Citation: Cohen, S.; Levy, E.; Shaked,
A.; Cohen, T.; Elovici, Y.; Shabtai, A.
RadArnomaly: Protecting Radar
Systems from Data Manipulation
Attacks. Sensors 2022, 22, 4259.
https://doi.org/10.3390/s22114259
Academic Editors: M. Jamal Deen,
Subhas Mukhopadhyay, Yangquan
Chen, Simone Morais, Nunzio
Cennamo and Junseop Lee
Received: 4 May 2022
Accepted: 26 May 2022
Published: 2 June 2022
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2022 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Article
RadArnomaly: Protecting Radar Systems from Data
Manipulation Attacks
Shai Cohen
1
, Efrat Levy
1,
* , Avi Shaked
2
, Tair Cohen
2
, Yuval Elovici
1
and Asaf Shabtai
1
1
Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev,
Be’er Sheva 8410501, Israel; shco@post.bgu.ac.il (S.C.); elovici@bgu.ac.il (Y.E.); shabtaia@bgu.ac.il (A.S.)
2
Cyber Division, Elta Company, Ashdod 7710202, Israel; avishakedse@gmail.com (A.S.);
tairlo@gmail.com (T.C.)
* Correspondence: elevy@post.bgu.ac.il
Abstract:
Radar systems are mainly used for tracking aircraft, missiles, satellites, and watercraft. In
many cases, information regarding the objects detected by a radar system is sent to, and used by,
a peripheral consuming system, such as a missile system or a graphical user interface used by an
operator. Those systems process the data stream and make real-time operational decisions based
on the data received. Given this, the reliability and availability of information provided by radar
systems have grown in importance. Although the field of cyber security has been continuously
evolving, no prior research has focused on anomaly detection in radar systems. In this paper,
we present an unsupervised deep-learning-based method for detecting anomalies in radar system
data streams; we take into consideration the fact that a data stream created by a radar system is
heterogeneous, i.e., it contains both numerical and categorical features with non-linear and complex
relationships. We propose a novel technique that learns the correlation between numerical features
and an embedding representation of categorical features in an unsupervised manner. The proposed
technique, which allows for the detection of the malicious manipulation of critical fields in a data
stream, is complemented by a timing-interval anomaly-detection mechanism proposed for the
detection of message-dropping attempts. Real radar system data were used to evaluate the proposed
method. Our experiments demonstrated the method’s high detection accuracy on a variety of data-
stream manipulation attacks (an average detection rate of 88% with a false -alarm rate of 1.59%) and
message-dropping attacks (an average detection rate of 92% with a false-alarm rate of 2.2%).
Keywords: radar system; anomaly detection; deep learning
1. Introduction
Radar systems use electromagnetic radiation to detect objects within a defined scanned
area [
1
]; they can also be used to classify the detected objects [
2
]. Radar systems are mainly
integrated in air and terrestrial traffic-control systems [
3
], autonomous vehicles [
4
], air-
defense systems, anti-missile systems, aircraft anti-collision systems, and ocean surveillance
systems [5].
In recent years, as technology has evolved, the use of radar systems has increased
along with a reliance on their correct and reliable operation. Unfortunately, radar systems
are vulnerable to cyber attacks [6].
Radar systems often include extended sets of components, such as communication
systems and SCADA systems. These components can be exploited by attackers in order to
compromise a radar system [
7
]. In addition, in many cases, radar systems are integrated
within systems that are vulnerable to cyber attacks, such as autonomous vessels [
8
] and
smart vehicles [
9
]. These vulnerabilities may be used by an attacker as a back door for an
attack on a radar system.
Typically, the radar system architecture consists of the following basic components:
(1) an antenna responsible for transmitting/receiving electromagnetic waves to/from a
Sensors 2022, 22, 4259. https://doi.org/10.3390/s22114259 https://www.mdpi.com/journal/sensors
