Project Coordinator (EU) :Kristiania University College
Organisation Type :Academia
Project participants :
EU: Kristiania University College
Andrii Shalaginov (PhD) is an associate professor and a head of SmartSecLab, whose work is widely related to the application of AI for cybersecurity, detection of computer viruses and the protection of IoT devices.
US: Embry-Riddle Aeronautical University
Houbing Song (PhD) is a professor and a head of Songlab, served as a subject matter expert on AI and counter cyber for autonomous unmanned collective control for the US Special Operations Command (USSOCOM), in 2019, and a visiting faculty research fellow with the US Air Force Research Laboratory, in 2018 and 2021.
State of US partner :Florida
Starting date :
SecureUAV: Energy-efficient malware detection in Unmanned Aerial Vehicles via advanced AI models
Malicious software and cyberattacks have been affecting cyber-physical infrastructure over decades, mainly targeting large organisations' computers and server infrastructure. The advancement of technologies and ubiquitous distribution of embedded devices such as smartphones and Internet of Things (IoT) components is leading to new trends in malware development, and how viruses can spread is constantly growing. The infection of IoT devices has been considered unlikely until 2017 when Mirai botnet showed unexpectedly that such tremendous attacks are entirely possible. Currently, IoT devices' vulnerabilities and cyber threats landscape are even more complex than traditional computer systems are exposed to.
Consumer and prosumer UAVs have been actively used in recreational and critical infrastructure missions for already a decade, resembling the IoT backbone due to the usage of resource-constrained platforms and components with an interruptible power supply such as batteries or solar power. The first significant incident in the UAV industry came to light as early as 2019 when the Keylogger virus disrupted computers at Creech US air force base in Nevada, demonstrating the danger of such incidents. Further, in 2015 Maldrone backdoor was successfully used to maintain persistence across UAV even after a system reset. Moreover, in several attacks on supply chains, traces of malicious software or similar hardware components have been detected being injected into the electronics. There is a substantial risk that such attacks can affect drone motherboards worldwide.
SecureUAV project’s vision is to enhance the overall operational UAVs security as well as Linux-based and similar mainboards that run mission-critical functionality, process video streams and maintain communication with drone operators through sophisticated remote controllers. Such communication is usually maintained with the help of AES-256 or similar standards while transmitting altitude, distance, GPS location, velocities, battery level and temperature. However, there is no low-threshold information about the drone system's cybersecurity status or if any virus infection or attack is happening. Such information and data pieces include memory-based system artefacts as well as irregularities in resource utilization. So, modern UAV system needs a toolkit to provide insight into cyber-physical cybersecurity awareness and telemetry. Even though there are available commercial cybersecurity solutions to guard Linux, such as anti-virus (AV) or intrusion detection systems (IDS), energy consumption aspects make them nearly inapplicable.
UAV design's primary consideration is real-time performance and mission-critical functionality, which cyber-physical security awareness has not been priorities enough. The disadvantage of conventional tools such that AV signature-based solutions lie in the inability to detect malware variants when using cryptographic hash sums. In addition, outdated firmware, standard passwords, and poor security practices make UAVs a good target for adversarial attacks. This project is backed by years of the EU-US team cross-domain experience. EU team has been working on the AI-based cybersecurity middleware under the NGI Pointer-funded project “ENViSEC: Artificial Intelligence-enabled Cybersecurity for Future Smart Environments” which resulted in a software solution used on the level of IoT nodes and IoT gateways to monitor and detect any attacks by using data-driven methods. The solution includes integration as an Operating System-based daemon (NVIDIA Jetson and similar devices) as well as low-level code snipes in hardware firmware (ESP32, Arduino and other devices). Furthermore, SmartSecLab contributes with its funding to support SecureUAV project’s hardware capabilities, such as drones and radio frequency communication measurement devices. The US team has been already working on building a UAV cybersecurity laboratory for evaluation of the drones' cybersecurity through NSF- funded projects: “SaTC: EDU: Collaborative: Bolstering UAV Cybersecurity Education through Curriculum Development with Hands-on Laboratory Framework” (https://www.nsf.gov/awardsearch/showAward?AWD_ID=1956193) that is matched funding to SecureUAV project from US side; research results from the relevant project “REU Site: Swarms of Unmanned Aircraft Systems in the Age of AI/Machine Learning”.
During the experiments, we will develop a telemetry protocol and corresponding novel AI models to be used in the drone on the lower system level, as indicated in the EU team's work. The overarching goal would be to push for changes towards more privacy-by-design and security-by-design frameworks in UAVs that are based on open-source components and software.
Impact 1: Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation.
SecureUAV international cross-disciplinary project consortium gives access to a unique set of research environments, industrial collaborators, SME partners, and future applications for joint funding projects in this area both in EU and US. The collaboration ensembles building an experimental platform will bring global diversity towards a common goal through the synergy of the industrial-oriented differences in innovation and research strategies. Increased digitalization and globalization, will help to ensure better and more resilient cybersecurity practices. Moreover, the mission is to make some of the results of the SecureUAV project public and enable reproducibility of the results, so that other research environments can utilize and deploy AI models for malware detection as well as cyber security awareness mechanisms to be incorporated not just on the OS-based drones, but also firmware-based drones.
Impact 2: Reinforced collaboration and increased synergies between the Next Generation Internet and the US Internet programmes.
Technologically, there will be enhanced exposure to EU- and US-based innovation and research practices in securing UAVs by using lightweight Artificial Intelligence models with a particular focus on energy efficiency and mission-critical tasks. Energy efficiency first EU strategy with the objective of 32.5% reduction in energy consumption towards 2030 defines the importance of such energy-related aspects, both in cybersecurity and UAV operations domain. US NSF program has granted US partner for SecureUAV project with the following grant:
- Title: SaTC: EDU: Collaborative: Bolstering UAV Cybersecurity Education through Curriculum Development with Hands-on Laboratory Framework
- Sponsor: National Science Foundation (Grant No: 1956193)
- Amount: $472,060
- Period: May 1, 2020-April 30, 2023
- URL: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1956193
Impact 3: Developing interoperable solutions and joint demonstrators, contributions to standards.
ollowing joint EU-US research activities, SecureUAV project will include the development of AI-based cybersecurity solutions protecting UAVs from cyberattacks, viruses and bringing forward improved awareness and training. Moreover, we will seek industrial validation of the cybersecurity "telemetry" model in real-world scenarios. At the end of the project, selected results will be published that will serve as a stepping stone in developing new standards and building new synergies based on the achieved results.
Impact 4: An EU - US ecosystem of top researchers, hi-tech start-ups / SMEs and Internet-related communities collaborating on the evolution of the Internet
Through decades, both UAV development and cyberthreat analysis communities have been developing in US and EU, following their own paths defined by needs, application areas, national strategies, and industrial applications. This project and the support from NGIAtlantic bring together EU and US lab working on interdisciplinary research and following innovation regional and national innovation needs. As a result of this synergy, it is expected to achieve not just international-quality experimentation results but also to promote and expose the advantages in structure and approach to experimentation. EU partner will be contacting major UAV producers and operators in Norway towards the end of the project regarding possible validation of the project results. Furthermore, together with US partner we are planning to apply for NGI Enrichers program through Spring 2023, which will be an extension of the existing work. Furthermore, we are currently working on the extension of the SecureUAV solution for the joint US-EU Horizon cooperation project proposal (HORIZON-JU- SNS-2023).
To summarize the overall conclusions of the project:
- Communication in consumer UAVs spans over RF protocols: 2.4Ghz, 433, WiFi that can be analysed / intercepted by used RF / WiFi devices, where multiple toolkits are available.
- Firmware/OS-enable platforms have different capabilities and require own approach.
- Telemetry measurements (set: battery, time, altitude, temp, barometer) are available in every platform and can enrich cyber security awareness information.
- OS telemetry (CPU, RAM, I/O stat, filesystem, avg.load 1,5,10 min) gives direct indicators of malware infection using standards tools available in Linux
- IoT23 and Edge-IIoT set datasets are the most applicable datasets to be integrated with AI agents to be embedded in UAV, also to cover various types of applicable malware attacks (backdoor, password, Mirai, etc)
- OS data artefacts for malware analysis: MD5 has sums, log files, process lists, etc
Future Plan :
- Need to perform a comparison to Linux-based Anti-Virus solutions VS SecureUAV approach both in terms of energy and load using precise energy profiling.
- Cooperation with major drones manufacturer, presentation at the Unmanned Aerial Vehicle conference in Norway.
- Release of the relevant source code to GitHub
- One journal article from early 2023
- At least one conference paper in 2023
- A considerably wider range of applicable experiments.