Satellite-based communication infrastructure security has become a more urgent engineering issue of this decade. Networks in Low Earth Orbit Space Networks orbit the earth at altitudes between 500 and 2000 kilometres (typically) above the ground. Now they constitute active communication systems along sea routes, war zones and in those areas where ground-based broadband merely cannot penetrate. SpaceX Starlink alone was well past three million active subscribers by the end of 2023, a number that underscores the extent of adoption as well as the extent of impact in the case of such systems being targeted.
The threat landscape of LEO constellations is not far-fetched. Attack types have been reported against operational systems as Denial-of-Service attacks on ground-to-satellite uplinks, intentional radio jamming of command channels and user terminals, as well as exploitation of predictable windows of atmospheric interference. The cyberattack on the Viasat KA-SAT network in February 2022 offered perhaps the clearest example so far of what a well-coordinated attack can accomplish - tens of thousands of modems went dead in hours, affecting communications in several countries in the middle of an ongoing military conflict.
The paper presents a critical analysis of the deep learning detection model proposed by Sitouah et al. in 2022, which compared five neural networks Multi-Layer Perceptron, Convolutional Neural Network, Recurrent Neural Network, Gated Recurrent Unit, and Long Short-Term Memory with simulated LEO attack traffic. Their GRU-MLP hybrid got a 99% detection accuracy in controlled conditions and reduced to 94 to 96 percent in multi-class settings. Even with these impressive numbers, there are four major constraints that limit the practical applicability of the framework: all the training data was synthetically created, the heavier models are out of realistic onboard compute limits, no adversarial traffic solutions were tested, and the system has no autonomous response capabilities except raising an alarm.
Based on these results, this review suggest four specific improvements - integration of operational telemetry, model compression with TinyML, Fast Gradient Sign Method adversarial hardening, and an end-to-end detection-to-response pipeline - all intended to reduce the difference between simulated performance and real orbital operation.
Introduction
This paper discusses the growing importance of securing Low Earth Orbit (LEO) satellite networks such as Starlink, OneWeb, and Amazon Project Kuiper, which provide low-latency broadband connectivity to remote and underserved regions worldwide. Unlike traditional geostationary satellites, LEO satellites operate at lower altitudes (550–1200 km), offering significantly reduced communication delays and supporting critical applications such as military operations, emergency response, financial transactions, and remote healthcare.
However, the increasing dependence on LEO networks also introduces serious cybersecurity risks. These networks are vulnerable to threats such as Denial-of-Service (DoS) attacks, radio-frequency jamming, spoofing, interception, and cyberattacks on ground infrastructure. The 2022 attack on the Viasat KA-SAT network demonstrated how satellite systems can be disrupted on a large scale, causing communication failures and operational damage across multiple sectors.
To address these challenges, researchers have explored deep learning-based intrusion detection systems (IDS). A notable study by Sitouah et al. compared five neural network architectures—MLP, CNN, RNN, GRU, and LSTM—for detecting attacks in simulated LEO satellite environments. Their GRU-MLP hybrid model achieved approximately 99% accuracy in binary attack detection and 94–96% accuracy in multi-class attack classification, outperforming traditional machine learning methods such as Support Vector Machines (SVMs).
Despite these promising results, the study has several limitations. The models were trained entirely on simulated data, which may not accurately represent real-world satellite traffic. Advanced architectures such as GRU and LSTM also require computational resources beyond the capabilities of many satellite onboard processors. Additionally, the models were not tested against adversarial attacks designed to evade detection, and the framework focused only on detection without automated response mechanisms.
The paper proposes four key improvements to overcome these limitations:
Use of real operational telemetry data instead of synthetic datasets to improve model generalization and realism.
TinyML-based model compression techniques (quantization and pruning) to enable deployment on resource-constrained satellite hardware.
Adversarial training using the Fast Gradient Sign Method (FGSM) to increase resistance against evasion attacks.
Development of an automated detection-to-response pipeline that can trigger actions such as traffic rerouting, frequency switching, or operator alerts when threats are detected.
The literature review shows the evolution of satellite intrusion detection from traditional machine learning methods such as SVMs and Random Forests to advanced deep learning models including CNN-LSTM, GRU, and LSTM networks. While deep learning significantly improves detection accuracy, challenges related to deployment, robustness, and real-world applicability remain.
Conclusion
In the current paper, the deep learning framework by Sitouah et al. to identify interruption attacks in LEO satellite networks has been reviewed, four major limitations limiting its potential to operate in the real world have been identified and four specific enhancements to the framework have been suggested to overcome them. Combined with real telemetry integration, TinyML compression, adversarial hardening, and automated response pipelines, they provide a consistent direction on the way to lab accuracy to true orbital resilience.
The Viasat incident of 2022 revealed that failures in satellite network security eradication have much more far-reaching implications than just the loss of services. The gap between what research shows it can achieve and what the implementation of LEO constellations is ready to achieve will only become more urgent as LEO constellations become increasingly involved in critical communication infrastructure around the world. The suggested improvements below are supposed to be implemented as a next step.moves that way instead of hypothetical ideals and each is based on methods with proven outcomes in related areas of research [27].
References
[1] I. del Portillo, B. G. Cameron, and E. F. Crawley, \"A technical comparison of three LEO satellite constellation systems to provide global broadband,\" Acta Astronautica, vol. 159, pp. 123–135, Jun. 2019.
[2] M. Handley, \"Delay is Not an Option: Low Latency Routing in Space,\" in Proc. ACM HotNets, Redmond, WA, USA, 2018, pp. 85–91.
[3] O. Kodheli et al., \"Satellite communications in the new space era: A survey and future challenges,\" IEEE Commun. Surveys Tuts., vol. 23, no. 1, pp. 70–109, First Quarter 2021.
[4] J. Pavur, D. Moser, M. Strohmeier, V. Lenders, and I. Martinovic, \"A tale of sea and sky: On the security of maritime VSAT communications,\" in Proc. IEEE Symp. Security and Privacy, San Francisco, CA, USA, 2020, pp. 1384–1400.
[5] T. E. Humphreys, B. M. Ledvina, M. L. Psiaki, B. W. O\'Hanlon, and P. M. Kintner, \"Assessing the spoofing threat: Development of a portable GPS civilian spoofer,\" in Proc. ION GNSS, Savannah, GA, USA, 2008, pp. 2314–2325.
[6] M. Burgess, \"The Viasat hack was a cyber act of war — it just wasn\'t obvious,\" WIRED Magazine, May 2022.
[7] Y. LeCun, Y. Bengio, and G. Hinton, \"Deep learning,\" Nature, vol. 521, no. 7553, pp. 436–444, May 2015.
[8] N. Sitouah, F. Merazka, and A. Hedjazi, \"Deep learning approach for interruption attacks detectionin LEO satellite networks,\" J. Netw. Comput. Appl., vol. 208, p. 103112, Dec. 2022.
[9] D. Bhattacherjee, W. Singla, V. Vithalkar, and A. Singla, \"Network topology design at 27,000 km/hour,\" in Proc. ACM CoNEXT, Orlando, FL, USA, 2019, pp. 341–354.
[10] F.Leppinen,\"Current useofLinuxinspacecraftflightsoftware,\"IEEEAerosp.Electron.Syst.Mag., vol. 32, no. 10, pp. 4–15, Oct. 2017.
[11] I. J. Goodfellow, J. Shlens, and C. Szegedy, \"Explaining and harnessing adversarial examples,\" in Proc. ICLR, San Diego, CA, USA, 2015.
[12] R. Heartfield and G. Loukas, \"A taxonomy of cyber-physical threats and impact in the smart home,\" Computers & Security, vol. 78, pp. 398–428, Sep. 2018.
[13] P. Warden and D. Situnayake, TinyML: Machine Learning with TensorFlow Lite on Arduino and Ultra-Low-Power Microcontrollers. Sebastopol, CA: O\'Reilly Media, 2019.
[14] A. K. Sharma and R. K. Singh, \"SVM-based intrusion detection for satellite networks,\" arXiv preprint arXiv:2103.04567, Mar. 2021.
[15] M. A. Ferrag, L. Maglaras, A. Ahmim, M. Derdour, and H. Janicke, \"RDTIDS: Rules and decision tree-based intrusion detection system for internet-of-things networks,\" Future Internet, vol. 12, no. 3, p. 44, 2020.
[16] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi,and M. Ghogho, \"Deep learning approach for network intrusion detection in software defined networking,\" in Proc. IEEE WINCOM, Fez, Morocco, 2016, pp. 258–263.
[17] L. M. Gonzalez and T. H. Kim, \"Hybrid CNN-LSTM models for network intrusion detection,\" Applied Sciences, vol. 12, no. 3, pp. 1456–1470, Jan. 2022.
[18] S.A.Althubiti,E.M.Jones,andK.Roy,\"LSTMforanomalybasednetworkintrusiondetection,\"in Proc. WATTS, Macon, GA, USA, 2018, pp. 1–6.
[19] A.G.Howardetal.,\"MobileNets:Efficientconvolutionalneuralnetworksformobilevision applications,\" arXiv preprint arXiv:1704.04861, Apr. 2017.
[20] Y.Zhao,M.Li,L.Lai,N.Suda,D.Civin,andV.Chandra,\"Federatedlearningwithnon-iiddata,\" arXiv preprint arXiv:1806.00582, Jun. 2018.
[21] A.Varga,\"OMNeT++,\"inModelingandToolsforNetworkSimulation,K.Wehrle,M.Güne?,andJ. Gross, Eds. Berlin, Germany: Springer, 2010, pp. 35–59.
[22] Y.Bengio,A.Courville,andP.Vincent,\"Representationlearning:Areviewandnewperspectives,\" IEEE Trans. Pattern Anal. Mach. Intell., vol. 35, no. 8, pp. 1798–1828, Aug. 2013.
[23] K.Choetal.,\"LearningphraserepresentationsusingRNNencoder-decoderforstatisticalmachine translation,\" in Proc. EMNLP, Doha, Qatar, 2014, pp. 1724–1734.
[24] S.HochreiterandJ.Schmidhuber,\"Longshort-termmemory,\"NeuralComputation,vol.9,no.8,pp. 1735–1780, Nov. 1997.
[25] R. Sommer and V. Paxson, \"Outside the closed world: On using machine learning for network intrusiondetection, \"inProc.IEEESymp. SecurityandPrivacy,Oakland,CA,USA,2010,pp.305–316.
[26] K.ScarfoneandP.Mell,\"Guidetointrusiondetectionandpreventionsystems(IDPS),\"NIST Special Publication 800-94, Feb. 2007.
[27] A.Madry,A.Makelov,L.Schmidt,D.Tsipras,andA.Vladu,\"Towardsdeeplearningmodels resistant to adversarial attacks,\" in Proc. ICLR, Vancouver, BC, Canada, 2018.