Low-Earth Orbit (LEO) mega-constellations such as Starlink by SpaceX and Kuiper by Amazon rely on optical Inter-Satellite Links (ISLs) for autonomous mesh routing to provide low-latency telecommunication, Internet of Things (IoT), and security services globally. As commercial operators and governments deploy increasingly dense constellations and form multi-operator peering coalitions, ISL integrity becomes critical to both commercial availability and national security. However, there is a lack of real-world data for LEO constellations and existing real-time security approaches focus strictly on physical layer security, leaving blind spots in the coverage of network-layer and composite attacks. In this paper, we present a cross-layer, lightweight behavioral fingerprinting framework that fuses onboard physical-layer measurements with network-layer data to detect anomalies at low computational overhead. We construct an orbital simulation covering the first shells of Starlink (1,584 satellites), Kuiper (1,156 satellites), and a joint multi-operator peering scenario (2,740 satellites), injecting ten attack types that span spoofing, traffic manipulation, and routing subversion at varying severity. We evaluate three unsupervised, per-satellite detectors among which our Mahalanobis-distance-based detector achieves 99.5% recall on Starlink, 99.4% on Kuiper, and 94.8\% on the multi-operator constellation, while maintaining False Positive Rates (FPR) below 0.7%. Our results demonstrate that cross-layer feature fusion is not only necessary for comprehensive security of LEO constellations but highly cost-effective for large-scale networks while fitting into the strict onboard energy budgets of resource-constrained satellites.

翻译：低地球轨道（LEO）巨型星座（如SpaceX的Starlink与Amazon的Kuiper）依赖光学星间链路（ISL）实现自主网状路由，以在全球范围内提供低延迟的电信服务、物联网（IoT）及安全服务。随着商业运营商和政府部署日益密集的星座并组建多运营商对等联盟，ISL的完整性对商业可用性和国家安全均变得至关重要。然而，现实LEO星座数据缺乏，现有实时安全方法严格局限于物理层安全，导致网络层攻击及复合攻击存在盲区。本文提出一种轻量级跨层行为指纹识别框架，通过融合星载物理层测量数据与网络层数据，以低计算开销检测异常。我们构建了包含Starlink第一层（1,584颗卫星）、Kuiper第一层（1,156颗卫星）及联合多运营商对等场景（2,740颗卫星）的轨道仿真，注入十种涵盖欺骗、流量操控及路由颠覆攻击（具有不同严重程度）。评估了三种基于单星的无监督检测器，其中基于马氏距离的检测器在Starlink星座中达到99.5%的召回率，Kuiper星座中达到99.4%，多运营商星座中达到94.8%，同时保持假阳性率（FPR）低于0.7%。结果表明，跨层特征融合不仅是实现LEO星座全面安全的必要条件，而且对于大规模网络具有极高的成本效益，同时能够适应资源受限卫星的严格星载能量预算。