Lightweight Onboard Command IDS

About This Project

Build a small intrusion detection layer that learns normal ground station command cadence and flags unusual sequences, timing, or source identifiers. Store audit logs onboard and downlink summaries for review.

Overview

As satellites become more connected and more autonomous, the risk of unauthorized or anomalous commanding grows. A lightweight intrusion detection system monitors the satellite's command interface, learning what normal ground station interactions look like — typical command sequences, timing patterns, expected frequencies, and authorized source identifiers — and flagging anything that deviates from that baseline. The system does not block suspicious commands (that is the job of the authentication layer in project 26), but it logs them, classifies the type of anomaly, and downlinks summaries for ground review. Think of it as a security camera for your satellite's command channel. Over the course of a mission, the audit log reveals how often unexpected signals arrive, whether patterns suggest deliberate interference or accidental collisions, and how command traffic correlates with orbital position and ground station geometry. Even for satellites without active threats, the forensic data is valuable for understanding the operating environment. This is a pure software project requiring no additional hardware — it runs on the existing onboard computer and processes the command data that the satellite already receives.

Technical Details

Software layer on PyCubed OBC that logs all received commands: timestamp, source identifier (if available), command type, parameters, execution result. During commissioning phase, build baseline profile of normal command cadence from ground station. In operational phase, flag deviations: unexpected command timing (outside scheduled contact windows), unknown command opcodes, unusual parameter ranges, rapid command sequences. Store audit log in dedicated flash partition. Downlink daily summary: total commands, flagged events, classification breakdown. Optional: integrate with project 26 (signed telemetry) for defense-in-depth.

Research & Notes

Intrusion detection for spacecraft is an emerging research area — published papers from Air Force Research Lab and ESA on CubeSat cybersecurity. Most student CubeSats have zero command authentication or anomaly detection — any receiver on the correct frequency can potentially send commands. Even without authentication, an IDS provides forensic capability and awareness. Baseline learning approach is simpler than rule-based IDS — adapts to actual operational patterns. Cost: $0 (pure software on existing OBC). Complexity: intermediate — requires understanding of command protocols and statistical anomaly detection.

Required Disciplines

This project spans 2 disciplines, making it suitable for interdisciplinary student teams.

Next Steps

Ready to take on this project? Here's a general roadmap that applies to most CubeSat missions:

1. Build your foundation: Complete the core modules in the CubeSat Academy to understand spacecraft subsystems, mission design, and development workflows.
2. Form a team: Recruit students across the required disciplines and identify a faculty advisor. Plan for knowledge transfer between graduating and incoming members.
3. Write a mission concept: Draft a 1–2 page document outlining your objectives, target orbit, payload requirements, and success criteria.
4. Connect with a chapter: Join a Blackwing chapter for mentorship, shared resources, and access to the platform ecosystem.
5. Explore the developer tools: Visit the Developer Portal for platform documentation, SDKs, and hardware specs.
6. Plan your timeline: Map milestones to your academic calendar. Most projects align well with a 2–4 semester capstone or research sequence.
7. Reach out: Contact us to discuss your project goals, platform selection, and path to orbit.