Detection Is Not Enough: Attack Recovery for Safe and Robust Autonomous Robotic Vehicles

Autonomous Robotic Vehicles (RV) such as drones and rovers rely extensively on sensor measurements to perceive their physical states and the environment. For example, a GPS provides geographic position information, a gyroscope sensor measures angular velocities, an accelerometer measures linear accelerations. Attacks such as sensor tampering and spoofing can feed erroneous sensor measurements through external means that may deviate RVs from their course and result in mission failures. Attacks such as GPS spoofing have been performed against military drones and marine navigation systems. Prior work in the security of autonomous RVs mainly focuses on attack detection. However, detection alone is not enough, because it does not prevent adverse consequences such as drastic deviation and/or crash. The key question, "how to respond once an attack is detected in an RV?" still remains unanswered.

In this talk, we present two novel frameworks that provide safe response to attacks and allow RVs to continue the mission despite the malicious intervention. The first technique uses a Feed-Forward controller (FFC) which runs in tandem with RV’s primary controller and monitors it. When an attack is detected, the FFC takes over to recover the RV. The second technique identifies and isolates the sensor(s) under attack - this prevents the corrupted measurements from affecting the actuator signals. Then, it uses historic states to estimate RV’s current state and ensures stable operation even under attacks.