios (SDR), IoT, Cloud, Big Data and software defined networking (SDN) etc. This evolution for future avionics communication networks on one hand is offering enhanced reliability, flexibility, improved performance, centralized control, global network view and better management to the future avionics networks but on other hand it also inherits some of the vulnerabilities such as single point of failure etc. The pre-existing vulnerabilities together with newly inherited vulnerabilities due to incorporation of new technologies in future avionics communications networks demands considerable attention and develop context for more research in this area. There have been multiple artificial intelligence (AI) based techniques proposed by researcher globally to counter the security challenges associated with traditional terrestrial networks but very rare efforts have been made in securing future avionics communication incorporating AI. This paper proposes an AI based security solution using artificial neural networks (ANN) to address the security issues of future avionics communications networks. This paper identifies the possible vulnerabilities in the SDN enabled future avionics network (COMET) architecture at different levels considering southbound, northbound and east/west bound interfaces. Each asset in the COMET aircraft architecture is analyzed for possible vulnerabilities and potential threats and categorized appropriately. The main focus of proposed research is on the AI based method to detect and protect the COMET aircraft system from Distributed Denial of Service (DDoS) attacks and its impacts. Addressing DDoS attacks is an important concern in network security as lack of countermeasures can easily lead to waste of network resources resulting into gigantic depletion of bandwidth and eventually network unavailability. The traditional methods to defend against DDoS attacks are traceback method, entropy variation and intrusion detection and prevention system (IDPS). This paper proposes using ANN techniques in IDPS to efficiently detect and prevent the DDoS attacks by taking advantage of SDN stack. The simulation is carried out by implementing the proposed AI method on top of SDN controller and running different DDoS attacks scenarios to monitor and verify that the detection accuracy is higher and false alarm rate is low enough.