New Cybersecurity Technique Could Trick Hackers

Sandia National Laboratories research team members Christy Sturgill, Jacob Hazelbaker, Eric Vugrin and Nicholas Troutman, from left to right, onboard a C-130 transport aircraft at Kirtland Air Force Base. (Credit: Craig Fritz, Sandia National Laboratories)

An international team of researchers led by Purdue University examine how a new cybersecurity technique could help keep aircrafts such as a military jet, a commercial airliner, and even a spacecraft technologically safe from cyberattacks. This study holds the potential to address the potential pitfalls of living in a world that is becoming more and more reliant on computers for everything we do.

“When we talk about protecting our computer systems, frequently there are two main pieces we rely on,” said Dr. Eric Vugrin, who is a Sandia National Laboratories cybersecurity senior scientist and a co-author on the study. “The first approach is just keeping the bad guy out and never permitting access to the system. The physical analogue is to build a big wall and don’t let him in in the first place. And the backup plan is, if the wall doesn’t work, we rely on detection. Both of those approaches are imperfect. And so, what moving target defense offers as a complementary strategy is, even if those two approaches fail, moving target confuses the attacker and makes it more difficult to do damage.”

Many aircraft systems use an onboard computer network called the military standard 1553, also known as MIL-DTS-1553 or simply 1553, which is a very efficient system that allows the various aircraft systems to talk to each other. Because of the importance of this system in controlling aircraft, it also makes it very vulnerable to cyberattacks.

For the study, the researchers pitted moving target defenses (MTDs) algorithms against machine learning (ML) and deep learning (DL) models to examine the algorithm’s effectiveness against the models trying to attack it in real-time systems. They put emphasis on examining one such algorithm that randomizes address assignments to see if the models could overcome the defenses. Essentially, it…