Avionics data is frequently transmitted from various sources of the avionics data to one or more avionics endpoints, such as various types of avionics equipment, utilizing an ARINC protocol. For example, the avionics data may be transmitted as data packets in accordance with an ARINC 429 protocol. At least some sources of ARINC data as well as at least some avionics endpoints that receive the ARINC data do not perform data validation other than the verification of various header fields. As such, a system that relies upon an ARINC protocol for the transmission of data from various sources to various avionics endpoints may be susceptible to various types of attack brought about malformed data packets. These attacks may be orchestrated for various purposes including an attack intended to facilitate access to other, for example, proprietary data maintained by or to one or more of the avionics endpoints. Alternatively, an attack may be performed in order to reduce the effectiveness of the avionic systems and/or one or more components, such as one or more of the avionics endpoints, of the avionics system or to completely halt the operation of the avionics system.
The failure to inspect data transmitted via an ARINC protocol also limits the forensic analysis that might otherwise be performed following an attack. In this regard, following an attack, it may be difficult to identify the data and/or the source of the data that included the malformed data packets that precipitated the attack since no record of the malformed data packets was maintained. These limitations may therefore restrict the forensic analysis of an attack and make it more difficult to identify the perpetrator of the attack and/or to take measures to reduce the likelihood that future attacks will be successful.