skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Manipulating Drone Position Control
Although consumer drones have been used in many attacks, besides specific methods such as jamming, very little research has been conducted on systematical methods to counter these drones. In this paper, we develop generic methods to compromise drone position control algorithms in order to make malicious drones deviate from their targets. Taking advantage of existing methods to remotely manipulate drone sensors through cyber or physical attacks (e.g., [1], [2]), we exploited the weaknesses of position estimation and autopilot controller algorithms on consumer drones in the proposed attacks. For compromising drone position control, we first designed two state estimation attacks: a maximum False Data Injection (FDI) attack and a generic FDI attack that compromised the Kalman-Filter-based position estimation (arguably the most popular method). Furthermore, based on the above attacks, we proposed two attacks on autopilot-based navigation, to compromise the actual position of a malicious drone. To the best of our knowledge, this is the first piece of work in this area. Our analysis and simulation results show that the proposed attacks can significantly affect the position estimation and the actual positions of drones. We also proposed potential countermeasures to address these attacks.  more » « less
Award ID(s):
1662487
PAR ID:
10127231
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2019 IEEE Conference on Communications and Network Security (CNS)
Page Range / eLocation ID:
1 to 9
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 2019 International Conference on Unmanned Aircraft Systems (ICUAS))
    While more and more consumer drones are abused in recent attacks, there is still very little systematical research on countering malicious consumer drones. In this paper, we focus on this issue and develop effective attacks to common autopilot control algorithms to compromise the flight paths of autopiloted drones, e.g., leading them away from its preset paths. We consider attacking an autopiloted drone in three phases: attacking its onboard sensors, attacking its state estimation, and attacking its autopilot algorithms. Several firstphase attacks have been developed (e.g., [1]–[4]); second-phase attacks (including our previous work [5], [6]) have also been investigated. In this paper, we focus on the third-phase attacks. We examine three common autopilot algorithms, and design several attacks by exploiting their weaknesses to mislead a drone from its preset path to a manipulated path. We present the formal analysis of the scope of such manipulated paths. We further discuss how to apply the proposed attacks to disrupt preset drone missions, such as missing a target in searching an area or misleading a drone to intercept another drone, etc. Many potential attacks can be built on top of the proposed attacks. We are currently investigating different models to apply such attacks on common drone missions and also building prototype systems on ArduPilot for real world tests. We will further investigate countermeasures to address the potential damages. 
    more » « less
  2. ; ; (, IEEE Consumer Communications and Networking Conference (CCNC))
    Although some existing counterdrone measures can disrupt the invasion of certain consumer drone, to the best of our knowledge, none of them can accurately redirect it to a given location for defense. In this paper, we proposed a Drone Position Manipulation (DPM) attack to address this issue by utilizing the vulnerabilities of control and navigation algorithms used on consumer drones. As such drones usually depend on GPS for autopiloting, we carefully spoof GPS signals based on where we want to redirect a drone to, such that we indirectly affect its position estimates that are used by its navigation algorithm. By carefully manipulating these states, we make a drone gradually move to a path based on our requirements. This unique attack exploits the entire stack of sensing, state estimation, and navigation control together for quantitative manipulation of flight paths, different from all existing methods. In addition, we have formally analyzed the feasible range of redirected destinations for a given target. Our evaluation on open-source ArduPilot system shows that DPM is able to not only accurately lead a drone to a redirected destination but also achieve a large redirection range. 
    more » « less
  3. ; ; ; ; (, IEEE Transactions on Control of Network Systems)
    Graph signal processing (GSP) has emerged as a powerful tool for practical network applications, including power system monitoring. Recent research has focused on developing GSP-based methods for state estimation, attack detection, and topology identification using the representation of the power system voltages as smooth graph signals. Within this framework, efficient methods have been developed for detecting false data injection (FDI) attacks, which until now were perceived as nonsmooth with respect to the graph Laplacian matrix. Consequently, these methods may not be effective against smooth FDI attacks. In this paper, we propose a graph FDI (GFDI) attack that minimizes the Laplacian-based graph total variation (TV) under practical constraints. We present the GFDI attack as the solution for a non-convex constrained optimization problem. The solution to the GFDI attack problem is obtained through approximating it using ℓ1 relaxation. A series of quadratic programming problems that are classified as convex optimization problems are solved to obtain the final solution. We then propose a protection scheme that identifies the minimal set of measurements necessary to constrain the GFDI output to a high graph TV, thereby enabling its detection by existing GSP-based detectors. Our numerical simulations on the IEEE-57 and IEEE-118 bus test cases reveal the potential threat posed by well-designed GSP-based FDI attacks. Moreover, we demonstrate that integrating the proposed protection design with GSP-based detection can lead to significant hardware cost savings compared to previous designs of protection methods against FDI attacks. 
    more » « less
  4. ; (, SAE International Journal of Connected and Automated Vehicles)
    Connected and autonomous vehicles (CAVs) rely on communication channels to improve safety and efficiency. However, this connectivity leaves them vulnerable to potential cyberattacks, such as false data injection (FDI) attacks. We can mitigate the effect of FDI attacks by designing secure control techniques. However, tuning control parameters is essential for the safety and security of such techniques, and there is no systematic approach to achieving that. In this article, our primary focus is on cooperative adaptive cruise control (CACC), a key component of CAVs. We develop a secure CACC by integrating model-based and learning-based approaches to detect and mitigate FDI attacks in real-time. We analyze the stability of the proposed resilient controller through Lyapunov stability analysis, identifying sufficient conditions for its effectiveness. We use these sufficient conditions and develop a reinforcement learning (RL)-based tuning algorithm to adjust the parameter gains of the controller, observer, and FDI attack estimator, ensuring the safety and security of the developed CACC under varying conditions. We evaluated the performance of the developed controller before and after optimizing parameters, and the results show about a 50% improvement in accuracy of the FDI attack estimation and a 76% enhancement in safe following distance with the optimized controller in each scenario. 
    more » « less
  5. ; ; ; ; ; (, ACM Transactions on Cyber-Physical Systems)
    Cheapcommercial off-the-shelf (COTS)First-Person View (FPV)drones have become widely available for consumers in recent years. Unfortunately, they also provide low-cost attack opportunities to malicious users. Thus, effective methods to detect the presence of unknown and non-cooperating drones within a restricted area are highly demanded. Approaches based on detection of drones based on emitted video stream have been proposed, but were not yet shown to work against other similar benign traffic, such as that generated by wireless security cameras. Most importantly, these approaches were not studied in the context of detecting new unprofiled drone types. In this work, we propose a novel drone detection framework, which leverages specific patterns in video traffic transmitted by drones. The patterns consist of repetitive synchronization packets (we call pivots), which we use as features for a machine learning classifier. We show that our framework can achieve up to 99% in detection accuracy over an encrypted WiFi channel using only 170 packets originated from the drone within 820ms time period. Our framework is able to identify drone transmissions even among very similar WiFi transmissions (such as video streams originated from security cameras) as well as in noisy scenarios with background traffic. Furthermore, the design of our pivot features enables the classifier to detect unprofiled drones in which the classifier has never trained on and is refined using a novel feature selection strategy that selects the features that have the discriminative power of detecting new unprofiled drones. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email