[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article
Open access

Stealthy Attacks against Robotic Vehicles Protected by Control-based Intrusion Detection Techniques

Published: 22 January 2021 Publication History

Abstract

Robotic vehicles (RV) are increasing in adoption in many industrial sectors. RVs use auto-pilot software for perception and navigation and rely on sensors and actuators for operating autonomously in the physical world. Control algorithms have been used in RVs to minimize the effects of noisy sensors, prevent faulty actuator output, and, recently, to detect attacks against RVs. In this article, we demonstrate the vulnerabilities in control-based intrusion detection techniques and propose three kinds of stealthy attacks that evade detection and disrupt RV missions. We also propose automated algorithms for performing the attacks without requiring the attacker to expend significant effort or to know specific details of the RV, thus making the attacks applicable to a wide range of RVs. We demonstrate the attacks on eight RV systems including three real vehicles in the presence of an Intrusion Detection System using control-based techniques to monitor RV’s runtime behavior and detect attacks. We find that the control-based techniques are incapable of detecting our stealthy attacks and that the attacks can have significant adverse impact on the RV’s mission (e.g., deviate it significantly from its target, or cause it to crash).

References

[1]
Sridhar Adepu and Aditya Mathur. 2016. Using process invariants to detect cyber attacks on a water treatment system. In Proceedings of the IFIP International Information Security and Privacy Conference. 91--104
[2]
Ekta Aggarwal, Mehdi Karimibiuki, Karthik Pattabiraman, and André Ivanov. 2018. CORGIDS: A correlation-based generic intrusion detection system. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC’18). ACM, New York, NY, 24--35.
[3]
Chuadhry Mujeeb Ahmed, Jianying Zhou, and Aditya P. Mathur. 2018. Noise matters: Using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in CPS. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC’18). ACM, New York, NY, 566--581.
[4]
H. Alemzadeh, D. Chen, X. Li, T. Kesavadas, Z. T. Kalbarczyk, and R. K. Iyer. 2016. Targeted attacks on teleoperated surgical robots: Dynamic model-based detection and mitigation. In Proceedings of the 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’16). 395--406.
[5]
Maryam Raiyat Aliabadi, Amita Ajith Kamath, Julien Gascon-Samson, and Karthik Pattabiraman. 2017. ARTINALI: Dynamic invariant detection for cyber-physical system security. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’17). ACM, New York, NY, 349--361.
[6]
Amazon Prime [n.d.]. Amazon Prime Delivery. Retrieved January 24, 2019 from https://www.amazon.com/Amazon-Prime-Air/b?node=8037720011.
[7]
ArduPilot [n.d.]. Ardupilot—Software in the Loop. Retrieved May 24, 2018 from http://ardupilot.org/dev/docs/sitl-simulator-software-in-the-loop.html.
[8]
Aryn Baker. [n.d.]. Zipline Drone Delivery. Retrieved January 24, 2019 from http://www.flyzipline.com/.
[9]
P.-J. Bristeau, E. Dorveaux, D. Vissière, and N. Petit. 2010. Hardware and software architecture for state estimation on an experimental low-cost small-scaled helicopter. Contr. Eng. Pract. 18, 7 (2010), 733--746.
[10]
Stephen Burns. [n.d.]. Drone Meets Delivery Truck. Retrieved May 24, 2019 from https://www.ups.com/us/es/services/knowledge-center/article.page?name=drone-meets-delivery-truck8kid=cd18bdc2.
[11]
Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, and Shankar Sastry. 2009. Challenges for securing cyber physical systems. In Proceedings of the Workshop on Future Directions in Cyber-physical Systems Security. DHS.
[12]
Y. Chen, C. M. Poskitt, and J. Sun. 2018. Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP’18). IEEE Computer Society, Los Alamitos, CA, 648--660.
[13]
Grzegorz Chmaj and Henry Selvaraj. 2015. Distributed processing applications for UAV/drones: A survey. In Progress in Systems Engineering, Henry Selvaraj, Dawid Zydek, and Grzegorz Chmaj (Eds.). Springer International Publishing, Cham, 449--454.
[14]
Hongjun Choi, Sayali Kate, Yousra Aafer, Xiangyu Zhang, and Dongyan Xu. 2020. Software-based realtime recovery from sensor attacks on robotic vehicles. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID’20). USENIX Association.
[15]
Hongjun Choi, Wen-Chuan Lee, Yousra Aafer, Fan Fei, Zhan Tu, Xiangyu Zhang, Dongyan Xu, and Xinyan Deng. 2018. Detecting attacks against robotic vehicles: A control invariant approach. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, New York, NY, 801--816.
[16]
Keywhan Chung, Zbigniew T. Kalbarczyk, and Ravishankar K. Iyer. 2019. Availability attacks on computing systems through alteration of environmental control: Smart malware approach. In Proceedings of the 10th ACM/IEEE international conference on cyber-physical systems (ICCPS’19). ACM, New York, NY, 1--12.
[17]
Keywhan Chung, Xiao Li, Peicheng Tang, Zeran Zhu, Zbigniew T. Kalbarczyk, Ravishankar K. Iyer, and Thenkurussi Kesavadas. 2019. Smart malware that uses leaked control data of robotic applications: The case of Raven-II surgical robots. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID’19). USENIX Association, 337--351.
[18]
G. Dan and H. Sandberg. 2010. Stealth attacks and protection schemes for state estimators in power systems. In Proceedings of the 2010 1st IEEE International Conference on Smart Grid Communications. 214--219.
[19]
Drew Davidson, Hao Wu, Rob Jellinek, Vikas Singh, and Thomas Ristenpart. 2016. Controlling UAVs with sensor input spoofing attacks. In Proceedings of the 10th USENIX Workshop on Offensive Technologies (WOOT’16). USENIX Association.
[20]
Emlid. [n.d.]. Navio2. Retrieved from https://emlid.com/navio/.
[21]
ETH-Agile and Dexterous Robotics Lab. [n.d.]. Control Toolbox. Retrieved from https://ethz-adrl.github.io/ct/ct_doc/doc/html/index.html.
[22]
Fan Fei, Zhan Tu, Dongyan Xu, and Xinyan Deng. 2019. Learn-to-recover: Retrofitting UAVs with reinforcement learning-assisted flight control under cyber-physical attacks. In IEEE International Conference on Robotics and Automation (ICRA'20). 7358--7364.
[23]
Gene F. Franklin, J. David Powell, and Abbas Emami-Naeini. 2018. Feedback Control of Dynamic Systems (8th Ed.) (What’s New in Engineering). Pearson.
[24]
Luis Garcia, Ferdinand Brasser, Mehmet Hazar Cintuglu, Ahmad-Reza Sadeghi, Osama A. Mohammed, and Saman A. Zonouz. 2017. Hey, my malware knows physics! Attacking PLCs with physical model aware rootkit. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17).
[25]
Ian Y. Garrett and Ryan M. Gerdes. 2020. On the efficacy of model-based attack detectors for unmanned aerial systems. In Proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec’20). Association for Computing Machinery, New York, NY, 11--14.
[26]
R. M. Góes, E. Kang, R. Kwong, and S. Lafortune. 2017. Stealthy deception attacks for cyber-physical systems. In Proceedings of the 2017 IEEE 56th Annual Conference on Decision and Control (CDC’17). 4224--4230.
[27]
J. Habibi, A. Gupta, S. Carlsony, A. Panicker, and E. Bertino. 2015. MAVR: Code reuse stealthy attacks and mitigation on unmanned aerial vehicles. In Proceedings of the 2015 IEEE 35th International Conference on Distributed Computing Systems. 642--652.
[28]
D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SPS’08).
[29]
Andrew J. Hawkins. [n.d.]. UPS will use drones to deliver medical supplies in North Carolina. Retrieved May 24, 2019 from https://www.theverge.com/2019/3/26/18282291/ups-drone-delivery-hospital-nc-matternet.
[30]
Todd E. Humphreys. 2008. Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In Proceedings of the Institute of Navigation GNSS (ION GNSS’08).
[31]
JSMSim [n.d.]. JSBSim Open Source Flight Dynamics Model. Retrieved May 24, 2018 from “http://jsbsim.sourceforge.net/”.
[32]
S. Karnouskos. 2011. Stuxnet worm impact on industrial cyber-physical system security. In Proceedings of the 37th Annual Conference of the IEEE Industrial Electronics Society (IECON’11). 4490--4494.
[33]
Kyo Hyun Kim, Siddhartha Nalluri, Ashish Kashinath, Yu Wang, Sibin Mohan, Miroslav Pajic, and Bo Li. 2020. Security analysis against spoofing attacks for distributed UAVs. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). Association for Computing Machinery, New York, NY.
[34]
Taegyu Kim, Chung Hwan Kim, Junghwan Rhee, Fan Fei, Zhan Tu, Gregory Walkup, Xiangyu Zhang, Xinyan Deng, and Dongyan Xu. 2019. RVFuzzer: Finding input validation bugs in robotic vehicles through control-guided testing. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 425--442.
[35]
Robert M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the cyber attack on the ukrainian power grid. Technical report. Electricity Information Sharing and Analysis Center (E-ISAC).
[36]
J. Li and Y. Li. 2011. Dynamic analysis and PID control for a quadrotor. In Proceedings of the 2011 IEEE International Conference on Mechatronics and Automation. 573--578.
[37]
Yao Liu, Peng Ning, and Michael K. Reiter. 2009. False data injection attacks against state estimation in electric power grids. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 21--32.
[38]
L. Ljung. 1979. Asymptotic behavior of the extended Kalman filter as a parameter estimator for linear systems. IEEE Trans. Automat. Contr. 24, 1 (Feb. 1979), 36--50.
[39]
K. Manandhar, X. Cao, F. Hu, and Y. Liu. 2014. Detection of faults and attacks including false data injection attack in smart grid using kalman filter. IEEE Trans. Contr. Netw. Syst. 1, 4 (Dec. 2014), 370--379.
[40]
MATLAB. [n.d.]. System Identification Overview. Retrieved from https://www.mathworks.com/help/ident/gs/about-system-identification.html.
[41]
MATLAB. [n.d.]. System Identification Toolbox. Retrieved from https://www.mathworks.com/products/sysid.html.
[42]
S. McLaughlin and S. Zonouz. 2014. Controller-aware false data injection against programmable logic controllers. In Proceedings of the 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm’14). 848--853.
[43]
Lorenz Meier, Petri Tanskanen, Friedrich Fraundorfer, and Marc Pollefeys. 2011. Pixhawk: A system for autonomous flight using onboard computer vision. In Proceedings of the 2011 IEEE International Conference on Robotics and Automation. IEEE, 2992--2997.
[44]
MARS 2020 Mission. [n.d.]. MARS Exploration Rover. Retrieved from https://mars.nasa.gov/mer/mission/rover/.
[45]
Robert Mitchell and Ing-Ray Chen. 2012. Specification based intrusion detection for unmanned aircraft systems. In Proceedings of the 1st ACM MobiHoc Workshop on Airborne Networks and Communications. 31--36.
[46]
Robert Mitchell and Ing-Ray Chen. 2014. Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications. IEEE Trans. Syst. Man Cybernet.: Syst. 44, 5 (2014), 2014.
[47]
GNU Octave. [n.d.]. GNU Octave Scientific Programming Language. Retrieved from https://www.gnu.org/software/octave/.
[48]
Out of Control. [n.d.]. Artificial Delay Attack Demo Video. Retrieved from https://drive.google.com/open?id=1_CHITopKSraKZXnAIyeUoQZqki8fgUXe.
[49]
Out of Control. [n.d.]. False Data Injection Attack Demo Video. Retrieved from https://drive.google.com/open?id=1JgrCpwspsBiYdNvKUxeKnl-bZQ9WS_Cg.
[50]
Out of Control. [n.d.]. Switch Mode Attack Demo Video. Retrieved from https://drive.google.com/open?id=1yUSGa5GoBQYl0GTiTbcPFN5NnjBHXL-Y.
[51]
Parrot.com. [n.d.]. Bebop2. Retrieved from https://www.parrot.com/us/drones/parrot-bebop-2.
[52]
Gazebo Project. [n.d.]. Gazebo Robot Simulation. Retrieved from http://gazebosim.org/.
[53]
Raul Quinonez, Jairo Giraldo, Luis Salazar, Erick Bauman, Alvaro Cardenas, and Zhiqiang Lin. 2020. SAVIOR: Securing autonomous vehicles with robust physical invariants. In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20). USENIX Association.
[54]
Hadi Ravanbakhsh, Sina Aghli, Christoffer Heckman, and Sriram Sankaranarayanan. 2018. Path-following through control funnel functions. arXiv/1804.05288. Retrieved from https://arxiv:1804.05288.
[55]
Aion Robotics. [n.d.]. R1 ArduPilot Edition. Retrieved from https://docs.aionrobotics.com/en/latest/r1-ugv.html.
[56]
Sky Rocket. [n.d.]. Sky Viper Journey. Retrieved from https://sky-viper.com/journey/.
[57]
H. Sakoe and S. Chiba. 1978. Dynamic programming algorithm optimization for spoken word recognition. IEEE Trans. Acoust. Speech Sign. Process. 26, 1 (Feb. 1978), 43--49.
[58]
Nicolas Sheilds. [n.d.]. Walmart Drone Delivery. Retrieved December 9, 2018 from https://www.businessinsider.com/walmart-blockchain-drone-delivery-patent-2018-9.
[59]
Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani Srivastava. 2013. Non-invasive spoofing attacks for anti-lock braking systems. In Proceedings of the Cryptographic Hardware and Embedded Systems (CHES’13), Guido Bertoni and Jean-Sebastien Coron (Eds.). Springer, Berlin, 55--72.
[60]
Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, 881--896.
[61]
Christopher Steiner. [n.d.]. Bot-In-Time Delivery. Retrieved from https://www.forbes.com/forbes/2009/0316/040_bot_time_saves_nine.html#68ee53d9b942.
[62]
Paparazzi Development Team. [n.d.]. Paparazzi—The Free Autopilot. Retrieved from https://wiki.paparazziuav.org/wiki/Main_Page.
[63]
Pixhawk Development Team. [n.d.]. Pixhawk AutoPilot. Retrieved from https://docs.px4.io/en/flight_controller/pixhawk_series.html.
[64]
Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. 2011. On the requirements for successful GPS spoofing attacks. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 75--86.
[65]
T. Trippel, O. Weisse, W. Xu, P. Honeyman, and K. Fu. 2017. WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy (EuroSP’17). 3--18.
[66]
David I. Urbina, Jairo A. Giraldo, Alvaro A. Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting the impact of stealthy attacks on industrial control systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 1092--1105.
[67]
T. P. Vuong, G. Loukas, D. Gan, and A. Bezemskij. 2015. Decision tree-based detection of denial of service and command injection attacks on robotic vehicles. In Proceedings of the 2015 IEEE International Workshop on Information Forensics and Security (WIFS’15). 1--6.
[68]
Zhaolin Yang, Feng Lin, and B. M. Chen. 2016. Survey of autopilot for multi-rotor unmanned aerial vehicles. In Proceedings of the 42nd Annual Conference of the IEEE Industrial Electronics Society (IECON’16). 6122--6127.

Cited By

View all
  • (2025)Addressing cybersecurity challenges in robotics: A comprehensive overviewCyber Security and Applications10.1016/j.csa.2024.1000743(100074)Online publication date: Dec-2025
  • (2024)Diagnosis-guided Attack Recovery for Securing Robotic Vehicles from Sensor Deception AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644997(915-929)Online publication date: 1-Jul-2024
  • (2024)CDA: Covert Deception Attacks in Multi-Agent Resource SchedulingIEEE Robotics and Automation Letters10.1109/LRA.2024.34557659:11(9215-9222)Online publication date: Nov-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Digital Threats: Research and Practice
Digital Threats: Research and Practice  Volume 2, Issue 1
Special Issue on ACSAC'19: Part 2
March 2021
160 pages
EISSN:2576-5337
DOI:10.1145/3447873
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 January 2021
Accepted: 01 August 2020
Received: 01 May 2020
Published in DTRAP Volume 2, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Cyber physical systems (CPS)
  2. invariant analysis
  3. robotic vehicle security

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

  • Natural Sciences and Engineering Research Council of Canada (NSERC)
  • Intel

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)329
  • Downloads (Last 6 weeks)21
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2025)Addressing cybersecurity challenges in robotics: A comprehensive overviewCyber Security and Applications10.1016/j.csa.2024.1000743(100074)Online publication date: Dec-2025
  • (2024)Diagnosis-guided Attack Recovery for Securing Robotic Vehicles from Sensor Deception AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644997(915-929)Online publication date: 1-Jul-2024
  • (2024)CDA: Covert Deception Attacks in Multi-Agent Resource SchedulingIEEE Robotics and Automation Letters10.1109/LRA.2024.34557659:11(9215-9222)Online publication date: Nov-2024
  • (2024)Security Considerations in AI-Robotics: A Survey of Current Methods, Challenges, and OpportunitiesIEEE Access10.1109/ACCESS.2024.336365712(22072-22097)Online publication date: 2024
  • (2024)Comprehensive systematic review of intelligent approaches in UAV-based intrusion detection, blockchain, and network securityComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2023.110140239:COnline publication date: 1-Feb-2024
  • (2023)Practical Challenges of Attack Detection in Microgrids Using Machine LearningJournal of Sensor and Actuator Networks10.3390/jsan1201000712:1(7)Online publication date: 18-Jan-2023
  • (2023)A Graphical and Qualitative Review of Literature on AI-based Cyber-Threat Intelligence (CTI) in Banking SectorEuropean Journal of Engineering and Technology Research10.24018/ejeng.2023.8.5.31038:5(59-69)Online publication date: 18-Oct-2023
  • (2023)Runtime System Support for CPS Software RejuvenationIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2023.326789911:3(594-604)Online publication date: 1-Jul-2023
  • (2023)Stealthy False Data Injection Attack on Unmanned Aerial Vehicles with Partial Knowledge2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10289001(1-9)Online publication date: 2-Oct-2023
  • (2023)Cyber security of robots: A comprehensive surveyIntelligent Systems with Applications10.1016/j.iswa.2023.20023718(200237)Online publication date: May-2023
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media