110 Int'l Conf.

Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 |

Defense Techniques Against Cyber Attacks

on Unmanned Aerial Vehicles
Charan Gudla*, Md. Shohel Rana, and Andrew H. Sung
School of Computing Sciences and Computer Engineering, The University of Southern Mississippi,
Hattiesburg, MS 39406, U.S.A.
In this paper, we discuss various vulnerabilities of
Abstract - Unmanned aerial vehicles (UAVs) or drones serve
UAV’s and the hacking techniques are explored. Existing
a wide range of applications from surveillance to combat
defense techniques which help in defense against cyber-attacks
missions. UAVs carry, collect, or communicate sensitive
are reviewed. To show the vulnerabilities of the drone and
information which becomes a target for the attacks. Securing
exploitation, we created a base station and a well-known
the communication network between the operator and the
hacking technique is implemented on UAV Parrot AR Drone.
UAV is therefore crucial. So far, the networks used in most
By implementing hacking technique, it shows that the attacker
UAV applications are static, which allows more time and
can make severe damage to the drone or take control over it by
opportunity for the adversary to perform cyber-attacks on the
compromising the wireless network between the operator and
UAV. In this paper we propose to study Moving
drone. The experiment helps to understand the importance of
Target Defense (MTD) technique against cyber-attacks on the
securing UAV systems against cyber-attacks.
drones including wireless network encryption and intrusion
The rest of the paper is organized as follows. Section 2
detection system. MTD technique change the static nature of
introduces the related work done to prevent cyber-attacks on
the systems to increase both the difficulty and the cost (effort,
drones. Section 3 presents various hacking techniques which
time, and resources) of mounting attacks. For illustration
can be implemented to crash or take control over the drone.
purpose, a well-known cyberattack is performed on a popular
Section 4 demonstrates a hacking technique experiment
commercial drone and results are presented to show the
implemented on the AR Drone. In Section 5 we discuss about
network vulnerabilities, damages caused due to the attacks
Defense techniques against cyber-attacks on drones and the
and defense techniques to prevent the attacks.
results are elaborated.
Keywords: Unmanned Aerial Vehicle (UAV), cyber-attacks,
Moving Target Defense (MTD). 2 Related work
Various defense techniques have been proposed against
these attacks on drones. In [13] Nils Miro Rodday et al.
1 Introduction suggested the use of secure encryption schemes for Wi-Fi
Unmanned Aerial Vehicles (UAVs) or Drones are access point. In [14] Johann Pleban et al. showed a method of
widely increasing in its population [1]. Due to fact that they encrypting the wireless network where the drone acts as client
are efficient, low cost, light weight and easy to control, drones and RC as an access point. The open Wi-Fi network is
serve in applications such as military [2], monitoring [3] [4], encrypted by WPA supplicant to stop the attacker hacking the
disaster relief [5] and rescue operations [6]. UAV is used to drone. In [15] Chaitanya Rani et al. illustrated vulnerabilities
extend the wireless network coverage in telecommunications of drone and suggested encryption, Intrusion detection
field [7]. Amazon prime air [8] is a future service by amazon systems as defense mechanisms. Kim Hartmann and Christoph
which uses drone to deliver packages. Steup [16] developed a risk assessment scheme on services
Though there are many advantages of drones, they are and communication infrastructure. James Goppert et al. [17]
prone to various physical and cyberattacks. The common evaluated cyberattack severity by establishing a metric to
forms of communication over a network to send and receive indicate the time of complete failure of the system. In [18]
data are Satellite, Cellular, Wi-Fi, GPS, ZigBee. In 2009, Iraqi Robert Mitchell and Ing-Ray Chen developed behavior rule-
insurgents hacked predator drone feeds [9]. In 2011, a based UAV intrusion detection system for capturing malicious
computer virus has infected networks used by pilots behavior when UAV is under attack and prohibit its
controlling US air force drones at Creech air force base in continuation.
Nevada [10]. In 2011 itself an American Lockheed Martin
RQ-170 Sentinel unmanned aerial vehicle was captured by 3 Hacking techniques
cyberwarfare unit of Iranian forces in Iran [11]. The predator
drone video feeds were exposed online without the knowledge In this section, UAV wireless network attacking
of the operator [12]. Wireless network jammers and GPS techniques are discussed. Our experiment of hacking is
spoofing devices available at low costs are used to perform applied on most popular drone and results are illustrated.
such kind of attacks.

ISBN: 1-60132-475-8, CSREA Press ©

Int'l Conf. Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 | 111

Drone wireless network can be hacked when the attacker handshake protocol the keys for authentication can be
knows the MAC address of specific drone he wants to hack. obtained by Aircrack-ng and crunch tools.
The type of attacks on wireless network of drones are as
follows:
a. Data packet capture
b. Denial of service (DoS) attack
c. Man-in-the-middle attack (MIMA)

3.1 Data packet capture

The hacker gathers the required information about the
target by data packet capture method. The wireless network of Fig. 2. Man-in-the-Middle Attack
the drone sends out the beacons frames which can be
captured, and it consists of MAC addresses of the drone and
4 Cyber-attack on drones
remote-control device operating the drone, the type of One of the most popular hacking technique (DoS) is
encryption (WEP/WPA/WPA2/OPN) and the wireless implemented on drone static network. We used Parrot A.R
network channel it is operating on. Aircrack-ng, Wireshark drone for the experiment. In this technique, the remote-control
are the tools used to capture the wireless network frames. device is disconnected from the drone by continuously sending
the de-authentication commands. The drone will crash
3.2 Denial of service (DoS) attack immediately, or the attacker will take control of drone by
connecting to his device. Kali Linux in a virtual machine is
The wireless network [19] access points are hacked by used with a bridge adapter Alfa AWUS036NHA USB wireless
de-authentication flood attacks (DoS) [20]. Continuous de- adapter. Aircrack-ng [21] is the suite containing the necessary
authentication requests are sent to the targeted access point tools to attack the drone. The following are the commands
exhausting its memory. Due to this the clients cannot contact used to attack the drone.
the access point since, there is no memory left to reconnect
with the clients which leaves no connection between them. root@kali: ~# iwconfig wlan0 mode monitor
The de-authentication attack will target MAC address of the root@kali: ~# ifconfig up
access point which is called as BSSID (captured from data root@kali: ~# aireplay-ng -9 wlan0
packet capture) so that, all the clients are disconnected from root@kali: ~# airodump-ng wlan0
the access point or using MAC address of a specific targeted
client is disconnected. The clients try to reconnect with the
access point, but they will fail until the de-authentication
attack is stopped.

Fig. 3. Data packet capture showing MAC addresses

Executing above commands will implement the data

Fig. 1. Denial of Service (DoS) attack capture attack on wireless network resulting in capturing of
3.3 Man-in-the-middle attack beacon frames consisting source and destination MAC
addresses. The MAC addresses shown in Fig. 3 are the
The attacker spoofs and gain control over the drone’s MAC address and remote-control device listed as
communication network between the drone and remote station controlling the drone.
control (RC) device user. The system details gathered from
the initial data capture helps him sending the authentication root@kali: ~# aireplay-ng -0 0 -a droneBSSID -c
commands to the drone as if he is the original RC user. The remotecontrolBSSID wlan0
data feed, location from the drone will be seen by the hacker
without the knowledge of both drone and RC user. If the The above command launches the cyber-attack on the
wireless network is protected with a password, then by drone leading it to crash. Fig. 4 and Fig. 5 shows the

ISBN: 1-60132-475-8, CSREA Press ©

112 Int'l Conf. Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 |

communication link before and after the cyber-attack

respectively.

Fig. 7. Base station

Fig. 4. Communication link before dos attack
Raspberry Pi is an affordable low-cost computer that can
be used in different projects. We are using it as an
intermediate router [22] and establish a secure wireless
network between remote control and the drone. It is
configured in such a way that it will act as a hotspot
connecting devices into the network and make a
communication link between them. The remote-control laptop
sends control commands to the drone via raspberry pi router
and the drone send live video feed to the laptop through
raspberry pi router. The raspberry pi wireless network is
secured with WPA2 encryption.
Fig. 5. Communication link after dos attack

5 Defense against cyber attacks

For enhancing the security of the drones, we propose
various defense techniques listed below.

a. Wireless network encryption

b. Intrusion detection system (IDS)
c. Moving target defense (MTD) Fig. 8. Raspberry Pi

We created a base station control system for Parrot A.R The Robot Operating System (ROS) [23] is a collection
drone which consists of above security measures. The base of tools and libraries that simplify the task of creating robust
station model is shown in Fig. 6 and Fig. 7. robotic applications. As part of this ROS consists of AR drone
driver to communicate with drone and control it. Using ROS,
we can develop autonomous tasks for the drone to accomplish.

Fig. 6. Base station control system model

Fig. 9. ROS model

ISBN: 1-60132-475-8, CSREA Press ©

Int'l Conf. Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 | 113

5.1 Wireless network encryption network between any two nodes is considered static until now.
This gives ample time for the attacker to gather the
Since, AR drone will act as an access point and its information regarding system configuration like OS, Network
network is unencrypted and open, multiple devices can be IP address, MAC address, etc. The information gathered is
connected to it but only device can control it. Disconnecting sufficient for the attacker to exploit vulnerabilities and launch
the authentic user and reconnecting to drone by fake user attacks on the network. Moving target defense techniques
compromises the drone. The wireless network of the drone can completely change the game by implementing randomness in
be encrypted with WPA2 security by installing the compiled the system configuration which makes it less static, less
binaries of WPA supplicant [24] into the drone libraries. The deterministic and less homogenous [26]. This takes the
binaries wpa_cli, wpa_passphrase, wpa_supplicant should be attacker to spend more time, thus increasing the operational
included in the bin folder of the drone in order accomplish it. cost and complexity in understanding.
After successful installation of the binaries, drone will stop We used raspberry pi to implement moving target
acting as access point and it will connect to the provided defense by changing MAC address periodically. Fig. 12 shows
access point name and passphrase (in our case it will connect the moving target defense model.
to the raspberry pi).

Fig. 10. WPA binaries in AR drone

5.2 Intrusion detection system

Intrusion detection system monitors the wireless network
Fig. 12. Moving Target Defense model
in Realtime. Intrusion is an un-authorized entry into the
network without knowledge of the true owner. The systems
can be spoofed, tricked leading to direct access to the 6 Configuration
malicious user. The supervision of malicious activities, The following changes are made to “[Link]” file to
attacks, spoofing on the network is Intrusion detection. detect and monitor the wireless network. The following alerts
IDS are kind of defensive tools but doesn’t provide will be generated in case of corresponding malicious activities
preventive actions against the attacks. It’s usually a software on the network.
which monitors the network behavior and notify if there are
any anomalies. #[Link]
Kismet wireless IDS is used to monitor the drone
wireless network [25]. The list of alerts is included in the alert=NETSTUMBLER,10/min,1/sec
configuration file of the kismet to actively monitor the alert=WELLENREITER,10/min,1/sec
network and notify in case of any suspicious activities. alert=LUCENTTEST,10/min,1/sec
alert=DEAUTHFLOOD,10/min,2/sec
alert=BCASTDISCON,10/min,2/sec
alert=CHANCHANGE,5/min,1/sec
alert=AIRJACKSSID,5/min,1/sec
alert=PROBENOJOIN,10/min,1/sec
alert=DISASSOCTRAFFIC,10/min,1/sec
alert=NULLPROBERESP,10/min,1/sec
alert=BSSTIMESTAMP,10/min,1/sec
alert=MSFBCOMSSID,10/min,1/sec
alert=LONGSSID,10/min,1/sec
Fig. 11. Kismet IDS alert=MSFDLINKRATE,10/min,1/sec
alert=MSFNETGEARBEACON,10/min,1/sec
5.3 Moving target defense alert=DISCONCODEINVALID,10/min,1/sec
alert=DEAUTHCODEINVALID,10/min,1/sec
Moving Target Defense [26] is a technique where system
characteristics are changed from static to dynamic, thus # Do we have a GPS?
increasing the complexity for the hacker to attack. The gps=false

ISBN: 1-60132-475-8, CSREA Press ©

114 Int'l Conf. Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 |

# Log file directory Since, the wireless network is monitored by the kismet
configdir=/var/log/kismet/ IDS, it will detect and alert the user about the malicious
activity on the network as shown below in Fig. 15.
MAC address mutation in the layer 2 of OSI model is
accomplished using compiled libraries of macchanger tool in
raspberry pi by executing following script.

#! /bin/bash
macchanger --show wlan0
Ifconfig wlan0 down
macchanger -r -b wlan0
Ifconfig wlan0 up Fig. 15. Kismet IDS alerts
macchanger --show wlan0
sudo service network-manager start Moving target defense technique is implemented to
mutate MAC address of the raspberry pi. Now that the MAC
of raspberry pi is changed, the cyber-attack will fail because
the attack is launched on previous MAC address. The MAC
address of the raspberry pi after random mutation is shown in
Fig. 16 detected by kismet IDS.

Fig. 16. New MAC address after mutation

The mutation of MAC address make kismet to detect the

wireless network with same domain name but with different
Fig. 13. MAC address mutation model MAC as shown in Fig. 17.

7 Results
In this section we show the implementation of defense Fig. 17. New MAC address after mutation
techniques against cyber-attack on parrot AR drone wireless
network and alerts produced by IDS which is monitoring the When the hacker attacks the wireless network with the
drone wireless network. The data capture attack gathers the same initial MAC address without the knowledge that the
required information about the network to launch the attack as MAC address is changed, the deployed hacking technique will
shown in Fig. 14. The wireless network is encrypted with fail to engage as shown in Fig. 18 saying no such BSSID
WPA2 security which can be seen under ENC column in Fig. available.
14 so that the attacker cannot directly connect or intercept the
wireless network.

Fig. 18. Failure of cyber-attack

The navigational data transmitted from the drone to the

base station contains the acceleration, velocity, altitude and
the 4 motors rotational speeds as shown in Fig. 19.
Fig. 14. Data capture attack

root@kali: ~# aireplay-ng -0 0 -a droneBSSID -c

remotecontrolBSSID wlan0

Using above command, Dos attack can be implemented

on the drone wireless network. Since the drone and remote-
control laptop are connected to raspberry pi, cyber-attack will
be launched on the MAC address of the raspberry pi. The
wireless network is named as “hotspot” as shown in Fig. 14.
The associated drone and remote-control laptop MAC
addresses are listed under STATION column.
Fig. 19. Navigational data from the drone

ISBN: 1-60132-475-8, CSREA Press ©

Int'l Conf. Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 | 115

The navigational data from the drone contains 9 References

acceleration and estimated velocity values which are plotted as
shown in the Fig. 20.
[1] “FAA estimates 7 million drones by 2020”,
[Link]
px (28 March 2016, accessed 06 June 2018)

[2] Udeanu, Gheorghe, et al. “Unmanned Aerial Vehicle in

Military Operations.” Scientific Research and Education in the
Air Force, vol. 18, no. 1, 2016, pp. 199-206.,
doi:10.19062/2247-3173.2016.18.1.26

[3] Kafi, Mohamed Amine, et al. “A Study of Wireless

Sensor Networks for Urban Traffic Monitoring: Applications
and Architectures.” Procedia Computer Science, vol. 19,
2013, pp. 617–626., doi: 10.1016/[Link].2013.06.082
Fig. 20. Acceleration and velocity plots
[4] Alvear, Oscar, et al. “Using UAV-Based Systems to
Monitor Air Pollution in Areas with Poor Accessibility.”
8 Conclusion Journal of Advanced Transportation, vol. 2017, 2017, pp. 1–
The commercial, civilian, and military applications of 14., doi:10.1155/2017/8204353
UAVs are increasing rapidly, and the vulnerabilities of UAVs
[5] Debusk, Wesley. “Unmanned Aerial Vehicle Systems
create risks to public and private sectors as drones can carry
for Disaster Relief: Tornado Alley.” AIAA
payloads as well as sensitive information, picture, and video
Infotech@Aerospace 2010, 2010, doi:10.2514/6.2010-3506
feeds, etc. To mitigate the risk, we need to analyze the various
vulnerabilities and attack techniques and develop defense [6] Waharte, Sonia, and Niki Trigoni. “Supporting Search
techniques for drones against physical and cyber-attacks. and Rescue Operations with UAVs.” 2010 International
Cyberattacks on UAVs can easily exploit the static Conference on Emerging Security Technologies, 2010,
nature of wireless network connecting remote control devices doi:10.1109/est.2010.31
and UAVs. The experiments reported in this paper illustrate
various vulnerabilities of the network which can be exploited [7] Guillen-Perez, Antonio, et al. “Wi-Fi Networks on
to crash the drone or to take over its control. By implementing Drones”. 2016 ITU Kaleidoscope: ICTs for a Sustainable
wireless encryption, intrusion detection system, MTD World (ITU WT), 2016, doi:10.1109/itu-wt.2016.7805730
technique the system becomes more complex for the attacker
to exploit any vulnerabilities and implement/launch attacks. [8] Amazon prime air delivery using drones to deliver the
ordered packages, [Link]
Even though the attacker collects the required information to
Air/b?ie=UTF8&node=8037720011 (accessed 06 June 2018)
implement a cyberattack, the network characteristics will be
changed, and the attack will fail to engage or execute. In this
[9] Iraqi insurgents hacked predator drone feeds,
way the wireless network is hardened to protect the drones [Link]
against different cyberattacks. [Link] (17 December 2009, accessed 18 July 2018)
In addition to the military, homeland security
organizations are also interested in R&D on moving target [10] Computer virus infects drone plane command centre US,
defense techniques [27], as the name UAV suggests, [Link]
unmanned aerial vehicles can accomplish a wide range of infects-drone-plane-command (9 Oct 2011, accessed 18 July
missions without the high cost or risks of manned flights. 2018)
Thwarting cyberattacks on drones is therefore critical for
successful deployment of UAVs and a comprehensive study, [11] American Lockheed Martin RQ-170 Sentinel unmanned
implementation, analysis and evaluation of MTD techniques aerial vehicle (UAV) was captured by Iranian forces,
[Link]
outlines the scope of future work of this project. Application
170_incident (accessed 18 July 2018)
of protected management frames (PMF) service to the network
will also defend against cyber-attacks. Future work will study
[12] Predator drone video feeds exposed online,
software and platform based moving target defense techniques [Link]
for drones. government-leaves-predator-drone-video-feeds-exposed-
online/ (05 May 2015, accessed 18 July 2018)

ISBN: 1-60132-475-8, CSREA Press ©

116 Int'l Conf. Embedded Systems, Cyber-physical Systems, & Applications | ESCS'18 |

[13] N. M. Rodday, R. D. O. Schmidt, A. Pras. "Exploring [26] H. Okhravi, M.A. Rabe et al., "Survey of Cyber Moving
security vulnerabilities of unmanned aerial vehicles", NOMS Targets", Lincoln Laboratory - Massachusetts Institute of
2016-2016 IEEE/IFIP Network Operations and Management Technology Technical Report, September 2013
Symposium, pp. 993-994, Apr 2016
[27] “Moving Target Defense”, Homeland Security.
[14] J. S. Pleban, R. Band, R. Creutzburg, R. Creutzburg, D. [Link]
Akopian, "Hacking and securing the [Link] 2.0 (accessed 15 June 2018)
quadcopter: Investigations for improving the security of a
toy", International Society for Optics and Photonics, pp.
90300L, feb 2014

[15] Rani C, Modares H, Sriram R, Mikulski D, Lewis FL

(2016): Security of unmanned aerial vehicle systems against
cyber-physical attacks. Journal of Defense Modeling and
Simulation: Applications, Methodology, Technology 2016,
Vol. 13(3) 331–342 The Author(s) 2015 DOI:
10.1177/1548512915617252

[16] K. Hartmann, C. Steup, "The vulnerability of UAVs to

cyber-attacks an approach to the risk assessment", Cyber
Conflict (CyCon) 2013 5th International Conference on, pp.
1-23, 2013

[17] Goppert, James, et al. “Numerical Analysis of

Cyberattacks on Unmanned Aerial Systems.”
Infotech@Aerospace 2012, 2012, doi:10.2514/6.2012-2437

[18] R. Mitchell, I.-R. Chen, "Adaptive intrusion detection of

malicious unmanned air vehicles using behavior rule
specifications", IEEE Trans. Syst. Man Cybern. Syst., vol. 44,
no. 5, pp. 593-604, May 2014

[19] “Wi-Fi.”, Microchip Developer Help,

[Link] (accessed 12 May
2018)

[20] Compton, Stuart: 802.11 Denial of Service Attacks and

Mitigation, SANS Institute InfoSec Reading Room

[21] Aircrack-ng, [Link] (accessed 17

June 2018)

[22] RPI-Wireless-Hotspot for raspberry pi to convert into

router, [Link]
Hotspot (accessed 18 June 2018)

[23] Robot Operating System, [Link]

(accessed 16 June 2018)

[24] WPA2 encryption, [Link]

wpa2 (accessed 16 June 2018)

[25] Kismet wireless intrusion detection system for drone,

[Link]
er/README (accessed 16 June 2018)

ISBN: 1-60132-475-8, CSREA Press ©