<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">caht</journal-id><journal-title-group><journal-title xml:lang="ru">Научный вестник МГТУ ГА</journal-title><trans-title-group xml:lang="en"><trans-title>Civil Aviation High Technologies</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2079-0619</issn><issn pub-type="epub">2542-0119</issn><publisher><publisher-name>Moscow State Technical University of Civil Aviation (MSTU CA)</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.26467/2079-0619-2025-28-5-8-21</article-id><article-id custom-type="elpub" pub-id-type="custom">caht-2636</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ТРАНСПОРТНЫЕ СИСТЕМЫ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>TRANSPORTATION SYSTEMS</subject></subj-group></article-categories><title-group><article-title>Метод анализа многомерных сочетаний признаков сетевого трафика для выявления признаков несанкционированного вмешательства в авиационных сетях передачи данных</article-title><trans-title-group xml:lang="en"><trans-title>Method of analyzing multidimensional combinations of network traffic features for identifying signs of unauthorized intrusion in aviation data transmission networks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ганичев</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Ganichev</surname><given-names>A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Ганичев Александр Александрович, старший преподаватель кафедры основ радиотехникии защиты информации МГТУ ГА</p><p>Москва</p></bio><bio xml:lang="en"><p>Alexandr A. Ganichev, Senior Lecturer, Fundamentals of Radio Engineering and Information Security Chair</p><p> Moscow</p></bio><email xlink:type="simple">alexunderlich@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Московский государственный технический университет гражданской авиации</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Moscow State Technical University of Civil Aviation</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>02</day><month>11</month><year>2025</year></pub-date><volume>28</volume><issue>5</issue><fpage>8</fpage><lpage>21</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Ганичев А.А., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Ганичев А.А.</copyright-holder><copyright-holder xml:lang="en">Ganichev A.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://avia.mstuca.ru/jour/article/view/2636">https://avia.mstuca.ru/jour/article/view/2636</self-uri><abstract><p>В связи с увеличением интенсивности и усложнением сетевого взаимодействия авиационных систем передачи данных существенно возрастает потребность в разработке методов выявления признаков несанкционированного вмешательства в авиационную деятельность. Важность данной проблемы обусловлена необходимостью обеспечения устойчивости авиационной инфраструктуры к разнообразным угрозам, способным привести к критическим нарушениям работы систем управления воздушным движением и повлиять на безопасность полетов воздушных судов. В статье разработан и представлен метод анализа многомерных сочетаний признаков сетевого трафика авиационных систем передачи данных, основанный на модифицированном алгоритме частотного анализа FP‑Growth, адаптированном под специфику многомерных данных. Отличительной особенностью предложенного подхода является сохранение контекста признаков и возможность выявления скрытых зависимостей между различными параметрами сетевых событий, которые недоступны традиционным одномерным алгоритмам частотного анализа. Разработана модель представления сетевых событий в виде многомерных транзакций, предложен алгоритм построения многомерного дерева частых признаков и извлечения устойчивых сочетаний признаков с заданной частотой встречаемости. По результатам экспериментальной проверки на реальных данных сетевого трафика подтверждена возможность выявления шаблонов сетевых атак и ранее не регистрируемых аномальных сочетаний признаков. Выполнена количественная оценка производительности предлагаемого метода, подтвердившая его эффективность и пригодность для обработки значительных объемов информации, характерных для авиационных систем передачи данных, в режиме реального времени. Предложенный метод обеспечивает повышение защищенности авиационных сетей и своевременное выявление угроз авиационной деятельности. Разработанный метод может быть использован для повышения устойчивости АСПД систем УВД к угрозам и приоритетного выбора мер защиты для обеспечения безопасности полетов.</p></abstract><trans-abstract xml:lang="en"><p>Due to the increasing intensity and complexity of network interactions in aviation data transmission systems, the need for developing methods to detect signs of unauthorized interference in aviation operations is significantly growing. The importance of this issue is due to the need to ensure control systems and affect the safety of aircraft flights. This article develops and presents a method for analyzing multidimensional combinations of network traffic features in aviation data transmission systems, based on a modified frequent-pattern FP-Growth algorithm adapted specifically for multidimensional data. A distinctive feature of the proposed approach is maintaining the contextual integrity of network event attributes, enabling the identification of hidden dependencies among various parameters of network events that are inaccessible to traditional one-dimensional frequent pattern analysis algorithms. A model for representing network events as multidimensional transactions is formulated, and an algorithm for constructing a multidimensional frequent-pattern tree and extracting stable combinations of features with a predefined frequency of occurrence is proposed. Experimental validation using real network traffic data confirmed the capability of detecting network attack patterns and previously unrecorded anomalous feature combinations. A quantitative evaluation of the proposed method’s performance was conducted, confirming its efficiency and suitability for processing substantial data volumes characteristic of aviation data transmission systems in real-time conditions. The developed method provides improved protection for aviation networks and timely identification of threats to aviation operations. The developed method can be applied to enhance the resilience of aviation data transmission systems for air traffic management and prioritize protective measures to ensure flight safety.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>несанкционированное вмешательство</kwd><kwd>информационная безопасность</kwd><kwd>авиационная сеть передачи данных</kwd><kwd>обнаружение атак</kwd><kwd>риск</kwd><kwd>частотный анализ</kwd><kwd>сетевой трафик</kwd></kwd-group><kwd-group xml:lang="en"><kwd>unauthorized interference</kwd><kwd>information security</kwd><kwd>network reliability</kwd><kwd>aviation data network</kwd><kwd>attack detection</kwd><kwd>risk</kwd><kwd>frequency analysis</kwd><kwd>network traffic</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Ганичев А.А., Пителинский К.В., Бритвина В.В. Статистический анализ потенциальных угроз информационной безопасности в бортовой сети воздушного судна // Вопросы защиты информации. 2024. № 1 (144). С. 11–22. DOI: 10.52190/2073-2600_2024_1_11</mixed-citation><mixed-citation xml:lang="en">Ganichev, A.A., Pitelinskiy, K.V., Britvina, V.V. (2024). Statistical analysis of potential information security threats in aircraft onboard networks. Information Security Questions, vol. 1 (144), pp. 11–22. DOI: 10.52190/ 2073-2600_2024_1_11 (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Кротова Е.Л., Андреев Р.А., Андреева П.А. Big data в авиационной отрасли: варианты применения // Международный научно-исследовательский журнал. 2021. № 5-1 (107). С. 6–9. DOI: 10.23670/IRJ.2021.107.5.001</mixed-citation><mixed-citation xml:lang="en">Krotova, E.L., Andreev, R.A., Andreeva, P.A. (2021). Big data in the aviation industry: application options. International Re-search Journal, 2021, no. 5-1 (107), pp. 6–9. DOI: 10.23670/IRJ.2021.107.5.001 (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Liu D. Deep learning aided packet routing in aeronautical ad-hoc networks relying on real flight data: from single-objective to near Pareto multi-objective optimization / D. Liu, J. Zhang, J. Cui, S.-X. Ng, R.G. Maunder, L. Hanzo [Электронный ресурс] // Networking and Internet Architecture. 2021. DOI: 10.48550/ arXiv.2110.15145 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Liu, D., Zhang, J., Cui, J., Ng, S.-X., Maunder, R.G., Hanzo, L. (2021). Deep learning aided packet routing in aeronautical ad-hoc networks relying on real flight data: from single-objective to near-Pareto multi-objective optimization. Networking and Internet Architecture. DOI: 10.48550/arXiv.2110.15145 (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Hillebrecht A., Marks T., Gollnick V. An aeronautical data communication demand model for the North Atlantic oceanic airspace // CEAS Aeronautical Journal. 2023. Vol. 14. Pp. 553–567. DOI: 10.1007/s13272-023-00651-4</mixed-citation><mixed-citation xml:lang="en">Hillebrecht, A., Marks, T., Gollnick, V. (2023). An aeronautical data communication demand model for the North Atlantic oceanic airspace. CEAS Aeronautical Journal, vol. 14, pp. 553–567. DOI: 10.1007/s13272-023-00651-4</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Adamopoulou E., Daskalakis E. Applications and technologies of big data in the aerospace domain [Электронный ресурс] // Electronics. 2023. Vol. 12, iss. 10. ID: 2225. DOI: 10.3390/electronics12102225 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Adamopoulou, E., Daskalakis, E. (2023). Applications and technologies of big data in the aerospace domain. Electronics, vol. 12, issue 10, ID: 2225. DOI: 10.3390/electronics 12102225 (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Secera J., Novak A. The future of data communication in Aviation 4.0 environment // INCAS Bulletin. 2021. Vol. 13, iss. 3. Pp. 165–178. DOI: 10.13111/2066-8201.2021.13.3.14</mixed-citation><mixed-citation xml:lang="en">Secera, J., Novak, A. (2021). The future of data communication in Aviation 4.0 environment. INCAS Bulletin, vol. 13, issue 3, pp. 165–178. DOI: 10.13111/2066-8201.2021. 13.3.14</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Dou X. Big data and smart aviation information management system [Электронный ресурс] // Cogent Business &amp; Management. 2020. Vol. 7, iss. 1. DOI: 10.1080/23311975. 2020.1766736 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Dou, X. (2020). Big data and smart aviation information management system. Cogent Business &amp; Management, vol. 7, issue 1. DOI: 10.1080/23311975.2020.1766736 (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Hu W. Security monitoring of heterogeneous networks for big data based on distributed association algorithm / W. Hu, J. Li, J. Cheng, H. Guo, H. Xie // Computer Communications. 2020. Vol. 152. Pp. 206–214.</mixed-citation><mixed-citation xml:lang="en">Hu, W., Li, J., Cheng, J., Guo, H., Xie, H. (2020). Security monitoring of hetero-geneous networks for big data based on distributed association algorithm. Computer Communications, vol. 152, pp. 206–214.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Ганичев А.А. Модель угроз несанкционированного вмешательства в беспроводных информационных системах авионики / А.А. Ганичев, К.В. Пителинский, С.А. Кесель, В.А. Пиков // Вопросы защиты информации. 2024. № 4 (147). С. 35–43. DOI: 10.52190/2073-2600_2024_4_35</mixed-citation><mixed-citation xml:lang="en">Ganichev, A.A., Pitelinskiy, K.V., Kesel, S.A., Pikov, V.A. (2024). Threat model of unauthorized interference in wireless avionics information systems. Information Security Questions, no. 4 (147), pp. 35–43. DOI: 10.52190/2073-2600_2024_4_35 (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Петров В.И. Методика анализа программного обеспечения бортовых компьютеров воздушного судна на отсутствие недекларированных возможностей сигнатурно-эвристическим способом // Научный вестник МГТУ ГА. 2017. Т. 20, № 1. С. 186–193.</mixed-citation><mixed-citation xml:lang="en">Petrov, V.I. (2017). The technique of analysis of software of on-board computers of air vessel to absence of undeclared capabilities by signature-heuristic way. Civil Aviation High Technologies, vol. 20, no. 1, pp. 186–193. (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Shawly T. Architectures for detecting interleaved multi-stage network attacks using hidden Markov models / T. Shawly, A. Elghariani, J. Kobes, A. Ghafoor // IEEE Transactions on Dependable and Secure Computing. 2019. Vol. 18, no. 5. Pp. 2316–2330. DOI: 10.1109/ TDSC.2019.2948623</mixed-citation><mixed-citation xml:lang="en">Shawly, T., Elghariani, A., Kobes, J., Ghafoor, A. (2019). Architectures for detecting interleaved multi-stage network attacks using hidden Markov models. IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 5, pp. 2316–2330. DOI: 10.1109/TDSC.2019.2948623</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Kotenko I., Gaifulina D., Zelichenok I. Systematic literature review of security event correlation methods // IEEE Access. 2022. Vol. 10. Pp. 43387–43420. DOI: 10.1109/ACCESS.2022. 3168976</mixed-citation><mixed-citation xml:lang="en">Kotenko, I., Gaifulina, D., Zelichenok, I. (2022). Systematic literature review of security event correlation methods. IEEE Ac-cess, vol. 10, pp. 43387–43420. DOI: 10.1109/ACCESS.2022.3168976</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Maosa H., Ouazzane K., Ghanem M.C. A hierarchical security event correlation model for real-time threat detection and response [Электронный ресурс] // Network. 2024. Vol. 4, no. 1. Pp. 68–90. DOI: 10.3390/network 4010004 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Maosa, H., Ouazzane, K., Ghanem, M.C. (2024). A hierarchical security event correlation model for real-time threat detection and response. Network, vol. 4, no. 1, pp. 68–90. DOI: 10.3390/network4010004 (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Cheng Q. STEP: Spatial-temporal network security event prediction / Q. Cheng, Y. Shen, D. Kong, C. Wu [Электронный ресурс] // Cryptography and Security. 2021. DOI: 10.1109/TIFS. 2024.1234567 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Cheng, Q., Shen, Y., Kong, D., Wu, C. (2021). STEP: Spatial-temporal network security event prediction. Cryptography and Security. DOI: 10.1109/TIFS.2024.1234567 (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Исрафилов А. Современные вызовы в области кибербезопасности беспилотных авиационных систем [Электронный ресурс] // Universum: технические науки. 2024. № 2 (119). URL: https://7universum.com/ru/tech/archive/item/16760 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Israfilov, A. (2024). Contemporary challenges in cybersecurity of unmanned aerial systems. Universum: Technical Sciences, no. 2 (119). Available at: https://7universum.com/ru/tech/archive/item/16760. (accessed: 22.03.2025). (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Лянгузов Д.А., Плюснин Н.И. Безопасность и уязвимость сетей беспилотных летательных аппаратов: обзор // Известия Тульского государственного университета. Технические науки. 2023. № 7. С. 528–529. DOI: 10.24412/2071-6168-2023-7-528-529</mixed-citation><mixed-citation xml:lang="en">Lyanguzov, D.A., Plusnin, N.I. (2023). Security and vulnerability of unmanned aerial vehicle networks: review. Izvestiya Tulskogo gosudarstvennogo universiteta. Tekhnicheskiye nauki, no. 7, pp. 528–529. DOI: 10.24412/2071-6168-2023-7-528-529</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Corretjer P.J. A cybersecurity analysis of today’s commercial aircrafts and aviation industry systems: A thesis master of science. USA. NY: Utica College, 2018. 22 p.</mixed-citation><mixed-citation xml:lang="en">Corretjer, P.J. (2018). A cybersecurity analysis of today’s commercial aircrafts and aviation industry systems: A thesis master of science. USA. NY: Utica College, 22 p.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Kessler G.C., Craiger J.P. Aviation cybersecurity: An overview [Электронный ресурс] // NTAS. 2018. URL: https://commons.erau.edu/ntas/2018/presentations/37/ (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Kessler, G.C., Craiger, J.P. (2018). Aviation cybersecurity: An overview. NTAS. Available at: https://commons.erau.edu/ntas/ 2018/presentations/37/ (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Liu L.J. Research and application of improved Apriori algorithm // Computer Engineering and Design. 2017. Vol. 38, no. 12. Pp. 3324–3328.</mixed-citation><mixed-citation xml:lang="en">Liu, L.J. (2017). Research and application of improved Apriori algorithm. Computer Engineering and Design, vol. 38, no. 12, pp. 3324–3328.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Wang J.M., Yuan W. Improved FP-Growth algorithm based on node table // Computer Engineering and Design. 2018. Vol. 39, no. 1. Pp. 140–145.</mixed-citation><mixed-citation xml:lang="en">Wang, J.M., Yuan, W. (2018). Improved FP-Growth algorithm based on node table. Computer Engineering and Design, vol. 39, no. 1, pp. 140–145.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Srinadh V. Evaluation of Apriori, FPGrowth and Eclat association rule mining algorithms // International Journal of Health Sciences. 2022. Vol. 6, no. S 2. Pp. 7475–7485. DOI: 10.53730/ijhs.v6nS2.6729</mixed-citation><mixed-citation xml:lang="en">Srinadh, V. (2022). Evaluation of Apriori, FP-Growth and Eclat association rule mining algorithms. International Journal of Health Sciences, vol. 6, no. S 2, pp. 7475–7485. DOI: 10.53730/ijhs.v6nS2.6729</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Srivastava A., Sinha D. FP growth-based zero-day attack signature extraction &amp; detection model for high-volume attacks on real-time data stream [Электронный ресурс] // SSRN. 2023. 38 p. DOI: 10.2139/ssrn.4701527 (дата обращения: 22.03.2025).</mixed-citation><mixed-citation xml:lang="en">Srivastava, A., Sinha, D. (2023). FP growth-based zero-day attack signature extraction &amp; detection model for high-volume attacks on real-time data stream. SSRN, 38 p. DOI: 10.2139/ssrn.4701527 (accessed: 22.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Ali H. Imbalance class problems in data mining: A review / H. Ali, M.N.M. Salleh, R. Saedudin, K. Hussain, M.F. Mushtaq // Indonesian Journal of Electrical Engineering and Computer Science. 2019. Vol. 14, no. 3. Pp. 1552–1563. DOI: 10.11591/ijeecs.v14.i3. pp1552-1563</mixed-citation><mixed-citation xml:lang="en">Ali, H., Salleh, M.N.M., Saedudin, R., Hussain, K., Mushtaq, M.F. (2019). Imbalance class problems in data mining: A review. Indonesian Journal of Electrical Engineering and Computer Science, vol. 14, no. 3, pp. 1552–1563. DOI: 10.11591/ijeecs.v14.i3.pp1552-1563</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
