TTSAD:TCN-Transformer-SVDD Model for Anomaly Detection in Air Traffic ADS-B Data

ADS-B (Automatic Dependent Surveillance-Broadcast) is a key technology in the new generation air traffic surveillance system. However, it is vulnerable to various cyber attacks because it broadcasts data in plaintext format and lacks authentication mechanism. Previous research has rarely considered the application scenarios of ATM (Air Traffic Management) in commercial air transport, and there are the problems of low anomaly detection rate and the non-lightweight model. This paper focuses on ADS-B anomaly detection under the background of ATM. We propose the TTSAD (TCN-Transformer-SVDD Model for Anomaly Detection) model, which aims to address the problems of existing ADS-B anomaly detection methods including inadequate considerations of long-term dependencies and distribution characteristic, the non-lightweight model and the poor adaptive threshold. First, ADS-B time series is input into TCN (Temporal Convolutional Network) prediction module which predicts data in an accurate and quick way using causal convolution and dilated convolution. Then, the predicted ADS-B time series is input into Transformer reconstruction module which reconstructs data accurately and quickly based on Self-Attention and Multi-Head Attention mechanism. Finally, the difference values between the reconstructed values and the real values are input into SVDD (Support Vector Data Description) threshold determination module for an optimal threshold. Experimental results show that the TTSAD model can detect ADS-B anomaly data generated from attacks such as altitude slow offset and DOS (Denial of Service). The TTSAD model is superior to other machine learning methods in terms of recall rate, detection rate, accuracy rate, missing detection rate and false alarm rate. Furthermore, compared with other deep learning methods including LSTM, GRU and LSTM-AE, the TTSAD model has a shorter training time and a lightweight characteristic. This approach guarantees the information security of ADS-B, thereby improving the operational security of ATM.