Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/7/2020
03:05 PM
50%
50%

Drone Path Often Reveals Operator's Location

The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.

The way that a drone moves and its path through the sky can reveal the location of the operator, a critical step in preventing drone attacks on critical infrastructure and other malicious activities, researchers at Ben-Gurion University (BGU) of the Negev said in a paper published on July 7. 

The researchers observed that drones moved differently depending on the operator's location, and that experienced observers can often tell whether the drone pilot is viewing its flight through a screen — in first-person view (FPV) mode — or if they are observing it from the ground. Using a simulated environment, the researchers trained a machine learning model to extract and identify artifacts that leak information about the pilot's location.

In the end, the researchers created a dense neural network that could use 120 points from 81 flights to create drone paths to predict from which of three locations a pilot was operating the drone with 73% accuracy, says Eliyahu Mashhadi, lead researcher with BGU's Department of Software and Information Systems Engineering.

"Our goal was to make a POC [proof of concept] to see that in the simulator it is indeed possible to deduce the position of the drone operator given a route, or part of the route, that the drone performed," Mashhadi says.

Drones have taken off globally. In the United States, more than 1.5 million unmanned aircraft systems have been registered and more than 170,000 pilots certified as of March 2020, according to the US Federal Aviation Administration.

But with their use comes risk. Unmanned aerial vehicles — drones — pose a serious threat to critical and operational infrastructure. In the first quarter of 2020, more than 370 incidents of drones behaving dangerously were reported to the Federal Aviation Administration.

Specific incidents highlight that danger. In December 2018, 129 separate sightings of unauthorized drone flights shut down London's Gatwick Airport, but no operator was ever found. In the Middle East and North Africa, more than 100 drone attacks have targeted military bases and commercial airports in the past two years. The most damaging attack, however, is arguably the September 2019 drone strike on a Saudi Aramco oil processing facility by Iranian-backed Houthi rebels in neighboring Yemen.

While military drones may use different technology, the potential for commercial drones to be used for damaging critical infrastructure poses a threat. In these cases, just as attributing a cyberattack can help punish the attackers, or at least deter future attacks, finding the operator of a drone can help dissuade users from malicious activities.

At present, drone operators are often located using the radio-frequency signals sent from the controller, but sensors generally have to be matched to the various drone technologies in use, according to the researchers. In addition, sensors have to already be on-site and near the operator to be able to locate them.

The academic researcher team's approach requires only somewhat accurate location information at a particular sample rate — eight samples per second in the proof-of-concept experiment. Using the path of the drone, the neural network focuses on the speed of the unmanned aircraft systems, the approach the pilot chooses for a flight path, and whether the movement is aggressive or passive. 

One flight feature that could help in the future is the drone's yaw, the rate of turn around its vertical access, Mashhadi says. 

The researchers found that higher sampling rates yielded better predictions. While sampling at a higher rate could have produced better results, the current simulator software did not allow for sampling at a rate higher than eight samples per second. 

"Maybe in future experiments, we will edit the code — [since] it is open source simulator — so we can record at a higher rate," Mashhadi says. "I believe it will improve the results."

While the initial experiment only included three possible locations for the operator, a greater number of locations does not necessarily reduce accuracy, he says.

"Since publishing this article, we have done more experiments where there are four options for operator location and two different flight destinations ... and increased our dataset," he says. "The results we got were better and we reached 78% accuracy."

Related Content:

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
stonde
50%
50%
stonde,
User Rank: Apprentice
7/11/2020 | 8:22:05 AM
Interesting article
Thank you.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.