Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/7/2020
03:05 PM
50%
50%

Drone Path Often Reveals Operator's Location

The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.

The way that a drone moves and its path through the sky can reveal the location of the operator, a critical step in preventing drone attacks on critical infrastructure and other malicious activities, researchers at Ben-Gurion University (BGU) of the Negev said in a paper published on July 7. 

The researchers observed that drones moved differently depending on the operator's location, and that experienced observers can often tell whether the drone pilot is viewing its flight through a screen — in first-person view (FPV) mode — or if they are observing it from the ground. Using a simulated environment, the researchers trained a machine learning model to extract and identify artifacts that leak information about the pilot's location.

In the end, the researchers created a dense neural network that could use 120 points from 81 flights to create drone paths to predict from which of three locations a pilot was operating the drone with 73% accuracy, says Eliyahu Mashhadi, lead researcher with BGU's Department of Software and Information Systems Engineering.

"Our goal was to make a POC [proof of concept] to see that in the simulator it is indeed possible to deduce the position of the drone operator given a route, or part of the route, that the drone performed," Mashhadi says.

Drones have taken off globally. In the United States, more than 1.5 million unmanned aircraft systems have been registered and more than 170,000 pilots certified as of March 2020, according to the US Federal Aviation Administration.

But with their use comes risk. Unmanned aerial vehicles — drones — pose a serious threat to critical and operational infrastructure. In the first quarter of 2020, more than 370 incidents of drones behaving dangerously were reported to the Federal Aviation Administration.

Specific incidents highlight that danger. In December 2018, 129 separate sightings of unauthorized drone flights shut down London's Gatwick Airport, but no operator was ever found. In the Middle East and North Africa, more than 100 drone attacks have targeted military bases and commercial airports in the past two years. The most damaging attack, however, is arguably the September 2019 drone strike on a Saudi Aramco oil processing facility by Iranian-backed Houthi rebels in neighboring Yemen.

While military drones may use different technology, the potential for commercial drones to be used for damaging critical infrastructure poses a threat. In these cases, just as attributing a cyberattack can help punish the attackers, or at least deter future attacks, finding the operator of a drone can help dissuade users from malicious activities.

At present, drone operators are often located using the radio-frequency signals sent from the controller, but sensors generally have to be matched to the various drone technologies in use, according to the researchers. In addition, sensors have to already be on-site and near the operator to be able to locate them.

The academic researcher team's approach requires only somewhat accurate location information at a particular sample rate — eight samples per second in the proof-of-concept experiment. Using the path of the drone, the neural network focuses on the speed of the unmanned aircraft systems, the approach the pilot chooses for a flight path, and whether the movement is aggressive or passive. 

One flight feature that could help in the future is the drone's yaw, the rate of turn around its vertical access, Mashhadi says. 

The researchers found that higher sampling rates yielded better predictions. While sampling at a higher rate could have produced better results, the current simulator software did not allow for sampling at a rate higher than eight samples per second. 

"Maybe in future experiments, we will edit the code — [since] it is open source simulator — so we can record at a higher rate," Mashhadi says. "I believe it will improve the results."

While the initial experiment only included three possible locations for the operator, a greater number of locations does not necessarily reduce accuracy, he says.

"Since publishing this article, we have done more experiments where there are four options for operator location and two different flight destinations ... and increased our dataset," he says. "The results we got were better and we reached 78% accuracy."

Related Content:

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
stonde
50%
50%
stonde,
User Rank: Apprentice
7/11/2020 | 8:22:05 AM
Interesting article
Thank you.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17479
PUBLISHED: 2020-08-10
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
CVE-2020-17480
PUBLISHED: 2020-08-10
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
CVE-2020-9078
PUBLISHED: 2020-08-10
FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
CVE-2020-9243
PUBLISHED: 2020-08-10
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service co...
CVE-2020-9245
PUBLISHED: 2020-08-10
HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installin...