Table 2 Main types of abnormal behaviors of attackers controlling the compromised nodes.
Serial number (η) | Event type | Description |
|---|---|---|
1 | Illegal request | The compromised node issues illegal access or unauthorized interaction requests |
2 | Scanning detection | The compromised node uses large-scale scanning or targeted low-frequency detection scans to identify relevant threat vulnerabilities |
3 | Cross-domain lateral movement | The compromised node moves horizontally across domains into sensitive airborne network domains for data theft or illegal destruction. For example, moving horizontally from the cabin network domain to the aircraft control domain |
4 | Identity impersonation | The compromised node impersonates a privileged node or accounts in an attempt to obtain confidential onboard data |
5 | Eavesdropping attack | The compromised node listens to and steals data packets from the channel, and even intercepts, modifies, and injects false data packets to disrupt the data integrity and correctness of AWSN |
6 | Jamming attack | The compromised node sends noise or useless signals to the channel, occupying the communication channel and interfering with the normal data forwarding of other nodes. |
7 | Exhaustingattack | The compromised node continuously sends requests or retransmits messages, preventing the target node from entering sleep mode, and resulting in rapid energy depletion of the target node |
8 | Replay attack | The compromised node steals a message and then resends it to the receiving node, which is usually used for identity authentication to disrupt the correctness of authentication |
9 | Selective Forwarding | The compromised node refuses to forward certain sensitive messages and discards them, thereby reducing the network’s data delivery rate and damaging data integrity |
10 | Sybil attack | The compromised node can appear in the network with multiple identities by fabricating or teaming up, reducing the fault tolerance of AWSN multipath routing and topology maintenance |
