A complete Intrusion Detection System for Avionics Databus Networks

The SystemX Avionics Intrusion Detection System can monitor avionics databus traffic for unexpected anomalies, either due to adversarial cyber activity or operational issues.

When discovered, these anomalies are logged in a secure database and can be presented to the aircrew and/or operators on the ground, who can organize a response.

The system provides a real-time view into avionics activity which can be used to better control air operations, reduce the likelihood of rerouting, groundings, and delays, increase operational oversight, and increase overall fleet safety.

Key Features

  • Reduces the likelihood of rerouting, groundings, and delays due to cyber-attacks
  • Provides a real-time view into possible aircraft maintenance issues
  • Provides real-time operational over-site
  • Provides data that can be used for FOQA and MOQA programs
  • Increases overall fleet safety
  • Can be used to help achieve DO-326 / ED-202 based certification by mitigating avionics threats

Typical Cyber Threats That Can be Mitigated

  • RF Spoofing (GPS, ADS-B, etc)
  • Hardware tampering
  • Malware
  • Supply-chain attacks

SystemX IDS in Action


The SystemX Avionics IDS runs on an AP-250/AP-251, or virtual machine as part of a complete SystemX installation. It processes data captured by CCX Technologies DataPHYs, integrated sensors, and external data streams (like ADS-B data services).

The IDS and related data collection applications can be configured and controlled via an Admin GUI and a remote API to support specific message formats and avionics equipment.

Data capture applications are responsible for decoding avionics messages from different protocols; ARINC-429, MIL-1553, CAN bus, AFDX, ARINC-664, ARINC-717, and providing them in a standard JSON CCX Avionics Common Data Format (CACDF).

These data samples are forwarded to algorithms as specified in a configured rule-sets. A set of algorithms is supplied by CCX Technologies, the system also allows for OEMs to create their own rulesets and algorithms for specific aircraft configurations. Typically these would be developed using our SystemX Development Kit.

The algorithms can raise alerts based on current and historical data. The alerts are stored into the SystemX distributed database system and can be made accessible locally to the flight crew and/or to a remote server hosted in Security Operations Center (SOC).

A configurable discrete output on the AP-250/AP-251 can be used to control an annunciator in the crew area or even the cockpit to signal critical alerts.