Seonghoon Jeong, Eunji Park, Kang Uk Seo, Jeong Do Yoo, and Huy Kang Kim (Korea University)
MAVLink protocol is a de facto standard protocol used to communicate between unmanned vehicle and ground control system (GCS). Given the nature of the system, unmanned vehicles use MAVLink to communicate with a GCS to be monitored and controlled. Such communication continues to grow on the Internet due to its rapidly grown nature. In the past few years, the unmanned vehicle security has been one of the key research topics in the security field. However, existing research has mainly focused on the sensor- and GPS-based attack detection methods. To this end, we propose MUVIDS, a network-level intrusion detection system to protect MAVLink-enabled unmanned vehicles managed by GCS over the Internet. MUVIDS includes two Long short-term memory models that leverage a sequential MAVLink stream from a victim vehicle. The two models are designed to solve a binary classification problem (in case of labels are available) and a next MAVLink message prediction problem (in case of no label is available), respectively. The experiment was performed on a software-in-the-loop unmanned aerial vehicle (UAV) simulator and a hardware-in-the-loop UAV simulator. The experiment result confirms that MUVIDS detects false MAVLink injection attacks effectively.