CYBER-SECURITY CHALLENGES FOR WIRELESS NETWORKED

AIRCRAFT

Ramya Kanlapuli Rajasekaran, Eric Frew, University of Colorado, Boulder, Co.

Abstract reduce need for software and some sub-systems to

Network-enabled cloud-based servIces can
improve flight operations, increase operation
consistency, reduce need for on board software and
sub-systems to reside in every aircraft, and enable
optimization. The flow of information relies on a
secure network connection and a timely flow of
information. The cyber-physical security aspects of
the aircraft determine the utility, efficiency and the
cost of a network enabled aircraft. This paper will
develop a taxonomy of cyber-security threats and
elaborate on the consequences such threats have on
aircraft systems that could rely on the wireless
network for timely supply of critical information. The
paper also explores existing solutions which directly
translate into this domain, helping address these
concerns at a lower level, as well as different original
and adaptive security architecture that could to be
developed to address the consequences of a
compromised network.
Introduction
Network-enabled, cloud-based services have the
ability to improve aircraft flight operations and fleet
management. The cloud-based services and
architecture will increase operational consistency,
reside in every aircraft, and enable optimization across
entire fleet [1, 2]. However, the use of cloud-based
services relies on secure network communication in
order to ensure the timely flow of information to
dispersed decision-making elements, to ensure the
veracity of data sources in the network, and to ensure
the safety and validity of plans generated off-board the
individual aircraft that ultimately act on the
cloud-based decision. As a result, quality of service
and cyber-security of the supporting network
infrastructure are of major concern.
An Internet connection can lead to enhanced
traffic management, as well as improve operational
consistency, and enable optimization which outlines
the utility of said connection. A network connection
Current air traffic control systems operate at VHF
bands, and these bands have been facing saturation
and a rapid increase in aircraft density. The accuracy
of data being transmitted through a network is high,
and it does not saturate easily.(Figure 1) The ability of
networks to handle these complicated software and the
efficiency or the utility of these software or data,
directly depend on the security of these cyber physical
systems.

Figure 1. Illustration of Aircraft Network Architecture [2]

978-1-5090-5375-9/17/$31.00 20 17 IEEE
3C3-1
 The use of information available on a network
relies on a secure network connection and timely flow
of information. However, influence of external
elements may lead to tampered information that may
cause incorrect information to reach the aircraft,
leading to inefficient re-routing in case of extreme
weather conditions or otherwise.
Prior work has investigated network security in
future e-enabled aircraft [3-5] and cyber-physical
security considerations due to the integration of
aircraft systems with a network connection. The
security considerations in aircraft data networks
(ADNs) as well as challenges in digital content
delivery have been outlined [4]. Security concerns that
deal with future ad hoc networks related to aircraft
were dealt with by identifying threats and
vulnerabilities, specifying security requirements and
mitigation solutions [5].An adaptive security
architecture for future aircraft communications
involving networks [3], SecMan, has been developed
and it uses an algorithm that helps segregate the data
and checks for tampering. It also helps fix marginally
tampered data.
Although prior work has addressed some of the
issues under consideration here, it has not addressed
networked cockpit cyber-security in a cohesive
manner. The flow of information considered here is
more than just data [4]. Future e-enabled aircraft will
have firmware and software on the cloud. Safe
accessibility of such firmware and software depends
on the challenges faced by a security system on such a
network. To understand the scope of these challenges,
we need to characterize these threats and derive
mitigation techniques for them.
This paper describes five major threats to an
aircraft network, the implications of each threat,
existing mitigation techniques of major security
challenges and threats (Table 1) and modified
mitigation techniques that can be used in a security
system architecture for networked cockpits. We try
and extend the mitigation techniques that have
previously been outlined for each of the threats we
describe to networked cockpits and the transfer of
information between them.The final part of the paper
discusses common challenges amongst the mitigation
techniques and proposes possible solutions and to
combat them.

Table 1. Main Cyber-Security Threats or Challenges for Networked Aircraft

Threat/Challenge Risk Ease Of Mitigation
Data Tampering Can cause faulty measurements and planning, Hard to detect, hard to mitigate
can lead to crashes if used to map trajectories
Data Delay Leads to delay in planning trajectories Easy to detect, Easy to mitigate
Privacy Protection Compromising privacy need not necessarily Hard to detect, comparatively easy to
have immediate effects but information derived mitigate
can be used maliciously
Network attacks Viruses and other malware can lead to Ease of detection is case-relative, hard to
malfunctioning and sometimes complete mitigate
shutdown of systems
Connection Can lead to overloading as well as faulty Easy to detect , hard to mitigate
flooding information

Data Tampering This may also be referred to as corruption of

information assets. These security breaches are
During data delivery, an adversary may attempt
capable of compromising the integrity of data.
to hinder effective performance and cause economic
and/or physical damage by tampering with the data
being sent to the aircraft through node impersonation.

3C3-2
Main Implications
ain implications The reception of bad data by the
aircraft can lead to various issues that can put the
performance of the aircraft at risk and take time and/or
financial support to resolve. Tampering modes can be
split into five categories - spoofing, termination,
sidetracking, alteration of internal data, and selective
deception. Spoofing attacks transmit counterfeit data
to mislead the recipient. Termination attacks are when
the data flow is outright terminated. These are
conspicuous and easier to detect. Sophisticated
spoofing attacks attempt to sidetrack the receiver or
the detection system. Selective deception refers to
tampering nodes selectively to defraud the recipient.
Insider tampering refers to a malicious action by a
legitimate user, and it is also particular challenging to
deal with. [6].
Existing Mitigation Tools
Error coding of data: [11] Error coding of
data protects it from errors within limits
specified by the code. Some random errors
are introduced during transmission or due
to the medium of transfer. A nested coding
method can be used to help detect
tampering of data in this case. The inner
code helps in detecting errors, whereas the
outer code corrects them. The outer code
will correct errors up to a certain threshold
(both an amplitude threshold and frequency
threshold) and if the intruder introduces
errors that exceed said threshold, the inner
code can easily detect them. Once detected,
the data can be discarded/rejected, or can be
run through a more rigorous algorithm to
fix (if possible) the data entering the aircraft
from the networked connection by
comparing it with data from other sources.
Nested coding can be used in more than two
layers for greater reliability.
Distributed control scheme realized with
mobile agents (such as those employed by
the CONFIDANT): These include
encapsulation, validated transactions,
interlocking, scrambling, redundancy,
pulse-taking, distinct inception, and
mandatory obsolescence. [6]
The EVIT A and INSIKA projects : The
E-safety Vehicle Intrusion proTected
3C3-3
Application project (EVITA)
(http://www.evitaproject.org/): Car to car
and car to infrastructure communication
has potential to further decrease road
fatalities, but this opens doors to vehicle
intrusion threats which could threaten car
safety functions. The objective of EVITA is
to address such threats by preventing
unauthorized manipulation of on board
systems. EVIT A introduced three different
security modules for protecting vehicles
on-board communications, giving the
principle for the prevention of external car
connection. INSIKA stands for Integrierte
Sicherheitslsung fr messwertverarbeitende
Kassensysteme (Integrated Security
Solution for reading processing POS
systems). It is a system for protecting the
digital records of cash transactions against
manipulation by means of cryptography. It
is an alternative to conventional fiscal
memory systems.
Tamper resistant code encryption is
something that is being explored to combat
this problem. Different kinds of encryption
can be used: bulk encryption, on demand
encryption and a combination of these
techniques and studies have been done to
test their robustness. In 1996 Aucsmith [8]
introduced a scheme to implement tamper
resistant software. Through small, armored
code segments, referred to as integrity
verification kernels (IVKs), the integrity of
the code is verified. These IVKs are
protected through encryption and digital
signatures such that it is hard to modify
them. Furthermore, these IVKs can
communicate with each other and across
applications through an integrity
verification protocol. Many papers in the
field of tamper resistance base their
techniques on one or more of Aucsmiths
ideas.
Challenges for Existing Tools
Existing conventional tools to mitigate tampering
risks do not take into consideration the unique
challenges faced by aircraft data networks. The
accuracy of data transmitted through these networks is
a critical aspect as this data could affect major
decisions taken by the airplane. If data tampering is
not detected, then the aircraft can make bad decisions
based on incorrect data, which can put the
performance of the aircraft at risk.
As mentioned in [9] Security systems tend to
affect the performance of the system, by needing more
bandwidth or increasing processing time/delay and
reducing the throughput. In an ADN (Aircraft Data
Network) a complex security mechanism may affect
the performance of the aircraft, like it's ability to make
fast decisions. The quality of air traffic is affected by
the satellite link and the security mechanism.
Performance enhancement proxies improve TCP
based application performance, but do not work well
in the presence of network layer encryption (which is
one of the methods used to mitigate and prevent data
tampering) . This is because PEPs require transport
layer information to work and a network layer
encryption hides all the information from intermediate
nodes.
Recommendations for Mitigation
Possible solutions could be that network
encryption and IPsec based security can be
used selectively, and whatever needed
enhancement can skip encryption,
establishing multiple IPsec associations.
We could also use other encryption
techniques like SSLlTLS.[12]
Digital signatures : A digital signature
accompanied with network layer
encryption could also be a viable method of
mitigation.
Data Delay
Security vulnerabilities of data links may lead to
signal jamming and/or unavailability of the frequency
necessary to communicate flight data. Data can be
delayed due to other reasons like poor signal strength
or connectivity issues which slows down the number
of packets sent per unit time. When data travels along
unreliable communication channels in a large wireless
network, communication delays and loss of
information in the control loop can happen.
Main Implications
Missing data is easy to detect. If a system (ground
or airborne) expects data at regular intervals, and does
3C3-4
not receive data for a particular time step, it can be
written down as data delay. This could lead to systems
and protocols not working properly, leading to
cancellations of flights and other issues. The
transmission of data through the Internet follows a set
of protocols and they do not function well when data is
delayed. The TCP delivers data in transmission order
and any delay results in decreased throughput,
reducing the transmission efficiency. If the latency
exceeds the duration of communication, then no data
will flow at aI1.[10]
Existing Mitigation Tools
Delay tolerant networks: [10] DTNs enable
communication where connectivity issues
lead to delay of data. DTN research aims to
provide a network architecture which can
apply to cases in high end delays, frequent
network disruptions.
Kalman filtering: [11] Unscented Kalman
filtering and the EKF can be tools to
combat intermittent observations by
estimating the missing values using the
sensor data and the measurements given.
Modeling the arrival of the observation as a
random process, we can study the statistical
convergence properties and show the
existence of a critical value for the arrival
rate of the observations.
Challenges for Existing Tools
Aircraft networks have special characteristics,
and the primary objective of most delay tolerant
networks is to keep a live connection between the two
parties despite delay of data, and allocate the right data
to the right time stamp. With an aircraft data network,
apart from solving these two problems, there is also
the challenge of proper functioning of aircraft
systems, despite data delay. Some aircraft systems
may be dependent on data transmitted through the
network for making important decisions like course
direction and heading, and trajectory planning based
on weather data or air traffic control maps they receive
from the ground at regular intervals. A missing data
set could lead to incorrect mapping or no mapping of
an incremental element of a trajectory, that can put the
performance of the aircraft at risk.
A Kalman filtering algorithm or anything similar
can fix this problem temporarily by estimating the
position of the weather anomaly or the position of the
other aircraft based on its previous heading and speed.
A level of redundancy could also include another form
of recelvmg data, through ground station
communication (A TC) or pre-determined trajectories
the flight has to follow irrespective of the change in
data flow.
Uniqueness with Respect to Aircraft Domain
Aircraft generally have higher exchanges of data
between various nodes which requires more
interconnection of networks, which may make the
aircraft more susceptible to delay due to loss of
information or weak connection.
The main difference between the two networks
lies in the data link layer, and also the time sensitivity
of the data transmitted.
Recommendation for Mitigation
Network management and monitoring tool:
[8] The Aircraft Data Network is divided
into three parts - Passenger Network(PN),
Crew Network(CrN), and Control Network
(CoN). Visualizing the network helps us
visualize the status of ADN and helps us
implement solutions used in Delay Tolerant
Networks to Aircraft Data networks.
Adaptation of vehicular DTN: [8]
Vehicular DTNs are DTNs where vehicles
communicate with each other with fixed
nodes placed along the roads to disseminate
messages. This is a network setting that can
be easily correlated with a ADN setting and
implementing these algorithms in an ADN
might help mitigate data delay.
Privacy Protection
Airplane access to wireless networks helps
increase the efficiency of control systems on the
aircraft, but also potentially enables anyone to
intercept the information on the channel of
communication.(Figure 2) This information obtained
can be used for malicious purposes to identify and
track locations of specific aircraft. Balancing privacy
with airspace security and liability can be a challenge.
Preserving the identities of the individuals
participating in the network. the Automatic Dependent
Surveillance Broadcast (ADS-B) and the Aeronautical
3C3-5
Telecommunications Network (A TN), will allow each
civilian aircraft to engage in distributed air traffic
control concepts/procedures and share data with
ground systems as well as with each other. An
adversary can also passively eavesdrop and or record
conversation and track the position of aircraft.
Figure 2. Illustration of an Adversary Intercepting
the Connection[13]
Main Implications
The ADS - B enables an aircraft to
potentially broadcast information relating
to it's 3D position, velocity, heading, intent
etc. The adversary can record this providing
spatial and temporal data of aircraft and
obtain identifiers of communicating
aircraft. Location trajectories correlated
with other data can provide the adversary
valuable information of people and travel
intents and can also be used in profiling.
The ground station can also transmit
information like maps of the position of
other aircraft for collision avoidance,
adverse weather information and such, to
help the aircraft plan trajectories. The
privacy of such information can be
compromised.
The adversary can infer travel intent and
profile places of interest to the particular
aircraft.
The location privacy of the aircraft can be
compromised.
If the node's signature is compromised,
the node can be impersonated remotely
(Identity theft) and this can also lead to
remote digital stalking.
Existing Mitigation Tools
Cryptographic encryption - can help
mitigate privacy risks by controlling access
to sensitive or private data in A TN.
utility of data should be mostly preserved
through the transformation.
Network AttackslMalware

Protect both address ways. Also the NBAA If the intruder with access to the Aircraft Data
Network succeeds in tampering the data and
(National business aviation association)
came up with an algorithm called BARR - uploading undetected malicious software on to the
network, a lot more undetectable damage can be done
Block aircraft registration request which
to the systems of the aircraft. Malware or malicious
prevents public from accessing a private
software is software created by an attacker/intruder to
aircraft's flight tracking data etc.
compromise the security of data in the
network/system. Different types of malware
Challenges for Existing Tools
(Figure 3) include :
Working with cryptographic encryption is hard,
because ADS-B traffic beacons and IP network
physical layer transmissions must remain openly
accessible. Cryptography and encryption still is
widely used only by military aircraft operations.
Encrypting civilian or non-military aviation is
considered counter-productive, because the ADS-B
normally assumes open availability of information in
the air traffic management system. [14] Also,
complicated encryption may take some time to
decrypt, which may cause delay of time sensitive data
which may lead to delayed decision making. Using
pseudonyms might also prove counter-productive as Figure 3. Different Types of Malware [17]
trusting an anonymous pseudonym with aircraft
information is not ideal. Worms: Malware that propagates itself
from one infected host to other hosts via
Recommendation for Mitigation exploits in the OS interfaces typically the
system-call interface.
Encrypt messages and share an encryption
key with the ATC and use this key to Viruses: Malware that attaches itself to
encrypt emitted ADS-B messages.Data running programs and spreads itself
privacy by using different encryption key is through users' interactions with various
outlined in [15]. systems.

Using pseudonyms - short term identifiers Trojans: Malware that masquerades as

instead of single long term identifiers (like
the 24-bit ICAO address). Pseudonym is
essentially replacing identifying attributes
with synthetic identifiers. Use a 24 bit
pseudonym, that the aircraft can generate as
a random quantity Remove identifiers prior
to publication
Choose trajectories based on privacy.
Usage of algorithms that transform data so
that it's safe for transmISSIOn and
publication [16] These algorithms have two
primary objectives : first the transformation
should protect privacy and second the
non-malware and acts maliciously once
installed (opening backdoors, interfering
with system behavior, etc).
Spyware: Malware that secretly observes
and reports on users computer usage and
personal information accessible therein.
Botnets: Malware that employs a user's
computer as a member of a network of
infected computers controlled by a central
malicious agency.
Rootkits: Malware that hides its existence
from other applications and users. Often

3C3-6
 used to mask the activity of other malicious preventing any kind of new connections from being
software. [18] established.

Existing Mitigation Tools

Typical anti virus software: Anti virus software
uses the same algorithms on plane networks as on a
computer system or any other type of integrated
network. It works by scanning files when they are
loaded for known strings and signatures, typical
attributes of known malware. It is constantly updated.
Honeypots collect malware and non-malware and
are analyzed by human to create new signatures or to
detect new variants of malware that attackers may be
developing.

Challenges for Existing Tools Figure 4. Three Way Handshake

Synchronize(SYN) Request Is Sent and Both
Anti-Virus software are easy to bypass and
Parties Acknowledge(ACK) to Complete
almost all commercially available software can be
Connection [22]
bypassed [19]. Also, uploading an anti virus software
would need a lot of digital space, and in most aircrafts
space is limited and trying to optimize this system
with the cost of security and complexity for an
airplane is complicated and not practical.

Recommendation for Mitigation

Malware writers use obfuscation to morph
malware. Malware detectors and anti-virus software
are susceptible to obfuscations used by attackers. A
malware detection algorithm that addresses this
deficiency by incorporating instruction semantics to
detect malicious program traits is discussed in [20]
which can be used in this scenario.

Connection Flooding/Control Access

Denial
In wireless access transmitter and receiver nodes
cooperate to exchange useful information. If there
exists a non cooperative transmitter exhibiting selfish
behavior (by not sharing necessary information or
hoarding data) or reflecting malicious objectives of
generating interference to prevent the successful
transmissions of other nodes, this is referred to as a Figure 5. Attacker Does Not Send
'denial of service' attack.[14], (Figures 4 and 5] One Acknowledgement Back to the Server, Leaving
of the ways this kind of attack can be executed is if an Connections Open, Consuming Services. Denial of
attacker sends multiple TCP connection requests, with Service to Any Other Connection [23]
spoofed source addresses to an aircraft. Each request
draws data from the host (in this case the aircraft) and
exhausts the hosts resources (like the link bandwidth),

3C3-7
Main Implications
Denial of service can create various other
problems during data transfer. It can lead to data
delay, or interruption of data. Sometimes, data waiting
on an open gate can be over written or which can lead
to deletion of data. This can be detrimental to an
aircraft relying on ADNs and other such networks for
time sensitive information.
Challengedfor Existing Tools
It's hard to trace the attack back to perpetrator.
Also, the implementation of algorithms (used for
normal internet connections and such) for ADNs can
be hard and challenging. Taking into account the
existing safety algorithms, building and implementing
or nesting algorithms for a specific problem (like
connection flooding) can be time consuming. This
algorithm will also have to be updated constantly as
attackers/ adversaries constantly keep coming up with
new code and new algorithms to block effective and
timely transmission of correct data.
Recommendation for Mitigation
System configuration improvements could be
easy to implement, without any special hardware
requirements. Using built in algorithms as well as
encrypting messages with proper ICAO codes and
requirements could be a basic fix to this problem.
Configuring external and internal interfaces to block
packets that have different source addresses so the
host's resources aren't exhausted can be a solution.
Improving memory and computation requirements to
install firewalls and implement algorithms like
SYNKILL [24] can also be a solution. [24] discusses
the pros and cons of SYNKILL and it can be modified
to fit our requirements.
Discussion
Based on the threat taxonomy described above,
important characteristics of a security system
architecture for such a network can be described. The
security system can be designed in a loop with a
checking module, followed by a mitigation module.
The checking component runs through a series of
encryption and firewall steps to check if the data has
been tampered with. If the result comes back negative,
the data is allowed to go through to the aircraft's
control systems, otherwise it goes through the
mitigation module, where it is segregated, and the
3C3-8
threat is identified. The mitigation module makes
important decisions as to whether the data should be
discarded or fixed and sent to the control systems
(with the algorithms present in the module).
The mitigation module is designed with
knowledge of previous solutions. The challenge lies in
finding existing solutions that can be expanded to
include the constraints that come with networked
aircraft cockpits. With networked aircraft, we are not
only interested in transmission of data, but in the
future we hope to run entire programs on the network
and derive outputs from the same. To design such a
vast and digital-heavy security architecture, we build
upon algorithms that have already been implemented
like error coding of data, cryptographic encryption, or
SYNKILL. There have been networks implemented
specifically to deal with particular aspects of security
like Delay tolerant Networks and projects that work
with land vehicles to mitigate data tampering (EVIT A
and INSIKA projects). Our objective is to outline the
major attacks that can happen on a network and form a
consolidated solution to help mitigate and prevent
these attacks.
One common problem that emerged was the
optimization of digital space. Most of the digital space
available was to be used for uploading systems and
data, and adding a security system architecture would
result in slower throughput of data as well as
overloading frequencies that transmit said
information. Another pressing issue is the update rate
of the systems implemented to mitigate the threats
outlined in this paper. Even after a security system
architecture is designed and implemented, it needs to
be maintained and updated constantly, as new strains
of viruses and malware are constantly engineered. The
design of the security system should be such that the
update rate of the system is optimal. A solution to that
could be simpler algorithms, that can be preloaded
into the aircraft's control system, and updated
regularly by people who monitor the network
connection. Uploading the security software to the
cloud can also help decrease the load on the aircraft,
thus increasing computation efficiency.
Conclusion
This paper established a taxonomy of the threats
that face a networked aircraft cockpit. The threats
were segregated based on type and their implications,
and methods to counter them were outlined. The
drawbacks and constraints of the mitigation methods
were also outlined. On the basis of these constraints,
possible solutions for each challenge were described.
Finally, based on this taxonomy, important
characteristics of a security system architecture for
such a network were described.
Recommendations for further work include better
understanding and the improvement
aforementioned security algorithms. This progresses
towards building the ordered system architecture, and
establishing ideal update rates for such code to run for
extended periods of time. Implementing and testing
such a system for security breaches in real time could
further help improve the system. An ultimate goal
would be to implement this on a networked aircraft
and attack the network to test the utility and efficiency
of such a security system in real time.
References
[1] N. Alexandrov, B. J. Holmes, and A. S. Hahn, "A
Benefit Analysis of Infusing Wireless into Aircraft
and fleet Operations, " Tech. Rep.
NASA/TM2016-219360, December 2016.
[2] "NASA, FAA Demonstrate Wireless
Communication with Aircraft, "
https://www.nasa.gov/press-release/nasa-faa-demonst
rate-wireless-communication-with-aircraft, Accessed
March 15, 2017.
[3] M. S. Ben Mahmoud, N. Larrieu, A. Pirovano, and
A. Varet, "An Adaptive Security Architecture for
Future Aircraft Communications, " AIAA/IEEE
Digital Avionics Systems Conference -Proceedings,
pp. 1-16, 2010.
[4] K. Sampigethaya, R. Poovendran, S. Shetty, T.
Davis, and C. Royalty, "Future E-Enabled Aircraft
Communications and Security: the Next 20 Years and
Beyond, " Proceedings of the IEEE, vol. 99, no. 11, pp.
2040- 2055, 2011.
[5] K. Sampigethaya, L. Bushnell, and R. Pooven
dran, "Security of Future eEnabled Aircraft Ad hoc
Networks, " Aviation Technology, Integration, and
Operations Conferences, pp. 1-10, 2008. [Online].
Available: http://www2.ee.washington.edu/research/
nsl/papers/atio-08.pdf
[6] R. F. DeMara and A. J. Rocke, "Mitigation of
Network Tampering Using Dynamic Dispatch of
Mobile Agents, " Computers and Security, vol. 23, no.
1, pp. 31-42, 2004.
[7] S. C. Kak, "How to Detect Tampering of Data,
Subhash C. Kak, " vol. 20, no. February, pp. 109-110,
1985.
[8] J. Cappaert, B. Preneel, B. Anckaert, M. Madou,
and K. De Bosschere, "Towards Tamper Resistant
of
Code Encryption: Practice and Experience, " Lecture
Notes in Computer Science (including subseries
Lecture Notes in Artificial Intelligence and Lecture
Notes in Bioinformatics), vol. 4991 LNCS, pp.
86-100, 2008.
[9] R. Pendse, N. Thanthry, M. S. Ali, R. Pendse, R. P.
Security, I. Connectivity, and A. D. Networks,
"Security, Internet Connectivity and Aircraft Data
Networks, " Electrical Engineering and Computer
Science, vol. 21, no. 5, pp. 12-16, 2006.
[10] P. R. Pereira, A. Casaca, J. J. P. C. Rodrigues, V.
N. G. J. Soares, J. Triay, and C. Cervell-Pastor, "From
Delay-Tolerant Networks to Vehicular
Delay-Tolerant Networks, " IEEE Communications
Surveys and Tutorials, vol. 14, no. 4, pp. 1166-1182,
2012.
[11] B. Sinopoli, L. Schenato, M. Franceschetti, K.
Poolla, M. I. Jordan, and S. S. Sastry, "Kalman
Filtering with Intermittent Observations, " IEEE
Transactions on Automatic Control, vol. 49, no. 9, pp.
1453-1464, 2004.
[12] H. Gao, A. Jasti, and R. Pendse, "An
intelligent network monitoring and management tool
for aircraft data networks, " Digital Avionics Systems .
.., pp. 1-7, 2005. [Online]. Available:
http://ieeexplore.ieee.orglxpls/abs{}all.jsp?arnumber
=1563409
[13] http://searchnetworking.techtarget.com/tip/
80211-Security-Attacks-and-risks, accessed March
15, 2017.
[14] K. Sampigethaya, R. Poovendran, and C. S.
Taylor, "Privacy of General Aviation Aircraft in the
NextGen, "AIAA/IEEE Digital Avionics Systems
Conference Proceedings, 2012.
[15] M. Shao, S. Zhu, W. Zhang, G. Cao, and Y. Yang,
"PDCS: Security and Privacy Support for
Data-Centric Sensor Networks, " IEEE Transactions
on Mobile Computing, vol. 8, no. 8, pp. 1023-1038,
2009.
3C3-9
[16] M. Hay, K. Liu, G. Miklau, J. Pei, and E. Detection, " 2005 IEEE Symposium on Security and
Terzi, "Privacy-Aware Data Management in Privacy, Proceedings, pp. 32--46, 2005.
Information Networks, " International Conference on
[21] Y. E. Sagduyu and A. Ephremides, "A
Management of Data (SIGMOD), pp. 1201-1204,
Game-Theoretic Analysis of Denial of Service
2011. [Online]. Available:
Attacks in Wireless Random Access, " Wireless
http://portal.acm.org/citation.cfm?doid=
Networks, vol. 15, no. 5, pp. 651- 666, 2009.
1989323.1989453
[22] Dake, "Hazmat2 (talk), "
[17]
https:llcommons.wikimedia.orglw/index.php?curid= 1
http://www.thepcworks.com/wp-content/uploads/201
8126366 accessed March 15, 2017.
6/02/Malware.jpg, accessed March 15, 2017
[23]
[18] J. Demme, M. Maycock, J. Schmitz, A. Tang, A.
https:llcommons.wikimedia.orglw/index.php?curid=
Waksman, S. Sethumadhavan, and S. Stolfo, "On the
810830 , accessed March 15, 2017
Feasibility of Online Malware Detection with
Performance Counters, " SIGARCH Comput. Archit. [24] C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A.
News, vol. 41, no. 3, pp. 559-570, 2013. [On Sundaram, and D. Zamboni, "Analysis of a Denial of
line].Available: Service Attack on TCP, " Proceedings. 1997 IEEE
http://doi.acm.orgll0.1145/2508148.2485970 Symposium on Security and Privacy (Cat.
No.97CB36097), pp. 208-223, 1997.
[19] S. Jana and V. Shmatikov, "Abusing file
Processing in Malware Detectors for Fun and Profit, "
Proceedings IEEE Symposium on Security and 2017 Integrated Communications Navigation
Privacy, pp. 80-94, 2012.
and Surveillance (ICNS) Conference
[20] M. Christodorescu, S. Jha, S. A. Seshia, D. Song,
April 18-20, 2017
and R. E. Bryant, "Semantics-Aware Malware

3C3-10