SESSION II

Tactical Internet

Ms. Aysin Zaim (ASELSAN-Türkiye)

TASMUS Network Management System Architecture

Mr. Ali Yazici (ASELSAN-Türkiye)

Security of Network Systems

Mr. Sander Bakker (Cisco Systems, Europe-Belgium)

An Intelligent Evasion Law Design for an Aircraft Under Missile Threat

Assoc. Prof. Kemal Leblebicioglu (METU, EEE Department-Türkiye)

Ms. Deniz Erdogmus (TUBITAK, SAGE-Türkiye)

ON THE WAY THROUGH TACTICAL INTERNET:

TI APPROACH OF ASELSAN

FOR THE TURKISH LAND FORCES

Ms. Aysin Zaim

ASELSAN-Türkiye

1. ABSTRACT

This paper explains the ASELSAN’s Tactical Internet approach for the Turkish Land Forces in order to exchange information between warfighters in the tactical battlefield.

2. INTRODUCTION

21st century is named as “Information Age”. This term is emphasizes the importance of the “information” on the new century. Information term covers all kinds of data such as voice, video, imagery, graphics, etc. , and “Information System” describes a set of systems that acquire, process and transport the information. A C4I system is a military instance of an information system. C4I is the framework for situational awareness, decision making, and execution throughout the battlespace. Efficient execution of information exchange requirements throughout the battlespace is key to evolving C4I toward the ultimate goal of seamless information exchange in all weather conditions, day and night operations on any potential battlefield or other operational environment.

As a result of recent advancement of computers and computer communications equipment in the commercial environment, the military realm has developed a

goal of “Digitized Battlefield” to support the current and the future information requirements of the warfighters. Digitizing all generated

information throughout the battlefield accelerates acquisition, processing and dissemination of the information, and assures the command and control decision cycle superiority. Thus increase the survivability, lethality and operational tempo of the force.

3. Tactical Internet and Technical Constraints

Currently it is difficult to establish seamless information flow among diverse units of tactical battlefield due to disparate data formats, communication protocols and communications media. Therefore, providing interconnectivity and interoperability of computers are carrying weight with the computers as well. The Tactical Internet (TI) is the means to that end. Internetworking technology, as well as the use of improving multiple access, addressing and routing technologies and protocols, which are forming a reliable, seamless and secure communications network, has enabled the implementation of “Battlefield Digitization” vision. The seamless communication infrastructure called “Tactical Internet (TI)” is a brigade and below integration of tactical radios and routers forming a voice and particularly data network to transport “Command and Control” and “Situational Awareness” (SA) information for attached computers. This horizontally and vertically integrated digital information network supports warfighting systems and provides communications connectivity for all tactical users.

The Tactical Internet term is appropriate due to functional similarities to the commercial Internet. TI communications infrastructure is based on Internet technology and messages are exchanged by using the commercially-based Internet Protocol (IP). Although the use of such internetworking technologies is commonplace in the commercial realm, the application of the same resources to the tactical environment’s more severe and limiting conditions has presented some difficulties. The technical constraints present in the tactical internet are coming from its nature. TI is,

Highly mobile : All elements are either hand held or vehicle mounted and most of them must operate on the move, and roles also move from command post to command post,

Bandwith limited, and those scarce resources are shared between voice and data communications.

Operated in a high-noise environment: It should be highly available in spite of jamming or interference of co-located radio transmission systems,

Subject to nodal and link outages: Various components can be lost or became temporarily unavailable due to malfunctions, moving out-of-sight with other elements, and LPD/LPI measures press for turning the system components off, or operating them silently. Because of that, computers on different networks may obliged to take over other’s functions.

4. Advantages

In spite of all those severe conditions TI forms a horizontally and vertically integrated digital information network to support warfighting systems, and to provide communications connectivity for all tactical users, and seamless communications network to attached computers. In brief, TI provides,

wireless network access,

continuous wireless connectivity,

mobility management- the ability to keep the network infrastructure aware of the network topology and presence/location of the mobile elements, and

routing -determine which path (or pathes) in the network that a given unit of data will take. Network routing is based on addressing schemes.

The TI also supports several key services. These services include functions such as electronic messaging, directory, network management and security.

5. Tactical Communications Infrastructure of Turkish Land Forces

Tactical communications system architecture of Turkish Land Forces will be based upon three networks in the 21st century. These three networks are the TASMUS [1] backbone (WAS [2] –LAS [3]), TASMUS MAT [4] TDMA [5] Packet Radio and PRC/VRC-9600 CNR radio systems. MAT and PRC/VRC-9600 radios will constitute the “Mobile Subsystem” part of the tactical communications infrastructure.

The MAT network will be the primary high rate data traffic backbone from maneuver brigade to lower echelon units and direct support units. MAT provides X.25 Switched and Permanent Virtual Circuit (PVC) connections.

PRC/VRC-4600 VHF/FM Fixed Frequency and PRC/VRC-9600 VHF/FM Frequency Hopping Military Radio families provide low rate (up to 16Kbps) data communications and CNR capability to the Turkish Land Forces. Most users of Turkish Land Forces in the forward echelon are on PRC/VRC-4600/PRC/VRC-9600 nets, so these nets will be the most common source and destination of the data traffic. PRC/VRC-9600 digital CNR radios will become the major communications equipment at the brigade and below in the forthcoming future.

Seamless communications is defined as communications between two computers where transport of data, whether accross one or multiple heterogeneous networks, is transparent to the user. Routers and gateways enable this seamlessness by providing junction points for the internetworking between the communications networks. The “Tactical Data Communications Module” (TDCM) is being developed by ASELSAN for that purpose. TDCM enables the intra- and internetworking of the PRC/VRC-9600 CNR radios. Thus PRC/VRC-9600 together with the TDCM will constitute main part of the TI at the combat area.

TDCM supports MIL-STD-188-220B [6] protocol, and

provides two-way half-duplex end-to-end data transmission over point-to-point, multipoint, relay or broadcast connections between attached stations to the internet or intranet.

controls and regulates network access scheme according to chosen multiple access method and thus minimize collision probability,

provides topology learning and updating capability for the intranet under changing topology and dynamic connectivity.

provides end-to-end acknowledgement and retransmission mechanism for reliable data communications,

supports interfaces to wireline and existing various radio equipment of Turkish Land Forces.

6. Objectives

To form the Tactical Internet infrastructure for the Turkish Land Forces, ASELSAN has developed a migration plan,

In the short term: The goal is to achieve Tactical Intranet by using intermediate devices such as TDCM and interconnecting the legacy systems each other over a tactical wireless LAN. TDCM will be used as a network adaptor for the existing CNRs in that configuration. Another objective of this stage is horizontal integration of those homogeneous networks (i.e., CNR Intranets). TDCM will function as a “bridge” in this stage.

In the mid term: CNR networks will get a connection to the “Mobile Subsystem (MS)” elements of TASMUS, in other words, to the MAT TDMA packet radios via TDCMs. Therefore, CNR Intranets will be vertically integrated to higher echelons, and geographically separated CNR networks can be connected each other over TASMUS infrastructure. Thus they alltogether form a Tactical Internet. The role taken over by the TDCM in this stage is named as “Combat Net Radio Interface (CNRI)” in NATO TACOMS Post 2000 documents. In commercial terminology it corresponds to a “router” or a “gateway” which are used to connect heterogeneous networks. Another goal of this period is to develop next generation CNR which has built-in GPS and networking facilities.

In the long term: Following stages whereat the vertical integration of TASMUS to the strategic network of Turkish Armed Forces (i.e., TAFICS [7]), TI of Turkish Land Forces will reach the ultimate goal of joint seamless interoperability, by the communication systems of the Navy, Air Force and General Staff.

The major objective of the ASELSAN is to keep evolving its products on the field of tactical communications, in parallel to the future requirements of the Turkish Armed Forces and the growing technology. Increasing data transmission rates of the communication equipments, that are used at the brigade and below echelons, towards the 64kbps by using advanced coding and compression techniques, and supporting advanced and integrated information services (voice over IP, low rate video, etc.) by TI components will be the near term objectives of the ASELSAN also.

[1] TASMUS Tactical Area Communications System

of Turkish Land Forces

[2] WAS Wide Area Subsystem (NATO TACOMS Post 2000)

[3] LAS Local Area Subsystem (NATO TACOMS Post 2000)

[4] TASMUS MAT

Mobile Subscriber Terminal of TASMUS

[5] TDMA Time Division Multiple Access

[6]MIL-STD-188-220B

Interoperability Standard for Digital Message Transfer Device Subsystems

[7] TAFICS Turkish Armed Forces Integrated Communications System

BIOGRAPHY

Mrs.Zeliha Aysin ZAIM (azaim@mst.aselsan.com.tr ) received B.S. and M.S.degrees in electrical engineering from Hacettepe University-Ankara,Türkiye,in 1982 and 1985 respectively. Her background includes university teaching experience and work in industry in the areas of computer aided education, industrial control and automation and telecommunications. She joined ASELSAN in 1988, where she was involved in the design and development of PC based PABXs, trunking radio systems and GSM hand held terminals. Currently, she is working as a technical leader for Software Engineering Department of Microwave and System Technologies Division, ASELSAN. Her main research interests are on digital transmission and data communications software.

TASMUS (SYSCON) NETWORK MANAGEMENT SYSTEM ARCHITECTURE

Mr. Ali Yazici

ASELSAN-Türkiye

1. ABSTRACT

TASMUS network management and planning system, “SYSCON” meets military network management and planning requirements by using both ITU-T M.30 system control concepts and NATO TACOMS POST-2000 system control concepts.

TASMUS Network Management System has three hierarchical levels, SEP, OSC and FC. The communication between OSC and NE passes through FCs. OSC communicates with the FC to which the NE in question is connected. Then the FC transmits the commands that come from the OSC to the relevant NE. The necessary mediation is performed at the FC level. On the mobile subsystem, Mobile Subscriber Terminals use TDMA (Time Division Multiple Access) technique and automatically form a radio network where all the network management functions are carried out in a distributed fashion. The access of this radio network is via Radio Access Point device that manage all Mobile Subscriber Terminals on behalf of OSC .

Aselsan has designed and implemented own network management protocol named ASMS/ASMP to support secure network management functions on the tactical field.

2. INTRODUCTION

TASMUS provides mobile, survivable, flexible, rapid and secure multichannel communications (voice, video and data) to the tactical users and provides information to the commanders about the geographical positions of all their subordinate units. TASMUS is compliant with the NATO TACOMS POST 2000 architecture.

As shown in Figure 1., TASMUS will have a layered architecture.

RAP

MOBILE SUBSYSTEM (MS)

MST

NP

RAP

LOCAL AREA SUBSYSTEM (LAS)

NP

WIDE AREA SUBSYSTEM (WAS)

STRATEGICSYSTEMS

PTT

Figure 1. TASMUS Layered Architecture

At the highest level the Wide Area Subsystem (WAS), which carries out the backbone switching, is formed by the nodal points. Interfaces to the strategic systems and PTT are located on the Wide Area Subsystem.

The second layer is the Local Area Subsystem (LAS), which is formed by Radio Access Points (RAP) connected to the nodal points. The RAPs contain the access switches through which the users access the system. The RAPs also constitute a gateway for the mobile users.

The third layer is the Mobile Subsystem (MS). In the Mobile Subsystem mobile subscribers use Mobile Subscriber Terminals (MST) to access the TASMUS switching backbone.

In addition to those layered subsystems, the system control SYSCON carries out all the necessary control functions such as system planning, control and management.

NPNP

RAPRAP

WIDE AREASUBSYSTEM

WIDE AREASUBSYSTEM

RAPRAP

CNRCNR

STRATEGICSYSTEM

STRATEGICSYSTEM

PTTPTT

NPNPNPNP

NPNP

SYSCONSYSCON LOCAL AREA

SUBSYSTEM LOCAL AREA

SUBSYSTEM

MOBILESUBSYSTEM

MOBILESUBSYSTEM

TACTICAL DATABANK

TACTICAL DATABANK

R/L

R/L

R/L

R/L

R/L

TDD R/L

iSTAR

TDD R/L

TDD R/L

Figure 2. Detailed Architecture of TASMUS

Detailed architecture, interconnection of the subsystems and interfaces to the other systems such as CNR, PTT and strategic system is shown in Figure 2.

3. OSI NETWORK MANAGEMENT

3.1.Functions Of Network Management Systems

The OSI Network Management Model is the primary means of understanding the major functions of the network management system. This model consists of five conceptual areas:

Configuration Management: The monitoring and maintanance of the current state of the network. Installing, initializing, boot loading, modifying, or tracking hardware and software configurations and options.

Fault Management: The detection, isolation and correction of abnormal conditions. Troubleshooting the network; finding and correcting failed or damaged components or misconfiguration; monitoring equipment for early problem indicators; tracking down distributed problems.

Security Management: Provides authorization, access control, encryption and key management.

Performance Management: Enables the maintanance of network performance at acceptable levels. Monitoring the capacity and loading of network components; gathering and analyzing performance-related data to predict future requirements and needed equipment changes or upgrades.

Accounting Management: Enables charges to be established for the use of network resources. Allocating cost of various portions of the network to the groups using them; capturing the usage data to allow accurate reporting.

3.2.The Parts of the Network Management System

A network management system consists of manager, Agent, MIB and management Protocol.

1) Manager:

Serves as an interface for the administrator with the network management system

Translates administrator’s commands and performs the actual monitoring and control of the network elements.

Uses the manager framework provides the enviroment that enables a manager application to the intreact with agents, managed objects and operating system.

2) Agent:

responds to commands from the network administrator (manager).

3) MIB:

a collection of objects, each representing a particular aspect of managed agent.

4) Network Management Protocol(Services):

the communication between the manager and the agents is carried out using a network management protocol

network management services are used by application process in peer open systems, to exchange information and commands for the purpose of systems management.

3.3.Network Management Protocols-CMIP and ASMP

The communication between the manager and the agents is carried out using a network management protocol. Although there are a lot of proprietary protocols, the standards community has responded to the multi-vendor independent management problem with two standards, the simple network management protocol (SNMP) and the common management information protocol (CMIP).

The performance requirements associated with tactical systems management may be more rigid than other strategical system management schemes, especially in areas such as:

Ø Conservation of bandwidth consumed by network management traffic;

Ø Ability to adapt dynamically to managing real-time, time-varying resource configurations;

Ø Ability to maintain network management control despite the high degree of intermittent interruptions in management communication services;

Ø Resumption of control of a failed network control center;

Ø Other high survivability requirements.

For this reason, Aselsan has developed his own network management protocol for the TASMUS Network Management System named Aselsan Syscon Management Protocol ASMP.

CMIP:

Common management information protocol (CMIP) operates over an open system interconnect communication stack (OSI full seven layer stack). It is an application layer protocol. CMIP uses an event-based management system, with the managed devices asynchronously sending predefined information (not only alarms) to the manager. It supports the following services called CMIS (Common Management Information Services):

Ø GET fetches the attribute values from the MIB.

Ø SET replaces the attribute value.

Ø CREATE adds a new instance of a managed object and can be used, for example, to create a new “connection” in a telecommunication network.

Ø DELETE deletes the instance of a managed object.

Ø ACTION provides a general facility for requesting actions against existing managed objects, for example, carrying out a test to determine the cause of an alarm.

Ø EVENT-REPORT allows the agent to send events and alarms to the manager.

ASMP:

Aselsan Syscon Management Protocol-ASMP is the protocol developed by Aselsan for the TASMUS network management system. ASMP is a protocol like CMIP that is used by an application process to exchange information and commands for the purpose of remotely managing communication resources, and Aselsan Syscon Management services-ASMS specifies the service interface to ASMP. ASMS/ASMP runs over the X.25 Network Layer of OSI.

ASMP also uses an event-based management system, with the managed devices asynchronously sending predefined information (not only alarms) to the manager. The basic idea behind ASMP is to transmit all information in small, fixed-size packets. The packets are 138 bytes longs of which 10 bytes are header and 128 bytes are network management data, as shown in Figure.3.

Sync Packet

Identifier

NE_ID P(R)/ P(S) Type Data

Length

NM DATA CRC

Figure 3. ASMP Packet

Sync: This field defines the synchronization byte. This field is used whenever the synchronization between manager and agent is lost.

Packet-Identifier : This field defines the packet type. Packet types are Security, Alarm, Performance, Configuration and Last packet indicator. The first 4 bits of this field define the packet type. Data which is greater than the maximum data length, is send in chunks. The last packet of these chunks is marked with the 5th bit of this packet; otherwise, it is set to 0.

NE-ID: This field defines the network element identification number. Network element identification number is the X.25 network address of the network elements.

P(R)/P(S) : This field defines the number of received and sent packets. This field is used to coordinate the packet flow between manager and agent.

Type: This field defines the type of services. These services detail the kind of actions which are going to be taken with the NM_Data

Data Length: This field defines the length of data in the network management data field in ASMP packets.

NM-Data : Alarm, Performance, Configuration and Security data is carried in the network management data field of ASMP packets with the appropriate type value set to Type field.

CRC : This field contains cyclic redundancy checking of entire packet up to the end of the meaningfull data. In the ASMP modified polynomial expression (modulo 2) X16+X12+X5+1 is used.

ASMP uses the following services called ASMS:

Ø X-GET :service is invoked by an ASMS-manager to request the retrieval of management information from a peer ASMS-agent. The service may only be requested in a confirmed mode, and a reply is expected.

Ø X-SET: service is invoked by an ASMS-manager to request the modification of management information by a peer ASMS-agent. The service may be requested in a confirmed mode or a non-confirmed mode. In the confirmed mode, a reply is expected.

Ø X-INITIATE service is invoked by an ASMS-manager to request a peer ASMS-agent to perform an action. The service may be requested in a confirmed mode or a non-confirmed mode. In the confirmed mode, a reply is expected.

Ø X-TERMINATE: service is invoked by an ASMS-manager to request a peer ASMS-agent to terminate an action. The service may be requested in a confirmed mode or a non-confirmed mode. In the confirmed mode, a reply is expected.

Ø X-CANCEL: service is invoked by an ASMS-manager to request a peer ASMS-agent to cancel a previously requested and currently outstanding invocation of the X-GET service. The service may only be requested in the confirmed mode and a reply is expected.

Note that, X refers to capital letters S, C, P that correspond Security, Configuration and Performance respectively.

4. TASMUS Network Management System

SYSCON Architecture is designed to meet military network control requirements by using both ITU-T M.3000 system control concepts and NATO TACOMS POST-2000 system control concepts.

TASMUS will have the following SYSCON (System Planning, Control and Management subsystem) units to control the Network Elements (NEs), such as NP ATM Switches, RAP Access Switches, iSTAR Radios, Bulk Encryption Devices, EOW Encryption Devices, ISDN Terminals etc.

Ø SEP (System Executive Planning)

Ø OSC (Operational System Control)

Ø FC (Facilities Control)

SEP is basically responsible for the preparation of the communication planning at the highest staff level.

OSC mainly performs and controls the plans prepared by SEP. For these functions, a LAN (Local Area Network) is formed. Basic architecture of the OSC is given in Figure 4. Two connections of OSC to two different RAP increase the connectivity of OSC to NE’s.

FCs are deployed at each RAP location to control the NE’s at that RAP area under the control of OSC.

To increase the reliability and survivability, each FC can replace the position of OSC when any failure occurs. X.25 packet data communication technique is selected to increase the connectivity between SYSCON and NE’s. This concept also increases survivability and reliability of SYSCON functions.

SEP

OSC

System Execution

Unit

FrequencyPlanning

Unit

Path ProfileAnalysis

Unit

OperationalControl

Unit

LogisticsUnit

Traffic Analysis

Unit

ComsecUnit

FC

LAN

FC FC

SEP : System Executive Planning

OSC : Operational System Control

FC : Facilities Control

Figure 4. TASMUS SYSCON Architecture

Modular architecture of TASMUS and SYSCON enable the system planners to design and implement almost any kind of communication structure that best fits the concept of operations of Armed Forces. The main functions of SYSCON are given below:

Ø Frequency planning,

Ø Path profiling and propagation calculation,

Ø Digital vector map including detailed database about area of interest (like roads, water sources, etc.), network graphic display

Ø COMSEC and COMPUSEC key generation and distribution

Ø Equipment, system and personnel status

Ø Configuration traffic (voice, data and video) simulation

Ø Statistical database generation of the operation (this database can be used as an input for traffic simulation)

Ø Displaying the deployment of NP, RAP and iSTAR units on digital map

Ø Facility database generation for user profiles

5. TASMUS Network Management System Architecture

In TASMUS, a secure X.25 packet switching network is used for communication between SYSCON elements and the network elements. To achieve the secure packet switched (CCITT-X.25) communication network, Packet handler of Access Switches, Packet Assembler Dissembler PAD equipment and digital telephones with built-in crypto are used. Packet data switching (X.25 data communication) is supported over the TASMUS network by packet handlers of access switches. Digital telephone with built-in crypto is used for secure X.25 data communication. Although, most of the network elements in TASMUS have X.25 interfaces for network management functions, some of them have V.24 (Asynchronous) interfaces instead of the X.25 interface. Using PAD equipment for these network elements, asynchronous traffic can be packetized directly over X.25 communications or vice versa in accordance with X.3, X.28 and X.29 profiles.

The general structure of the SYSCON network is as shown in Figure 5.

OSC

FC1 FC2 FCN

NE

NE

SYSCONPAD

NE

NE

NE

V.24

X.25

NE

NE

SYSCONPAD

NE

NE

NE

V.24

X.25

NE

NE

SYSCONPAD

NE

NE

NE

V.24

X.25

X.25

Figure 5: General structure of the SYSCON system

The communication between OSC and NE is passessed through FCs. OSC communicates with the FC to which the NE in question is connected. Then FC transmits the commands that come from the OSC to the relevant NE. The necessary mediation is performed at the FC level.

There is a local area network that consists of 1 Server, 1 Workstation, 6 computers, 2 printers, 1 Hub and 1 Router running Window NT-4.0 operating

system in the OSC shelter for performing OSC functions. TCP/IP protocol is used. There are also additional 2 computers that will perform the necessary backup of the OSC functions manually. The authorized person will activate this backup system whenever OSC is out of service. The general structure of the OSC shelter is as shown in Figure 6.

Figure 6: General structure of the OSC shelter

Access control and authentication is provided within the network management system (Syscon) in TASMUS. Any authorized and non-authorized transaction will be registered to the audit register.

In TASMUS, three different types of network management protocols are used for the purpose of remotely managing communication resources. These protocols are Common Management Information Protocol-CMIP, Aselsan

HUB HUB

SGNSGNSGNSGN

Digital Telephone

Server, Workstations andPrinters

5 TonsTrack5 TonsTruck

OSC ShelterOSC Shelter ACCESS

SWITCH ACCESS

SWITCH

R/LGRC-5211

R/LGRC-5211

BEEBEE

ROUTER ROUTER

MDFMDF

R/LGRC-5211

R/LGRC-5211

BEEBEE

PADPAD

EOW CRYPTOEOW CRYPTO

Syscon Management Protocol-ASMP and Transparent Asynchronous Protocol-TAP. CMIP is used for ATM ad ISDN switches. ASMP is used for VRC5112 Radio Access Points, Mobile Subcriber Terminals, GRC5211 Radio Link Equipments, Bulk Encryption Devices, EOW Encryption Devices, OCAC Open Contact Alarm Collector Equipments. Marconi TAP protocol and MAL services is used only for Marconi products such as MH344T R/L and MT321T MOLTU Equipments and this protocol is mediated to ASMS/ASMP in FC level. On the mobile subsystem, Mobile Subscriber Terminals use TDMA (Time Division Multiple Access) technique and automatically form a radio network where all the network management functions are carried out in a distributed fashion. The access of this radio network is via Radio Access Point device that manage all Mobile Subscriber Terminals on behalf of OSC .

6. CONCLUSION

TASMUS network management and planning system, “SYSCON” meets military network management and planning requirements by using both ITU-T

TMN Manager-TMN ManagerFramework Interface, CMIS

TMN Manager Framework

CMIP

Manager- Manager FrameworkInterface, ASMS

Non TMN ManagerFramework

ASMP

MANAGER

CMIP

ATM

Switches

TAP

LOS R/L

ASMP

OCAC

ASMP

EOWEncryption

TAP

MOLTU

ASMP

TAP / ASMPMediation

TAP

ASMP

CMIPAccess

Switches

DigitalTelephone

OSC Level

FC Level

BulkEncryption

ASMP

RadioAccess Point

ASMP

Band III R/L

Mobile SubcriberTerminal

TDMA

M.30 system control concepts and NATO TACOMS POST-2000 system control concepts.

TASMUS Network Management System is designed to meet requirements of the tactical communications. For this purpose, we designed and implemented own network management protocol named ASMS/ASMP to support secure network management functions on the tactical field. The communication between SYSCON elements and network elements is through the secure X.25 packet switching network. To achieve this secure packet switched (CCITT-X.25) communication network, digital telephones with built-in crypto are used.

TASMUS Network Management System has three hierarchical levels SEP, OSC and FC. The communication between OSC and NE is passed through FCs. OSC communicates with the FC to which the NE in question is connected. Then FC transmits the commands that come from the to the relevant NE. The necessary mediation is performed at the FC level. On the mobile subsystem, Mobile Subscriber Terminals use TDMA (Time Division Multiple Access) technique and automatically form a radio network where all the network management functions are carried out in a distributed fashion. The access of this radio network is via Radio Access Point device that manage all Mobile Subscriber Terminals on behalf of OSC .

REFERENCES

[1] ITU-T M.3010, “Principles for Telecommunications Management Network”, 1992

[2] David M.Piscitello, A. Lyman Chapin, “Open Systems Networking” August, 1993

[3] Andrew S. Tanenbaum “Computer Networks”, 1993

MIL-HDBK-1351, 23 Jul 93

BIOGRAPHY

Mr.Ali YAZICI (Aselsan) has received BS and MS degrees in Electrical and Electronics Engineering from Middle East Technical University, Ankara, in 1984 and 1987, respectively. Between 1984 and 1988, he has worked at ASELSAN as a quality control engineer. Following his military service (April 1988-Ocober 1988), he returned back to ASELSAN. He worked on Communication and Computer Security Projects (COMSEC/COMPUSEC). He is currently working as technical leader in the COMSEC/COMPUSEC Projects and Tactical area Communications system (TASMUS) project. His professional interests are communication security, computer security, military communication networks, Network management systems and algorithm design.

SECURITY OF NETWORK SYSTEMS Mr. Sander Bakker

Cisco Systems, Europe-Belgium

1. ABSTRACT

This article explains the following topics related with the security of network systems.

Building a secure IT infrasucture – Minimizing the Risk

Determining the risks the IT infrastructure is running – What are the implications?

Recognising potential flaws in your security systems and finding solutions

What security tools are available and how to maximize the effectiveness

Examining the convergence of systems and products to improve your security

Implementing an integrated security system – Firewalls, Intrusion Detection and Scanners.

Assessing the role of encryption and VPN’s in network security

2. INTRODUCTION

The presentation slides of this paper are provided on the following pages.

Building aBuilding aSecure IT InfrastructureSecure IT Infrastructure

-- MinimisingMinimising the Risk the Risk --

Sander Bakker

European Security Specialist

sbakker@cisco.com

AgendaAgenda

• Why Do We Need Security

• Elements of Security

• Identity

• Integrity

• Active Audit

• Policy Management

100% Security100% Security

“

”

The only system which is truly secure is one which is switched off and

unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then,

I wouldn’t stake my life on it….

Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University

The Gulf WarThe Gulf War

“

”

“Iraq lost the war before it even began. This was a war of intelligence,

electronic warfare, command an control and counter intelligence. Iraqi troops were blinded and defeaned…. Modern

war can be won by Informatika and that is now vital”

Soviet General S. Bogdanov, chief of the General Staff Center for Operational and Strategic Studies

Computer Crime and Security Survey (n=512)

1999 FBI/CSI Survey1999 FBI/CSI Survey

• 62% reported computer security breaches

• 51% suffered financial loss ($123 million)

• 59% attacks from the inside

• 54% attacks from the outside

• 55% were victim of unauthorized insider access

(45% in 1998)

1999 CSI/FBI Survey1999 CSI/FBI Survey

• Likely source of attack

Foreign governments 21%

Foreign corporations 30%

Independent hackers 74%

US competitors 53%

Disgruntled employees 86%

BASSBASS

• 36 million host scanned

• All domains

• Basic vulnerabilities

60% Penetrated over 30 Times60% Penetrated over 30 Times

Over the Past 12 Months, How Many Successful Unauthorized Accesses from Outsiders Have You Detected?

11 to 2013%

21 to 3025%

31 to 4052%

1 to 102%

Over 502%

41 to 506%

Source: WarRoom Research, Internet Week, 23 March 1998

Why Do We Need Security?Why Do We Need Security?

“

”

Around 90% of web sites can be hacked into and shut down within 10 minutes

Once a web site has been hacked, it’s usually a matter of hours before they gain access to the entire IT system

and everything it contains

Harry Ram, Director of communications at Diligence Computer Personnel 9-22, October 1998

ExamplesExamples

ExamplesExamples

ExamplesExamples

• Hacked companies suffer $2–11M (American Bar Association)

First National Bank of Chicago lost $70M

MCI lost $50M

Digital Equipment Corporation lost $5M

Citibank lost $10M to Russian hackers

Ernst & Young survey 80% suffered loss related to information security

What Makes it Worse?What Makes it Worse?

“

”

Over 75% of hacking is done by insiders and it’s easy to see why. The

person on the inside is on the right side of the firewall—they know the computer systems and they have

access to the passwords

Neil Barrett, Bull Information Systems,

‘Computer Crime Fighter’—Personal Computer World, Feb 1999

Hacking Is EasyHacking Is Easy

• Anyone can be or become a hacker

• The threats are real

• There are easy tools freeFor example:

l0PHT-Crack (www.l0pht.com)

Back Orifice (www.cultdeadcow.com)

Be PreparedBe Prepared

Have a Security Policy

“

”

First, companies should develop and adopt corporate-wide

security policies. Then they should implement technologies

to carry out those policies.

Ernst & Young, Information Week, 8 September, 1997

• R = (V x T) - P

• Reputation“Only 37% would report if required by law”

Risk = vulnerabilities x threats - prevention

Risk ManagementRisk Management

Security Policy DevelopmentSecurity Policy Development

• Identify Network Assets to Protect

• Determine Points of Risk

• Limit the Scope of Access

• Identify Assumptions

• Determine Cost of Security Measures

• Consider Human Factors

• Keep limited number of Secrets

• Implement Pervasive and Scalable Security

• Understand Typical Network Functions

• Remember Physical Security

A Comprehensive, Integrated Security Solution A Comprehensive, Integrated Security Solution Can Enable an Organization to Minimize and Can Enable an Organization to Minimize and

Manage Risk...Manage Risk...

1)Corporate Security Policy

2)2) SecureSecure

3)3) Monitor andMonitor andRespondRespond

4)4) TestTest

5)5) Manage andManage andImproveImprove

Goal: Comprehensive SolutionGoal: Comprehensive Solution

Security WheelSecurity Wheel

1)

Corporate Security Policy

2. Secure2. Secure

3)3) Monitor and RespondMonitor and Respond

4)4) TestTest

5)5) Manage andManage andImproveImprove

•• FirewallFirewall•• Authentication and authorization of usersAuthentication and authorization of users•• Encryption and VPNEncryption and VPN•• Security design and implementation/integrationSecurity design and implementation/integration

•• Intrusion detectionIntrusion detection•• Intrusion responseIntrusion response•• 24 x 724 x 7

•• Vulnerability scanningVulnerability scanning•• Network mappingNetwork mapping

•• Systems integrationSystems integration•• Recommended fixesRecommended fixes•• CountermeasuresCountermeasures•• Incident control and recoveryIncident control and recovery

Elements of SecurityElements of Security

• IdentityAccurately identify usersDetermine what users are allowed to do

• IntegrityEnsure network availabilityProvide perimeter securityEnsure privacy

• Active auditRecognize network weak spotsDetect and react to intruders

• Policy managementCentralized control of security services

Policy

Elements of SecurityElements of Security

• IdentityAAA - Server

• IntegrityFirewall

IPSec Encryption

• Active auditVulnerability Scanner

Intrusion Detection

Security Consulting

• Policy managementPolicy Server

Policy

Security Is…Security Is…

Security Office

Traditional Locks

Guard

SecurityCamera

Card KeyCard Key

Intrusion DetectionIntrusion Detection

Intrusion DetectionIntrusion Detection

Intrusion DetectionIntrusion DetectionPolicy ManagementPolicy Management

Vulnerability ScannerVulnerability Scanner

FirewallFirewall

FirewallFirewall

AAAAAA--ServerServer

• Uniquely and accurately identify users, applications, services, and resources

RADIUS, TACACS+, Kerberos, OTP, MS-login, AAA server, digital certificates, directory services

IdentityIdentityIdentity

UNIVERSALUNIVERSALPASSPORTPASSPORT

KjkjkjdgdkkjdkjfdkI kdfjkdjIkejkejKkdkdfdKKjkdjdKjkdjfkdKjkdKjdkfjkdj Kjdk

USA

************************

************************

Kdkfldkaloeekjfkjajjakjkjkjkajkjfiejijgkdkdjfkdkdkdkddfkdjfkdjkdkd

kfjdkkdjkfdkfjdkfjdkjkdjkdjkaj

kjfdkjfkdjkfjkjajjajdjflakjdfkjeiieiefkeieooei

IdentityIdentity——AAA ModelAAA Model

• AuthenticationWho are you

“I am user X, my password is xyzxy”

• AuthorizationWhat can you do

“User X can access host Y with telnet”

• AccountingWhat did you do

“User X accessed host Y with telnet 15 times”

IdentityIdentity—— DDNS/DHCPDDNS/DHCP

• Security Policies based on IP addresses

• Are you using Dynamic Host ConfigProtocol (DHCP)?

• How do you manage and secure your network when using DHCP?

You Don’t Know Who’s Going Where You Don’t Know Who’s Going Where Until You know Who They AreUntil You know Who They Are

IntegrityIntegrity——Network AvailabilityNetwork Availability

• Ensure the Network Infrastructure remains available

Administrative controls, Passwords, MD-5 hash, encryption, DoS protection, Encrypted Kerberos, Telnet

• Control access to critical network applications, data, and services

Access control lists, firewall technologies, content filtering, authentication

Integrity—Perimeter SecurityIntegrityIntegrity——Perimeter SecurityPerimeter Security

What Is a FirewallWhat Is a Firewall

“

”

All traffic from inside to outside and vice-versa must pass through the firewall

Only authorized traffic, as defined by the local security policy, will be allowed in

The firewall itself is immune to penetration

Source: Bellovin and Cheswick “Firewalls and Internet Security, Repelling the Wily Hacker”

IntegrityIntegrity——PrivacyPrivacy

• Provide authenticated private communication on demand

VPN, IPSec, IKE, encryption, DES, 3DES, digital certificates, CET, CEP

Virtual Private NetworksVirtual Private Networks

Internet

FirewallFirewall

FirewallFirewall

Encrypted IP

Internet

InternalNetwork

Encrypted IP

Cisco VPN ClientCisco VPN Client

IntegrityIntegrity——IPSec Protects VPNIPSec Protects VPN

• Privacy, data integrity, and authenticity

• Obscures source and destination information

• Safeguards from “replay” and “man-in-the-middle” attacks

• Implemented transparently in the network infrastructure

• Internet standard

OriginalPacket

EncapsulateInto New Packet

Authenticate withMD-5 Checksum

Encrypt EntireContents (DES)

HeaderHeaderDataData HeaderHeader

HeaderHeaderDataData HeaderHeader

DataData HeaderHeader

IPSec Tunnel ImplementationIPSec Tunnel Implementation

ChecksumChecksum

HeaderHeader

Virtual Private NetworksVirtual Private Networks

Encapsulate

Authenticate

Encrypt

Internet

Creates a Network “Tunnel” or “Virtual Private Network”

HelloHello

!@#$%&!@#$%& !@#$%&!@#$%& !@#$%&!@#$%& !@#$%&!@#$%& !@#$%&!@#$%&

Remove

Authenticate

Decrypt

HelloHello

HelloHello

HelloHello

HelloHello

HelloHello

Firewalls, Authorization, Encryption Do Not Provide Visibility Into these Problems

Active AuditActive Audit

• The hacker might be an employee or ‘trusted’ partnerUp to 80% of financial loss are from insiders—FBI

• Your defense might be ineffectiveOne in every three intrusions occur where a firewall is in place—Computer Security Institute

• Your employees might make mistakesMisconfigured firewalls, modems, old passwords, etc.

• Your network will grow and changeEach change is a security risk

Active AuditActive Audit——Network Network Vulnerability AssessmentVulnerability Assessment

• Assess and report on the security status of network components

Scanning (active, passive), vulnerability database

Active AuditActive Audit——Intrusion DetectionIntrusion Detection

• Identify and react to known or suspected network intrusion or anomalies

Passive promiscuous monitoring, database of threats or suspect behavior, communication infrastructure, access control changes

Host Based IDSHost Based IDS

Workgroup Switch

Corporate Network

Router

Web Server Email Server

Internet

EngineeringFinance

Administrator

AGENT

AGENT AGENT

AGENT AGENTAGENT

AGENT

AGENT

AGENT

AGENT

AGENT

AGENT

AGENT

AGENT

AGENT AGENT

AGENTAGENT

Network Based IDSNetwork Based IDS

Remote Office

Workgroup Switch

Corporate Network

NetRanger

NetRanger

NetRanger

NetRanger Director

Router

Web Server Email Server

NetRanger

Internet

Engineering Finance

Administrator

Alert

Network Network vs vs Host IDSHost IDS

• Network-Based - SniffingPassively collects data from the network

Doesn’t impact normal network operations

Monitors all hosts, directly or indirectly, on the subnet

• Host-Based - AgentsRequires software running on all monitored hosts

Reports to a centralized management platform

Network Network vs vs Host IDSHost IDS

• Network-BasedDetects attacks that Host-based miss

Denial of Service (Header)

Probes (Payload)

Unsuccessful attacks and malicious intent

Real-time detection and response

Operating System Independent

Difficult to Remove Evidence

Fewer detection points required

Network Network vs vs Host IDSHost IDS

• Host-BasedDetects attacks that Network-based miss

Dial-up modem, keyboard

Encrypted traffic

Fewer False positives

No additional Hardware

Easier to remove Evidence

Performance impact on Host

Active AuditActive Audit——Security ConsultingSecurity Consulting

• Identify and recommend solutions to security vulnerabilities/attacks enterprise-wide

Manual secondary exploitation, Security posture assessments, Incident control and response

PolicyPolicy

Policy ManagementPolicy Management

• Provide integrated control over the use of the network resources

Secure and remote management of firewalls, IPSec encryption and VPN management, policy validation

Security Management Security Management Requirements and ChallengesRequirements and Challenges

Point Point ApplicationsApplications

Simplified Simplified Presentation Presentation via Policiesvia Policies

Network

Inconsistent Inconsistent Device Device

ConfigurationConfiguration

Complex Complex TechnologiesTechnologies

Centralized, Secure Centralized, Secure Command Command & Control& Control

Integrated Integrated Product Product

& Technology& TechnologyManagementManagement

Scalability Performance

Users

Applications Devices

What is a Network PolicyWhat is a Network Policy

• A set of high-level directives that control the deployment of network services (e.g. Security and QoS)

• Created in terms of established practices

CampusCampus/Data Center Internet

DevicesDevices

Network PoliciesNetwork PoliciesUsersUsers

ApplicationsApplications 365 x 24 x 7365 x 24 x 7

MM––F, 9F, 9––55

Strict Perimeter SecurityStrict Perimeter Security

Strong encryption & high priorityStrong encryption & high priority

Access restrictions & authorizationAccess restrictions & authorization

365 x 24 x 7365 x 24 x 7

What is Policy Management ?What is Policy Management ?• The overall process by which organizations administer

their established policies

• Translates high-level policies developed in terms of business objectives, into network and device configurations within the network

• Enforced network-wide

• Comprises three basic tasks:

Policy Definition

Policy Enforcement

Policy AuditingPolicy-based management optimizes network operations!

Telecommuters

MobileUsers

Branch Offices

QoSSecurity

Campus

Partners

Enterprise Policy

Policy ManagementPolicy Management

• Set policies for users, applications and devices

• Deliver end-to-end QoS and security• Integrate with registration and directory services

• Enable integrated control over network resources

A Comprehensive SolutionA Comprehensive Solution

2) Secure

1)Corporate Security Policy

3) Monitor andRespond

4) Test

5) Manage andImprove

A Comprehensive, Integrated Security Solution Can Enable an Organization to

Minimize and Manage Risk…

Improving SecurityImproving Security

Remote Office

Corporate Network

Router

Web Server Email ServerEngineering Finance

Administrator

NetRanger

NetRanger

NetRanger

NetRanger

NetRanger Director

Alert!Alert!

Internet

Mobile User

Cisco VPN Client

ServiceServiceProviderProvider

Improving SecurityImproving Security

Remote Office

Internet

Mobile User

ServiceServiceProviderProvider

Corporate Network

Router

Web Server Email ServerEngineering Finance

Administrator

Cisco Security Manager

UpdateUpdatePolicyPolicy

Security IS a Solution Security IS a Solution

...and NOT a single product...and NOT a single product

• Be aware of the potential dangers

• Determine policies

• Protect integrity and privacy

• Actively audit and monitor environment

• Continue to improve

BIOGRAPHY

Mr. Sander Bakker is part of Cisco's SAM team. The SAM team is a European Overlay organisation within Cisco that focusses on Security, Availability and IP Management products. Mr. Bakker has over 10 years experience in high technology sales and marketing.

Prior to joining Cisco, Mr. Bakker helt sales and marketing positions for several high technology companies, including Raptor Systems, Axent and Wollongong. At Raptor Systems Mr. Bakker was responsible as Regional Sales Manager for Benelux, Southern Europe, Middle East and Africa.

AN INTELLIGENT EVASION LAW DESIGN

FOR AN AIRCRAFT UNDER MISSILE THREAT

Kemal Leblebicioglu

Computer Vision and Intelligent Systems Research Laboratory

METU Electrical-Electronics Engineering Department, 06531, Ankara, Turkey

Deniz Erdogmus

TÜBITAK-SAGE Electronics and Guidance Technologies Group

Guidance and Control Laboratory, METU Campus, 06531, Ankara, Turkey

1. ABSTRACT

In this study, an intelligent evasion law is proposed for an aircraft under missile threat. A fuzzy logic structure decides whether to employ ‘maximizing distance maneuver’ or the ‘maximum turning maneuver’ according to the distance between the missile, the aircraft and the closing velocity. It is understood that, in order to guarantee the success of this evasion law in any case where the capabilities of the aircraft are sufficient, the problem must be investigated deeper and it is mandatory to obtain more information about the structure of the pursuit-evasion game. When this is done, it will be possible to increase the number of scenarios where the aircraft evades the missile to the number of scenarios where the missile hits the aircraft by adapting the parameters of the fuzzy decision logic on-line according to scenario conditions.

Keywords : Fuzzy Logic, Pursuit-Evasion Game, Evasion Law

2. INTRODUCTION

One of the most popular topics in battle simulation studies is the air combat or the pursuit of an aircraft by a missile. With a general view, an air combat game is the one in which a number of players try to minimize their objective functions each employing strategies of their own preferences [Grote 1985]. In these games, the aircraft, the missiles, airports or other fascilities are modeled via various parameters and all players utilise their resources so as to minimize their respective objective functions. As a consequence of the game simulation, it is possible for the commander to decide on a strategy for the upcoming combat. The air combat simulation program TAMARI used by NATO countries is an example of such simulation programs.

It is, on the other hand, possible to approach the air combat game from a lower view and investigate the pursuit game between a missile and an aircraft. While general view simulations as stated above may help to develop strategies, the lower view approaches may lead to improved tactics for units involved in the combat actively.

During the recent years, much work has been done to improve pursuing tactics for the missile or the torpedo whereas little effort has been spent comperatively in order to obtain better evasion algorithms for the evader.

In this study, an intelligent evasion law for an aircraft under missile threat will be tried to designed. Necessary maneuver commands will be produced according to outputs of a fuzzy logic decision structure. This fuzzy structure, using a rule base and according to various parameters of the aircraft and the missile will either command the aircraft to run in the direction that maximizes the instantaneous distance between itself and the missile or command the aircraft to turn its velocity vector to a direction that will take the aircraft out of the possible reachable region of the missile by employing a strong acceleration.

In the games, the guidance law of the missile will be taken to be the proportional navigation. This choice arises due to the fact validated by both theory and practice that proportional navigation law is one of the most effective guidance laws [Aslan 1997], [Erdogmus 1998].

3. MANEUVER EVALUATION USING FUZZY LOGIC

Two possible marginal maneuvers for an aircraft under missile threat exist. First one is to direct the velocity vector along the direction that maximizes the

distance in between, and the second one is to turn the velocity vector to a direction that will take the aircraft out of the reachable volume by the missile before missile catches the aircraft.

The fuzzy structure to be developed will consider the distance in between and the closing velocity in order to decide which maneuver will be performed. The decision will come out as a scalar in the interval [0,1] and it will be possible to evaluate this value in different ways resulting in varying performance of the evasion algorithm. The block diagram of the fuzzy structure is shown in Fig. 1.

Once the two inputs, range (R), and closing velocity (Vc) are normalized, the fuzzy membership sets shown in Fig, 2-3 are ignited and the rules summarized in Table 1 are fired.

The fired rules are blended according to their firing strengths to activate the membership functions of the ‘Decision’, the output. The final output is computed from the fuzzy output using center of gravity defuzzification method. With all these definitions, the fuzzy structure has an input-output relation as shown in Fig. 5.

4. MANEUVERS

In this section, the marginal maneuvers mentioned before will be formulated and the possible usages of these maneuvers together with the output of the fuzzy structure will be investigated.

4.1 Evasion Maneuver

In the evasion maneuver, the aim of the aircraft is to align its velocity vector to the aircraft-missile direction and to accelerate in order to maximize the distance between. This situation is visualized in Fig. 6. At these conditions, the vector pointing the evasion direction is

ρρ ρ

ρ ρkP P

P Py

f m

f m

=−

−

(1)

The aircraft may speed-up, brake, or perform a lateral acceleration (perpendicular to its velocity vector). Using on-off control strategy and assuming that maximum permitted values for these accelerations are max_thr, max_bra, and max-lat, the acceleration required of the aircraft is found as

ρρ ρ ρ ρ

ρ ρ ρ ρlk k V V

k k V Vacc d

y y f f

y y f f

,

( ) /

( ) /=

− ⋅

− ⋅ (lateral acceleration direction)

(2)

ρ ρa lat llat acc d= ⋅max_ , (lateral acceleration)

(3)

ρ ρ ρa thr V Vthr f f= ⋅max_ / (speed-up acceleration)

(4)

ρ ρ ρa a ab k thr lat, = + (total acceleration)

(5)

4.2 Diving Maneuver

In the diving maneuver, the aim of the aircraft is to exert maximum possible lateral and braking accelerations to get out of the reachable volume of the missile as quickly as possible. In Fig. 7, the conic volume reachable by a

missile by an acceleration of amax at a speed of Vm is demonstrated. The base of this conic volume is a circle and the side surface has a circular crossection of

radius R V am= 2 / max . Under these conditions, the shortest path for the aircraft to get out of this conic region is the direction from the aircraft itself to the center of the circular crossection of the reachable area of the missile. Hence, the desired direction for the aircraft velocity will be towards the center of this minimum-radius turning circle of the missile.

In order to achieve the readjustment of velocity vector direction to the desired direction quickly, the aircraft must brake to slow down and apply a lateral acceleration to turn its velocity. Slowing down will enable the aircraft to achieve a higher angular rate to turn its velocity with the same amount of lateral acceleration. The desired velocity direction can be computed as

ρ

ρ ρ

ρ ρkP P

P Py

c f

c f

=−

− (evasion direction)

(6)

Here, ρPc and ρcd can be computed from

ρ ρ ρP P R cc m d= + ⋅ (center of circle)

(7)

ρ

ρ ρ ρ ρ ρρ

ρ

ρ ρ ρ ρ ρρ

ρ

c

P P P P VV

V

P P P P VV

V

d

f m f m mm

m

f m f m mm

m

=

− + − ⋅ ⋅

− + − ⋅ ⋅

2

2

2

2

(( ) )

(( ) )

(8)

In order to align the velocity vector to this direction, lateral acceleration will be produced as in (2) and (3), and the braking acceleration will be produced as in (4) with a negative sign.

4.3 Combining the Maneuvers

Evasion and diving maneuvers may be combined in many ways using the ‘decision’ of the fuzzy maneuver evaluator. For example, a threshold value may be determined to be compared with the decision value and if the decision is smaller than the threshold then diving, otherwise evasion maneuvers may be activated. One other possibility is to sum up both maneuver commands proportional to their portion residing in the decision. The success of these combination methods may vary from scenario to scenario. Also, the value of the threshold may effect the success of the algorithm. The conclusion drawn from this is that the fuzzy structure must be adaptive, in other words, with suitable refitting during flight, the fuzzy structure must learn how to escape the missile. However, this is a complicated task and it requires a deeper investigation of the pursuit problem and much experience.

5. SIMULATIONS

In this section, the developed guidance method for the evading aircraft will be investigated in several scenarios. Typical pursuit scenarios include air-to-air chase or surface-to-air chase cases; therefore the scenarios will be among these cases.

The speed-up, breaking, and lateral acceleration capabilities of the aircraft are bounded by 2g, 0.5g, and 5g respectively, whereas the missile is only allowed to exert a lateral acceleration that is bounded to 10g. The drag accelerations of both aircraft and missile are modeled to be a parabolic function of total speed with 0m/s2 at 0m/s speed and 1g at 650m/s for missile and 5g for aircraft at 400m/s, respectively. The scale factors for the inputs of the fuzzy structure are taken to be 10000m and 250 m/s for R and Vc.

5.1 Surface-toAir Missile Threat

In this scenario, the aircraft is threatened by a surface-launched missile. The missile is launched towards the aircraft which propogates towards

north at 2000m with a speed of 250m/s, with an initial inclination angle of 450 and has an initial speed of 500m/s. When the threshold method is used to evaluate the decision of the fuzzy structure with the threshold being 0.5, the decision of the fuzzy structure became as given in Fig. 8, and the trajectories of the missile and the aircraft are shown in Fig. 9.

When the evasion and diving maneuvers are linearly combined proportional to the decision of the fuzzy structure, different results have been obtained. The decision changes from evasion strategy to diving strategy in time as seen in Fig. 10. As presented in Fig. 11, the speed of the missile falls below the speed level of the aircraft which makes its hit probability thereafter zero. The trajectories of the aircraft and the missile are given in Fig. 12.

5.2 Air-to-Air Missile Threat

In this scenario, a missile with an initial speed of 500m/s and an initial altitude of 2200m threatens an aircraft at 2000m with 250m/s speed, starting from 5km behind. When the threshold value is chosen to be 0.6, the trajectories of the players occur as in Fig. 13 and the time variation of the decision is as shown in Fig. 14. The distance between the two aircraft during flight occurs as presented in Fig. 15. The missile gets closest to the aircraft at 24th second with the distance between being 75m at that time.

In the same scenario, if the threshold value is decreased to 0.5, contrary to the previous case, the missile hits the aircraft. The trajectories of both missile and the aircraft in this case came out to be as in Fig. 16. Similarly, when the proportional combination of two maneuver strategies is applied in this scenario, the missile again hits the aircraft. The trajectories of this simulation are presented in Fig. 17.

6. CONCLUSIONS

In this study, a first stage design of an intelligent guidance law for an aircraft under missile threat is proposed. The maneuver evaluator fuzzy inference structure, though not successful at all scenarios yet, have provided promising results. It has been perceived that, in order to increase the ratio of the number of successful scenarios of the new proposed evasion guidance

algorithm for the aircraft to that of unsuccessful ones, it is required that the problem must be investigated deeper and more experience on the geometry and

behavior of the pursuit game must be acquired. If, then, the scale factors and the membership functions of the fuzzy inference structure may accordingly made adaptive, the number of successfully completed scenarios will increase.

TABLES

Vc \ R Very Close

Close

Moderate

Far Very Far

Neg.Big Dive Evade

Evade Evade Evade

Neg.Small

Dive Dive Evade Evade Evade

Zero Dive Dive Evade Evade Evade

Pos.Small

Dive Dive Dive Evade Evade

Pos.Big Dive Dive Dive Dive Evade

Table 1 Fuzzy Logic Rule Base

FIGURES

Fig. 1 Fuzzy Logic Maneuver Evaluator Structure

Fig. 2 Membership Functions for R

Fig. 3 Membership Functions for Vc

Fuzzy Logic Unit

R

Vc

K Gain

[0,1]

[-1,1]

[0,1]

Fig. 4 Membership Functions for ‘Decision’

Fig. 5 Input-Output Mapping of Fuzzy Structure

Fig. 6 Evasion Maneuver Demonstration

Vm

Vf Pm

Pf Vfd

Fig. 7 Diving Maneuver Demonstration

0 5 10 15 20 250.5

0.52

0.54

0.56

0.58

0.6

0.62

0.64

0.66

0.68

0.7

Fig. 8 Fuzzy Logic Decision - B1

Vm

R

R

Vf Vfd

Pm

Pf

Pm+KVm

Pc

-4000-2000

02000 -1500

-1000-500

0500

0

1000

2000

3000

4000

5000

6000

7000

EastNorth

Up

Fig. 9 Trajectories of Aircraft and Missile - B1

0 5 10 15 20 25 30 350.4

0.45

0.5

0.55

0.6

0.65

0.7

0.75

Fig. 10 Fuzzy Logic Decision - B2

0 5 10 15 20 25 30 35200

250

300

350

400

450

500

Fig. 11 Speeds of Aircraft and Missile - B2

-5000

0

5000

-4000-3000-2000-100001000

0

1000

2000

3000

4000

5000

6000

7000

EastNorth

Up

Fig. 12 Trajectories of Aircraft and Missile - B2

-5000

0

5000

10000

-4000

-3000

-2000

-1000

0

1000

-10000

-5000

0

5000

NorthEast

Up

Fig. 13 Trajectories of Aircraft and Missile - B3

0 5 10 15 20 25 30 35 40 45 500.3

0.35

0.4

0.45

0.5

0.55

0.6

0.65

0.7

Fig. 14 Fuzzy Logic Decision - B3

0 5 10 15 20 25 30 35 40 45 500

1000

2000

3000

4000

5000

6000

Fig. 15 Distance between the Aircraft and the Missile - B3

-6000-4000

-20000

20004000

-4000-3000

-2000-1000

01000

2000

3000

4000

5000

6000

East

North

Up

Fig.16 Trajectories of Aircraft and Missile - B4

-5000

0

5000

-4000-3000

-2000-1000

01000

2000

2500

3000

3500

4000

EastNorth

Up

Fig. 17 Trajectories of Aircraft and Missile - B5

REFERENCES

[1] Aslan, T., "Taktik Güdüm Algoritmalarinin Dogrusallastirilmasi", MS Tezi, Hacettepe Üniversitesi, 1997.

[2] Erdogmus, D., Leblebicioglu, K., "Augmentation of a Tactical Guidance Algorithm by Intelligent Estimator Aiding", IEE Control Systems Journal (Under Referee Review), 1998.

[3] Grote, J.D., "The Theory and Application of Differential Games", D. Reidel Publishing Co., Boston, 1985.

BIOGRAPHIES

Assoc. Prof. Kemal Leblebicioglu

Assoc.Prof.Kemal Leblebicioglu was born in Turkey on May 12, 1957. He received the B.Sc. degree in electrical and electronics engineering in 1979, and the M.Sc. and Ph.D. degrees in mathematics in 1982 and 1988, respectively, all from the Middle East Technical University (METU), Ankara, Turkey. From 1980 to 1988, he was with the Department of Mathematics at the METU as a graduate assistant. Since 1988, he has been on the Faculty of the Department of Electrical and Electronics Engineering at METU, where he is currently an associate professor. His research interests include the numerical methods for partial differential equations, inverse problems, optimization, optimal control theory, neural networks, neuro and fuzzy controllers, and image processing.

Ms. Deniz Erdogmus

Ms.Deniz Erdogmus born in 1976 in Turkey, he obtained B.Sc. degrees from the Electrical Engineering and Mathematics Departments of Middle East Technical University in July 1997. By May 1999, he had completed all privileges towards an M.Ss. degree at the EEE Dept. METU while working at the national research institute on defence systems at the Defence Industries Research and Development Institute (SAGE) where he studied on automatic flight control and navigation systems.