[0001] Field of the invention

[0002] The present invention relates to the naval field, in particular to a method and system for detecting anomalies in a radar system on board of a ship .

[0003] Technological background

[0004] The operation of a ship increasingly relies on information and telecommunication technologies ( ICT ) and operational technologies (OT ) present shipboard .

[0005] Said technologies achieve automation of shipboard operations associated with mechanical and electrical subsystems , guaranteeing significant cost reductions while , at the same time , increasing safety shipboard because they provide valuable support for planning, control , and monitoring the navigation as well as performing tasks that would be risky if performed by the crew .

[0006] As a result of faster and faster technological evolution and adaptation due to stringent regulations in the maritime field, also at the international level , significant digitization of shipboard systems is occurring . [0007] In this regard, the so-called Integrated Navigation System ( INS ) is definitely at the center of this digitization .

[0008] Typically, the integrated navigation system collects information and, by integrating functions from a variety of electronic shipboard devices (e.g., radar ) , supports shipboard operators to plan, monitor, and control navigation by helping to improve the awareness of the overall situation .

[0009] It is apparent that radar plays a key role during navigation in forming the crew' s situational awareness , thus allowing the crew to best deal with the situations encountered by the ship and the decision-making process to avoid collisions .

[0010] Indeed, the radar can automatically detect and calculate the traj ectories of other ships .

[0011] Typically, a radar is integrated with various components of the integrated navigation system by means of the support of a data communication network which exploits standard network protocols , e.g., such as NMEA and ASTERIX CAT-240 , where the NMEA protocol enables interaction between all devices in the integrated navigation system, while the ASTERIX CAT-240 protocol enables the transmission of video data between radar antennas and shipboard displays . [0012] Although the use of these technologies helps improve the safety and efficiency of navigation, the digitization of a ship inevitably exposes it to cybersecurity threats .

[0013] This is certainly a non-negligible drawback because although the overall number of cyber-attacks is relatively small compared to other sectors and although successfully launching a cyber-attack against a ship is not easy ( an integrated navigation system is generally offline and breaching it through lateral movements from other networks by controlling an attack from the Internet may not be an option; moreover , both the individual components and the configuration of the integrated navigation system may vary from ship to ship ) , the risk of a cyber-attack remains , and considering that the impact of a cyber-attack, especially in the maritime sector , could also lead to very serious events (e.g., loss of life , environment , or economy) , the problem of cyber- attacks should definitely not be underestimated .

[0014] A cyber-attack can have a variety of obj ectives ranging from "merely" disrupting operations to inflicting heavy economic losses or the payment of a ransom to deliberately attempting to cause a collision .

[0015] Since a crew makes decisions by cross-checking multiple systems shipboard, it is critical that the information reported by instrumentation is available and not altered by a cyber-attack .

[0016] In this regard, the security of standard communication protocols , such as NMEA and ASTERIX , assumes that the data communication network and interconnected subsystems are reliable , and therefore no provision is made regarding additional protection mechanisms to ensure the integrity and availability of exchanged information . [0017] Even worse, due to the average lifespan of modern ships ( up to 40 years ) and the fact that retrofitting an integrated navigation system is costly and time- consuming, the aforementioned limitations in terms of cybersecurity are most often destined to accompany the ship throughout its entire operational period .

[0018] In light of the above , the need is strongly felt for a method for detecting anomalies in a radar system on board of a ship due to a cyber-attack or caused by malfunctions in the radar system (e.g., mechanical failure of the engine or other radar system components ) so that it can ensure detection of a cyber-attack in the most effective , timely, and reliable manner possible and can be implemented aboard the ship while minimizing the impact , both in terms of installation time and cost , on the integrated navigation system and generally on the existing configuration of the ship itself . [0019] Summary

[0020] It is the purpose of the present invention to devise and make available a method for detecting anomalies in a radar system on board of a ship due to a cyber-attack or caused by malfunctions in the radar system, which allows at least partially solving the drawbacks highlighted above with reference to the prior art , in particular , that allows guaranteeing the detection of a cyber-attack in the most effective , timely and reliable manner and that can be implemented shipboard while minimizing the impact , both in terms of installation time and cost , on the integrated navigation system and in general on the existing configuration of the ship itsel f , not even requiring specific interventions or modifications such as to invalidate previous certifications and/or standardizations that would then be required at that point .

[0021] Such a purpose is achieved by a method according to claim 1 .

[0022] A related obj ect of the present invention is a related system for detecting anomalies in a radar system on board of a ship .

[0023] Preferred embodiments of said method and system will be defined in the respective dependent claims .

[0024 ] Brief description of the drawings [0025] Further features and advantages of the system and the method thereof according to the invention will be apparent from the following description which illustrates preferred embodiments , given by way of indicative, non- limiting examples , with reference to the accompanying figures , in which :

[0026] - figure 1 diagrammatically shows an example of a ship on which a system and method thereof for detecting anomalies in a radar system on board of a ship according to the present invention can be used;

[0027] - figure 2a shows , by means of a block diagram, a topology of a data communication network on board of a ship to which additional components installed aboard the ship are connected;

[0028] - figure 2b diagrammatically shows a display unit of a radar system in which the system according to the present invention can be implemented;

[0029] - figure 3 shows , by means of a block diagram, a system for detecting anomalies in a radar system on board of a ship, according to an embodiment of the invention;

[0030] - figure 4 diagrammatically shows a component of the system in figure 3 , according to an embodiment of the invention;

[0031] - figure 5 shows , by means of a block diagram, a method for detecting anomalies in a radar system on board of a ship according to an embodiment of the invention.

[0032] Detailed description

[0033] With reference to the aforementioned figures, reference numeral 100 as a whole indicates a system for detecting anomalies in a radar system on board of a ship, hereinafter also named only detection system or simply system, according to the invention.

[0034] An example of a ship, indicated by reference numeral 1 as a whole, is shown in figure 1.

[0035] For the purpose of the present description, ship means any vessel usable for cruises, recreational and tourist service, e.g. a cruise ship, as shown in figure 1, or any other ship, e.g. such as ships usable in the military sector, merchant ships, work ships, and so on.

[0036] Referring specifically to figures 2a and 3, the system 100 is an electronic system installed shipboard.

[0037] In greater detail, the system 100 is operationally connected to a shipboard data communication network NTW.

[0038] An example of a data communication network NTW is diagrammatically shown in figure 2a.

[0039] The data communication network NTW, e.g. , an Ethernet network, is the so-called navigation network.

[0040] In a ship, a plurality of sensors P-S installed shipboard is operationally connected to the data communication network NTW and provide respective sensed data to the navigation network .

[0041] In this regard, the plurality of the sensors P-S is operationally connected to the data communication network NTW by means of a converter C-V, e.g., an analog- to-digital converter (ADC ) , capable of collecting the data collected from each sensor of the plurality of sensors P- A and forwarding it to the data communication network NTW in a format which conforms to a set transmission protocol provided by the data communication network NTW .

[0042] Examples of sensors belonging to the plurality of sensors P-S are an Electronic Position Fixing System ( EPFS ) , a Speed and Distance Position Equipment ( SDME ) , a compass , a gyroscope , a transponder for a standard data communication system between a ship and other maritime authorities , such as the Automatic Identification System (AIS ) .

[0043] In a ship, a radar system R-D, a main computer C-P and a plurality of workstations W-S available to shipboard personnel are also operationally connected to the navigation network .

[0044] The radar system R-D comprises a plurality of radar antenna units P-A and at least one display unit D- P .

[0045] Each radar antenna unit , also indicated in the figures by references Al , A2 , . . . , AN, of said plurality of radar antenna units P-A is configured to detect objects around the ship by the use of radio waves.

[0046] In this regard, each radar antenna unit is adapted to radiate radio waves and receive return echo radio waves from objects around the ship.

[0047] According to the type, a radar antenna unit can be rotating, e.g., adapted to rotate by 360° about a respective rotation axis, or be non-rotating.

[0048] Each radar antenna unit is adapted to transmit the return echo radio waves to the at least one display unit D-P on the data communication network NTW by means of a set video data transmission protocol, e.g. a proprietary protocol, ASTERIX protocol, and so on.

[0049] Referring now also to figure 2b, the at least one display unit D-P, also named Plan Position Indicator (PPI) , is a circular display representative of a radar antenna unit, wherein the ship is shown in the center, always indicated by numerical reference 1.

[0050] A radial track T-R runs in unison with the radar antenna unit about the center. Each radial track represents radio waves of return echo at a planar position with detection and distance displayed in planar coordinates .

[0051] The at least one display unit D-P is preferably installed in the shipboard dashboard. [0052] For example, the main computer C-P is a specialized digital navigation computer, named Electronic Chart Display and Information System (ECDIS) , which is a real-time, i.e. , simultaneous, electronic navigation system configured to display and manage map information (such as geographic coordinates or depth levels) on a display.

[0053] Referring again to figure 2a, the data communication network NTW (data navigation network) and the components operationally connected to it are representative of the so-called Integrated Navigation System (INS) which is present on a ship.

[0054] The system 100 object of the present invention is operationally connected to the data communication network NTW.

[0055] Therefore, the system 100 is operationally connected to the data communication network NTW, thus, on the one hand, to the plurality of radar antenna units P- A of the radar system R-D and, on the other hand, to the at least one display unit D-P of the radar system R-D.

[0056] In an embodiment, shown with dotted lines in figure 2a, the system 100 is integrated into the main computer C- P.

[0057] In a further embodiment, as an alternative to the preceding one and shown with dashed lines in figure 2a, the system 100 is external to the main computer C-P.

[0058] The system 100, as will be described below, comprises a plurality of modules, e.g. , hardware modules or software logic, each configured to perform specific operations to detect anomalies in the radar system.

[0059] With particular reference to figure 3, the system 100 comprises a shipboard collector module 101 configured to receive, from the shipboard data communication network NTW with the support of a set video data transmission protocol, a stream of data packets F-P coming from the plurality of radar antenna units P-A distributed shipboard and configured to transmit data over said data communication network NTW.

[0060] The stream of data packets F-P can be transmitted over the data communication network NTW in multicast mode or broadcast mode.

[0061] Each data packet originating from a radar antenna unit Al, A2, ... , AN of said plurality of radar antenna units P-A comprises an identification code I-D and technical values V-T representative of the radar antenna unit Al, A2, ..., AN of said plurality of radar antenna units P-A from which such data packet originates, according to the video data transmission protocol employed on the data communication network NTW, e.g. , the ASTERIX protocol . [0062] The identification code I-D of a radar antenna unit Al, A2, AN is a unique code assigned to the radar antenna unit Al, A2, AN and represents the aggregation of multiple pieces of information, e.g. , such as an antenna identification code (System Identification Code, SIC) of the radar antenna unit, a system area code (SAC) of the radar antenna unit, a data source IP address, a data destination IP address, and a network port number employed to communicate with the at least one display unit D-P of the radar system R-D.

[0063] The technical values V-T representative of the radar antenna unit can be found in the header of the data packet provided by the employed video data transmission protocol .

[0064] Examples of technical values V-T representative of the radar antenna unit are the rotation angle of the radar antenna unit, the video resolution in bits of the radar antenna unit, the azimuth and longitudinal resolution of the radar antenna unit, the type of video block, and the deviation of the radial track T-R relative to the center of the map ("center bias") .

[0065] Again referring to figure 3, the shipboard collector module 101 comprises an analyzer sub-module 102, an aggregator sub-module 103, a history sub-module 104 and a first database sub-module 105. [0066] These sub-modules of the collector module 101 will be described below .

[0067] The analyzer sub-module 102 , e.g., a hardware module or software logic , is configured to analyze each received data packet to extract the identification code I-D and said technical values V-T representative of the radar antenna unit Al , A2 , AN of said plurality of radar antenna units P-A from which said data packet originates and to provide said identification code I-D and said technical values V-T representative of the radar antenna unit Al , A2 , . . . , AN to a memory buffer (not shown in the figures ) of said aggregator sub-module 103 .

[0068] The aggregator sub-module 103 , e.g., a hardware module or software logic , is configured to determine aggregate information I-A of the received data packet based on the identification code I-D and technical values V-T representative of the radar antenna unit extracted from the received data packet and based on additional technical values V-T ' representative of the radar antenna unit of said plurality of radar antenna units P-A identified by the same identification code I-D and previously stored in the memory buf fer of the aggregator sub-module 103 .

[0069] Determining aggregate information means , for example , calculating the mean, variance , mode or norm, or frequency distribution of the aforesaid technical values . [0070] It is worth noting that the determination of aggregate information for a radar antenna unit occurs with each revolution of the radar antenna unit .

[0071] Furthermore , the analyzer sub-module 103 is configured to determine for each received data packet , a characterization F-G of said received data packet comprising the identification code I -D and the technical values V-T representative of the radar antenna unit extracted from the received data packet , the aggregate information I -A determined by the aggregator sub-module 103 and an aggregate information time series S-T associated with said radar antenna unit Al , A2 , . . . , AN . [0072 ] For example , the characterization F-G is a tuple thus comprising the aforesaid information .

[0073] The analyzer sub-module 103 is further configured to store the determined characterization F-G of the data packet received in the first database sub-module 105 of the shipboard collector module 101 .

[0074] Instead, the analyzer sub-module 104 is configured to determine said aggregate information time series S-T contained in the characterization F-G of the data package received based on the aggregate information time series S-T' previously stored in the first database sub-module 105 of the shipboard collector module 101 and associated with previously received data packets referred to the same radar antenna unit of said plurality of radio antenna units P-A.

[0075] For example, the aggregate information time series S-T contained in the characterization F-G of the received data packet is determined based on N aggregate information time series S-T' previously stored in the first database sub-module 105 of the shipboard collector module 101, where N is an integer set a priori based on the computational capabilities of the system 100 in which the shipboard collector module 101 is installed.

[0076] Returning to figure 3, the system 100 further comprises a policy generator module 106 and a policy evaluation module 107, e.g., also hardware modules or software logic, described below.

[0077] In this regard, the shipboard collector module 101 is configured to provide the characterization F-G of the received data packet determined in the policy evaluation module 107.

[0078] Furthermore, the shipboard collector module 101 is configured to provide a last characterization F-G' determined for each received data packet referred to a radar antenna unit Al, A2, ... , AN of said plurality of radar antenna units P-A other than the radar antenna unit Al, A2, ... , AN from which the received data packet originated, to the policy generator module 106.

[0079] The policy generator module 106 is configured to select applicable set reference policies P-F based on the last characterization F-G' determined for each received data packet referred to a radar antenna unit Al, A2, . .. , AN of said plurality of radar antenna units P-A other than the radar antenna unit Al, A2, ... , AN from which the received data packet provided by the collector module 101 originates .

[0080] The applicable set reference policies P-F are selectable, by the policy generator module 106, from a plurality of candidate set reference policies P-F' stored in a second database sub-module 106' of the policy generator module 106.

[0081] Each reference policy P-F comprises set rules representative of the expected conditions of a radar system when working correctly. This also means that the performance of the radar system must conform to set standards and set regulations, e.g. , such as those required by the International Maritime Organization (IMO) .

[0082] Indeed, the operation of a radar system strictly follows the manufacturer's specifications, e.g. , video resolution or speed of antenna units, and depends on onboard configurations, e.g. , SIC/SAC or IP addresses, which do not change over time.

[0083] Consequently, a list of rules constraining standards and regulations, manufacturer specifications, and shipboard configurations can determine the expected behavior of a radar system.

[0084] The aforesaid reference policies can be expressed on values, their calculated aggregations, e.g., mean, mode or norm, or variance, or frequency distribution obtained from the information carried by the data packets according to the video data transmission protocol, e.g., ASTERIX.

[0085] A reference policy contains conditions which specify its suitability for the radar system under monitoring and uses variables to reference quantities which depend on individual manufacturers or shipboard configurations .

[0086] According to the present invention, the system 100 can automatically infer the suitability of candidate reference policies and the values of their variables after having received an adequate amount of video data traffic according to the set video data transmission protocol, e.g. , ASTERIX.

[0087] Examples of reference policies are a set angle of rotation, a set scanning angle, a set scanning speed, a set maximum distance covered, set obscured sectors (i.e. , sectors wherein systematically no video data transmission is made) , a set "center bias", a set azimuth and longitudinal resolution, a set number of bits, a set number of antenna units, and so on.

[0088] The policy generator module 106 is configured to provide the aforesaid selected applicable set reference P-F to a third database sub-module 107' of said policy evaluation module 107.

[0089] The policy evaluation module 107 is configured to detect the presence or absence of an anomaly in the radar system based on the comparison of the characterization F- G of the received data packet provided by the shipboard collector module 101 and the selected applicable set reference policies stored in the third sub-module database 107' of said policy evaluation module 107.

[0090] For example, a transmission of false video data in a radar antenna unit Al, A2, ... , AN, inserted into the radar system by a computer attack, can result in a change in the set rotational speed, thus the scanning speed, of said radar antenna unit Al, A2, ... , AN.

[0091] Therefore, if it is detected that a rotating radar antenna unit is rotating at a non-constant speed, contrary to a set reference policy, the policy evaluation module 107 is configured to detect the presence of an anomaly in the radar system.

[0092] Returning to the policy evaluation module 107, it is configured to generate information I1 representative of an anomaly detected in the radar system R-D .

[0093] In an embodiment , the collector module 101 comprises an anomaly receiver sub-module 108 , e.g., a hardware module or software logic .

[0094] In this embodiment , the policy evaluation module 107 is configured to provide the information I1 representative of an anomaly detected in the radar system R-D to the anomaly receiver sub-module 108 .

[0095] The anomaly receiver sub-module 108 is configured to display, by means of a software application, the information I1 representative of an anomaly detected in the radar system R-D .

[0096] For example , the software appl ication can be a WEB application, a native application, a Windows or Linux application, and so on .

[0097 ] For example , as shown in figure 4 , the information I1 representative of an anomaly detected in the radar system R-D is a sector of a circular scan plane such as the one provided in the at least one display unit D-P by the radar system R-D .

[0098] In an embodiment , in combination with the preceding one and shown in figure 4 , the anomaly receiver sub-module 108 is configured to display, by means of the software application, additional technical information U- I representative of the detected anomaly besides the information I1 representative of a detected anomaly in the radar system R-D .

[0099] Additional technical information U-I comprises , for example , the policy which was breached and what function within the radar system triggered the breach .

[0100] In a further embodiment , in combination with any one of the above , the policy evaluation module 107 is configured to associate the information I1 representative of an anomaly detected in the radar system R-D with an anomaly destination IP address .

[0101] In this embodiment , the policy evaluation module 107 is configured to transmit the information I1 representative of an anomaly detected in the radar system R-D to a destination corresponding to the anomaly destination IP address associated with the information I1 representative of an anomaly detected in the radar system R-D .

[0102] With reference now also to the block diagram in figure 5 , a method 500 for detecting anomalies in a radar system R-D on board of a ship, hereinafter also detection method or simply method .

[0103] The radar system R-D was described above .

[0104] Furthermore , it is worth noting that the components and information mentioned below with the description of the method were described previously with reference to the system 100 and will therefore not be repeated for the sake of brevity.

[0105] The method 500 comprises a symbolic step of starting ST.

[0106] The method 500 comprises a step of receiving 501, by a shipboard collector module 101, from a shipboard data communication network NTW with the support of a set video data transmission protocol, a stream of data packets F-P from a plurality of radio antenna units P-A distributed shipboard and configured to transmit data over said data communication network NTW.

[0107] Each data packet originating from a radar antenna unit Al, A2, ... , AN of said plurality of radar antenna units P-A comprises an identification code I-D and technical values V-T representative of the radar antenna unit Al, A2, ... , AN of said plurality of radar antenna units P-A from which such data packet originates, according to the video data transmission protocol employed on the data communication network NTW, e.g. , the ASTERIX protocol .

[0108] The identification code I-D of a radar antenna unit and representative of the technical values V-T of the radar antenna unit were described before, with some examples . [0109] The method 500 further comprises a step of analyzing 502, by an analyzer sub-module 102 of the shipboard collector module 101, each received data packet to extract the identification code I-D and said technical values V-T representative of the radar antenna unit Al, A2, AN of said plurality of radar antennas P-A from which said data packet originates, and providing 503, by an analyzer sub-module 102 of the shipboard collector module 101, said identification code I-D and said technical values V-T representative of the radar antenna unit Al, A2, ... , AN to a memory buffer (not shown in the figures) of an aggregator sub-module 103 of the shipboard collector module 101.

[0110] The method 500 further comprises a step of determining 504, by the aggregator sub-module 103 of the shipboard collector module 101, aggregate information I- A of the received data packet based on the identification code I-D and the technical values V-T representative of the radar antenna unit Al, A2, ..., AN extracted from the received data packet and based on additional technical values V-T' representative of the radar antenna unit Al, A2, ... , AN of said plurality of radar antenna units P-A identified by the same identification code I-D and previously stored in the memory buffer of the aggregator sub-module 103 of the shipboard collector module 101. [0111] The definition of determining aggregate information was defined above .

[0112] The method 500 further comprises a step of determining 505 , by the analyzer sub-module 102 of the shipboard collector module 101 , for each received data packet , a characterization F-G of said received data packet comprising the identification code I-D and the technical values V-T representative of the radar antenna unit Al , A2 , AN extracted from the received data packet , the aggregate information I-A determined by the aggregator sub-module 103 and an aggregate information time series S-T associated with said radar antenna unit Al , A2 , . . . , AN .

[0113] As mentioned earlier, the characterization F-G is , for example , a tuple thus comprising the aforesaid information .

[0114] The method 500 further comprises a step of storing 506 , by the analyzer sub-module 102 of the shipboard collector module 101 , the determined characterization F- G of the data packet received in a first database sub- module 105 of the shipboard collector module 101 .

[0115] The aggregate information time series S-T contained in the characterization F-G of the received data packet is determined, by a history sub-module 104- of the shipboard collector module 101 , based on aggregate information time series S-T' previously stored in the first database sub-module 105 of the shipboard collector module 101 and associated with previously received data packets referring to the same radar antenna unit of said plurality of radar antenna units P-A .

[0116] An example of determining the aggregate information time series S-T contained in the characterization F-G of the received data packet was given earlier .

[0117] The method 500 further comprises a step of providing 507 , by the shipboard collector module 101 , the determined characterization F-G of the received data packet 101 to a policy evaluation module 107 .

[0118 ] Furthermore , the method 500 comprises a step of providing 508 , by the shipboard collector module 101 , a last characterization F-G' determined for each received data packet referred to an antenna unit of said plurality of radar antenna units P-A other than the radar antenna unit from which the received data packet originates , to a policy generator module 106 .

[0119] The method 500 comprises a step of selecting 509 , by the policy generator module 106 , applicable set reference policies P-F based on a last characterization F-G' determined for each received data packet referred to a radar antenna unit of said plurality of radar antenna units P-A other than the radar antenna unit from which the received data packet originates provided by the shipboard collector module 101 .

[0120] The applicable set reference policies P-F are selectable from a plurality of candidate set reference policies P-F' stored in a second database sub-module 106 ' of the policy generator module 106 .

[0121] As mentioned above , each reference policy P-F comprises set rules representative of the expected conditions of a radar system when working correctly .

[0122] Examples of the reference policy were provided above .

[0123] The method 500 further comprises a step of providing 510 , by the policy generator module 106 , said selected applicable set reference policies P-F to a third database sub-module 107 ' of said policy evaluation module 107 .

[0124] The method 500 further comprises a step of detecting 511 , by the pol icy evaluation module 107 , the presence or absence of an anomaly in the radar system based on the comparison between the characterization F-G of the received data packet provided by the shipboard collector module 101 and the selected applicable set reference policies P-F stored in the third database sub- module 107 ' of said policy evaluation module 107 . [0125] The method 500 further comprises a step of generating 512, by the policy evaluation module 107, information II of an anomaly detected in the radar system R-D.

[0126] The method further comprises a symbolic step of ending ED.

[0127] In an embodiment, shown with dashed lines in figure 5, wherein the shipboard collector module 101 comprises an anomaly receiver sub-module 108, e.g. , a hardware module or software logic, the method 500 comprises a step of providing 513, by the policy evaluation module 107, the information II representative of an anomaly detected in the radar system R-D to the anomaly receiver sub-module 108 of the shipboard collector module 101.

[0128] In this embodiment, the method 500 further comprises a step of displaying 514, by the anomaly receiver sub-module 108, by means of a software application, the information II representative of an anomaly detected in the radar system R-D.

[0129] Examples of software application were indicated above .

[0130] For example, as shown in figure 4, the information Il representative of an anomaly detected in the radar system R-D is a sector of a circular scan plane such as the one provided in the at least one display unit D-P by the radar system R-D .

[0131] In an embodiment , in combination with the preceding one and shown with dashed l ines in figure 5 , the method 500 comprises a step of displaying 515 , by the anomaly receiver sub-module 108 by means of the software application, additional technical information U-I representative of the detected anomaly besides the information I1 representative of a detected anomaly in the radar system R-D .

[0132 ] Additional technical information U-I comprises , for example , the policy which was breached and what function within the radar system triggered the breach .

[0133] In a further embodiment , in combination with any one of the above and shown with dashed lines in figure 5 , the method 500 further comprises a step of associating 516 , by the policy evaluation module 107 , an anomaly destination IP address with the information I1 representative of an anomaly detected in the radar system R-D .

[0134] In this embodiment , the method further comprises a step of transmitting 517 , by the policy evaluation module 107 , the information I1 representative of an anomaly detected in the radar system R-D to a destination corresponding to the anomaly destination IP address associated with the information I1 representative of an anomaly detected in the radar system R-D .

[0135] It is worth noting that the obj ect of the present invention is fully achieved .

[0136] Firstly, the method and related system for detecting anomalies in the radar system of a ship monitors the data navigation network which detects similar and unknown attacks against the radar system and operates without requiring changes to the existing shipboard integrated navigation system ( INS ) configuration .

[0137] Indeed, it can automatically adapt to any configuration of the ship .

[0138] Furthermore , the method and related system according to the present invention can detect all the attacks which aim at breaching the normal operation of a radar system because it models the expected behavior in any running configuration .

[0139] Furthermore , the method and related system covered by the present invention operates by connecting to the bridge data communication network and listening to multicast video data traffic li ke other equipment in the integrated navigation system ( INS ) .

[0140] Therefore , the implementation of the method and related system according to the present invention does not require redesign, standardization and certification of the systems already shipboard .

[0141] Again, the method and related system covered by the present invention enables the detection of attacks on the data navigation network with high accuracy and at a minimal resource footprint .

[0142 ] Finally, it is worth noting that the detection operates only on the data packet header provided by the video data transmission protocol and can guarantee similar performance on other types of antenna units , even at higher video resolutions .

[0143 ] The method and related system covered by the present invention can recognize attacks with a high level of accuracy .

[0144] The distinguishing features of this method and related system are sel f-adaptation to each onboard configuration, modeling the normative and expected behavior to identify known and unknown attacks , the possibility of monitoring without altering the onboard systems , and minimal resource footprint .

[0145] A person skilled in the art may make changes and adaptations to the embodiment of the method and respective system described above or can replace elements with others which are functionally equivalent to satisfy contingent needs without departing from the scope of protection of the appended claims . All the features described above as belonging to one possible embodiment may be implemented independently from the other described embodiments .