Simon Shigol (Ben Gurion University of the Negev), Roy Peled (Ben Gurion University of the Negev), Avishag Shapira (Ben Gurion University of the Negev), Yuval Elovici (Ben Gurion University of the Negev), Asaf Shabtai (Ben Gurion University of the Negev)
Machine learning (ML) is increasingly embedded in satellite systems, supporting both operational tasks and payload services. While ML provides greater efficiency and autonomy, it also exposes satellite systems to a new class of vulnerabilities known as adversarial ML (AML). Although AML threats have been studied extensively in other domains, their impact on satellite systems, which operate with limited power and computing resources and under latency-critical conditions, remains unexplored. This paper presents a structured risk assessment of AML threats to satellite ML applications. We review common types of cyber threats and AML techniques, providing clear definitions of AML categories and their relevance to satellite ML applications. We then map these threats to satellite operations and payloads, constructing a domain-specific framework that categorizes how adversarial attacks manifest under space conditions. Leveraging this framework, we apply a risk assessment methodology to evaluate the feasibility of attacks and their potential impact on missions. Our findings show that tasks such as anti-jamming control and telemetry-based fault detection are especially vulnerable, with integrity-focused attacks posing the most significant risk to the evaluated applications. In contrast, privacy-focused threats such as membership inference pose less risk in practice. We also suggest mitigation strategies tailored to space, including adversarial training, resilient data pipelines, and runtime monitoring. The results of our risk assessment highlight the need for further research aimed at strengthening ML security in aerospace environments and provide a foundation for the deployment of trustworthy ML in space missions.