Özet:
Automatic Dependent Surveillance Broadcast (ADS-B) is one of the most prominent protocols in Air Traffic Control (ATC). Its key advantages derive from using GPS as a location provider, resulting in better location accuracy while offering substantially lower deployment and operational costs when compared to traditional radar technologies. ADS-B not only can enhance radar coverage but also is a standalone solution to areas without radar coverage. Despite these advantages, a wider adoption of the technology is limited due to security vulnerabilities, which are rooted in the protocol's open broadcast of clear-text messages. In spite of the seriousness of such concerns, very few researchers attempted to propose viable approaches to address such vulnerabilities. In addition to the importance of detecting ADS-B attacks, classifying these attacks is as important since it will enable the security experts and ATC controllers to better understand the attack vector thus enhancing the future protection mechanisms. Unfortunately, there have been very little research on automatically classifying ADS-B attacks. Even the few approaches that attempted to do so considered just two classification categories, i.e. malicious message vs not malicious message. In this paper, we propose a new module to our ADS-Bsec framework capable of classifying ADS-B attacks using advanced machine learning techniques including Support Vector Machines (SVM), Decision Tree, and Random Forest (RF). Our module has the advantage that it adopts a multi-class classification approach based on the nature of the ADS-B attacks not just the traditional 2-category classifiers. To illustrate and evaluate our ideas, we designed several experiments using a flight dataset from Lisbon to Paris that includes ADS-B attacks from three categories. Our experimental results demonstrated that machine learning-based models provide high performance in terms of accuracy, sensitivity, and specificity metrics.