Abstract:There is a space of uncertainty in the modeling of vehicular dynamics of autonomous systems due to noise in sensor readings, environmental factors or modeling errors. We present Requiem, a software-only, blackbox approach that exploits this space in a stealthy manner causing target systems, e.g., unmanned aerial vehicles (UAVs), to significantly deviate from their mission parameters. Our system achieves this by modifying sensor values, all while avoiding detection by onboard anomaly detectors (hence, "stealthy"). The Requiem framework uses a combination of multiple deep learning models (that we refer to as "surrogates" and "spoofers") coupled with extensive, realistic simulations on a software-in-the-loop quadrotor UAV system. Requiem makes no assumptions about either the (types of) sensors or the onboard state estimation algorithm(s) -- it works so long as the latter is "learnable". We demonstrate the effectiveness of our system using various attacks across multiple missions as well as multiple sets of statistical analyses. We show that Requiem successfully exploits the modeling errors (i.e., causes significant deviations from planned mission parameters) while remaining stealthy (no detection even after {tens of meters of deviations}) and are generalizable (Requiem has potential to work across different attacks and sensor types).

What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve the problem of covert attacks that unmanned autonomous vehicles (such as drones) may suffer during mission execution. Specifically, the authors propose a framework named REQUIEM, which takes advantage of the uncertainty and error space in the state estimation models (such as the Extended Kalman Filter, EKF) in the autonomous driving system. It modifies sensor data to lead the target system to deviate from its predetermined mission parameters while remaining covert to avoid being detected by the on - board anomaly detector. #### Main problems and challenges: 1. **Sensor noise and environmental factors**: - There is uncertainty in the vehicle dynamics modeling of the autonomous system, which is caused by noise in sensor readings, environmental factors, or modeling errors. 2. **Requirement for covert attacks**: - Attackers need to make unmanned autonomous vehicles deviate significantly from their mission parameters without being detected. This means that the attack must be covert enough not to trigger any anomaly detection mechanisms. 3. **Generality and adaptability**: - The attack framework needs to be applicable to different types of missions and sensors, and does not require detailed knowledge of internal algorithms, that is, a black - box approach is adopted. #### Main features of the REQUIEM framework: - **Covertness**: By modifying sensor values, the system is made to deviate significantly from mission parameters, but these modified values are still close to the normal range, thus avoiding detection. - **Generality**: REQUIEM does not depend on specific sensor types or state estimation algorithms, as long as the latter are "learnable". - **Deep - learning models**: Multiple deep - learning models (called "surrogate models" and "forgers") are used, combined with extensive and realistic simulations of the Software - in - the - Loop (SITL) quadrotor drone system. #### Experimental verification: - The authors demonstrate the effectiveness of REQUIEM through multiple attacks and multiple sets of statistical analysis, proving that it can successfully utilize modeling errors to cause significant deviations while remaining covert and having wide applicability. In conclusion, the core problem of this paper is to develop a covert attack framework that can make unmanned autonomous vehicles deviate from their predetermined mission paths without affecting safety detection.

Requiem for a drone: a machine-learning based framework for stealthy attacks against unmanned autonomous vehicles

Stealthy Perception-based Attacks on Unmanned Aerial Vehicles

SoK: Rethinking Sensor Spoofing Attacks Against Robotic Vehicles from a Systematic View.

Secure Control Systems for Autonomous Quadrotors against Cyber-Attacks

Intercepting Unauthorized Aerial Robots in Controlled Airspace Using Reinforcement Learning

QUADFormer: Learning-based Detection of Cyber Attacks in Quadrotor UAVs

Deep reinforcement learning aided secure UAV communications in the presence of moving eavesdroppers

A Motion Camouflage-Inspired Path Planning Method for UAVs Based on Reinforcement Learning

Robust Adversarial Attacks Detection based on Explainable Deep Reinforcement Learning For UAV Guidance and Planning

Multi-Agent System for Rogue Drone Interception

UAV Multi-Dynamic Target Interception: A Hybrid Intelligent Method Using Deep Reinforcement Learning and Fuzzy Logic

RTT-Based Rogue UAV Detection in IoV Networks

UAV Detection Using Reinforcement Learning

Game of Drones: Multi-UAV Pursuit-Evasion Game With Online Motion Planning by Deep Reinforcement Learning

Application of Deep Reinforcement Learning to Defense and Intrusion Strategies Using Unmanned Aerial Vehicles in a Versus Game

Chasing the Intruder: A Reinforcement Learning Approach for Tracking Intruder Drones

Evasion Attacks on Deep Learning-Based Helicopter Recognition Systems

Unmanned Aerial Vehicle Intrusion Detection: Deep-Meta-Heuristic System

An Application of Inverse Reinforcement Learning to Estimate Interference in Drone Swarms

Remote Attacks on Drones Vision Sensors: an Empirical Study

Deep Reinforcement Learning-Driven Reconfigurable Intelligent Surface-Assisted Radio Surveillance with a Fixed-Wing UAV.