Unmanned aerial vehicles (UAVs), popularly known as drones, have been recently adopted in many Internet of Things (IoT) systems to provide services such as telecommunications, delivery, surveillance, and medical services [1, 2, 3, 4, 5]. Due to their ability to hover and their high-mobility capability without being restricted to specific routes, UAVs can provide services in hard-to-reach locations such as natural disaster sites. Considering their ease of deployment, UAVs can play a major rule in time-critical systems  and to provide urgent Internet and communication services when necessary  and .
However, the widespread use of UAVs in different applications exposes them to a plethora of security threats that include cyber, physical, and cyber-physical attacks . Examples include cyber attacks such as, false data injection  and physical attacks such as targeting the UAVs using firearms or hunting rifles. Cyber-physical attacks, on the other hand, represent a category of sophisticated attacks that aim at causing both cyber and physical damage to the UAV such as GPS spoofing, GPS jamming, hijacking the connection between a UAV and its controller, and thwarting delivery drones .
Among these attacks, GPS spoofing is seen as one of the most imminent threats as it is practical and can be easily performed against UAVs . In GPS spoofing attacks, an attacker transmits fake GPS signals to a UAV with slightly higher power than the authentic GPS signals, so as to mislead the UAV into thinking it is in another location. Hence, the attacker can use this technique to send the UAV to another, predetermined, location where it can be captured, thus executing a capture via GPS spoofing attack . The authors in  discussed two types of GPS spoofing attacks known as covert and overt attacks. In a covert attack, the attacker wants to avoid triggering some spoofing detection techniques such as jamming-to-noise ratio and frequency unlock monitoring within the GPS receiver. This requires the attacker to be capable of accurately monitoring the target UAV and to transmit its spoofing signals with specific powers and frequencies. The attacker may also be forced to limit the changes it can impose on a UAV. In contrast, in an overt attack, the attacker can impose any location on the UAV with the risk of being detected.
I-a Related Works
Different techniques have been proposed in literature to defend against GPS spoofing attacks with a focus on attack detection [14, 15, 16, 17, 18]. In , different techniques are discussed that can enable a UAV’s receiver to detect the spoofing attacks. This includes allowing the receiver to observe the received signal strength and compare it to the expected signal strength over time. It can also monitor the identification codes of GPS satellites or keep checking the time intervals to see if they are constant. While these techniques can help to detect basic attackers, they fail against sophisticated attacks in which the attacker monitors the target object accurately . In 
, the authors proposed a method to detect GPS spoofing attacks by using two GPS receivers and checking their cross-correlations. This method was tested against several spoofing attacks and was shown to successfully detect attacks, however, it has low probability of differentiating spoofed from authentic GPS signals and cannot detect the spoofing when the signals are weak.
Other techniques to thwart GPS spoofing such as receiver autonomous integrity monitoring, signal to interference ratio, Doppler shift detection are discussed in . However, all of these techniques can be avoided by highly capable adversaries that can carefully generate GPS counterfeit signals to avoid triggering these detection schemes. In , automatic gain control is used within the GPS receiver to detect and flag potential spoofing attacks within a low computational complexity framework. Finally, the work in 
proposed a technique that allows UAVs to detect GPS spoofers by using an independent ground infrastructure that continuously analyzes the contents and times of arrival of the estimated UAV positions. The proposed technique was shown to be effective in detecting the spoofing attacks in less than two seconds and to determine the spoofer’s location afterminutes of monitoring time, with an accuracy of up meters.
However, one limitation of these existing GPS spoofing detection techniques, i.e. [14, 15, 16, 17, 19, 18], is that they do not provide an approach to determine the real location of the UAV, after detecting the attack. Thus, if a UAV is attacked while following a route towards a specific destination, the best it can do is to recognize the attack and to stop using the altered GPS signals. However, the UAV will not be able to determine its real location, and, hence, it will not resume its motion towards the specified destination. Indeed, these prior works are mostly focused on detection techniques and do not provide any attack mitigation or defense mechanisms (beyond discarding GPS signals altogether).
The main contribution of this paper is, thus, a general framework for UAVs to mitigate the effect of capture attacks via GPS spoofing. Unlike the prior works [14, 15, 16, 17, 19, 18], our framework can both allow the UAVs to detect the GPS spoofing attacks and to determine their real locations. This will enable the UAVs to avoid being captured and to resume their previous routes and fulfill their missions.
In the proposed framework, we use system dynamics  to model a UAV’s motion between its origin and destination. For this model, we derive the optimal UAV’s controller that allows UAV to travel on the shortest path between any given two locations. This model also captures the effect of a GPS spoofer’s on the UAV’s traveling path. In particular, we analytically derive the optimal location, under covert attack, that a GPS spoofer can impose on a UAV to lead it to the attacker’s desired destination where it can be physically captured. We, then, introduce a defense mechanism built on the technique of cooperative localization , which enables a UAV, traveling within a group of proximate UAVs, to determine its location using the real locations of neighboring UAVs and their relative distances. The mechanism also allows the identification of which UAV is being attacked.
Subsequently, we model the interactions between a GPS spoofer and a group of UAVs using game theory . In particular, we formulate a dynamic Stackelberg game in which the drone operator is the leader that selects its strategy first, and then, the spoofer responds by selecting its strategy. A strategy, here, represents a set of actions taken over all the time steps. We, then, propose an efficient technique to solve the formulated dynamic Stackelberg game. Using this technique, we analytically derive the Stackelberg strategies for the game. Finally, through simulations, we show that drone operator can effectively use the proposed defense mechanism to protect the UAVs from being captured and minimize the attacker’s effect on the UAVs’ optimal routes.
In summary, our contributions include
We propose a general framework, using realistic system dynamics, to model a UAV’s traveling path between any two locations. This model takes into account the effect of a possible GPS spoofer on the UAV’s traveling path.
We analytically derive the attacker’s optimal imposed location, on a UAV. This imposed location ensures that attack remains covert while maximizing the attacker’s benefit from imposing a different location on the UAV.
We propose a new defense mechanism built on the technique of cooperative localization to help UAVs to determine their real location, under GPS spoofing attack, using neighbor UAVs’ real locations and their relevant distances.
We then formulate a dynamic Stackelberg game to model the interaction between the drone operator and the GPS spoofer. This game formulation allows the drone operator to effectively use the proposed defense mechanism.
We introduce a novel computationally-efficient approach to solve the formulated game and we analytically derive the Stackelberg equilibrium strategies for the game.
We show, through simulations, that the derived Stackelberg strategies outperform other strategy selection techniques by reducing the UAVs possibility of being captured. The defense mechanism is also shown to mitigate the effects of GPS spoofing attacks on the UAVs’ deflections from their planned routes.
The rest of this paper is organized as follows. The UAV’s system dynamics model is presented in Section II. The attacker’s model and the optimal imposed locations are derived in Section III. The proposed defense mechanism and the Stackelberg dynamic game with its equilibrium solutions are formulated in Section IV. Numerical results are presented and analyzed in Section V. Finally, conclusions are drawn in Section VI.
Ii System Model
Consider a set of UAVs performing a common mission, e.g., a drone delivery system responsible for delivering goods within a certain geographic area. Each UAV is typically equipped with a GPS receiver, a means of wireless communication, and other application-specific sensors. As it was shown in , a GPS spoofing attack cannot affect the altitude of UAVs and, thus, we use a two-dimensional (2D) coordination system to specify their locations. Let the location of UAV at time be , where . Similarly, the source locations, , will be given as , and each destination’s location is . Destinations are assumed to be fixed and not time dependent. The goal of each UAV is to minimize the transportation cost and, hence, it chooses the shortest path from its source towards its destination .
In our model, we consider an adversary located along the traveling paths of the UAVs whose goal is to spoof the GPS signals of any of the UAVs in order to send it to another location where it can be captured. We consider a capable GPS spoofer that can spoof from a distance (in the order of hundreds of meters) without the need to be co-located with the UAV’s GPS receiver .
Prior to developing the threat model, we first use system dynamics to model the UAV’s motion between its source location, the origin, and destination. This model is needed to better understand the impact of the attack on the UAV’s mobility. In order for each UAV to minimize its travel time, each UAV will follow the shortest path between its current location and its destination which essentially consists of the straight line connecting the two locations in 2D space. Let the location of UAV after a time duration be . Let be the UAV’s velocity at the beginning of time step . The UAV’s velocity at the end of the time step can be represented in terms of the UAV’s acceleration as follows:
where is the acceleration of UAV during the time step starting at and is the duration of the time step.
The next location can then be represented using both the velocity and acceleration as follows:
Since the force needed to move the UAV between two locations is proportional to both the UAV’s acceleration and weight, and the UAV’s weight is constant, this force can then be related directly to the acceleration . Let be the force needed to move the UAV between any two locations. This force will be proportional to the distance difference between the current and the next locations, i.e., the UAV must accelerate more in the direction with a larger distance difference. Fig. 1 shows the UAV’s traveling model with the force components in each direction. In Fig. 1, the distance difference in the direction is more than the difference in the direction, and, hence, the force component in the direction will be greater than that of the direction.
In order for each UAV to minimize its travel time, each UAV will need to find the optimal force to move between any two locations given that the maximum allowable force is . Let be the angle between the UAV movement route and the positive direction which can be calculated as:
The force components in both and directions can then be given by:
These values represent the optimal controller, i.e., the optimal force that each UAV can use to move between any two locations. Note that, if then and in this case , and vice verse. Substitute the optimal controller into (2), the UAV’s next location can then be given, in terms of the optimal controller, as:
where is a constant and is the UAV’s weight. Next we will discuss the effect of a GPS spoofer on the UAV’s route by deriving both the optimal locations for an attacker to impose on a UAV and the manipulated routes under attack.
Iii UAV Traveling Model under GPS Spoofing Attack
In our model, the GPS spoofer seeks to take control of the UAV’s GPS antennas and then transmit tailored GPS signals to convince the UAV’s navigation system that it is in a different location. The spoofer can perform either an overt attack or a covert attack. In the overt attack, the spoofer makes no effort to hide its attack, it transmits its fake signals with higher power than the authentic GPS signals. The covert attack, on the other hand, requires an accurate tracking of the target UAV and the transmission of fake GPS signals with specific power requirements to avoid being immediately detected by the UAV. Here, we consider a spoofer that wants to keep its attack covert by adjusting the transmission power of the counterfeit GPS signals to avoid being detected. Practical values for such power requirements can be found in . In addition, the attacker will be limited to the changes it can impose on the UAV’s location, each time, so that these imposed locations do not trigger the fault detectors within the UAV . The distance between the current and imposed location is known as the instance drifted distance .
Let be the instance drifted distance that limits the spoofer’s attack. Let be the attacker’s imposed location on UAV . Let
be a vector whose individual elements represent the distance difference between the UAV’s actual location and the attacker’s imposed location. Then, we must have:
which represents a circle of radius around the UAV’s current location.
Note that, imposing an attacker-desired location on a UAV does not actually change the UAV’s location, instead, it changes the UAV’s belief about its location. This means that the UAV will still be in its real location but its navigation system will believe that it is in a different location. The UAV will then need to find a new optimal controller, i.e., new force components to move from its imposed location to its final destination. In this case, there will be two routes as shown in Fig. 2. Here, the upper route is the fake route which the UAV believes it is traveling on. This route starts from the attacker’s imposed location towards the UAV’s real destination. However, the UAV will actually travel on the lower path towards the attacker’s desired destination.
Let be the attacker’s desired destination for UAV . The attacker’s imposed location, , at each time step, needs to be calculated in order for the UAV to move towards . This can be achieved by satisfying the condition in the following lemma.
The attacker’s imposed location needs to satisfy , where and .
Under an attack, the UAV will believe it is traveling from the attacker’s imposed location, on the fake route in Fig. 2. The attacker should then select this imposed location such that the actual route leads the UAV to the attacker’s desired destination. Since, the UAV travels on the shortest path between any two locations, the actual route will represent a straight line that is parallel to the route which the UAV believes it is traveling on, i.e., the fake route.
From Fig. 2, the fake route, can be defined by the two points and . Similarly, the actual route, can be defined by the two points and . For these routes to be parallel, the slopes of both routes need to be equal, i.e., . ∎
Note that, under overt attack, according to Lemma 1, the attacker can impose, theoretically, any location on the UAV that will lead the UAV to follow a path towards the attacker’s desired destination. However, under a covert attack, the imposed location will be limited by (6). This imposes constraints on the attacker when choosing the imposed location as there may be multiple or no points inside the circle, in (6), that satisfy Lemma 1. When no such points exist, the best option for the attacker is to force the UAV to move in a direction as close as possible to the line connecting the real location and the attacker’s desired destination, i.e., a direction that minimizes the difference in Lemma 1. If there are more than one point that satisfy Lemma 1, then the best for the attacker is to choose the furthest point from the UAV’s real destination as this gives more flexibility for the attacker in changing the imposed locations in the future time steps. Thus the attacker’s optimal imposed location can be given by the solution of the following constrained-optimization problem.
In the following theorem, we analytically derive the attacker’s imposed location, under covert attack.
Then, the attacker’s imposed location is the solution for the following set of equations:
if , or the following set of equations:
In Fig. 3, we use a geometrical representation for the problem to help clarify our proof. Let be the line connecting the UAV’s real location to the attacker’s desired destination. This line represents the attacker’s ideal route for the UAV to travel on. Let be the line parallel to and passes through the UAV’s real destination and be the distance between these two lines. There are then two cases for line .
Case 1: if the line touches or intersects with the circle, formed by the constraint, then the point or the set of points of the intersection will represent a solution for the first objective function. In this case, the difference will be , which is the minimum possible value. This case will happen if . Thus, next, we find the value of using the known values of , , and . To this end, we find the area of triangle , , using two ways: 1) and 2) , using Heron’s formula . Hence, we will have . Therefore, if , then the attacker’s optimal choice is the intersection of with circle where can be given by (11) and can be given by (12).
As this intersection may consist of more than one point, let represents the solution set so far. The optimal solution for the problem in (7) can then be found by solving the second optimization problem in the first constraint, i.e., . If has only one point, then this point will be the solution to the first constraint, which is a point on the circle perimeter. However, if has multiple points, the solution will be the point on the circle’s perimeter on the opposite side from the UAV’s real destination. In either cases, this solution point will, then, be the attacker’s imposed location.
Case 2: This case represents a more general case when does not intersect the circle formed by the constraint, i.e., . The solution to the objective function, in this case, will not lie on , instead it will lie on another line that passes through the UAV’s real destination and intersects the circle at one point. This line should make the smallest angle with the line , and, hence, it minimizes the objective function. Thus, the optimal imposed location by the attacker, in this case, is the intersection of circle and a circle with a radius of with its center at the actual desired destination of the UAV. Circle can be represented formally as in (13). Note that the two circles will always intersect in two points, however, only one of them will minimize the objective function and, hence, this point will also be a solution for the maximization problem in the first constraint. ∎
In the second case of Theorem 1, the attacker’s imposed location will not lead the UAV directly to the attacker’s desired destination. Consequently, the attacker might need to impose more than one location on the UAV along its perceived route. Each new imposed location can be calculated from Theorem 1 with respect to the UAV’s new location. Once the attacker can lead the UAV towards its desired destination, the imposed location, according to Theorem 1, will be the furthest point in the circle that maintains the same direction. Next, we study the UAV’s manipulated route due to the attacker’s imposed location.
Consider the UAV’s next location under an attack. Similar to (II), the UAV needs to compute the force components in both directions. The UAV thinks it is at the attacker’s imposed location, , so it calculates the required force to move from to its desired destination . Let be the angle between the direction and the line connecting the UAV’s imposed location to its real destination. The value of can then be given as:
Therefore, the force components in both and directions can then be given as:
The UAV will then use the optimal controller in (III) to move towards its real destination. However, the UAV will actually move from its real location not its perceived location as shown in Fig. 2. Let be the UAV’s next location under attack. It can then be given, according to (II), as:
Note that, following the route calculated by (III) may not guarantee the attacker to eventually lead the UAV to the attacker’s desired destination. Achieving this depends on multiple parameters such as the UAV’s current location and the locations of its real destination and the attacker’s desired destination. In general, the attacker should choose its desired destination to satisfy the following condition.
Under a covert attack, the attacker’s desired destination should be located on the same side as the UAV’s real destination, in terms of the direction with the largest difference between the UAV’s current location and its real destination.
The proof is presented in Appendix A. ∎
Next, we will discuss the defense mechanism against the considered GPS spoofing attack.
Iv GPS Spoofing Countermeasure
Iv-a Defense Mechanism for Mitigating Spoofing Attacks
We propose a defense mechanism built on the concept of cooperative localization  which is a framework that enables a UAV to determine its real location in a 2D coordinate system using the locations of three other UAVs. Each UAV is assumed to have a means of measuring its relative distances to the other, neighboring UAVs by inter-UAV range measurements. In cooperative localization, a UAV chooses any three neighboring UAVs, to update its location, given that the selected UAVs are non-collinear. Following this, the UAV can accurately determine its 2D location. While the cooperative localization mechanism in  can help a UAV to determine its location, it was proposed to be used in case of GPS signals loss and cannot be used, directly, in case of GPS spoofing attack due to the different nature of the problem.
Under a covert GPS spoofing attack, a UAV cannot trust its GPS location nor the locations of other UAVs. Choosing a neighboring UAV for the cooperative localization mechanism will involve a risk as this UAV might itself be under attack. To overcome this limitation, we propose a defense mechanism based on the fact that a GPS spoofing attacker can target only one UAV at a time, as discussed earlier. In our proposed mechanism, a UAV will use the locations of four neighboring UAVs, instead of three, to determine its real location by identifying the UAV under attack and eliminating it from the calculations. The proposed mechanism has the same requirements of cooperative localization, i.e., the UAVs are non-collinear, a UAV can request other UAVs’ locations through inter-UAV communications, and each UAV needs to be able to measure its relative distances to its neighboring UAVs.
Due to the fact that determining a 2D location requires only three UAVs, the fourth UAV will be used to check the results as follows. A UAV will calculate its location using all the permutations of three UAVs formed from the selected four UAVs. Let any UAV and its selected four neighbor UAVs represent a set given by , where represent a UAV and . Assume UAV wants to calculate its location, let its location calculated from the GPS signals be . The UAV, , cannot determine at this point if this location is real or a spoofed location. The UAV will then calculate its location four more times using all the groups formed of three UAVs out of the selected four UAVS. For example, can be calculated using UAVs and , can be calculated using UAVs and , and so on for and .
The UAV can then determine its real location according to the following cases:
If there is no attack, the value of will equal all the other values, i.e., , will all be the same.
If UAV is under attack, then all the values , will be equal but their value will not equal . In this case, the real location of UAV is the value calculated from its neighboring UAVs.
If another UAV, rather than UAV , is under attack, then the value of will equal only one of the four other values. The other three values will be the same and the UAV that contributed to calculating these values will be the one under attack.
We summarize our defense mechanism steps in the flow chart shown in Fig. 4. Note that, following our approach in Fig. 4, a UAV can determine its real location and identify which UAV is under attack. However, the UAV under attack will have to also execute the same procedure to determine its real location. One approach is to allow all the UAVs to continuously use the proposed defense mechanism along their travel paths. However, this might be challenging to do in long routes as the energy consumption due to exchanging communication messages, measuring distances to other UAVs, and calculating the locations will be significant compared to the UAVs’ limited power.
Given that a GPS spoofer can target only one UAV at a time, we next propose a new approach to regulate the use of our proposed defense mechanism among the UAVs through studying the interactions between the GPS spoofer and a group of UAVs, managed by their operator. The drone operator wants to regulate the use of the defense mechanism, in an energy-efficient manner, by determining when each UAV can use it along its travel path, to avoid being captured. On the other hand, the GPS spoofer wants to take control of the UAVs to send them to other destinations where they can be captured. In doing so, both the operator and the spoofer will be affected by each others’ actions. Therefore, we propose to use game theory  to model these interactions. In our game, the drone operator is the defender and the GPS spoofer is the attacker. As the attack and defense mechanisms are applied along each UAV’s travel paths, the game will be time-depended, and, hence, a dynamic game model is appropriate.
Iv-B Dynamic Stackelberg Game Formulation
We formulate a dynamic game in which every player, i.e., the attacker and the defender chooses its actions at every time step. Since the spoofer needs to monitor the targeted UAV to generate tailored spoofing signals, the spoofer will be able to attack only one UAV at any given time step. At each time, the attacker can choose one action out of set which represents the choice of one UAV to attack. Similarly, the drone operator can choose one UAV to use the defense mechanism defined in Section IV to update its location, given that the spoofer can attack only one UAV at a time. Let be the set from which the defender is choosing its actions, i.e., a UAV to apply the defense mechanism.
Note that, in the proposed defense mechanism, each UAV needs the locations of four neighboring UAVs to determine its location. Therefore, each five UAVs can be seen as a separate group in which one UAV is applying the defense mechanism using the locations of the other four UAVs. Without loss of generality, we assume the total number of UAVs is a multiple of five, with each five, closely traveling, UAVs forming a group. For larger systems, each group of five UAVs can form and coordinate together and, hence, our approach can be applied locally to each group. Hence, hereinafter, we consider a game in which the drone operator is protecting only one group, because the solution can be easily extended to the case of multiple groups of UAVs.
The actions of each player, when taken at a time step, will affect the next locations of the UAVs. If a UAV is applying the defense mechanism, then it can accurately determine its location whether there is an attack or not. On the other hand, if a UAV is dependent on the GPS signals, it will be affected by the attacker’s actions and its next location will depend on whether it is attacked or not. Here, we assume that each spoofing attack is successful in that the attacker will gain control of the UAV’s GPS receivers and impose its desired location on the UAV’s GPS. Let be a variable indicating whether the attacker has chosen to attack UAV , where means the UAV is being attacked at time step , and otherwise. Similarly, let , be a variable indicating whether the defender has chosen to protect UAV , where means the UAV is applying, at time step , the defense mechanism, i.e., being protected, and otherwise. Each UAV’s next location can then be given by:
From Theorem 1, we can observe that the attacker’s imposed location can be accurately calculated from the UAV’s current location , the UAV’s real destination, and the attacker’s desired destination. However, as the UAV’s real destination and the attacker’s desired destination are constants, the attacker’s imposed location, at any given time step, can be given as a function of the UAV’s real location. Therefore, the location in (IV-B) can be given as a function in the UAV’s current location and both player’s actions, i.e., .
Next, we define the outcomes (utilities) for both players due to their interactions. Since the objective for each player is to move each UAV to its own desired destination, each player will take actions to minimize the distance between the current UAV’s location and the player’s desired destination. Thus, we define the utility function for the attacker, at each time step, as follows:
Similarly, the defender’s utility, at each time step, can be given by:
Now, consider the players’ actions and utilities over all time steps. Assume the maximum possible number of time steps is , which is determined by the maximum time that any UAV can travel based on its fuel or battery. This number is known to the defender but the attacker does not need to know this number. From Proposition 1, the GPS spoofer will not be able to change the UAV’s direction and, thus, once a UAV passes beyond the attacker’s desired destination, the attacker will no more consider it when choosing its actions. Therefore, the game is considered to end for the attacker when all the UAVs pass beyond the attacker’s desired destinations.
Consider the players’ strategies which are defined as the players’ actions taken at each time step . Let be an attacker’s strategy defined by , and let be the set of all the attacker’s possible strategies. Similarly, let be a defender’s strategy defined by , and let be the set of all the defender’s possible strategies. The attacker’s accumulated utility will then be:
Similarly, the defender’s accumulated utility will be given by:
To solve this dynamic game, we propose to use the dynamic Stackelberg game model . In Stackelberg games, one player, the leader, acts first by selecting its strategy and, then, the other player, the follower, can respond by selecting its strategy. In our game formulation, the drone operator will act as the leader as it can choose which UAVs to protect in advance and the attacker can observe this selection and responds by choosing which UAVs to attack.
Now, we can formally formulate a dynamic Stackelberg game described by the tuple where is the set of the two players: the defender and the attacker, and the rest of the parameters as defined earlier. Based on the utility functions, the game is non-zero sum. This means, every player will try to minimize its utility and the sum of the utilities will not equal zero. Moreover, each player seeks to follow a strategy that minimizes its utility function given the other player’s strategy. Next, we study our approach of finding the optimal strategies, for each player, under the formulated game.
Iv-C Stackelberg Game Solution
The most commonly adopted solution for Stackelberg dynamic games is known as the Stackelberg equilibrium strategy concept . This solution is given by a pair of strategies defined as follows.
The Stackelberg equilibrium strategies, when the defender is the leader, are derived as follow. Let be a mapping between the defender’s strategies and the attacker’s strategies, such that:
and the set:
is the reaction set for the attacker when the defender is the leader. The Stackelberg equilibrium strategies of the game should then satisfy:
Note that, solving for the Stackelberg equilibrium strategies that satisfy (26) depends on the information available for each player, at each time step . According to , dynamic games can be solved using open-loop strategies, closed-loop strategies, or feedback strategies. In the formulated game, each player selects a strategy that minimizes its utility which involves taking actions, at each time step to control the UAVs’ locations. In doing so, both players can observe the initial locations of the UAVs as well as their subsequent locations up to the current time step. This type of information coincides with the notion of closed-loop perfect information , and, thus, we use closed-loop Stackelberg strategies to solve the formulated game. Note that the equilibrium strategies should satisfy (26) irrespective of the type of the solution.
In our formulated game, the cost functions in (IV-B) and (IV-B) will ensure the existence of the Stackelberg solution, under closed-loop perfect information . However, this solution might not be unique, as there might be multiple strategies that yield the same utilities for the players. Solving for closed-loop strategies, in general, is challenging, especially when the number of time steps is large. In the formulated game, the number of available actions for each player, at every time step, equals which is the number of the UAVs. As a strategy is a combination of different actions, there will be different strategies available for each player. The solution follows by calculating the attacker’s response for each of different defender’s strategies, which involves testing all the attacker’s strategies per a defender’s strategy. Finally, the defender selects the pair of strategies that minimize its utility. The complexity of this solution approach will then be , which is exponential in terms of the number of time steps. This, in fact, might not be feasible when the value of is large, as is the case in the UAVs’ traveling model. To this end, we propose a computationally efficient solution of the game as shown in the next theorem.
The solution of the closed-loop dynamic Stackelberg game is equivalent to solving the static Stackelberg equilibrium at each individual time step.
The proof is presented in Appendix B. ∎
From Theorem 2, we can infer that the complexity of obtaining the solution will be reduced to determining the attacker’s response and the defender’s Stackelberg action at each time step. Thus, the complexity of the game will be reduced to , which is linear in terms of the number of time steps. Note that, as discussed earlier, the solution of the formulated game is non-unique. Theorem 2 will then allow obtaining one of the Stackelberg equilibrium strategies.
V Simulation Results and Analysis
For our simulations, we consider the case of one GPS spoofer and one group of five UAVs to better highlight the outcome of the dynamic game. The analysis will can apply to multiple groups of UAVs with an expected better outcome for the UAVs due to the decreased probability of attacking a single UAV.
First, in Fig. 5, we show a visual output of the proposed game. The UAVs’ starting locations, real destinations, and the attacker’s desired destinations are all shown in this figure. The points , are the attacker’s desired destinations for each UAV and the points , are the real destinations for each UAV. The UAVs update their locations every meters and the value of is assumed to be m as well. Note that the maximum value of that keeps the attack covert depends on the fault detector used within the UAV  and it can range from few meters up to m for different detector settings.
Fig. 5 shows the different routes that each UAV can follow. The straight lines connecting each UAV’s starting point to its destination, , represent the shortest paths that each UAV will follow if there is no attack. These routes result from calculating the UAVs’ locations according to (II) at each time step. On the other hand, the routes from the UAVs’ starting points to the attacker’s desired destinations, , are the routes resulting from following the attacker’s imposed locations at each time step, i.e., the locations in (III). Note that, these routes, unlike the shortest paths, are not straight lines as they are composed of multiple short segments each of which is the UAV path after perceiving the attacker’s imposed location. In some of these paths, the attacker imposes multiple locations along the path causing the route to deviate towards the attacker’s desired destinations. The UAVs can follow these routes only if there is an attack while the defense mechanism is not used. Finally, Fig. 5 also shows the routes resulting from the proposed Stackelberg game solution. These routes are bounded by the previous two routes and may coincide with parts of these routes. Every change in these routes represents a change in the attacker’s response action, and, hence a change in the UAV under attack. In the following, we will study how the routes resulting from the Stackelberg game compare to the previous two sets of routes, i.e., routes under no attack and routes under attack while no defense is used.
Next, we study the effect of GPS spoofing attacks on the UAVs’ traveling routes.
V-a UAVs Deviation due to Spoofing Attacks
To study the attacker’s effect on the UAVs’ traveling routes, we define a deviation metric, for each UAV, to compare the UAV’s route resulting from the Stackelberg game with both the no-attack route and the attack no-defense route shown in Fig. 5. Let be UAV ’s location on the expected route under no attack and let represent its locations on the attacker’s desired route. We then define to be the deviation of UAV at time step given by:
such that when a UAV is traveling on a no-attack route, the value of will equal . Similarly, if a UAV is traveling on the attacker’s desired route, the value of will equal . Any other value in between the two routes, the value of will be . We can, then, define the deviation index for UAV as the average of its deviation over all time steps. Note that the deviation index can capture how far each UAV has traveled from its planned route towards the attacker’s desired route. However, a higher deviation index does not necessary mean that this specific UAV will be captured by the attacker. It merely means that the attacker has disrupted the UAV’s original route.
In Fig. 6, we study the effect of the instance drifted distance, , on the UAVs’ deviation indices. To better highlight the effect of , we allowed the UAVs to update their locations frequently by setting the update distance to m. We notice that, as increases, the attacker will be able to induce bigger changes to the UAVs’ locations causing them to deviate more from the planned routes hence increasing their deviation index. For instance, when m, some of the UAVs have almost zero deviation from their planned routes. On the other hand, when m, most UAVs have a slight deviation from their planned routes. We also note, from Fig. 6, that UAV , has much higher deviation than the other UAVs. This happens as UAV affects the attacker’s utility the most while having a smaller effect on the defender’s utility. Thus, UAV is chosen by the attacker, at most time steps, as its response action while the defender chooses other UAVs to protect. Note that the players’ utilities, and, hence, their chosen actions (UAVs) depend on the UAVs’ current locations and both the real and the attacker’s desired destinations.
Next, we study the effect of the update distance, i.e., the distance at which the UAVs apply the defense mechanism, on the UAVs’ deviation indices. As the UAVs are traveling using , the update distance will indicate the frequency of updating the UAVs’ locations. In Fig. 7, we study different update distances on the deviation index. In this case, we set the value of to m. From Fig. 7, we can see that, when the update distance increases, i.e., the less frequent the UAVs apply the defense mechanism, the more they deviate from their planned routes. For instance, when the update distance is set to m, the average deviation index of all UAVs is compared to when the update distance is . This happens as the UAVs will travel more towards the attacker’s destinations before they update their locations, and, move towards their real destinations. We also note that changing the update distance can change the effect of the UAVs on the players’ utilities, and, hence on their actions. For instance, when the update distance is m, UAV is attacked more than when the update distance is m, and, hence, it has a higher deviation index. For the same update values, UAV has a lower deviation index when the update distance is m compared to when it is m.
Next, we study the effect of changing the attacker’s desired destinations on the UAVs’ deviation indices. In this case, we use the same parameters as in Fig. 5. Different attacker’s desired destinations, , , are tested by reducing the distance between the attacker’s desired destination and the real destinations randomly with an average change of meters per UAV. In this case, the real destinations are fixed, and the attacker’s desired destinations are shifted along the direction only allowing for deviations to take place along the travel routes. Fig. 8 shows the effect of changing the attacker’s desired destinations on the UAVs’ deviation indices. We can see that, as the attacker’s desired destinations are closer to the real destinations, the deviation index increases. For instance, when the average distance between the attacker’s and the real destinations is m, the average deviation index for all UAVs is compared to when the average distance drops to m. This is because when the distances are smaller, the attacker will have more opportunities (longer paths) to attack the UAVs causing them to deviate more from their planned routes. Note that, as the distances between the destinations are allows to change randomly, the changes in UAVs’ distances to the attacker’s desired destinations will not be constant. Hence, the UAVs will contribute differently to the attacker’s utilities with each change. This will cause the attacker’s actions (attacked UAVs) to be different over the travel routes, with each change. For example, we can see in Fig. 8 that when the distance is m, UAV is attacked more than when the distance is m. On the other hand, UAV is less attacked when the distance changes from m to m.
Finally, we note that, in all the previous cases, while the three studied parameters affect the deviation index of the UAVs, the update distance has the most effect on the UAVs’ deviation indices. This is because delaying the update will allow the UAVs to travel on the attacked routes for longer distances before correcting their locations leading to larger deviations. Meanwhile, in the other scenarios, the attacker caused a smaller average deviation on the UAVs because the UAVs update their locations more frequently. These findings corroborate the importance of the proposed defense mechanism and provide important insights for the drone operator to choose suitable update distances according to the available resources.
Next, we study the attacker’s possibility to capture any of the UAVs under GPS spoofing attacks.
V-B Capturing Possibilities under GPS Spoofing Attacks
To study the capture possibility of the UAVs, we assume the attacker needs to change a UAV’s route, by imposing a different location, in order to capture it. We also assume that the UAV will be captured if it reaches a distance from the attacker’s desired destination. In the following, we will compare our proposed Stackelberg solution with two other non-game-theoretic baselines referred to as random and deterministic approaches. In the random approach, the defender chooses any UAV randomly to protect at each time step. In the deterministic approach, the defender considers all the UAVs, in order, by choosing one at each time step. In all the three cases, the attacker chooses its strategies in response to the defender’s chosen strategies.
Fig. 9 shows the minimum distance that each UAV can reach from its attacker’s desired destination, for each value of . The shaded areas in Fig. 9 represent the distances under which the UAV is considered to be captured which correspond to having a distance less than to the attacker’s desired destination. The configuration parameters in this case are similar to Fig. 6. We can see in Fig. 8(a) that using the Stackelberg strategies, the defender is able to protect all the UAVs until m. When m and m, both UAVs and can be captured by the attacker and when m, UAV can also be captured. In Fig. 8(b), when the drone operator uses random strategies, we can see that the attacker is able to capture UAVs and starting from m. Moreover, UAV can be captured starting from m. Under deterministic strategies, Fig. 8(c), the attacker is also able to start capturing UAVs and starting from m. It will be also able to capture UAV starting from m and to capture UAV at m.
It is clear from Fig. 9 that following the Stackelberg strategies will help the defender to protect more UAVs, particularly for higher values of . This is due to the fact that, under Stackelberg strategies, the drone operator considers its utilities based on the attacker’s response strategies which allows it to mitigate the effect of the attacker’s expected actions. Fig. 9 also shows that UAV has the most changes to its minimum distance from the attacker’s desired destination, when increases. This corroborates the result of Fig. 6 whereby UAV was the most affected by the spoofer’s imposed locations, in terms of deviation from its planned route. However, UAV remains far enough from being captured as the defender’s actions allow it to return to the correct traveling direction.
Next, we study the effect of changing the UAVs’ update distance on the possibility of UAV capture. The configuration parameters in this case are similar to Fig. 7. Fig. 10 shows the effect of the capture possibility with the shaded areas representing the distances under which the UAVs are considered to be captured. We can see in Fig. 9(a) that using the Stackelberg strategies, the drone operator is able to protect all the UAVs until an update distance of m. The attacker is able to capture its first UAV, UAV , when the update distance is m or m. When the update distance is m, three UAVs can be captured by the attacker, and four UAVs can be captured for update distances greater than m. Under random strategies, Fig. 9(b) shows that the attacker is able to capture more UAVs when the update distance is m as it will capture UAVs and . Similarly, for all the consequent update distances, more UAVs can be captured compared to the Stackelberg strategies. Under deterministic strategies, Fig. 9(c) shows that the attacker will be able to start capturing UAVs and at an update distance of m. When the update distance is m, the attacker will be able to capture three UAVs compared to one in the Stackelberg strategies. For the consequent update distances, the attacker is able to capture at least the same number of UAVs as the Stackelberg strategies.
Next, we study the effect of changing the attacker’s desired destinations on possibility of UAV capture. The configuration parameters in this case are similar to Fig. 8, with m. Fig. 11 shows this effect on the capture possibility. The shaded areas in Fig. 11 represent the capture distances of the UAVs, i.e., distances less than m. We can see in Fig. 10(a) that using the Stackelberg strategies, the drone operator is able to protect all the UAVs when the average distance is m. When the average distance decreases to m, the attacker will be able to capture UAV . For any distances less than m, the attacker will be able to capture UAVs and . Under random strategies, Fig. 10(b), we can see that the attacker is able to capture UAVs and for all the considered distances. The attacker will also be able to capture UAV under multiple distance settings. Finally, we can see in Fig. 10(c), that the deterministic strategies show very similar response to the random strategies, in terms of the possibility of UAV capture.
Note that, from the three previous scenarios, we can see that the update distance has the most effect on the possibility of UAV capture, similar to its effect of the deviation index. This highlights the importance of choosing this critical parameter when applying the proposed defense mechanism.
In this paper, we have proposed a novel framework to mitigate the effects of capture attacks via GPS spoofing that target UAVs. Systems dynamics have been used to model the UAVs’ optimal routes towards their destinations. To study the effect of a GPS spoofer on these optimal routes, we have mathematically derived the spoofer’s optimal imposed locations on any UAV. These locations, when imposed on a UAV, cause the UAVs to deviate from their planned routes and follow new routes towards the spoofer’s desired destinations. We have then proposed a countermeasure defense mechanism to allow UAVs to determine their real locations, after being attacked. This countermeasure is built on the premise of cooperative localization, in which a UAV uses the locations of nearby UAVs to determine its real location. We have, then, defined a Stackelberg game problem to allow the UAVs to better utilize the proposed defense mechanism. In particular, the game is formulated between a GPS spoofer and a drone operator that manages a number of UAVs. The drone operator is considered the leader that determines its strategies first and the spoofer then responds by choosing its strategies. We have mathematically derived the Stackelberg equilibrium strategies, for the formulated game, through a computationally efficient approach. Results have shown that the proposed defense mechanism along with Stackelberg equilibrium strategies outperform other strategy selection techniques in terms of reducing the possibility of UAV capture. We have also tested the effect of different parameters on the UAVs’ deviation indices and on the possibility of UAV capture and the results have shown that the UAV update distance has the most effect on these metrics.
Appendix A Proof of Proposition 1
We start by making two assumptions. First, the UAV is considered to reach its destination if it is within a distance from its real destination. We also assume that the distance between the UAV’s current location and its real destination is greater than , i.e., the UAV did not reach its destination yet.
According to (II) and (III), the UAV travels towards its real destination from its perceived location. Therefore, in order for the UAV to reach a destination in the opposite side from its real destination, the UAV needs to change its direction in the direction with the longest difference from the UAV’s current location. Assume without loss of generality that the difference in the direction, between the UAV’s perceived location and its real destination, is bigger than the difference in the direction. Then for the UAV, to change its direction, the value of needs to flips its sign in (III). Comparing the optimal controller, in direction, in both (III) and (II) and assuming they have opposite signs:
For this condition to hold, needs to have a different sign from . i.e.,
However, under a covert attack, the imposed location is limited by (6), i.e., . Since, it is assumed that the UAV’s real location is more than away from its real destination, i.e, , then the condition for changing the direction cannot hold. In this case, the attacker cannot impose a location that forces the UAV to change its direction. Therefore, the attacker’s desired destination cannot be in the opposite direction from the UAV’s real destination. ∎
Appendix B Proof of Theorem 2
We begin the proof by investigating the solution of the closed-loop dynamic Stackelberg game which is the pair of strategies from (25) that satisfy (26). Our proof will show that the same reaction set in (25) can be achieved by considering the solution of the static Stackelberg game at each time step. Note that, the reaction set in (25) is a combination of the attacker’s reactions to every single defender’s strategy calculated from (24). In the following, we will show the solution when and then generalize it to any number of time steps.
When , the attacker’s cost function in (IV-B) can be written as:
Now, consider that the defender chooses a specific strategy where . This means in the first time step and all the remaining actions will be be zero. Similarly, in the second time step and all the remaining actions will be be zero. The previous cost function can then be written as:
Now consider the attacker’s response to . Let where is the attacker’s response that achieves the minimum cost in (24). Similar to the defender’s actions, in this case and and all the other attacker’s actions will be zero. Now, rewrite the cost in (B) with respect to :
As the cost in (B) represents the minimum cost in response to , the attacker cannot achieve a better cost by changing its strategy. This minimum cost was achieved by attacking UAV , at the first time step without affecting the other UAVs, and attacking UAV , on the second time step, without affecting the other UAVs. This is because the attacker affects only one UAV, at a time step, and the remaining UAVs travel towards their real destinations. Note that, the attacker’s choice at the second time step, i.e, UAV is independent from its choice at the first time step. After the first time step, UAV reached its real destination, and yet, this was the best for the attacker at the second time step. Since the action at the second time step is independent from the action at the first time step and it depends only on the new UAVs’ locations after the first time step, the attacker will have the same reaction set if faced by the defender’s actions sequentially instead of the whole strategy.
This finding can be extended to any number of time steps as the attacker’s action, at a time step, will affect only one UAV and its actions in the following time steps will be based on the new UAVs’ locations whether they were attacked or not at the previous time step. In other words, when faced by a strategy, the attacker cannot achieve a better outcome than responding at each time step independently. Considering this fact, the defender can determine the reaction set in (25) sequentially by solving each time step individually. After determining the complete reaction set, the Stackelberg strategies can be achieved from (26).
-  M. Mozaffari, W. Saad, M. Bennis, and M. Debbah, “Unmanned aerial vehicle with underlaid device-to-device communications: Performance and tradeoffs,” IEEE Transactions on Wireless Communications, vol. 15, no. 6, pp. 3949–3963, Jun. 2016.
-  A. Rahmati, X. He, I. Guvenc, and H. Dai, “Dynamic mobility-aware interference avoidance for aerial base stations in cognitive radio networks,” arXiv preprint arXiv:1901.02613, Jan. 2019.
-  Z. Zhang, L. Li, W. Liang, X. Li, A. Gao, W. Chen, and Z. Han, “Downlink interference management in dense drone small cells networks using mean-field game theory,” in Proceedings of the 10th International Conference on Wireless Communications and Signal Processing (WCSP), Hangzhou, China, Oct. 2018, pp. 1–6.
-  J. C. Hodgson, S. M. Baylis, R. Mott, A. Herrod, and R. H. Clarke, “Precision wildlife monitoring using unmanned aerial vehicles,” Scientific reports, vol. 6, p. 22574, Mar. 2016.
-  A. Eldosouky, W. Saad, and N. Mandayam, “Resilient critical infrastructure: Bayesian network analysis and contract-based optimization,” arXiv preprint arXiv:1709.00303, Aug. 2017.
-  A. French, M. Mozaffari, A. Eldosouky, and W. Saad, “Environment-aware deployment of wireless drones base stations with Google Earth simulator,” in Proceedings of UNAGI’19 - Workshop on UNmanned aerial vehicle Applications in the Smart City, Kyoto,Japan, Mar 2019.
-  M. Mozaffari, A. T. Z. Kasgari, W. Saad, M. Bennis, and M. Debbah, “Beyond 5G with UAVs: Foundations of a 3D wireless cellular network,” IEEE Transactions on Wireless Communications, vol. 18, no. 1, pp. 357–372, Jan. 2019.
-  R. Amer, W. Saad, H. ElSawy, M. Butt, and N. Marchetti, “Caching to the sky: Performance analysis of cache-assisted comp for cellular-connected UAVs,” in Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC), Marrakech, Morocco, April 2019.
-  R. Altawy and A. M. Youssef, “Security, privacy, and safety aspects of civilian drones: A survey,” ACM Transactions on Cyber-Physical Systems, vol. 1, no. 2, p. 7, Feb. 2017.
U. Challita, A. Ferdowsi, M. Chen, and W. Saad, “Machine learning for wireless connectivity and security of cellular-connected UAVs,”IEEE Wireless Communications, vol. 26, no. 1, pp. 28–35, Feb. 2019.
-  A. Sanjab, W. Saad, and T. Başar, “A game of drones: Cyber-physical security of time-critical UAV applications with cumulative prospect theory perceptions and valuations,” arXiv preprint arXiv:1902.03506, Feb. 2019.
-  D. P. Shepard, J. A. Bhatti, T. E. Humphreys, and A. A. Fansler, “Evaluation of smart grid and civilian UAV vulnerability to GPS spoofing attacks,” in Radionavigation Laboratory Conference Proceedings, 2012.
-  A. J. Kerns, D. P. Shepard, J. A. Bhatti, and T. E. Humphreys, “Unmanned aircraft capture and control via GPS spoofing,” Journal of Field Robotics, vol. 31, no. 4, pp. 617–636, Apr. 2014.
-  J. S. Warner and R. G. Johnston, “Gps spoofing countermeasures,” Homeland Security Journal, vol. 25, no. 2, pp. 19–27, Dec. 2003.
-  M. U. Iqbal and S. Lim, “Legal and ethical implications of GPS vulnerabilities,” J. Int’l Com. L. & Tech., vol. 3, p. 178, 2008.
-  B. W. O’Hanlon, M. L. Psiaki, T. E. Humphreys, and J. A. Bhatti, “Real-time spoofing detection using correlation between two civil GPS receiver,” in Proceedings of the ION GNSS Meeting, Nashville, TN, USA, Sep. 2012.
-  D. Schmidt, K. Radke, S. Camtepe, E. Foo, and M. Ren, “A survey and analysis of the GNSS spoofing threat and countermeasures,” ACM Computing Surveys (CSUR), vol. 48, no. 4, p. 64, May 2016.
-  K. Jansen, M. Schäfer, D. Moser, V. Lenders, C. Pöpper, and J. Schmitt, “Crowd-GPS-Sec: Leveraging crowdsourcing to detect and localize GPS spoofing attacks,” in IEEE Symposium on Security and Privacy (SP), San Francisco, CA, May 2018, pp. 1018–1031.
-  D. M. Akos, “Who’s afraid of the spoofer? GPS/GNSS spoofing detection via automatic gain control (agc),” Navigation: Journal of the Institute of Navigation, vol. 59, no. 4, pp. 281–290, Oct. 2012.
A. Ferdowsi, U. Challita, W. Saad, and N. B. Mandayam, “Robust deep reinforcement learning for security and safety in autonomous vehicle systems,” inProceedings of the 21st International Conference on Intelligent Transportation Systems (ITSC), Maui, Hawaii, USA, Nov. 2018, pp. 307–312.
-  Y. Qu and Y. Zhang, “Cooperative localization against GPS signal loss in multiple UAVs flight,” Journal of Systems Engineering and Electronics, vol. 22, no. 1, pp. 103–112, Mar. 2011.
-  A. Eldosouky, W. Saad, and D. Niyato, “Single controller stochastic games for optimized moving target defense,” in Proceedings of IEEE International Conference on Communications (ICC), Kuala Lumpur, Malaysia, May 2016, pp. 1–6.
-  J. Su, J. He, P. Cheng, and J. Chen, “A stealthy GPS spoofing strategy for manipulating the trajectory of an unmanned aerial vehicle,” IFAC-PapersOnLine, vol. 49, no. 22, pp. 291–296, Sep. 2016.
-  A. Ferdowsi, S. Ali, W. Saad, and N. B. Mandayam, “Cyber-physical security and safety of autonomous connected vehicles: Optimal control meets multi-armed bandit learning,” arXiv preprint arXiv:1812.05298, Dec. 2018.
-  K. C. Zeng, Y. Shu, S. Liu, Y. Dou, and Y. Yang, “A practical GPS location spoofing attack in road navigation scenario,” in Proceedings of the 18th International Workshop on Mobile Computing Systems and Applications. Sonoma, CA, USA: ACM, Feb. 2017, pp. 85–90.
-  H. S. M. Coxeter, H. S. M. Coxeter, H. S. M. Coxeter, and H. S. M. Coxeter, Introduction to geometry. Wiley New York, 1969, vol. 136.
A. Sinha, P. Malo, and K. Deb, “A review on bilevel optimization: from
classical to evolutionary approaches and applications,”
IEEE Transactions on Evolutionary Computation, vol. 22, no. 2, pp. 276–295, Apr. 2018.
-  Z. Han, D. Niyato, W. Saad, T. Başar, and A. Hjørungnes, Game theory in wireless and communication networks: theory, models, and applications. Cambridge University Press, 2012.
-  M. Simaan and J. B. Cruz, “Additional aspects of the stackelberg strategy in nonzero-sum games,” Journal of Optimization Theory and Applications, vol. 11, no. 6, pp. 613–626, Dec. 1973.
-  T. Başar and G. J. Olsder, Dynamic noncooperative game theory. Siam, 1999, vol. 23.