Feature Engineering for a MIL-STD-1553B LSTM Autoencoder Anomaly Detector





MIL-STD-1553B, Anomaly Detection, LSTM Autoencoder, Deep Learning, Aviation Cybersecurity


The MIL-STD-1553B data bus protocol is used in both civilian and military aircraft to enable communications between subsystems. These interconnected subsystems are responsible for core services such as communications, flow of instrument data and aircraft control. With aircraft modernization, threat vectors are introduced through increased inter-connectivity internal and external to the aircraft. The resulting potential for exploitation introduces a requirement for an intrusion detection capability in order to maintain the integrity, availability and reliability of data transmitted using the MIL-STD-1553B protocol, safety of the aircraft and overall, to achieve mission assurance. Research in recent years has investigated signature, statistical and machine learning based solutions to detect attacks on MIL-STD-1553B buses. Of the different techniques, those based on machine learning have shown extremely good results. The aim of this research is to improve the performance of an existing Long Short-Term Memory Auto-Encoder by refining the feature engineering phase of its pipeline. The improvement in the detector’s overall effectiveness was accomplished through feature engineering focused on feature generation and selection. Five different attack datasets were used as the starting point, consisting of four different denial of service attacks and one data integrity attack. From initial feature extraction of 155 features, two feature generation techniques were employed to create over 38,000 features as a starting point. Using five different MIL-STD-1553B datasets and three feature selection techniques, fifteen different Long Short-Term Memory Auto-Encoder models were created, trained and evaluated using common performance metrics and compared to those of the original anomaly detector. This research demonstrated marked performance improvement achieved by the feature engineering refinements made in comparison to those of the original model. Equally important, this research also showed a significant reduction in the number of features required to achieve this performance gain. In the context of miliary air operations, the ability to improve detection capabilities with less data is important to the technical solutions that contribute to the achievement of cyber mission assurance.

Author Biographies

Dakotah Soucy

Dakotah Soucy is an Officer in the Royal Canadian Air Force (RCAF) and received his MASc (Electrical and Computer Engineering) in 2022.  He is currently working in cyber security within the Directorate of Technical Airworthiness and Engineering Support (DTAES) focusing on aircraft avionics and mission systems.

brian lachine, Royal Military College of Canada

Brian Lachine is an Assistant Professor in the Department of Electrical and Computer Engineering at the Royal Military College of Canada.  His research interests include vulnerability discovery and anomaly detection in host logs and network traffic using statistical and machine learning techniques.