Junqi Zhang,Linqing Hu,Jizhong Zheng,Shaoyin Cheng,Weiming Zhang,Nenghai Yu

DOI: https://doi.org/10.1109/icicn62625.2024.10761896

2024-01-01

Abstract:This study investigates the vulnerability of error-state Kalman filter (ESKF) based IMU-GPS fusion localization systems to false data injection attacks. Through systematic analysis of the ESKF's internal structure and update mechanism, we derive the recursive relationships governing position and velocity deviations resulting from injected false data. Our findings reveal that position deviation is a function of previous deviation, lateral velocity, and injected data, while lateral velocity is influenced by the differential between injected data and current deviation, as well as the previous lateral velocity. Leveraging these insights, we propose a novel false data injection strategy formulated as a constrained optimization problem, designed to minimize attack energy while achieving desired deviations. Building upon the derived model, we systematically identify optimal solutions that achieve desired position deviations with minimal data injection. Extensive simulations conducted under diverse scenarios demonstrate the efficacy of our proposed method. Furthermore, our results elucidate discrepancies between theoretical predictions and experimental outcomes, highlighting the complexities inherent in real-world applications. This research underscores the need for more secure multi-sensor fusion localization algorithms.

Linqing Hu,Junqi Zhang,Jie Zhang,Shaoyin Cheng,Yuyi Wang,Weiming Zhang,Nenghai Yu

DOI: https://doi.org/10.1016/j.inffus.2024.102822

IF: 18.6

2024-01-01

Information Fusion

Abstract:Multi-sensor Fusion (MSF) algorithms are critical components in modern autonomous driving systems, particularly in localization and AI-powered perception modules, which play a vital role in ensuring vehicle safety. The Error-State Kalman Filter (ESKF), specifically employed for localization fusion, is widely recognized for its robustness and accuracy in MSF implementations. While existing studies have demonstrated the vulnerability of ESKF to sensor spoofing attacks, these works have primarily focused on a black-box implementation, leading to an insufficient security analysis. Specifically, due to the lack of theoretical guidance in previous methods, these studies have consistently relied on exponential functions to fit attack sequences across all scenarios. As a result, the attacker had to explore an extensive parameter space to identify effective attack sequences, lacking the ability to adaptively generate optimal ones. This paper aims to fill this crucial gap by conducting a thorough security analysis of the ESKF model and presenting a simple approach for modeling injection errors in these systems. By utilizing this error modeling, we introduce a new attack strategy that employs constrained optimization to reduce the energy needed to reach the same deviation target, guaranteeing that the attack is both efficient and effective. This method increases the stealthiness of the attack, making it harder to detect. Unlike previous methods, our approach can dynamically produce nearly perfect injection signals without requiring multiple attempts to find the best parameter combination in different scenarios. Through extensive simulations and real-world experiments, we demonstrate the superiority of our method compared to state-of-the-art attack strategies. Our results indicate that our approach requires significantly less injection energy to achieve the same deviation target. Additionally, we validate the practical applicability and impact of our method through end-to-end testing on an AI-powered autonomous driving system.

Chaoqun Yang,Li Feng,Heng Zhang,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/tsipn.2018.2790361

2018-01-01

IEEE Transactions on Signal and Information Processing over Networks

Abstract:Networked radar systems are vulnerable to different types of attacks, including electronic countermeasure (ECM) jamming and false data injection (FDI) attack. Substantial research has concentrated on ECM jamming, which interferes with radar echoes between a radar and targets. However, FDI attack in which an attacker somehow replaces or modifies radars' measurements, has rarely been considered. FDI attack is much stealthier than ECM jamming, making detection more difficult. In this paper, we take the first attempt to investigate the FDI attack's effects on a networked radar system. Further, we propose a novel data fusion algorithm to combat this attack. The proposed algorithm can dramatically reduce the attack's adverse effects, since it creatively introduces data's confidence factors into data fusion and adaptively decreases the fusion weights of the injected data. Numerical results verify the effectiveness of the proposed algorithm.

Jinxing Hua,Fei Hao

DOI: https://doi.org/10.1016/j.isatra.2022.06.015

Abstract:This article investigates a security problem in cyber-physical systems under multisensory framework. Data packets from each sensor are transmitted to a remote estimator through wireless channels which could be attacked by a attacker and injected false data. Based on the data of reliable sensors and the relativity between reliable and unreliable sensors, a revised multi-sensor Kalman filter fusion algorithm is proposed. Under the proposed algorithm, an optimal linear false data injection attack strategy which is more general with an arbitrary mean of Gaussian distribution is designed. To further improve the detection performance, an Expected SARSA-based attack detection algorithm is proposed. Finally, simulation results based on an unmanned aerial vehicle are provided to illustrate the feasibility and efficiency of the obtained results.

Wenbin Wan,Hunmin Kim,Naira Hovakimyan,Lui Sha,Petros G. Voulgaris

DOI: https://doi.org/10.1109/cdc42340.2020.9304304

2020-12-14

Abstract:Unmanned aerial vehicles (UAVs) suffer from sensor drifts in GPS denied environments, which can lead to potentially dangerous situations. To avoid intolerable sensor drifts in the presence of GPS spoofing attacks, we propose a safety constrained control framework that adapts the UAV at a path re-planning level to support resilient state estimation against GPS spoofing attacks. The attack detector is used to detect GPS spoofing attacks and provides a switching criterion between the robust control mode and emergency control mode. An attacker location tracker (ALT) is developed to track the attacker’s location and estimate the spoofing device’s output power by the unscented Kalman filter (UKF) with sliding window outputs. Using the estimates from ALT, we design an escape controller (ESC) based on the model predictive controller (MPC) such that the UAV escapes from the effective range of the spoofing device within the escape time.

Ji Hyuk Jung,Mi Yeon Hong,Hyeongjun Choi,Ji Won Yoon

DOI: https://doi.org/10.1109/access.2024.3382543

IF: 3.9

2024-04-05

IEEE Access

Abstract:Unmanned Aerial Vehicles (UAVs) are aerial vehicles that can go to a particular position without human control or with remote human control. It is because unmanned control mainly relies on position estimation that a lot of research has been studied on GPS spoofing attacks. Detection methods against GPS spoofing attacks mainly include monitoring RF signals or IMU sensor values inside UAVs. In this work, we analyze GPS attack and detection in an advanced autopilot system, PX4 without excluding RF detection. Recent studies have shown that GPS spoofing is unable to evade the detection using EKF sensor fusion. Therefore, this paper experiment whether the detection could be evaded by strengthening the attacker model. This paper classifies attacker models according to whether an attacker knows the true position of UAVs or the estimated position by UAV and proposed attack methods depending on each model in PX4. We inject GPS value which our attack method intends to UAV during mission flight in simulation environment. By manipulating the GPS driver code of PX4 controller, we inject GPS value the attack method wants into UAV in physical environment. Finally, we observed the innovation test ratio during GPS spoofing and demonstrate that GPS spoofing attack is possible keeping the innovation test ratio under the anomaly detection criterion. After that, we proposed our approach which scales the EKF's Kalman gain randomly to increase the detection method's efficiency and experiment with the attack methods. This detection method has little effect on the test ratio without the attack. But during the attack, the innovation test ratio was increased higher than the anomaly detection criterion so that the attack could be detected.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhao, Wenjie,Fang, Zhou,Li, Ping

DOI: https://doi.org/10.1109/ISIE.2013.6563618

2013-01-01

Abstract:The accuracy of the most commonly used integrated navigation system of inertial navigation system (INS) and global navigation satellite system (GNSS) is greatly influenced by the quality of satellite signals. Based on the most commonly used navigation system that is equipped with barometer and airspeedometer, a new navigation algorithm is proposed for fixed-wing unmanned aerial vehicles (UAVs) to bridge GNSS outages. We estimate the constant component of wind and subtract it from the airspeed to obtain the ground velocity in the presence of GNSS outages. Then, a centripetal force model is introduced to estimate the motion acceleration. Compensated by this acceleration, the gravity vector can be extracted from the accelerometer measurement. Finally, an extended Kalman filter (EKF) is used to integrate the reconstructed system. The presented algorithm is implemented and the hardware-in-loop simulation results illustrate that the new method significantly improves the accuracy for dynamic navigation relative to INS-only solutions during GNSS outages. © 2013 IEEE.

Liping Chen,Minghua Sun,Li Wang

DOI: https://doi.org/10.2478/pomr-2024-0012

2024-03-01

Polish Maritime Research

Abstract:Abstract The results of studies on a trajectory-tracking problem affected by false data injection attacks (FDIAs) and internal and external uncertainties are presented in this paper. In view of the FDIAs experienced by the system, we compensate for the serious navigation deviation caused by malicious attacks by designing an online approximator. Next, we study the internal and external uncertainties introduced by environmental factors, system parameter fluctuations, or sensor errors, and we design adaptive laws for these uncertainties to approximate their upper bounds. To further enhance the response velocity and stability of the system, we introduce finite-time technology to ensure that the unmanned underactuated surface vessels (USVs) reach the predetermined trajectory-tracking target within finite time. To further reduce the update frequency of the controller, we introduced event-triggered control (ETC) technology. This saves the system’s communication resources and optimizes the system. Through Lyapunov stability theory, a strict and complete stability analysis is provided for the control scheme. Finally, the effectiveness of the control scheme is verified using two sets of simulations.

engineering, marine

Sagar Dasgupta,Kazi Hassan Shakib,Mizanur Rahman

2024-01-03

Abstract:In this paper, we validate the performance of the a sensor fusion-based Global Navigation Satellite System (GNSS) spoofing attack detection framework for Autonomous Vehicles (AVs). To collect data, a vehicle equipped with a GNSS receiver, along with Inertial Measurement Unit (IMU) is used. The detection framework incorporates two strategies: The first strategy involves comparing the predicted location shift, which is the distance traveled between two consecutive timestamps, with the inertial sensor-based location shift. For this purpose, data from low-cost in-vehicle inertial sensors such as the accelerometer and gyroscope sensor are fused and fed into a long short-term memory (LSTM) neural network. The second strategy employs a Random-Forest supervised machine learning model to detect and classify turns, distinguishing between left and right turns using the output from the steering angle sensor. In experiments, two types of spoofing attack models: turn-by-turn and wrong turn are simulated. These spoofing attacks are modeled as SQL injection attacks, where, upon successful implementation, the navigation system perceives injected spoofed location information as legitimate while being unable to detect legitimate GNSS signals. Importantly, the IMU data remains uncompromised throughout the spoofing attack. To test the effectiveness of the detection framework, experiments are conducted in Tuscaloosa, AL, mimicking urban road structures. The results demonstrate the framework's ability to detect various sophisticated GNSS spoofing attacks, even including slow position drifting attacks. Overall, the experimental results showcase the robustness and efficacy of the sensor fusion-based spoofing attack detection approach in safeguarding AVs against GNSS spoofing threats.

Cryptography and Security,Artificial Intelligence

Kartik A. Pant,Li-Yu Lin,Jaehyeok Kim,Worawis Sribunma,James M. Goppert,Inseok Hwang

2024-07-12

Abstract:We present a high-fidelity Mixed Reality sensor emulation framework for testing and evaluating the resilience of Unmanned Aerial Vehicles (UAVs) against false data injection (FDI) attacks. The proposed approach can be utilized to assess the impact of FDI attacks, benchmark attack detector performance, and validate the effectiveness of mitigation/reconfiguration strategies in single-UAV and UAV swarm operations. Our Mixed Reality framework leverages high-fidelity simulations of Gazebo and a Motion Capture system to emulate proprioceptive (e.g., GNSS) and exteroceptive (e.g., camera) sensor measurements in real-time. We propose an empirical approach to faithfully recreate signal characteristics such as latency and noise in these measurements. Finally, we illustrate the efficacy of our proposed framework through a Mixed Reality experiment consisting of an emulated GNSS attack on an actual UAV, which (i) demonstrates the impact of false data injection attacks on GNSS measurements and (ii) validates a mitigation strategy utilizing a distributed camera network developed in our previous work. Our open-source implementation is available at \href{<a class="link-external link-https" href="https://github.com/CogniPilot/mixed" rel="external noopener nofollow">this https URL</a>\_sense}{\texttt{<a class="link-external link-https" href="https://github.com/CogniPilot/mixed" rel="external noopener nofollow">this https URL</a>\_sense}}

Robotics

Xian-Chun Zheng,Hung-Min Sun

DOI: https://doi.org/10.18494/sam.2020.2783

IF: 1.2

2020-01-01

Sensors and Materials

Abstract:With the booming growth of unmanned aerial vehicles (UAVs, drones) in recent years, especially for commercial and recreational aerial photography UAVs, the safety issues of civilians and security problems of sensitive information are causing much concern. Some studies have confirmed that many attacks against UAVs are highly connected to the vulnerabilities of the civil global positioning system (GPS). The transparency and predictability of unencrypted civil GPS signals make them easy to counterfeit. Furthermore, owing to the development of software-defined radio (SDR) in recent years, launching a civil GPS spoofing attack is no longer expensive. GPS spoofing against drones using SDR devices has severely threatened their flight security and personal safety. In this study, we demonstrated three UAV hijacking attacks using HackRF One, an SDR device, with corresponding open source projects. We also proved that launching such threatening attacks is not expensive and such attacks are easy to control. We also propose some possible approaches to enhance the security of UAV location information.

Jie Su,Jianping He,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1016/j.ifacol.2016.10.412

2016-01-01

IFAC-PapersOnLine

Abstract:GPS is of great importance for autopilot of an Unmanned Aerial Vehilce (UAV). Recently, GPS spoofing attack on UAV has attracted widespread research interests due to the vulnerability of civilian GPS signal. This paper specifies a scenario in which the GPS spoofing attacker intends to drive the UAV equipped with a fault detector to any arbitrary destination without triggering the detector. We formulate the problem as a constrained optimization problem, and provide an effective solution to compute the falsified GPS measurement of each time instant. In addition, we analyze and compute the largest attainable location set of the UAV under GPS spoofing attack, which quantifies the capability of GPS Spoofing attack under the constraint of the fault detector. Numerical simulations under various parameter settings are conducted to verify the results.

Yichao Chen,Guanbang Liu,Zhen Zhang,Lidong He,Shibo He

DOI: https://doi.org/10.1109/tvt.2023.3337154

IF: 6.8

2024-01-01

IEEE Transactions on Vehicular Technology

Abstract:Multiple unmanned aerial vehicle (UAV) systems are increasingly used in civilian and military applications. However, due to the open and broadcast nature of wireless communications, the control and non-payload communication (CNPC) between UAVs and ground control stations (GCSs) is vulnerable to physical (PHY) and medium access control (MAC) layer wireless attacks, such as eavesdropping, jamming, and spoofing. In this paper, we investigate the secure remote control (RC) issue in multi-UAV systems from a physical layer security (PLS) perspective. We propose a secure RC mechanism based on John Boyd's OODA loop and introduce cooperative jamming (CJ) from UAVs to safeguard control data from GCS. To quantify the uncertainty of wireless attacks from aerial and terrestrial potential attackers, we first introduce the Nakagami-m fading model and a mixed line-of-sight (LoS) / non-line-of-sight (NLoS) probability model to characterize hostile air-to-ground (A2G) channels. We then derive the conditions for successful attacks including passive/active eavesdropping, jamming and spoofing, and formulate the risks of each attack and the overall CJ efficiency based on secrecy outage probability (SOP). To optimize the trade-off between risk costs and CJ power consumption for various situations, we propose three levels of control schemes (centralized, partially centralized, and distributed) applicable at GCS or UAVs, and design three decision-making methods with differing complexities. Through simulations, we evaluate the performance of the proposed mechanism under a general scenario that provides diverse physical conditions, threat levels, and security requirements.

Xiaoyu Ye,Fujun Song,Zongyu Zhang,Rui Zhang,Qinghua Zeng

2023-10-03

Abstract:Due to the state trajectory-independent features of invariant Kalman filtering (InEKF), it has attracted widespread attention in the research community for its significantly improved state estimation accuracy and convergence under disturbance. In this paper, we formulate the full-source data fusion navigation problem for fixed-wing unmanned aerial vehicle (UAV) within a framework based on error state right-invariant extended Kalman filtering (ES-RIEKF) on Lie groups. We merge measurements from a multi-rate onboard sensor network on UAVs to achieve real-time estimation of pose, air flow angles, and wind speed. Detailed derivations are provided, and the algorithm's convergence and accuracy improvements over established methods like Error State EKF (ES-EKF) and Nonlinear Complementary Filter (NCF) are demonstrated using real-flight data from UAVs. Additionally, we introduce a semi-aerodynamic model fusion framework that relies solely on ground-measurable parameters. We design and train an Long Short Term Memory (LSTM) deep network to achieve drift-free prediction of the UAV's angle of attack (AOA) and side-slip angle (SA) using easily obtainable onboard data like control surface deflections, thereby significantly reducing dependency on GNSS or complicated aerodynamic model parameters. Further, we validate the algorithm's robust advantages under GNSS denied, where flight data shows that the maximum positioning error stays within 30 meters over a 130-second denial period. To the best of our knowledge, this study is the first to apply ES-RIEKF to full-source navigation applications for fixed-wing UAVs, aiming to provide engineering references for designers. Our implementations using MATLAB/Simulink will open source.

Robotics

Haibin Guo,Zhong-Hua Pang,Chao Li

DOI: https://doi.org/10.1109/jas.2023.124086

2024-03-19

IEEE/CAA Journal of Automatica Sinica

Abstract:Dear Editor, This letter investigates a novel stealthy false data injection (FDI) attack scheme based on side information to deteriorate the multi-sensor estimation performance of cyber-physical systems (CPSs). Compared with most existing works depending on the full system knowledge, this attack scheme is only related to attackers' sensor and physical process model. The design principle of the attack signal is derived to diverge the system estimation performance. Next, it is proven that the proposed attack scheme can successfully bypass the residual-based detector. Finally, all theoretical results are verified by numerical simulation.

automation & control systems

Yilin Mo,Emanuele Garone,Alessandro Casavola,Bruno Sinopoli

DOI: https://doi.org/10.1109/cdc.2010.5718158

2010-01-01

Abstract:In this paper we study the effect of false data injection attacks on state estimation carried over a sensor network monitoring a discrete-time linear time-invariant Gaussian system. The steady state Kalman filter is used to perform state estimation while a failure detector is employed to detect anomalies in the system. An attacker wishes to compromise the integrity of the state estimator by hijacking a subset of sensors and sending altered readings. In order to inject fake sensor measurements without being detected the attacker will need to carefully design his actions to fool the estimator as abnormal sensor measurements would result in an alarm. It is important for a designer to determine the set of all the estimation biases that an attacker can inject into the system without being detected, providing a quantitative measure of the resilience of the system to such attacks. To this end, we will provide an ellipsoidal algorithm to compute its inner and outer approximations of such set. A numerical example is presented to further illustrate the effect of false data injection attack on state estimation.

Young-Hwa Sung,Soo-Jae Park,Dong-Yeon Kim,Sungho Kim

DOI: https://doi.org/10.3390/s22239412

2022-12-02

Abstract:The navigation of small unmanned aerial vehicles (UAVs), such as quadcopters, significantly relies on the global positioning system (GPS); however, UAVs are vulnerable to GPS spoofing attacks. GPS spoofing is an attempt to manipulate a GPS receiver by broadcasting manipulated signals. A commercial GPS simulator can cause a GPS-guided drone to deviate from its intended course by transmitting counterfeit GPS signals. Therefore, an anti-spoofing technique is essential to ensure the operational safety of UAVs. Various methods have been introduced to detect GPS spoofing; however, most methods require additional hardware. This may not be appropriate for small UAVs with limited capacity. This study proposes a deep learning-based anti-spoofing method equipped with 1D convolutional neural network. The proposed method is lightweight and power-efficient, enabling real-time detection on mobile platforms. Furthermore, the performance of our approach can be enhanced by increasing training data and adjusting the network architecture. We evaluated our algorithm on the embedded board of a drone in terms of power consumption and inference time. Compared to the support vector machine, the proposed method showed better performance in terms of precision, recall, and F-1 score. Flight test demonstrated our algorithm could successfully detect GPS spoofing attacks.

Yimin Wei,Hong Li,Mingquan Lu

DOI: https://doi.org/10.1109/JSEN.2022.3143150

IF: 4.3

2022-01-01

IEEE Sensors Journal

Abstract:GNSS (Global Navigation Satellite System) spoofing has become a great threat in recent years because of its elusiveness and harmfulness. For anti-spoofing usages, utilization of additional independent sensors is a preferred choice. In this work we develop a MEMS (Micro-Electro-Mechanical-Systems) IMU (Inertial Measurement Unit) based spoofing detection and exclusion method by first analyzing the relationship between the Doppler frequency from each navigation signal and the output from the IMU and then evaluating the residual. The detector is a steady-state spoofing detector which can provide continual anti-spoofing result throughout the spoofing attack, as it only requires raw measurements from the two sensors and a rather rough prior knowledge of the position of the host. Simulations are conducted to verify the theoretical derivation and to evaluate the anti-spoofing performance of the proposed method. Field experiments are carried out and the experiment results are analyzed, in which the proposed steady-state detector exhibits improved ability of spoofing identification over traditional methods under continuous spoofing attacks, by clearly distinguishing the authentic navigation signals from the counterfeited ones. Moreover, both the simulation and the field experiment demonstrate that a prior knowledge of the position of the host with the uncertainty of hundreds of kilometers, which can be readily obtained from various methods, is acceptable for the proposed detector.

Chen Liang,Meixia Miao,Jianfeng Ma,Hongyang Yan,Qun Zhang,Xinghua Li

DOI: https://doi.org/10.1002/cpe.5925

2020-07-21

Concurrency and Computation: Practice and Experience

Abstract:<p>Most of the existing global positioning system (GPS) spoofing detection schemes are vulnerable to the generative GPS spoofing attack, or require additional auxiliary equipment and extensive signal processing capabilities, leading to defects such as low real‐time performance and large communication overhead which are not available for the unmanned aerial vehicle (UAV, also known as drone) system. Therefore, we propose a novel solution which employs information fusion based on the GPS receiver and inertial measurement unit. We use a real‐time model of tracking and calculating to derive the current position of the drones which are then contrasted with the position information received by the receiver to verify whether the presence or absence of spoofing attack. Subsequent experimental work shows that, the proposed method can accurately detect the spoof within 8 seconds, with a detection rate (DR) of 98.6%. Compared with the existing schemes, the performance of real‐time detecting is improved while the DR is ensured. Even in our worst‐case, we detect the spoof within 28 seconds after the UAV system starts its mission.</p>

Yilin Mo,B. Sinopoli

2010-01-01

Abstract:This paper analyzes the effects of false data injection attacks on Control System. We assume that the system, equipped with a Kalman filter and LQG controller, is used to monitor and control a discrete linear time invariant Gaussian system. We further assume that the system is equipped with a failure detector. An attacker wishes to destabilize the system by compromising a subset of sensors and sending corrupted readings to the state estimator. In order to inject fake sensor measurements without being detected the attacker needs to carefully design its inputs to fool the failure detector, since abnormal sensor measurements usually trigger an alarm from the failure detector. We will provide a necessary and sufficient condition under which the attacker could destabilize the system while successfully bypassing the failure detector. A design method for the defender to improve the resilience of the CPS against such kind of false data injection attacks is also provided.