afcea99 bildiri session2 - afcea türkiye home...
TRANSCRIPT
SESSION II
Tactical Internet
Ms. Aysin Zaim (ASELSAN-Türkiye)
TASMUS Network Management System Architecture
Mr. Ali Yazici (ASELSAN-Türkiye)
Security of Network Systems
Mr. Sander Bakker (Cisco Systems, Europe-Belgium)
An Intelligent Evasion Law Design for an Aircraft Under Missile Threat
Assoc. Prof. Kemal Leblebicioglu (METU, EEE Department-Türkiye)
Ms. Deniz Erdogmus (TUBITAK, SAGE-Türkiye)
ON THE WAY THROUGH TACTICAL INTERNET:
TI APPROACH OF ASELSAN
FOR THE TURKISH LAND FORCES
Ms. Aysin Zaim
ASELSAN-Türkiye
1. ABSTRACT
This paper explains the ASELSAN’s Tactical Internet approach for the Turkish Land Forces in order to exchange information between warfighters in the tactical battlefield.
2. INTRODUCTION
21st century is named as “Information Age”. This term is emphasizes the importance of the “information” on the new century. Information term covers all kinds of data such as voice, video, imagery, graphics, etc. , and “Information System” describes a set of systems that acquire, process and transport the information. A C4I system is a military instance of an information system. C4I is the framework for situational awareness, decision making, and execution throughout the battlespace. Efficient execution of information exchange requirements throughout the battlespace is key to evolving C4I toward the ultimate goal of seamless information exchange in all weather conditions, day and night operations on any potential battlefield or other operational environment.
As a result of recent advancement of computers and computer communications equipment in the commercial environment, the military realm has developed a
goal of “Digitized Battlefield” to support the current and the future information requirements of the warfighters. Digitizing all generated
information throughout the battlefield accelerates acquisition, processing and dissemination of the information, and assures the command and control decision cycle superiority. Thus increase the survivability, lethality and operational tempo of the force.
3. Tactical Internet and Technical Constraints
Currently it is difficult to establish seamless information flow among diverse units of tactical battlefield due to disparate data formats, communication protocols and communications media. Therefore, providing interconnectivity and interoperability of computers are carrying weight with the computers as well. The Tactical Internet (TI) is the means to that end. Internetworking technology, as well as the use of improving multiple access, addressing and routing technologies and protocols, which are forming a reliable, seamless and secure communications network, has enabled the implementation of “Battlefield Digitization” vision. The seamless communication infrastructure called “Tactical Internet (TI)” is a brigade and below integration of tactical radios and routers forming a voice and particularly data network to transport “Command and Control” and “Situational Awareness” (SA) information for attached computers. This horizontally and vertically integrated digital information network supports warfighting systems and provides communications connectivity for all tactical users.
The Tactical Internet term is appropriate due to functional similarities to the commercial Internet. TI communications infrastructure is based on Internet technology and messages are exchanged by using the commercially-based Internet Protocol (IP). Although the use of such internetworking technologies is commonplace in the commercial realm, the application of the same resources to the tactical environment’s more severe and limiting conditions has presented some difficulties. The technical constraints present in the tactical internet are coming from its nature. TI is,
Highly mobile : All elements are either hand held or vehicle mounted and most of them must operate on the move, and roles also move from command post to command post,
Operated in a high-noise environment: It should be highly available in spite of jamming or interference of co-located radio transmission systems,
Subject to nodal and link outages: Various components can be lost or became temporarily unavailable due to malfunctions, moving out-of-sight with other elements, and LPD/LPI measures press for turning the system components off, or operating them silently. Because of that, computers on different networks may obliged to take over other’s functions.
4. Advantages
In spite of all those severe conditions TI forms a horizontally and vertically integrated digital information network to support warfighting systems, and to provide communications connectivity for all tactical users, and seamless communications network to attached computers. In brief, TI provides,
wireless network access,
continuous wireless connectivity,
mobility management- the ability to keep the network infrastructure aware of the network topology and presence/location of the mobile elements, and
routing -determine which path (or pathes) in the network that a given unit of data will take. Network routing is based on addressing schemes.
The TI also supports several key services. These services include functions such as electronic messaging, directory, network management and security.
5. Tactical Communications Infrastructure of Turkish Land Forces
Tactical communications system architecture of Turkish Land Forces will be based upon three networks in the 21st century. These three networks are the TASMUS [1] backbone (WAS [2] –LAS [3]), TASMUS MAT [4] TDMA [5] Packet Radio and PRC/VRC-9600 CNR radio systems. MAT and PRC/VRC-9600 radios will constitute the “Mobile Subsystem” part of the tactical communications infrastructure.
The MAT network will be the primary high rate data traffic backbone from maneuver brigade to lower echelon units and direct support units. MAT provides X.25 Switched and Permanent Virtual Circuit (PVC) connections.
PRC/VRC-4600 VHF/FM Fixed Frequency and PRC/VRC-9600 VHF/FM Frequency Hopping Military Radio families provide low rate (up to 16Kbps) data communications and CNR capability to the Turkish Land Forces. Most users of Turkish Land Forces in the forward echelon are on PRC/VRC-4600/PRC/VRC-9600 nets, so these nets will be the most common source and destination of the data traffic. PRC/VRC-9600 digital CNR radios will become the major communications equipment at the brigade and below in the forthcoming future.
Seamless communications is defined as communications between two computers where transport of data, whether accross one or multiple heterogeneous networks, is transparent to the user. Routers and gateways enable this seamlessness by providing junction points for the internetworking between the communications networks. The “Tactical Data Communications Module” (TDCM) is being developed by ASELSAN for that purpose. TDCM enables the intra- and internetworking of the PRC/VRC-9600 CNR radios. Thus PRC/VRC-9600 together with the TDCM will constitute main part of the TI at the combat area.
TDCM supports MIL-STD-188-220B [6] protocol, and
provides two-way half-duplex end-to-end data transmission over point-to-point, multipoint, relay or broadcast connections between attached stations to the internet or intranet.
controls and regulates network access scheme according to chosen multiple access method and thus minimize collision probability,
provides topology learning and updating capability for the intranet under changing topology and dynamic connectivity.
provides end-to-end acknowledgement and retransmission mechanism for reliable data communications,
supports interfaces to wireline and existing various radio equipment of Turkish Land Forces.
6. Objectives
To form the Tactical Internet infrastructure for the Turkish Land Forces, ASELSAN has developed a migration plan,
In the short term: The goal is to achieve Tactical Intranet by using intermediate devices such as TDCM and interconnecting the legacy systems each other over a tactical wireless LAN. TDCM will be used as a network adaptor for the existing CNRs in that configuration. Another objective of this stage is horizontal integration of those homogeneous networks (i.e., CNR Intranets). TDCM will function as a “bridge” in this stage.
In the mid term: CNR networks will get a connection to the “Mobile Subsystem (MS)” elements of TASMUS, in other words, to the MAT TDMA packet radios via TDCMs. Therefore, CNR Intranets will be vertically integrated to higher echelons, and geographically separated CNR networks can be connected each other over TASMUS infrastructure. Thus they alltogether form a Tactical Internet. The role taken over by the TDCM in this stage is named as “Combat Net Radio Interface (CNRI)” in NATO TACOMS Post 2000 documents. In commercial terminology it corresponds to a “router” or a “gateway” which are used to connect heterogeneous networks. Another goal of this period is to develop next generation CNR which has built-in GPS and networking facilities.
In the long term: Following stages whereat the vertical integration of TASMUS to the strategic network of Turkish Armed Forces (i.e., TAFICS [7]), TI of Turkish Land Forces will reach the ultimate goal of joint seamless interoperability, by the communication systems of the Navy, Air Force and General Staff.
The major objective of the ASELSAN is to keep evolving its products on the field of tactical communications, in parallel to the future requirements of the Turkish Armed Forces and the growing technology. Increasing data transmission rates of the communication equipments, that are used at the brigade and below echelons, towards the 64kbps by using advanced coding and compression techniques, and supporting advanced and integrated information services (voice over IP, low rate video, etc.) by TI components will be the near term objectives of the ASELSAN also.
[1] TASMUS Tactical Area Communications System
of Turkish Land Forces
[2] WAS Wide Area Subsystem (NATO TACOMS Post 2000)
[3] LAS Local Area Subsystem (NATO TACOMS Post 2000)
[4] TASMUS MAT
Mobile Subscriber Terminal of TASMUS
[5] TDMA Time Division Multiple Access
[6]MIL-STD-188-220B
Interoperability Standard for Digital Message Transfer Device Subsystems
[7] TAFICS Turkish Armed Forces Integrated Communications System
BIOGRAPHY
Mrs.Zeliha Aysin ZAIM ([email protected] ) received B.S. and M.S.degrees in electrical engineering from Hacettepe University-Ankara,Türkiye,in 1982 and 1985 respectively. Her background includes university teaching experience and work in industry in the areas of computer aided education, industrial control and automation and telecommunications. She joined ASELSAN in 1988, where she was involved in the design and development of PC based PABXs, trunking radio systems and GSM hand held terminals. Currently, she is working as a technical leader for Software Engineering Department of Microwave and System Technologies Division, ASELSAN. Her main research interests are on digital transmission and data communications software.
TASMUS (SYSCON) NETWORK MANAGEMENT SYSTEM ARCHITECTURE
Mr. Ali Yazici
ASELSAN-Türkiye
1. ABSTRACT
TASMUS network management and planning system, “SYSCON” meets military network management and planning requirements by using both ITU-T M.30 system control concepts and NATO TACOMS POST-2000 system control concepts.
TASMUS Network Management System has three hierarchical levels, SEP, OSC and FC. The communication between OSC and NE passes through FCs. OSC communicates with the FC to which the NE in question is connected. Then the FC transmits the commands that come from the OSC to the relevant NE. The necessary mediation is performed at the FC level. On the mobile subsystem, Mobile Subscriber Terminals use TDMA (Time Division Multiple Access) technique and automatically form a radio network where all the network management functions are carried out in a distributed fashion. The access of this radio network is via Radio Access Point device that manage all Mobile Subscriber Terminals on behalf of OSC .
Aselsan has designed and implemented own network management protocol named ASMS/ASMP to support secure network management functions on the tactical field.
2. INTRODUCTION
TASMUS provides mobile, survivable, flexible, rapid and secure multichannel communications (voice, video and data) to the tactical users and provides information to the commanders about the geographical positions of all their subordinate units. TASMUS is compliant with the NATO TACOMS POST 2000 architecture.
As shown in Figure 1., TASMUS will have a layered architecture.
RAP
MOBILE SUBSYSTEM (MS)
MST
NP
RAP
LOCAL AREA SUBSYSTEM (LAS)
NP
WIDE AREA SUBSYSTEM (WAS)
STRATEGICSYSTEMS
PTT
Figure 1. TASMUS Layered Architecture
At the highest level the Wide Area Subsystem (WAS), which carries out the backbone switching, is formed by the nodal points. Interfaces to the strategic systems and PTT are located on the Wide Area Subsystem.
The second layer is the Local Area Subsystem (LAS), which is formed by Radio Access Points (RAP) connected to the nodal points. The RAPs contain the access switches through which the users access the system. The RAPs also constitute a gateway for the mobile users.
The third layer is the Mobile Subsystem (MS). In the Mobile Subsystem mobile subscribers use Mobile Subscriber Terminals (MST) to access the TASMUS switching backbone.
In addition to those layered subsystems, the system control SYSCON carries out all the necessary control functions such as system planning, control and management.
NPNP
RAPRAP
WIDE AREASUBSYSTEM
WIDE AREASUBSYSTEM
RAPRAP
CNRCNR
STRATEGICSYSTEM
STRATEGICSYSTEM
PTTPTT
NPNPNPNP
NPNP
SYSCONSYSCON LOCAL AREA
SUBSYSTEM LOCAL AREA
SUBSYSTEM
MOBILESUBSYSTEM
MOBILESUBSYSTEM
TACTICAL DATABANK
TACTICAL DATABANK
R/L
R/L
R/L
R/L
R/L
TDD R/L
iSTAR
TDD R/L
TDD R/L
Figure 2. Detailed Architecture of TASMUS
Detailed architecture, interconnection of the subsystems and interfaces to the other systems such as CNR, PTT and strategic system is shown in Figure 2.
3. OSI NETWORK MANAGEMENT
3.1.Functions Of Network Management Systems
The OSI Network Management Model is the primary means of understanding the major functions of the network management system. This model consists of five conceptual areas:
Configuration Management: The monitoring and maintanance of the current state of the network. Installing, initializing, boot loading, modifying, or tracking hardware and software configurations and options.
Fault Management: The detection, isolation and correction of abnormal conditions. Troubleshooting the network; finding and correcting failed or damaged components or misconfiguration; monitoring equipment for early problem indicators; tracking down distributed problems.
Security Management: Provides authorization, access control, encryption and key management.
Performance Management: Enables the maintanance of network performance at acceptable levels. Monitoring the capacity and loading of network components; gathering and analyzing performance-related data to predict future requirements and needed equipment changes or upgrades.
Accounting Management: Enables charges to be established for the use of network resources. Allocating cost of various portions of the network to the groups using them; capturing the usage data to allow accurate reporting.
3.2.The Parts of the Network Management System
A network management system consists of manager, Agent, MIB and management Protocol.
1) Manager:
Serves as an interface for the administrator with the network management system
Translates administrator’s commands and performs the actual monitoring and control of the network elements.
Uses the manager framework provides the enviroment that enables a manager application to the intreact with agents, managed objects and operating system.
2) Agent:
responds to commands from the network administrator (manager).
3) MIB:
a collection of objects, each representing a particular aspect of managed agent.
4) Network Management Protocol(Services):
the communication between the manager and the agents is carried out using a network management protocol
network management services are used by application process in peer open systems, to exchange information and commands for the purpose of systems management.
3.3.Network Management Protocols-CMIP and ASMP
The communication between the manager and the agents is carried out using a network management protocol. Although there are a lot of proprietary protocols, the standards community has responded to the multi-vendor independent management problem with two standards, the simple network management protocol (SNMP) and the common management information protocol (CMIP).
The performance requirements associated with tactical systems management may be more rigid than other strategical system management schemes, especially in areas such as:
Ø Conservation of bandwidth consumed by network management traffic;
Ø Ability to adapt dynamically to managing real-time, time-varying resource configurations;
Ø Ability to maintain network management control despite the high degree of intermittent interruptions in management communication services;
Ø Resumption of control of a failed network control center;
Ø Other high survivability requirements.
For this reason, Aselsan has developed his own network management protocol for the TASMUS Network Management System named Aselsan Syscon Management Protocol ASMP.
CMIP:
Common management information protocol (CMIP) operates over an open system interconnect communication stack (OSI full seven layer stack). It is an application layer protocol. CMIP uses an event-based management system, with the managed devices asynchronously sending predefined information (not only alarms) to the manager. It supports the following services called CMIS (Common Management Information Services):
Ø GET fetches the attribute values from the MIB.
Ø SET replaces the attribute value.
Ø CREATE adds a new instance of a managed object and can be used, for example, to create a new “connection” in a telecommunication network.
Ø DELETE deletes the instance of a managed object.
Ø ACTION provides a general facility for requesting actions against existing managed objects, for example, carrying out a test to determine the cause of an alarm.
Ø EVENT-REPORT allows the agent to send events and alarms to the manager.
ASMP:
Aselsan Syscon Management Protocol-ASMP is the protocol developed by Aselsan for the TASMUS network management system. ASMP is a protocol like CMIP that is used by an application process to exchange information and commands for the purpose of remotely managing communication resources, and Aselsan Syscon Management services-ASMS specifies the service interface to ASMP. ASMS/ASMP runs over the X.25 Network Layer of OSI.
ASMP also uses an event-based management system, with the managed devices asynchronously sending predefined information (not only alarms) to the manager. The basic idea behind ASMP is to transmit all information in small, fixed-size packets. The packets are 138 bytes longs of which 10 bytes are header and 128 bytes are network management data, as shown in Figure.3.
Sync Packet
Identifier
NE_ID P(R)/ P(S) Type Data
Length
NM DATA CRC
Figure 3. ASMP Packet
Sync: This field defines the synchronization byte. This field is used whenever the synchronization between manager and agent is lost.
Packet-Identifier : This field defines the packet type. Packet types are Security, Alarm, Performance, Configuration and Last packet indicator. The first 4 bits of this field define the packet type. Data which is greater than the maximum data length, is send in chunks. The last packet of these chunks is marked with the 5th bit of this packet; otherwise, it is set to 0.
NE-ID: This field defines the network element identification number. Network element identification number is the X.25 network address of the network elements.
P(R)/P(S) : This field defines the number of received and sent packets. This field is used to coordinate the packet flow between manager and agent.
Type: This field defines the type of services. These services detail the kind of actions which are going to be taken with the NM_Data
Data Length: This field defines the length of data in the network management data field in ASMP packets.
NM-Data : Alarm, Performance, Configuration and Security data is carried in the network management data field of ASMP packets with the appropriate type value set to Type field.
CRC : This field contains cyclic redundancy checking of entire packet up to the end of the meaningfull data. In the ASMP modified polynomial expression (modulo 2) X16+X12+X5+1 is used.
ASMP uses the following services called ASMS:
Ø X-GET :service is invoked by an ASMS-manager to request the retrieval of management information from a peer ASMS-agent. The service may only be requested in a confirmed mode, and a reply is expected.
Ø X-SET: service is invoked by an ASMS-manager to request the modification of management information by a peer ASMS-agent. The service may be requested in a confirmed mode or a non-confirmed mode. In the confirmed mode, a reply is expected.
Ø X-INITIATE service is invoked by an ASMS-manager to request a peer ASMS-agent to perform an action. The service may be requested in a confirmed mode or a non-confirmed mode. In the confirmed mode, a reply is expected.
Ø X-TERMINATE: service is invoked by an ASMS-manager to request a peer ASMS-agent to terminate an action. The service may be requested in a confirmed mode or a non-confirmed mode. In the confirmed mode, a reply is expected.
Ø X-CANCEL: service is invoked by an ASMS-manager to request a peer ASMS-agent to cancel a previously requested and currently outstanding invocation of the X-GET service. The service may only be requested in the confirmed mode and a reply is expected.
Note that, X refers to capital letters S, C, P that correspond Security, Configuration and Performance respectively.
4. TASMUS Network Management System
SYSCON Architecture is designed to meet military network control requirements by using both ITU-T M.3000 system control concepts and NATO TACOMS POST-2000 system control concepts.
TASMUS will have the following SYSCON (System Planning, Control and Management subsystem) units to control the Network Elements (NEs), such as NP ATM Switches, RAP Access Switches, iSTAR Radios, Bulk Encryption Devices, EOW Encryption Devices, ISDN Terminals etc.
Ø SEP (System Executive Planning)
Ø OSC (Operational System Control)
Ø FC (Facilities Control)
SEP is basically responsible for the preparation of the communication planning at the highest staff level.
OSC mainly performs and controls the plans prepared by SEP. For these functions, a LAN (Local Area Network) is formed. Basic architecture of the OSC is given in Figure 4. Two connections of OSC to two different RAP increase the connectivity of OSC to NE’s.
FCs are deployed at each RAP location to control the NE’s at that RAP area under the control of OSC.
To increase the reliability and survivability, each FC can replace the position of OSC when any failure occurs. X.25 packet data communication technique is selected to increase the connectivity between SYSCON and NE’s. This concept also increases survivability and reliability of SYSCON functions.
SEP
OSC
System Execution
Unit
FrequencyPlanning
Unit
Path ProfileAnalysis
Unit
OperationalControl
Unit
LogisticsUnit
Traffic Analysis
Unit
ComsecUnit
FC
LAN
FC FC
SEP : System Executive Planning
OSC : Operational System Control
FC : Facilities Control
Figure 4. TASMUS SYSCON Architecture
Modular architecture of TASMUS and SYSCON enable the system planners to design and implement almost any kind of communication structure that best fits the concept of operations of Armed Forces. The main functions of SYSCON are given below:
Ø Frequency planning,
Ø Path profiling and propagation calculation,
Ø Digital vector map including detailed database about area of interest (like roads, water sources, etc.), network graphic display
Ø COMSEC and COMPUSEC key generation and distribution
Ø Equipment, system and personnel status
Ø Configuration traffic (voice, data and video) simulation
Ø Statistical database generation of the operation (this database can be used as an input for traffic simulation)
Ø Displaying the deployment of NP, RAP and iSTAR units on digital map
Ø Facility database generation for user profiles
5. TASMUS Network Management System Architecture
In TASMUS, a secure X.25 packet switching network is used for communication between SYSCON elements and the network elements. To achieve the secure packet switched (CCITT-X.25) communication network, Packet handler of Access Switches, Packet Assembler Dissembler PAD equipment and digital telephones with built-in crypto are used. Packet data switching (X.25 data communication) is supported over the TASMUS network by packet handlers of access switches. Digital telephone with built-in crypto is used for secure X.25 data communication. Although, most of the network elements in TASMUS have X.25 interfaces for network management functions, some of them have V.24 (Asynchronous) interfaces instead of the X.25 interface. Using PAD equipment for these network elements, asynchronous traffic can be packetized directly over X.25 communications or vice versa in accordance with X.3, X.28 and X.29 profiles.
The general structure of the SYSCON network is as shown in Figure 5.
OSC
FC1 FC2 FCN
NE
NE
SYSCONPAD
NE
NE
NE
V.24
X.25
NE
NE
SYSCONPAD
NE
NE
NE
V.24
X.25
NE
NE
SYSCONPAD
NE
NE
NE
V.24
X.25
X.25
Figure 5: General structure of the SYSCON system
The communication between OSC and NE is passessed through FCs. OSC communicates with the FC to which the NE in question is connected. Then FC transmits the commands that come from the OSC to the relevant NE. The necessary mediation is performed at the FC level.
There is a local area network that consists of 1 Server, 1 Workstation, 6 computers, 2 printers, 1 Hub and 1 Router running Window NT-4.0 operating
system in the OSC shelter for performing OSC functions. TCP/IP protocol is used. There are also additional 2 computers that will perform the necessary backup of the OSC functions manually. The authorized person will activate this backup system whenever OSC is out of service. The general structure of the OSC shelter is as shown in Figure 6.
Figure 6: General structure of the OSC shelter
Access control and authentication is provided within the network management system (Syscon) in TASMUS. Any authorized and non-authorized transaction will be registered to the audit register.
In TASMUS, three different types of network management protocols are used for the purpose of remotely managing communication resources. These protocols are Common Management Information Protocol-CMIP, Aselsan
HUB HUB
SGNSGNSGNSGN
Digital Telephone
Server, Workstations andPrinters
5 TonsTrack5 TonsTruck
OSC ShelterOSC Shelter ACCESS
SWITCH ACCESS
SWITCH
R/LGRC-5211
R/LGRC-5211
BEEBEE
ROUTER ROUTER
MDFMDF
R/LGRC-5211
R/LGRC-5211
BEEBEE
PADPAD
EOW CRYPTOEOW CRYPTO
Syscon Management Protocol-ASMP and Transparent Asynchronous Protocol-TAP. CMIP is used for ATM ad ISDN switches. ASMP is used for VRC5112 Radio Access Points, Mobile Subcriber Terminals, GRC5211 Radio Link Equipments, Bulk Encryption Devices, EOW Encryption Devices, OCAC Open Contact Alarm Collector Equipments. Marconi TAP protocol and MAL services is used only for Marconi products such as MH344T R/L and MT321T MOLTU Equipments and this protocol is mediated to ASMS/ASMP in FC level. On the mobile subsystem, Mobile Subscriber Terminals use TDMA (Time Division Multiple Access) technique and automatically form a radio network where all the network management functions are carried out in a distributed fashion. The access of this radio network is via Radio Access Point device that manage all Mobile Subscriber Terminals on behalf of OSC .
6. CONCLUSION
TASMUS network management and planning system, “SYSCON” meets military network management and planning requirements by using both ITU-T
TMN Manager-TMN ManagerFramework Interface, CMIS
TMN Manager Framework
CMIP
Manager- Manager FrameworkInterface, ASMS
Non TMN ManagerFramework
ASMP
MANAGER
CMIP
ATM
Switches
TAP
LOS R/L
ASMP
OCAC
ASMP
EOWEncryption
TAP
MOLTU
ASMP
TAP / ASMPMediation
TAP
ASMP
CMIPAccess
Switches
DigitalTelephone
OSC Level
FC Level
BulkEncryption
ASMP
RadioAccess Point
ASMP
Band III R/L
Mobile SubcriberTerminal
TDMA
M.30 system control concepts and NATO TACOMS POST-2000 system control concepts.
TASMUS Network Management System is designed to meet requirements of the tactical communications. For this purpose, we designed and implemented own network management protocol named ASMS/ASMP to support secure network management functions on the tactical field. The communication between SYSCON elements and network elements is through the secure X.25 packet switching network. To achieve this secure packet switched (CCITT-X.25) communication network, digital telephones with built-in crypto are used.
TASMUS Network Management System has three hierarchical levels SEP, OSC and FC. The communication between OSC and NE is passed through FCs. OSC communicates with the FC to which the NE in question is connected. Then FC transmits the commands that come from the to the relevant NE. The necessary mediation is performed at the FC level. On the mobile subsystem, Mobile Subscriber Terminals use TDMA (Time Division Multiple Access) technique and automatically form a radio network where all the network management functions are carried out in a distributed fashion. The access of this radio network is via Radio Access Point device that manage all Mobile Subscriber Terminals on behalf of OSC .
REFERENCES
[1] ITU-T M.3010, “Principles for Telecommunications Management Network”, 1992
[2] David M.Piscitello, A. Lyman Chapin, “Open Systems Networking” August, 1993
[3] Andrew S. Tanenbaum “Computer Networks”, 1993
MIL-HDBK-1351, 23 Jul 93
BIOGRAPHY
Mr.Ali YAZICI (Aselsan) has received BS and MS degrees in Electrical and Electronics Engineering from Middle East Technical University, Ankara, in 1984 and 1987, respectively. Between 1984 and 1988, he has worked at ASELSAN as a quality control engineer. Following his military service (April 1988-Ocober 1988), he returned back to ASELSAN. He worked on Communication and Computer Security Projects (COMSEC/COMPUSEC). He is currently working as technical leader in the COMSEC/COMPUSEC Projects and Tactical area Communications system (TASMUS) project. His professional interests are communication security, computer security, military communication networks, Network management systems and algorithm design.
SECURITY OF NETWORK SYSTEMS Mr. Sander Bakker
Cisco Systems, Europe-Belgium
1. ABSTRACT
This article explains the following topics related with the security of network systems.
Building a secure IT infrasucture – Minimizing the Risk
Determining the risks the IT infrastructure is running – What are the implications?
Recognising potential flaws in your security systems and finding solutions
What security tools are available and how to maximize the effectiveness
Examining the convergence of systems and products to improve your security
Implementing an integrated security system – Firewalls, Intrusion Detection and Scanners.
Assessing the role of encryption and VPN’s in network security
2. INTRODUCTION
Building aBuilding aSecure IT InfrastructureSecure IT Infrastructure
-- MinimisingMinimising the Risk the Risk --
Sander Bakker
European Security Specialist
AgendaAgenda
• Why Do We Need Security
• Elements of Security
• Identity
• Integrity
• Active Audit
• Policy Management
100% Security100% Security
“
”
The only system which is truly secure is one which is switched off and
unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then,
I wouldn’t stake my life on it….
Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University
The Gulf WarThe Gulf War
“
”
“Iraq lost the war before it even began. This was a war of intelligence,
electronic warfare, command an control and counter intelligence. Iraqi troops were blinded and defeaned…. Modern
war can be won by Informatika and that is now vital”
Soviet General S. Bogdanov, chief of the General Staff Center for Operational and Strategic Studies
Computer Crime and Security Survey (n=512)
1999 FBI/CSI Survey1999 FBI/CSI Survey
• 62% reported computer security breaches
• 51% suffered financial loss ($123 million)
• 59% attacks from the inside
• 54% attacks from the outside
• 55% were victim of unauthorized insider access
(45% in 1998)
1999 CSI/FBI Survey1999 CSI/FBI Survey
• Likely source of attack
Foreign governments 21%
Foreign corporations 30%
Independent hackers 74%
US competitors 53%
Disgruntled employees 86%
BASSBASS
• 36 million host scanned
• All domains
• Basic vulnerabilities
60% Penetrated over 30 Times60% Penetrated over 30 Times
Over the Past 12 Months, How Many Successful Unauthorized Accesses from Outsiders Have You Detected?
11 to 2013%
21 to 3025%
31 to 4052%
1 to 102%
Over 502%
41 to 506%
Source: WarRoom Research, Internet Week, 23 March 1998
Why Do We Need Security?Why Do We Need Security?
“
”
Around 90% of web sites can be hacked into and shut down within 10 minutes
Once a web site has been hacked, it’s usually a matter of hours before they gain access to the entire IT system
and everything it contains
Harry Ram, Director of communications at Diligence Computer Personnel 9-22, October 1998
ExamplesExamples
ExamplesExamples
ExamplesExamples
• Hacked companies suffer $2–11M (American Bar Association)
First National Bank of Chicago lost $70M
MCI lost $50M
Digital Equipment Corporation lost $5M
Citibank lost $10M to Russian hackers
Ernst & Young survey 80% suffered loss related to information security
What Makes it Worse?What Makes it Worse?
“
”
Over 75% of hacking is done by insiders and it’s easy to see why. The
person on the inside is on the right side of the firewall—they know the computer systems and they have
access to the passwords
Neil Barrett, Bull Information Systems,
‘Computer Crime Fighter’—Personal Computer World, Feb 1999
Hacking Is EasyHacking Is Easy
• Anyone can be or become a hacker
• The threats are real
• There are easy tools freeFor example:
l0PHT-Crack (www.l0pht.com)
Back Orifice (www.cultdeadcow.com)
Be PreparedBe Prepared
Have a Security Policy
“
”
First, companies should develop and adopt corporate-wide
security policies. Then they should implement technologies
to carry out those policies.
Ernst & Young, Information Week, 8 September, 1997
• R = (V x T) - P
• Reputation“Only 37% would report if required by law”
Risk = vulnerabilities x threats - prevention
Risk ManagementRisk Management
Security Policy DevelopmentSecurity Policy Development
• Identify Network Assets to Protect
• Determine Points of Risk
• Limit the Scope of Access
• Identify Assumptions
• Determine Cost of Security Measures
• Consider Human Factors
• Keep limited number of Secrets
• Implement Pervasive and Scalable Security
• Understand Typical Network Functions
• Remember Physical Security
A Comprehensive, Integrated Security Solution A Comprehensive, Integrated Security Solution Can Enable an Organization to Minimize and Can Enable an Organization to Minimize and
Manage Risk...Manage Risk...
1)Corporate Security Policy
2)2) SecureSecure
3)3) Monitor andMonitor andRespondRespond
4)4) TestTest
5)5) Manage andManage andImproveImprove
Goal: Comprehensive SolutionGoal: Comprehensive Solution
Security WheelSecurity Wheel
1)
Corporate Security Policy
2. Secure2. Secure
3)3) Monitor and RespondMonitor and Respond
4)4) TestTest
5)5) Manage andManage andImproveImprove
•• FirewallFirewall•• Authentication and authorization of usersAuthentication and authorization of users•• Encryption and VPNEncryption and VPN•• Security design and implementation/integrationSecurity design and implementation/integration
•• Intrusion detectionIntrusion detection•• Intrusion responseIntrusion response•• 24 x 724 x 7
•• Vulnerability scanningVulnerability scanning•• Network mappingNetwork mapping
•• Systems integrationSystems integration•• Recommended fixesRecommended fixes•• CountermeasuresCountermeasures•• Incident control and recoveryIncident control and recovery
Elements of SecurityElements of Security
• IdentityAccurately identify usersDetermine what users are allowed to do
• IntegrityEnsure network availabilityProvide perimeter securityEnsure privacy
• Active auditRecognize network weak spotsDetect and react to intruders
• Policy managementCentralized control of security services
Policy
Elements of SecurityElements of Security
• IdentityAAA - Server
• IntegrityFirewall
IPSec Encryption
• Active auditVulnerability Scanner
Intrusion Detection
Security Consulting
• Policy managementPolicy Server
Policy
Security Is…Security Is…
Security Office
Traditional Locks
Guard
SecurityCamera
Card KeyCard Key
Intrusion DetectionIntrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion DetectionIntrusion DetectionPolicy ManagementPolicy Management
Vulnerability ScannerVulnerability Scanner
FirewallFirewall
FirewallFirewall
AAAAAA--ServerServer
• Uniquely and accurately identify users, applications, services, and resources
RADIUS, TACACS+, Kerberos, OTP, MS-login, AAA server, digital certificates, directory services
IdentityIdentityIdentity
UNIVERSALUNIVERSALPASSPORTPASSPORT
KjkjkjdgdkkjdkjfdkI kdfjkdjIkejkejKkdkdfdKKjkdjdKjkdjfkdKjkdKjdkfjkdj Kjdk
USA
************************
************************
Kdkfldkaloeekjfkjajjakjkjkjkajkjfiejijgkdkdjfkdkdkdkddfkdjfkdjkdkd
kfjdkkdjkfdkfjdkfjdkjkdjkdjkaj
kjfdkjfkdjkfjkjajjajdjflakjdfkjeiieiefkeieooei
IdentityIdentity——AAA ModelAAA Model
• AuthenticationWho are you
“I am user X, my password is xyzxy”
• AuthorizationWhat can you do
“User X can access host Y with telnet”
• AccountingWhat did you do
“User X accessed host Y with telnet 15 times”
IdentityIdentity—— DDNS/DHCPDDNS/DHCP
• Security Policies based on IP addresses
• Are you using Dynamic Host ConfigProtocol (DHCP)?
• How do you manage and secure your network when using DHCP?
You Don’t Know Who’s Going Where You Don’t Know Who’s Going Where Until You know Who They AreUntil You know Who They Are
IntegrityIntegrity——Network AvailabilityNetwork Availability
• Ensure the Network Infrastructure remains available
Administrative controls, Passwords, MD-5 hash, encryption, DoS protection, Encrypted Kerberos, Telnet
• Control access to critical network applications, data, and services
Access control lists, firewall technologies, content filtering, authentication
Integrity—Perimeter SecurityIntegrityIntegrity——Perimeter SecurityPerimeter Security
What Is a FirewallWhat Is a Firewall
“
”
All traffic from inside to outside and vice-versa must pass through the firewall
Only authorized traffic, as defined by the local security policy, will be allowed in
The firewall itself is immune to penetration
Source: Bellovin and Cheswick “Firewalls and Internet Security, Repelling the Wily Hacker”
IntegrityIntegrity——PrivacyPrivacy
• Provide authenticated private communication on demand
VPN, IPSec, IKE, encryption, DES, 3DES, digital certificates, CET, CEP
Virtual Private NetworksVirtual Private Networks
Internet
FirewallFirewall
FirewallFirewall
Encrypted IP
Internet
InternalNetwork
Encrypted IP
Cisco VPN ClientCisco VPN Client
IntegrityIntegrity——IPSec Protects VPNIPSec Protects VPN
• Privacy, data integrity, and authenticity
• Obscures source and destination information
• Safeguards from “replay” and “man-in-the-middle” attacks
• Implemented transparently in the network infrastructure
• Internet standard
OriginalPacket
EncapsulateInto New Packet
Authenticate withMD-5 Checksum
Encrypt EntireContents (DES)
HeaderHeaderDataData HeaderHeader
HeaderHeaderDataData HeaderHeader
DataData HeaderHeader
IPSec Tunnel ImplementationIPSec Tunnel Implementation
ChecksumChecksum
HeaderHeader
Virtual Private NetworksVirtual Private Networks
Encapsulate
Authenticate
Encrypt
Internet
Creates a Network “Tunnel” or “Virtual Private Network”
HelloHello
!@#$%&!@#$%& !@#$%&!@#$%& !@#$%&!@#$%& !@#$%&!@#$%& !@#$%&!@#$%&
Remove
Authenticate
Decrypt
HelloHello
HelloHello
HelloHello
HelloHello
HelloHello
Firewalls, Authorization, Encryption Do Not Provide Visibility Into these Problems
Active AuditActive Audit
• The hacker might be an employee or ‘trusted’ partnerUp to 80% of financial loss are from insiders—FBI
• Your defense might be ineffectiveOne in every three intrusions occur where a firewall is in place—Computer Security Institute
• Your employees might make mistakesMisconfigured firewalls, modems, old passwords, etc.
• Your network will grow and changeEach change is a security risk
Active AuditActive Audit——Network Network Vulnerability AssessmentVulnerability Assessment
• Assess and report on the security status of network components
Scanning (active, passive), vulnerability database
Active AuditActive Audit——Intrusion DetectionIntrusion Detection
• Identify and react to known or suspected network intrusion or anomalies
Passive promiscuous monitoring, database of threats or suspect behavior, communication infrastructure, access control changes
Host Based IDSHost Based IDS
Workgroup Switch
Corporate Network
Router
Web Server Email Server
Internet
EngineeringFinance
Administrator
AGENT
AGENT AGENT
AGENT AGENTAGENT
AGENT
AGENT
AGENT
AGENT
AGENT
AGENT
AGENT
AGENT
AGENT AGENT
AGENTAGENT
Network Based IDSNetwork Based IDS
Remote Office
Workgroup Switch
Corporate Network
NetRanger
NetRanger
NetRanger
NetRanger Director
Router
Web Server Email Server
NetRanger
Internet
Engineering Finance
Administrator
Alert
Network Network vs vs Host IDSHost IDS
• Network-Based - SniffingPassively collects data from the network
Doesn’t impact normal network operations
Monitors all hosts, directly or indirectly, on the subnet
• Host-Based - AgentsRequires software running on all monitored hosts
Reports to a centralized management platform
Network Network vs vs Host IDSHost IDS
• Network-BasedDetects attacks that Host-based miss
Denial of Service (Header)
Probes (Payload)
Unsuccessful attacks and malicious intent
Real-time detection and response
Operating System Independent
Difficult to Remove Evidence
Fewer detection points required
Network Network vs vs Host IDSHost IDS
• Host-BasedDetects attacks that Network-based miss
Dial-up modem, keyboard
Encrypted traffic
Fewer False positives
No additional Hardware
Easier to remove Evidence
Performance impact on Host
Active AuditActive Audit——Security ConsultingSecurity Consulting
• Identify and recommend solutions to security vulnerabilities/attacks enterprise-wide
Manual secondary exploitation, Security posture assessments, Incident control and response
PolicyPolicy
Policy ManagementPolicy Management
• Provide integrated control over the use of the network resources
Secure and remote management of firewalls, IPSec encryption and VPN management, policy validation
Security Management Security Management Requirements and ChallengesRequirements and Challenges
Point Point ApplicationsApplications
Simplified Simplified Presentation Presentation via Policiesvia Policies
Network
Inconsistent Inconsistent Device Device
ConfigurationConfiguration
Complex Complex TechnologiesTechnologies
Centralized, Secure Centralized, Secure Command Command & Control& Control
Integrated Integrated Product Product
& Technology& TechnologyManagementManagement
Scalability Performance
Users
Applications Devices
What is a Network PolicyWhat is a Network Policy
• A set of high-level directives that control the deployment of network services (e.g. Security and QoS)
• Created in terms of established practices
CampusCampus/Data Center Internet
DevicesDevices
Network PoliciesNetwork PoliciesUsersUsers
ApplicationsApplications 365 x 24 x 7365 x 24 x 7
MM––F, 9F, 9––55
Strict Perimeter SecurityStrict Perimeter Security
Strong encryption & high priorityStrong encryption & high priority
Access restrictions & authorizationAccess restrictions & authorization
365 x 24 x 7365 x 24 x 7
What is Policy Management ?What is Policy Management ?• The overall process by which organizations administer
their established policies
• Translates high-level policies developed in terms of business objectives, into network and device configurations within the network
• Enforced network-wide
• Comprises three basic tasks:
Policy Definition
Policy Enforcement
Policy AuditingPolicy-based management optimizes network operations!
Telecommuters
MobileUsers
Branch Offices
QoSSecurity
Campus
Partners
Enterprise Policy
Policy ManagementPolicy Management
• Set policies for users, applications and devices
• Deliver end-to-end QoS and security• Integrate with registration and directory services
• Enable integrated control over network resources
A Comprehensive SolutionA Comprehensive Solution
2) Secure
1)Corporate Security Policy
3) Monitor andRespond
4) Test
5) Manage andImprove
A Comprehensive, Integrated Security Solution Can Enable an Organization to
Minimize and Manage Risk…
Improving SecurityImproving Security
Remote Office
Corporate Network
Router
Web Server Email ServerEngineering Finance
Administrator
NetRanger
NetRanger
NetRanger
NetRanger
NetRanger Director
Alert!Alert!
Internet
Mobile User
Cisco VPN Client
ServiceServiceProviderProvider
Improving SecurityImproving Security
Remote Office
Internet
Mobile User
ServiceServiceProviderProvider
Corporate Network
Router
Web Server Email ServerEngineering Finance
Administrator
Cisco Security Manager
UpdateUpdatePolicyPolicy
Security IS a Solution Security IS a Solution
...and NOT a single product...and NOT a single product
• Be aware of the potential dangers
• Determine policies
• Protect integrity and privacy
• Actively audit and monitor environment
• Continue to improve
BIOGRAPHY
Mr. Sander Bakker is part of Cisco's SAM team. The SAM team is a European Overlay organisation within Cisco that focusses on Security, Availability and IP Management products. Mr. Bakker has over 10 years experience in high technology sales and marketing.
Prior to joining Cisco, Mr. Bakker helt sales and marketing positions for several high technology companies, including Raptor Systems, Axent and Wollongong. At Raptor Systems Mr. Bakker was responsible as Regional Sales Manager for Benelux, Southern Europe, Middle East and Africa.
AN INTELLIGENT EVASION LAW DESIGN
FOR AN AIRCRAFT UNDER MISSILE THREAT
Kemal Leblebicioglu
Computer Vision and Intelligent Systems Research Laboratory
METU Electrical-Electronics Engineering Department, 06531, Ankara, Turkey
Deniz Erdogmus
TÜBITAK-SAGE Electronics and Guidance Technologies Group
Guidance and Control Laboratory, METU Campus, 06531, Ankara, Turkey
1. ABSTRACT
In this study, an intelligent evasion law is proposed for an aircraft under missile threat. A fuzzy logic structure decides whether to employ ‘maximizing distance maneuver’ or the ‘maximum turning maneuver’ according to the distance between the missile, the aircraft and the closing velocity. It is understood that, in order to guarantee the success of this evasion law in any case where the capabilities of the aircraft are sufficient, the problem must be investigated deeper and it is mandatory to obtain more information about the structure of the pursuit-evasion game. When this is done, it will be possible to increase the number of scenarios where the aircraft evades the missile to the number of scenarios where the missile hits the aircraft by adapting the parameters of the fuzzy decision logic on-line according to scenario conditions.
Keywords : Fuzzy Logic, Pursuit-Evasion Game, Evasion Law
2. INTRODUCTION
One of the most popular topics in battle simulation studies is the air combat or the pursuit of an aircraft by a missile. With a general view, an air combat game is the one in which a number of players try to minimize their objective functions each employing strategies of their own preferences [Grote 1985]. In these games, the aircraft, the missiles, airports or other fascilities are modeled via various parameters and all players utilise their resources so as to minimize their respective objective functions. As a consequence of the game simulation, it is possible for the commander to decide on a strategy for the upcoming combat. The air combat simulation program TAMARI used by NATO countries is an example of such simulation programs.
It is, on the other hand, possible to approach the air combat game from a lower view and investigate the pursuit game between a missile and an aircraft. While general view simulations as stated above may help to develop strategies, the lower view approaches may lead to improved tactics for units involved in the combat actively.
During the recent years, much work has been done to improve pursuing tactics for the missile or the torpedo whereas little effort has been spent comperatively in order to obtain better evasion algorithms for the evader.
In this study, an intelligent evasion law for an aircraft under missile threat will be tried to designed. Necessary maneuver commands will be produced according to outputs of a fuzzy logic decision structure. This fuzzy structure, using a rule base and according to various parameters of the aircraft and the missile will either command the aircraft to run in the direction that maximizes the instantaneous distance between itself and the missile or command the aircraft to turn its velocity vector to a direction that will take the aircraft out of the possible reachable region of the missile by employing a strong acceleration.
In the games, the guidance law of the missile will be taken to be the proportional navigation. This choice arises due to the fact validated by both theory and practice that proportional navigation law is one of the most effective guidance laws [Aslan 1997], [Erdogmus 1998].
3. MANEUVER EVALUATION USING FUZZY LOGIC
Two possible marginal maneuvers for an aircraft under missile threat exist. First one is to direct the velocity vector along the direction that maximizes the
distance in between, and the second one is to turn the velocity vector to a direction that will take the aircraft out of the reachable volume by the missile before missile catches the aircraft.
The fuzzy structure to be developed will consider the distance in between and the closing velocity in order to decide which maneuver will be performed. The decision will come out as a scalar in the interval [0,1] and it will be possible to evaluate this value in different ways resulting in varying performance of the evasion algorithm. The block diagram of the fuzzy structure is shown in Fig. 1.
Once the two inputs, range (R), and closing velocity (Vc) are normalized, the fuzzy membership sets shown in Fig, 2-3 are ignited and the rules summarized in Table 1 are fired.
The fired rules are blended according to their firing strengths to activate the membership functions of the ‘Decision’, the output. The final output is computed from the fuzzy output using center of gravity defuzzification method. With all these definitions, the fuzzy structure has an input-output relation as shown in Fig. 5.
4. MANEUVERS
In this section, the marginal maneuvers mentioned before will be formulated and the possible usages of these maneuvers together with the output of the fuzzy structure will be investigated.
4.1 Evasion Maneuver
In the evasion maneuver, the aim of the aircraft is to align its velocity vector to the aircraft-missile direction and to accelerate in order to maximize the distance between. This situation is visualized in Fig. 6. At these conditions, the vector pointing the evasion direction is
The aircraft may speed-up, brake, or perform a lateral acceleration (perpendicular to its velocity vector). Using on-off control strategy and assuming that maximum permitted values for these accelerations are max_thr, max_bra, and max-lat, the acceleration required of the aircraft is found as
ρρ ρ ρ ρ
ρ ρ ρ ρlk k V V
k k V Vacc d
y y f f
y y f f
,
( ) /
( ) /=
− ⋅
− ⋅ (lateral acceleration direction)
(2)
ρ ρa lat llat acc d= ⋅max_ , (lateral acceleration)
(3)
ρ ρ ρa thr V Vthr f f= ⋅max_ / (speed-up acceleration)
(4)
ρ ρ ρa a ab k thr lat, = + (total acceleration)
(5)
4.2 Diving Maneuver
In the diving maneuver, the aim of the aircraft is to exert maximum possible lateral and braking accelerations to get out of the reachable volume of the missile as quickly as possible. In Fig. 7, the conic volume reachable by a
missile by an acceleration of amax at a speed of Vm is demonstrated. The base of this conic volume is a circle and the side surface has a circular crossection of
radius R V am= 2 / max . Under these conditions, the shortest path for the aircraft to get out of this conic region is the direction from the aircraft itself to the center of the circular crossection of the reachable area of the missile. Hence, the desired direction for the aircraft velocity will be towards the center of this minimum-radius turning circle of the missile.
In order to achieve the readjustment of velocity vector direction to the desired direction quickly, the aircraft must brake to slow down and apply a lateral acceleration to turn its velocity. Slowing down will enable the aircraft to achieve a higher angular rate to turn its velocity with the same amount of lateral acceleration. The desired velocity direction can be computed as
ρ
ρ ρ
ρ ρkP P
P Py
c f
c f
=−
− (evasion direction)
(6)
Here, ρPc and ρcd can be computed from
ρ ρ ρP P R cc m d= + ⋅ (center of circle)
(7)
ρ
ρ ρ ρ ρ ρρ
ρ
ρ ρ ρ ρ ρρ
ρ
c
P P P P VV
V
P P P P VV
V
d
f m f m mm
m
f m f m mm
m
=
− + − ⋅ ⋅
− + − ⋅ ⋅
2
2
2
2
(( ) )
(( ) )
(8)
In order to align the velocity vector to this direction, lateral acceleration will be produced as in (2) and (3), and the braking acceleration will be produced as in (4) with a negative sign.
4.3 Combining the Maneuvers
Evasion and diving maneuvers may be combined in many ways using the ‘decision’ of the fuzzy maneuver evaluator. For example, a threshold value may be determined to be compared with the decision value and if the decision is smaller than the threshold then diving, otherwise evasion maneuvers may be activated. One other possibility is to sum up both maneuver commands proportional to their portion residing in the decision. The success of these combination methods may vary from scenario to scenario. Also, the value of the threshold may effect the success of the algorithm. The conclusion drawn from this is that the fuzzy structure must be adaptive, in other words, with suitable refitting during flight, the fuzzy structure must learn how to escape the missile. However, this is a complicated task and it requires a deeper investigation of the pursuit problem and much experience.
5. SIMULATIONS
In this section, the developed guidance method for the evading aircraft will be investigated in several scenarios. Typical pursuit scenarios include air-to-air chase or surface-to-air chase cases; therefore the scenarios will be among these cases.
The speed-up, breaking, and lateral acceleration capabilities of the aircraft are bounded by 2g, 0.5g, and 5g respectively, whereas the missile is only allowed to exert a lateral acceleration that is bounded to 10g. The drag accelerations of both aircraft and missile are modeled to be a parabolic function of total speed with 0m/s2 at 0m/s speed and 1g at 650m/s for missile and 5g for aircraft at 400m/s, respectively. The scale factors for the inputs of the fuzzy structure are taken to be 10000m and 250 m/s for R and Vc.
5.1 Surface-toAir Missile Threat
In this scenario, the aircraft is threatened by a surface-launched missile. The missile is launched towards the aircraft which propogates towards
north at 2000m with a speed of 250m/s, with an initial inclination angle of 450 and has an initial speed of 500m/s. When the threshold method is used to evaluate the decision of the fuzzy structure with the threshold being 0.5, the decision of the fuzzy structure became as given in Fig. 8, and the trajectories of the missile and the aircraft are shown in Fig. 9.
When the evasion and diving maneuvers are linearly combined proportional to the decision of the fuzzy structure, different results have been obtained. The decision changes from evasion strategy to diving strategy in time as seen in Fig. 10. As presented in Fig. 11, the speed of the missile falls below the speed level of the aircraft which makes its hit probability thereafter zero. The trajectories of the aircraft and the missile are given in Fig. 12.
5.2 Air-to-Air Missile Threat
In this scenario, a missile with an initial speed of 500m/s and an initial altitude of 2200m threatens an aircraft at 2000m with 250m/s speed, starting from 5km behind. When the threshold value is chosen to be 0.6, the trajectories of the players occur as in Fig. 13 and the time variation of the decision is as shown in Fig. 14. The distance between the two aircraft during flight occurs as presented in Fig. 15. The missile gets closest to the aircraft at 24th second with the distance between being 75m at that time.
In the same scenario, if the threshold value is decreased to 0.5, contrary to the previous case, the missile hits the aircraft. The trajectories of both missile and the aircraft in this case came out to be as in Fig. 16. Similarly, when the proportional combination of two maneuver strategies is applied in this scenario, the missile again hits the aircraft. The trajectories of this simulation are presented in Fig. 17.
6. CONCLUSIONS
In this study, a first stage design of an intelligent guidance law for an aircraft under missile threat is proposed. The maneuver evaluator fuzzy inference structure, though not successful at all scenarios yet, have provided promising results. It has been perceived that, in order to increase the ratio of the number of successful scenarios of the new proposed evasion guidance
algorithm for the aircraft to that of unsuccessful ones, it is required that the problem must be investigated deeper and more experience on the geometry and
behavior of the pursuit game must be acquired. If, then, the scale factors and the membership functions of the fuzzy inference structure may accordingly made adaptive, the number of successfully completed scenarios will increase.
TABLES
Vc \ R Very Close
Close
Moderate
Far Very Far
Neg.Big Dive Evade
Evade Evade Evade
Neg.Small
Dive Dive Evade Evade Evade
Zero Dive Dive Evade Evade Evade
Pos.Small
Dive Dive Dive Evade Evade
Pos.Big Dive Dive Dive Dive Evade
Table 1 Fuzzy Logic Rule Base
FIGURES
Fig. 1 Fuzzy Logic Maneuver Evaluator Structure
Fig. 2 Membership Functions for R
Fig. 3 Membership Functions for Vc
Fuzzy Logic Unit
R
Vc
K Gain
[0,1]
[-1,1]
[0,1]
Fig. 4 Membership Functions for ‘Decision’
Fig. 5 Input-Output Mapping of Fuzzy Structure
Fig. 6 Evasion Maneuver Demonstration
Vm
Vf Pm
Pf Vfd
Fig. 7 Diving Maneuver Demonstration
0 5 10 15 20 250.5
0.52
0.54
0.56
0.58
0.6
0.62
0.64
0.66
0.68
0.7
Fig. 8 Fuzzy Logic Decision - B1
Vm
R
R
Vf Vfd
Pm
Pf
Pm+KVm
Pc
-4000-2000
02000 -1500
-1000-500
0500
0
1000
2000
3000
4000
5000
6000
7000
EastNorth
Up
Fig. 9 Trajectories of Aircraft and Missile - B1
0 5 10 15 20 25 30 350.4
0.45
0.5
0.55
0.6
0.65
0.7
0.75
Fig. 10 Fuzzy Logic Decision - B2
0 5 10 15 20 25 30 35200
250
300
350
400
450
500
Fig. 11 Speeds of Aircraft and Missile - B2
-5000
0
5000
-4000-3000-2000-100001000
0
1000
2000
3000
4000
5000
6000
7000
EastNorth
Up
Fig. 12 Trajectories of Aircraft and Missile - B2
-5000
0
5000
10000
-4000
-3000
-2000
-1000
0
1000
-10000
-5000
0
5000
NorthEast
Up
Fig. 13 Trajectories of Aircraft and Missile - B3
0 5 10 15 20 25 30 35 40 45 500.3
0.35
0.4
0.45
0.5
0.55
0.6
0.65
0.7
Fig. 14 Fuzzy Logic Decision - B3
0 5 10 15 20 25 30 35 40 45 500
1000
2000
3000
4000
5000
6000
Fig. 15 Distance between the Aircraft and the Missile - B3
-6000-4000
-20000
20004000
-4000-3000
-2000-1000
01000
2000
3000
4000
5000
6000
East
North
Up
Fig.16 Trajectories of Aircraft and Missile - B4
-5000
0
5000
-4000-3000
-2000-1000
01000
2000
2500
3000
3500
4000
EastNorth
Up
Fig. 17 Trajectories of Aircraft and Missile - B5
REFERENCES
[1] Aslan, T., "Taktik Güdüm Algoritmalarinin Dogrusallastirilmasi", MS Tezi, Hacettepe Üniversitesi, 1997.
[2] Erdogmus, D., Leblebicioglu, K., "Augmentation of a Tactical Guidance Algorithm by Intelligent Estimator Aiding", IEE Control Systems Journal (Under Referee Review), 1998.
[3] Grote, J.D., "The Theory and Application of Differential Games", D. Reidel Publishing Co., Boston, 1985.
BIOGRAPHIES
Assoc. Prof. Kemal Leblebicioglu
Assoc.Prof.Kemal Leblebicioglu was born in Turkey on May 12, 1957. He received the B.Sc. degree in electrical and electronics engineering in 1979, and the M.Sc. and Ph.D. degrees in mathematics in 1982 and 1988, respectively, all from the Middle East Technical University (METU), Ankara, Turkey. From 1980 to 1988, he was with the Department of Mathematics at the METU as a graduate assistant. Since 1988, he has been on the Faculty of the Department of Electrical and Electronics Engineering at METU, where he is currently an associate professor. His research interests include the numerical methods for partial differential equations, inverse problems, optimization, optimal control theory, neural networks, neuro and fuzzy controllers, and image processing.
Ms. Deniz Erdogmus
Ms.Deniz Erdogmus born in 1976 in Turkey, he obtained B.Sc. degrees from the Electrical Engineering and Mathematics Departments of Middle East Technical University in July 1997. By May 1999, he had completed all privileges towards an M.Ss. degree at the EEE Dept. METU while working at the national research institute on defence systems at the Defence Industries Research and Development Institute (SAGE) where he studied on automatic flight control and navigation systems.