An Integrated Hybrid Model for Cyber Threat Intrusion Detection for Satellite Ground Station Networks Using Transformers and Random Forest.

Waibi Brian; S R Raja

doi:10.32628/IJSRSET2411463

Authors

Waibi Brian Postgraduate Student Master of Computer Applications Cyber Security and Cloud Computing, Hindustan Institute of Technology and Science, Chennai, Tamil Nadu, India Author
S R Raja Associate Professor, Master of Computer Applications, Hindustan Institute of Technology and Science, Chennai, Tamil Nadu, India Author

DOI:

https://doi.org/10.32628/IJSRSET2411463

Keywords:

Satellites, Cyber threats, NewSpace, Satellite Ground Station Networks, Intrusion Detection Systems, Random Forest, Transformer model

Abstract

Satellite Ground Station Networks (SGSN) facilitate communication services for critical infrastructure in space systems. These networks can seamlessly integrate with diverse space and ground systems. However, the dynamic rise of cyber threats and attacks in the NewSpace era has underscored the critical need for robust intrusion detection systems (IDS) in satellite ground station networked environments which face unique security and privacy challenges. Traditional learning techniques such as statistics and knowledge-based techniques have limitations: they cannot be easily modified, they cannot identify new malicious attacks, low accuracy, and high false alarms. Additionally, the scarcity of effective security data sets and the constantly evolving nature of intrusion attacks hinder the development of comprehensive and adaptive IDS solutions. These issues necessitate improved accuracy and effectiveness of IDS to detect new and emerging threats, vital in preventing data breaches or potential shutdowns of satellite systems. An integrated hybrid IDS model leveraging RF and Transformer is proposed to optimize the detection performance of malicious activities in network traffic. The Proposed model exploits the self-attention mechanism of the Transformer model to select important features from the augmented dataset and is then trained using the Random Forest model to enhance the early detection accuracy of various intrusion attacks, including Distributed Denial of Service (DDoS) attacks and Benign (Normal) data. An empirical experiment is conducted using publicly available datasets such as Satellite Terrestrial Integrated Network (STIN), and CSE-CIC-IDS2018, and the integrated hybrid model attains 99.90% overall weighted accuracy better than individual models of Transformer and Random Forest (RF). The results validate that the proposed method effectively detects various types of DDoS attacks and Benign (Normal) traffic and thus can be integrated into SGSNs.

Downloads

Download data is not yet available.

References

Abbasi, A., Wetzels, J., Bokslag, W., Zambon, E., & Etalle, S. (2014). On emulation-based network intrusion detection systems. In A. Stavrou, H. Bos, & G. Portokalidis (Eds.), Research in Attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17–19, 2014, Proceedings (pp. 384–404). Springer. https://doi.org/10.1007/978-3-319-11379-1_19 DOI: https://doi.org/10.1007/978-3-319-11379-1_19

Alazab, A., Hobbs, M., Abawajy, J., & Alazab, M. (2012). Using Feature Selection for Intrusion Detection System. 2012 International Symposium on Communications and Information Technologies (ISCIT), 296–301. https://doi.org/10.1109/ISCIT.2012.6380947 DOI: https://doi.org/10.1109/ISCIT.2012.6380910

Alsirhani, A., Sampalli, S., & Bodorik, P. (2019). DDoS detection system: Using a set of classification algorithms controlled by fuzzy logic system in Apache Spark. IEEE Transactions on Network and Service Management, 16(3), 936–949. https://doi.org/10.1109/TNSM.2019.2925554 DOI: https://doi.org/10.1109/TNSM.2019.2929425

Ashraf, I., Narra, M., Umer, M., Majeed, R., Sadiq, S., Javaid, F., & Rasool, N. (2022). A deep learning-based smart framework for cyber-physical and satellite system security threats detection. Electronics, 11(4), 667. https://doi.org/10.3390/electronics11040667 DOI: https://doi.org/10.3390/electronics11040667

Assis, M. V, Carvalho, L. F., Lloret, J., & Proença, M. L. (2021). A GRU deep learning system against attacks in software-defined networks. Journal of Network and Computer Applications, 177, 102942. https://doi.org/10.1016/j.jnca.2020.102942 DOI: https://doi.org/10.1016/j.jnca.2020.102942

Azar, A. T., Shehab, E., Mattar, A. M., Hameed, I. A., & Elsaid, S. A. (2020). Deep learning-based hybrid intrusion detection systems to protect satellite networks.

Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5–32. https://doi.org/10.1023/A:1010950718922 DOI: https://doi.org/10.1023/A:1010933404324

Farid, D. M., Harbi, N., & Rahman, M. Z. (2010). Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection. ArXiv Preprint ArXiv: 1005.4496. https://arxiv.org/abs/1005.4496

Farnaaz, N., & Jabbar, M. A. (2016). Random forest modeling for network intrusion detection system. Procedia Computer Science, 89, 213–217. https://doi.org/10.1016/j.procs.2016.06.047 DOI: https://doi.org/10.1016/j.procs.2016.06.047

Guyon, I., & Elisseeff, A. (2008). An Introduction to Feature Extraction. Studies in Fuzziness and Soft Computing, 207, 1–25. https://doi.org/10.1007/978-3-540-35488-8_1 DOI: https://doi.org/10.1007/978-3-540-35488-8_1

Hassanin, M., Keshk, M., Salim, S., Isubaie, M., & Sharma, D. (2024). PLLM-CS: Pre-trained large language model (LLM) for cyber threat detection in satellite networks. https://doi.org/10.48550/arXiv.2405.05469 DOI: https://doi.org/10.1016/j.adhoc.2024.103645

Hinton, G. (2012). Neural networks for machine learning.

Korinchak, D. (2024). Unraveling Cybersecurity Challenges in Satellite Communication Systems. https://cyberexperts.com/unraveling-cybersecurity-challenges-in-satellite-communication-systems/

Kotsiantis, S. B., Zaharakis, I., & Pintelas, P. (2006). Machine learning: A review of classification and combining techniques. Artificial Intelligence Review, 26(3), 159–190. https://doi.org/10.1007/s10462-007-9052-3 DOI: https://doi.org/10.1007/s10462-007-9052-3

Kreibich, C., & Crowcroft, J. (2004). Honeycomb: Creating Intrusion Detection Signatures Using Honeypots. SIGCOMM Computer Communication Review, 34(1), 51–56. https://doi.org/10.1145/972374.972383 DOI: https://doi.org/10.1145/972374.972384

kun9717. (2020). STIN Dataset: Flow-based Network Security Data Sets from Satellite and Terrestrial Networks.

Lakshminarayana, D. H. (2019). Intrusion detection using machine learning algorithms. East Carolina University Digital Repository.

Li, F., Yin, L., & Wu, W. (2016). Research status and development trends of security assurance for space-ground integration information network. J. Commun., 37(11), 156–168.

Li, K., Huachun, Z., & Tu, Z. (2020). Distributed network intrusion detection system in satellite-terrestrial integrated networks using federated learning. IEEE Access, 8, 214852–214865. https://doi.org/10.1109/ACCESS.2020.3041641 DOI: https://doi.org/10.1109/ACCESS.2020.3041641

Louppe, G., Wehenkel, L., Sutera, A., & Geurts, P. (2013). Understanding variable importances in forests of randomized trees. Advances in Neural Information Processing Systems, 431–439.

NIST. (2024). Cybersecurity for the Space Domain.

Quiquet, F. (2020). Description of the Elements of a Satellite Command and Control System. https://www.spacesecurity.info/en/description-of-the-elements-of-a-satellite-command-and-control-system/

Rahman, M. A., Muniyandi, R. C., & Ramakrishnan, S. (2020). An efficient preprocessing approach for network intrusion detection system using machine learning. International Journal of Innovative Technology and Exploring Engineering, 9(5), 457–464.

solarmainframe. (2020). DDoS Attacks of Various Formats from the University of New Brunswick. https://www.kaggle.com/solarmainframe/ids-intrusion-csv/discussion

Subba, B., Biswas, S., & Karmakar, S. (2016). A neural network based system for intrusion detection and attack classification. 2016 Twenty Second National Conference on Communication (NCC), 1–6. https://doi.org/10.1109/NCC.2016.7501101 DOI: https://doi.org/10.1109/NCC.2016.7561088

Tsai, C. F., Hsu, Y. F., Lin, C. Y., & Lin, W. Y. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications, 36(10), 11994–12000. https://doi.org/10.1016/j.eswa.2009.05.029 DOI: https://doi.org/10.1016/j.eswa.2009.05.029