Real-time Safety Assessment against Stealthy Cyber Attacks

As Unmanned Aircraft Systems (UASs) become an increasingly integral part of a wide range of applications, ensuring the security of these systems against malicious cyber attacks is a very important concern. To address this problem, this research considers a controls domain approach extending beyond the computing resources of the UAS to include the underlying physical behavior of the compromised system, successfully complementing the traditional computer security architecture. The objective of work is to diagnose UAS safety while considering the possibility of stealthy cyber attacks, and to develop a real-time safety assessment algorithm to help increase system safety in such cases. Specifically, we carry out two main tasks: (i) we first derive the conditions of the UAS dynamics that can be used to predict the critical impact of stealthy cyber attacks. Under such conditions, it is feasible for attackers to cause any arbitrary state deviation without being detected. Such an analysis provides important information that characterizes the security level of the given UAS prior to assessing safety, and thus can provide design criteria to improve the safety of the UAS against stealthy cyber attacks; and (ii) using the results from task (i), we consider the case in which the attacker's ability to alter the state is limited to avoid being detected, and thus the induced state deviation is also bounded. In order to determine whether the UAS is safe or not, reachability analysis is used to calculate the possible responses of a UAS to the set of possible stealthy cyber attacks without needing any information about the specific cyber attack injected into the system. Setting the safe region based on the current state and environment, we compute the reachable set of the UAS state that can be driven by all possible stealthy cyber attacks and compare it with the safe region. Then, if the entire reachable set lies within the safe region, we can assure, with a certain probability, that the current UAS state is safe even if there is a cyber attack. Otherwise, if there are any partitions of the reachable set outside the safe region, the UAS could potentially be unsafe even if no attack is detected. The reachability analysis, on the other hand, generally involves a large computation. The existing research considers the over-approximated reachable set rather than dealing with the intensive computation cost of calculating the accurate reachable set. However, such an over-approximation approach can be excessively conservative and may not provide informative enough results, especially for real-time UAS operations. Here, our algorithm analytically derives the exact reachable set via linear matrix inequalities. Hence, the reachable set computation considered in this paper is computationally efficient, significantly enhancing the quality of the real-time safety assessment while augmenting the security-monitoring systems already in place in the UAS. One of the possible attack cases is that the attacker is able to affect GPS measurements in the on-board navigation system of the UAS. As shown in Figure 5, the actual state and estimated state clearly begin diverging as soon as the attack begins at time step 3. Since the error ellipse is not bounded for this attack, its boundary continues growing with time and eventually extends outside the safety region by time step 16.

Figure 5. Trajectory, safety region, and error ellipse for linear GPS attack