Vfortified Instrumented Bus Reliability Activity Net Tracker

What is it: VIBRANT is defensive cyber technology that will monitor mission-critical cyber-assets, using novel machine learning techniques, to identify in near real-time, any anomalous behaviors in these assets that might be indicative of attack, misconfiguration, or misuse.

Why we need it:  VIBRANT will greatly improve the resiliency of mission-critical cyber-assets and embedded systems functionality by detecting, visualizing and mitigating real time anomalous cyber events on avionics, sea and land-based DoD weapon systems. VIBRANT is already proving that the cyber-resiliency and integrity of the 1553 and 429 busses can only be accomplished by real-time monitoring and mitigation capabilities. To protect our most important weapons systems, VIBRANT developers are striving to provide the following capabilities and benefits:

  • Rapid cyber assessment of avionics components and associated ICDs thru a plug and play appliance,
  • Helping DOT&E accomplish IAT planning, testing and post-test mitigation monitoring, against validated cyber threats associated with MIL-STD-1553 or ARINC-429 communication protocols and standards,
  • Determining mission readiness of cyber assets based on recorded sensor data and attack vector analysis,
  • Enhancing AF cyber policies and procedures  to support automated monitoring and reporting of compliance, 
  • Providing visualization of real time message traffic analysis including drill down of anomalous conditions.

Technical Innovation: VIBRANT utilizes state-of-the art machine learning techniques to identify cyber-events within the metric streams and aligns these events to the lifecycle of a cyber-attack.

Key capabilities:

  • Actionable, mission-level and platform-level intelligence when anomalous behaviors indicative of cyber-attack are discovered within deployed mission-critical avionics-systems.
  • Real-time visibility and mission-level impact analysis as countermeasures against attacks launched by sophisticated adversaries whose actions would otherwise be detected only after damaging mission readiness.
  • Detection of sophisticated attacks such as those that attempt to exploit a vulnerability in a service (e.g., buffer overflow, remote code execution, and reserved/spare field use).
  • Detection of non-malicious but problematic conditions such as misuse, misconfiguration and errors in the ICD of aviation-systems. 
  • Visualizations and metrics that enable the operators of mission-critical cyber systems to answer key questions such as:

    • What non-mission-essential behaviors are occurring within my infrastructure? 
    • Are the systems on which deployed services execute behaving as expected? 
    • Are observed anomalous behaviors indicative of cyber-attack? 
    • Are any planned or in-progress missions impacted by cyber-attack, and if so, what level of impact should be expected?

System objective:  The objective is to adapt an appliance to operate as both a MIL-STD-1553 and ARINC-429 bus monitor/recorder, installed in a System Integration Laboratory (SIL), before a proposed avionics box swap, and after the box swap, to garner data for analyzing how the newly swapped-in avionics Remote Terminal (RT) is performing. We will provide analysis and reporting detailing what has changed, and if there are any indicators of unacceptable changes.  These capabilities will be enhanced and tailored to monitor bus traffic on multiple DoD and Commercial avionics platforms to provide near real time visualization of anomalies and potential mitigation functions.

Why VIBRANT: To ensure the correct use of a platform’s ICD to ensure that all specified messages mirror the ICD and are being loaded correctly including the following:

  1. Ensure working with a valid baseline,
  2. Catch over runs,
  3. Misuse of Spare fields, and
  4. Explain any issues discovered during an analytical run.

We intend to provide a foundation for machine learning on a platform/mission level to support anomaly discovery using the following paradigm:

  1. Open Architecture approach,
  2. Government owns the vampire recording device,
  3. Plug and Play new analytics ,
  4. Plug-in can be added without impacting ATO since new analytics can be easily tested and deployed,
  5. Leads to low total ownership cost, and 
  6. Provides flexibility in how to notify pilot based on the issues detected.

Finally, the foundation will provide for an open SIL, based on actual flight data to improve and increase the speed of trouble shooting and vulnerability mitigation which can also be used to support evidence-based aviation and cyber certification.

Who Cares:    Developing in a government approved SIL will provide maximum transition and reuse opportunities for the AF, DOD, and even FedGov agencies.  The main beneficiary of VIBRANT is the OSD’s DOT&E, mandated to provide independent and objective assessments so that our soldiers, sailors, airmen, and marines believe in their equipment and weapons, and are confident they are combat ready. Testing early and often is a critical aspect of ensuring warfighters have combat credible systems at the speed of relevance. I am committed to ensuring that testing is relevant to the acquisition process. To that end, DOT&E’s initial focus areas are:

  1. Securing Software and Cybersecurity
  2. Increasing the Use of Prototyping and Experimentation
  3. Integrated Test and Evaluation
  4. Improving Test Infrastructure
  5. Improving the use of Modeling and Simulation
  6. Ensuring a Capable Workforce
  7. Ensuring DOT&E Relevance to the Department

Since VIBRANT is designed to improve resilience of just such life-critical mission functions, it is essential to target the R&D deliverables to this most-critical environment, allowing easy extension to other functions such as combat support and global mobility.  The Air Force Research Laboratory will function as the research arm responsible for assuring the technical feasibility of VIBRANT as well as serving as the accreditation intermediary.  This affiliation is important as VIBRANT looks to enable the future of Cyber operations while assuring a viable environment for transition to weapon systems within the operational commands (e.g., ACC, AMC, etc.).    

VIBRANT Quad Chart

VIBRANT Collaboration via N-FACTOR