ADS-B protocols in air traffic management (ATM) systems are vulnerable to stealthy, gradual attacks that compromise situational awareness and security. Method: This paper proposes a novel intrusion detection method integrating extended long short-term memory (xLSTM) networks with transfer learning—marking the first application of xLSTM to ADS-B anomaly detection. We design a hybrid Transformer-xLSTM architecture and adopt a two-stage transfer learning strategy: pretraining on benign ADS-B messages followed by fine-tuning on malicious samples. Contribution/Results: The approach achieves an F1-score of 98.9%, outperforming a Transformer baseline (94.3%), while maintaining an inference latency of only 7.26 seconds—well within secondary radar update cycle constraints. It significantly enhances generalization against previously unseen attacks and establishes a deployable paradigm for low-latency, high-robustness aviation communication security monitoring.

With the growing reliance on the vulnerable Automatic Dependent Surveillance-Broadcast (ADS-B) protocol in air traffic management (ATM), ensuring security is critical. This study investigates emerging machine learning models and training strategies to improve AI-based intrusion detection systems (IDS) for ADS-B. Focusing on ground-based ATM systems, we evaluate two deep learning IDS implementations: one using a transformer encoder and the other an extended Long Short-Term Memory (xLSTM) network, marking the first xLSTM-based IDS for ADS-B. A transfer learning strategy was employed, involving pre-training on benign ADS-B messages and fine-tuning with labeled data containing instances of tampered messages. Results show this approach outperforms existing methods, particularly in identifying subtle attacks that progressively undermine situational awareness. The xLSTM-based IDS achieves an F1-score of 98.9%, surpassing the transformer-based model at 94.3%. Tests on unseen attacks validated the generalization ability of the xLSTM model. Inference latency analysis shows that the 7.26-second delay introduced by the xLSTM-based IDS fits within the Secondary Surveillance Radar (SSR) refresh interval (5-12 s), although it may be restrictive for time-critical operations. While the transformer-based IDS achieves a 2.1-second latency, it does so at the cost of lower detection performance.