Dynamic Sensor Processing for Securing Unmanned Vehicles

Quinonez, Raul; Salazar, Luis E.; Giraldo, Jairo; Cárdenas, Álvaro A.

doi:10.1007/978-3-030-61725-7_30

Cited by 6 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This injecting environment is equivalent to the attack model in which an attacker knows the UAV's true position described in the gray box attack. This assumption of equivalent is similarly used in [23], [24]. Experiments using real sensors were verified only in the gray box model because white box attacks or black box attacks are almost difficult or inevitably detectable in real environments.…”

Section: B Physical Resultsmentioning

confidence: 99%

An Analysis of GPS Spoofing Attack and Efficient Approach to Spoofing Detection in PX4

Jung,

Hong,

Choi

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Unmanned Aerial Vehicles (UAVs) are aerial vehicles that can go to a particular position without human control or with remote human control. It is because unmanned control mainly relies on position estimation that a lot of research has been studied on GPS spoofing attacks. Detection methods against GPS spoofing attacks mainly include monitoring RF signals or IMU sensor values inside UAVs. In this work, we analyze GPS attack and detection in an advanced autopilot system, PX4 without excluding RF detection. Recent studies have shown that GPS spoofing is unable to evade the detection using EKF sensor fusion. Therefore, this paper experiment whether the detection could be evaded by strengthening the attacker model. This paper classifies attacker models according to whether an attacker knows the true position of UAVs or the estimated position by UAV and proposed attack methods depending on each model in PX4. We inject GPS value which our attack method intends to UAV during mission flight in simulation environment. By manipulating the GPS driver code of PX4 controller, we inject GPS value the attack method wants into UAV in physical environment. Finally, we observed the innovation test ratio during GPS spoofing and demonstrate that GPS spoofing attack is possible keeping the innovation test ratio under the anomaly detection criterion. After that, we proposed our approach which scales the EKF's Kalman gain randomly to increase the detection method's efficiency and experiment with the attack methods. This detection method has little effect on the test ratio without the attack. But during the attack, the innovation test ratio was increased higher than the anomaly detection criterion so that the attack could be detected.

show abstract

Section: B Physical Resultsmentioning

confidence: 99%

An Analysis of GPS Spoofing Attack and Efficient Approach to Spoofing Detection in PX4

Jung,

Hong,

Choi

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Physics-based anomaly detection: Physics-based (also called model-based) anomaly detection is an alternative to the data-driven (also called model-free [20]) approaches used in this work [26]. Physics-based anomaly-detection models the physical process with a set of equations and is best suited for systems that closely follow the laws of physics, such as robotic motion [16], [50] or electric power grids [44], [57]. Properly implementing such approaches requires a strong understanding of the physical system, and attributions are less likely to be needed for fault diagnosis.…”

Section: E Alternatives To Attribution For Ics Anomaly Detectionmentioning

confidence: 99%

“…Considering that 50 timesteps are used for the model input, we divide attacks based on if t ∈ [0, 49], t ∈ [50, 99], or t ∈ [100, end]. For most cases, the AvgRank is lowest when t ∈[50, 99]. We categorize each attack by its detection time t relative to the start of the anomaly (considered t = 0), dividing into cases where the detection is early (t ∈ [0, 49]), slightly late t ∈[50, 99], or very late (t ∈ [100, end]).…”

mentioning

confidence: 99%

Attributions for ML-based ICS Anomaly Detection: From Theory to Practice

Fung,

Zeng,

Bauer

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Industrial Control Systems (ICS) govern critical infrastructure like power plants and water treatment plants. ICS can be attacked through manipulations of its sensor or actuator values, causing physical harm. A promising technique for detecting such attacks is machine-learning-based anomaly detection, but it does not identify which sensor or actuator was manipulated and makes it difficult for ICS operators to diagnose the anomaly's root cause. Prior work has proposed using attribution methods to identify what features caused an ICS anomaly-detection model to raise an alarm, but it is unclear how well these attribution methods work in practice. In this paper, we compare state-of-the-art attribution methods for the ICS domain with real attacks from multiple datasets. We find that attribution methods for ICS anomaly detection do not perform as well as suggested in prior work and identify two main reasons. First, anomaly detectors often detect attacks either immediately or significantly after the attack start; we find that attributions computed at these detection points are inaccurate. Second, attribution accuracy varies greatly across attack properties, and attribution methods struggle with attacks on categorical-valued actuators. Despite these challenges, we find that ensembles of attributions can compensate for weaknesses in individual attribution methods. Towards practical use of attributions for ICS anomaly detection, we provide recommendations for researchers and practitioners, such as the need to evaluate attributions with diverse datasets and the potential for attributions in non-real-time workflows.

show abstract

“…Attacks on a C2 system's input data may include physics-based or transduction attacks on the sensors by injection of erroneous information. 23 Let us consider the Theater Air Control System (TACS) in the United States Air Force (USAF) as a tangible example of a military C2 system; 24 see a simplified representation in Figure 3. 1 There are three types of units shown in light grey, white and dark grey respectively corresponding to USAF, United States Army and Joint Force units.…”

Section: Forecasting With Poisoned Temporal Batch Data Within C2mentioning

confidence: 99%

Command and control with poisoned temporal batch data

Ekin,

Garega

2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

Data manipulation could alter the performance of joint all domain command and-control decisions (JADC2). We present a Bayesian decision theoretic approach for adversarial forecasting when the underlying data collected over time is subject to attack from intelligent adversaries. Proposed adversarial risk analysis-based framework allows incomplete information and uncertainty. We solve the adversary's poisoning decision problem where he manipulates batch data being inputted into the forecasting method of statistical autoregressive models. The findings show the vulnerability of forecasting models under adversarial activities. We discuss potential defender strategies.

show abstract

Dynamic Sensor Processing for Securing Unmanned Vehicles

Cited by 6 publications

References 6 publications

An Analysis of GPS Spoofing Attack and Efficient Approach to Spoofing Detection in PX4

An Analysis of GPS Spoofing Attack and Efficient Approach to Spoofing Detection in PX4

Attributions for ML-based ICS Anomaly Detection: From Theory to Practice

Command and control with poisoned temporal batch data

Contact Info

Product

Resources

About