The applications of Unmanned Aerial Vehicles (UAVs) range from military to filming. Soon pizza and post-delivery services will utilize UAVs. Being airborne, UAVs can be a target of physical or cyber-attacks. UAVs depend on continuous communication with the ground control station (GCS), a global positioning system (GPS), and other UAVs within the UAV Network (UAVNet). UAVs connected in ad-hoc manner are called Flying Ad hoc Networks (FANETs). They depend on protocols and communication models quite similar to preexisting ad hoc networks such as MANETs, VANETs, etc. Recent cyberattacks have revealed severe loopholes and vulnerabilities in drone networks. Hence, a detailed study demands to recreate the attacking scenarios and improvise on the vulnerabilities for developing strong security measures- this is achievable by simulating accurate attacks and then employing a security model. This work considers the simulation and implementation of the security model in three stages: In Stage-I, we identify a comprehensive UAV simulator's characteristics and simulate attacks; In Stage II, we utilize game theory and Quantal Response Equilibrium (QRE) for the prevention of DDoS attack; and in the Stage-III we implement Bounded rationality for the security of delivery systems. The majority of the available drone simulators focus on the designing, gaming, or military aspects. But from a cybersecurity standpoint, an effective simulator demands the inclusion of accurate mathematical modeling, correct representation of path and terrains, fly zones, easy to handle user interface, and, most importantly, the communicative elements of the Flying ad hoc network (FANETs).
Learning about UAVs as networking devices is essential from a security perspective because hackers aim to attack a communicating network's vulnerable aspects. Therefore, in Stage I of our work, we studied several application-specific UAV simulators and then proposed an ideal drone simulator's characteristics. Later we used OMNeT++ and UAVSim as a platform for simulating DDoS attack to visualize the roles of virtual concepts such as protocols, packets, and the roles of the attacker and its target. We simulated two variants of DDoS attacks, Ping flooding and UDP flooding attack - gauged the effect of changeable parameters on the genuine data receptivity.
In Stage-II, we formulated five-game scenarios for a UAV-Host under a DDoS attack: Three for the UDP flooding attack and two for the Ping flooding attack. The attacker and its target-UAV acted as game participants, data receptivity represented the payoff function, and changeable parameters became strategies. We determined the Nash Equilibrium for each gaming scenario, which provided the information related to recommended settings to the drone operator. We also studied the QRE plots of the attacker and the victim. The QRE graphs depict how the participants become intelligent with time, evolving from zero rationality to expert-level rationality. QRE can issue timely warnings to the drone operator for taking necessary precautions. The information derived from Nash Equilibrium combined with QRE adds two layers of security to the UAV-Network. We propose a real-time security framework for drone network based on the usefulness of information derived from the Nash Equilibrium and QRE.
In Stage III, we utilize the idea of bounded rationality for the security of drone-delivery systems. In this security model, we take a holistic approach, where apart from the conventional game theory, we study the cyber physical attack on a drone using prospect theory and QRE. These models consider cognitive biases, learning behavior, human tendency to make errors, rational limitations, and psychological effects on decision-making. Each model has a different mathematical representation; therefore, dependency of the results on other parameters can provide helpful information for the security analysts at multiple levels.
We simulated attacks on drones through these three stages and studied the attacks by employing conventional game theory and models based on QRE to secure UAVNet. These game theory variants added additional security layers and provided detailed information for the drone operators to interpret. The addition of bounded rationality to study the security problem related to the drone delivery system demonstrates how human psychology, lack of experience, and subjectivity can alter the payoff and the results. Furthermore, these aspects track the actual human behavior, which is more realistic than the ideal conventional game-theoretic settings.