CN114997258A - Unmanned aerial vehicle safety detection method and device - Google Patents

Unmanned aerial vehicle safety detection method and device Download PDF

Info

Publication number
CN114997258A
CN114997258A CN202210361714.XA CN202210361714A CN114997258A CN 114997258 A CN114997258 A CN 114997258A CN 202210361714 A CN202210361714 A CN 202210361714A CN 114997258 A CN114997258 A CN 114997258A
Authority
CN
China
Prior art keywords
unmanned aerial
aerial vehicle
state information
data
time interval
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210361714.XA
Other languages
Chinese (zh)
Inventor
李扬
吴仕豪
冯兆文
潘泉
吕洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN202210361714.XA priority Critical patent/CN114997258A/en
Publication of CN114997258A publication Critical patent/CN114997258A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/21Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Traffic Control Systems (AREA)

Abstract

The invention discloses a safety detection method and a safety detection device for an unmanned aerial vehicle, which are used for acquiring real-time state information of the unmanned aerial vehicle; generating a plurality of sub-data sets according to the real-time state information based on the real-time state information grouping strategy; determining safety state information of the unmanned aerial vehicle by using the subdata set as input information and adopting a mixed depth recognition model; the mixed depth recognition model comprises an input layer, a convolution layer, a bidirectional LSTM layer, an attention mechanism layer and a direct connection multiplication layer which are sequentially connected; according to the unmanned aerial vehicle safety state identification method, real-time state information of the unmanned aerial vehicle is grouped, data size used in the unmanned aerial vehicle safety state identification process is reduced, processing efficiency can be improved, meanwhile, each grouped subdata set is used as input information, a mixed depth identification model is adopted to identify and determine the safety state of the unmanned aerial vehicle at the current moment, and accuracy of unmanned aerial vehicle safety state identification can be guaranteed.

Description

Unmanned aerial vehicle safety detection method and device
Technical Field
The invention belongs to the technical field of unmanned aerial vehicle safety, and particularly relates to an unmanned aerial vehicle safety detection method and device.
Background
With the rapid development of electronic information and unmanned technology, the application scale of the unmanned aerial vehicle in the fields of military use, civil use, industry, consumption and the like is continuously expanded, and the unmanned aerial vehicle is widely applied to various fields of aerial photography, agricultural plant protection, express delivery, data acquisition and the like, and the application value and market prospect of the unmanned aerial vehicle are further released. It is estimated that global drone sales reach 433 million in 2020 and global drone production reaches 259 billion dollars in 2020.
In 2011, a virus named "keylogger" was transmitted and stolen a lot of telemetry and real-time scout intelligence data of unmanned aerial vehicles. After that, many cases that the unmanned aerial vehicle is attacked begin to appear in the middle of people's field of vision, and unmanned aerial vehicle's security problem is increasingly prominent. After the unmanned aerial vehicle is attacked, the system is injured, accidents such as impact, crash and the like are caused or occur besides the loss of data and equipment brought to a user, and the damage is caused to the life and property safety of ground personnel.
Information security issues for unmanned aerial vehicle systems are related to their wireless communication, infrastructure, storage, and computational resource limitations. At present, most unmanned aerial vehicle equipment is designed and developed based on a general chip, an operating system and a general protocol. Most important attention of product manufacturers is paid to functions, performance and usability of unmanned aerial vehicle equipment, and safety design of the unmanned aerial vehicle equipment is often neglected. Along with unmanned aerial vehicle system security risk is constantly outstanding, the system leak is also constantly discovered, must produce great threat to unmanned aerial vehicle system safety, seriously hinders the healthy development of unmanned aerial vehicle industry.
The high accuracy of the position information provided by GPS helps to reduce or even eliminate the cumulative error of the Inertial Measurement Unit (IMU). Under the condition of GPS and IMU combined navigation, the navigation precision, reliability and anti-interference capability of the unmanned aerial vehicle are improved. However, since the frequency bands and data formats used by civilian GPS are publicly available, this allows GPS signals to be intercepted and tampered with. GPS spoofing attacks, i.e., the GPS receiver receiving a forged or replayed GPS signal by forging or replaying the GPS signal, thereby allowing the GPS receiver to resolve the wrong location and time information. Such an attack may hijack or crash the drone, with consequences that are difficult to gauge.
Due to the limitation of energy consumption and load capacity, an airborne processor used by the unmanned aerial vehicle is weak in computing capability and is easy to be attacked by denial of service (DoS). Thus, frames may be sent to the drone over the wireless network, thereby significantly reducing the computational speed of the processor. For example, an attacker uses the flooding network card to attack a network port of the drone, causing the drone to lose control. And then crashed.
GPS spoofing attacks and DoS attacks are the most common forms of drone attacks that may control or destroy a drone, and even cause injury to personnel in the drone flight area or damage other aircraft. Therefore urgent need is attacked to unmanned aerial vehicle and is detected, defends the security problem.
The existing unmanned aerial vehicle attack detection method generally does not have a uniform detection processing flow, for example, a GPS spoofing attack detection method is mostly based on the difference between a normal GPS signal and a false GPS signal, and the method is not suitable for detecting other types of attacks (such as DoS attack). It is also unclear which sensor features are best suited for drone attack detection, and the minimum number of features required, the source of sensor feature data used is not comprehensive enough. Moreover, most of the existing methods with higher detection rate are based on models which need to consume more computing resources, and the problem that the computing resources of medium and small commercial unmanned aerial vehicles are limited is not considered.
Disclosure of Invention
The invention aims to provide a method and a device for detecting the safety of an unmanned aerial vehicle, which can reduce the resource consumption in the detection process by screening the sensor characteristics of the unmanned aerial vehicle and then detecting whether an attack occurs.
The invention adopts the following technical scheme: an unmanned aerial vehicle safety detection method comprises the following steps:
acquiring real-time state information of the unmanned aerial vehicle;
generating a plurality of sub-data sets according to the real-time state information based on the real-time state information grouping strategy; each subdata set corresponds to an unmanned aerial vehicle attack type;
determining safety state information of the unmanned aerial vehicle by using the subdata set as input information and adopting a mixed depth recognition model; the safety state information is a probability value corresponding to each unmanned aerial vehicle attack type; the mixed depth recognition model comprises an input layer, a convolution layer, a bidirectional LSTM layer, an attention mechanism layer and a direct connection multiplication layer which are sequentially connected.
Preferably, the hybrid depth recognition model performs data parameter optimization by the following method:
acquiring a training data set; the training data set is a plurality of groups of unmanned aerial vehicle state information in a training period, and the unmanned aerial vehicle state information and the real-time state information are the same in type;
identifying each group of unmanned aerial vehicle state information;
carrying out normalization processing on each group of unmanned aerial vehicle state information after identification;
generating a data group corresponding to each unmanned aerial vehicle attack type according to each group of unmanned aerial vehicle state information after normalization processing;
and training the mixed depth recognition model by adopting a data group.
Preferably, identifying each set of unmanned aerial vehicle state information includes:
determining a first time interval in each group of unmanned aerial vehicle state information;
determining a second time interval according to the plurality of first time intervals; wherein the second time interval is the intersection of the first time interval;
and identifying each group of unmanned aerial vehicle state information according to the second time interval.
Preferably, the determining the first time interval in each sub-state information comprises:
and determining a first time interval in each group of unmanned aerial vehicle state information through an outlier analysis method.
Preferably, the determining the second time interval according to the plurality of first time intervals comprises:
and selecting the time interval with the largest overlapping times from the plurality of first time intervals as a second time interval.
Preferably, the generating a data group corresponding to each attack type of the unmanned aerial vehicle according to each set of state information of the unmanned aerial vehicle after normalization processing includes:
and generating a data group corresponding to each unmanned aerial vehicle attack type in each group of unmanned aerial vehicle state information after normalization processing by adopting a joint hypothesis testing method.
Preferably, before training the hybrid depth recognition model by using the data set, the method further comprises:
carrying out interpolation processing on the data group corresponding to the second time interval;
and performing downsampling processing on the data group corresponding to the non-second time interval.
Preferably, the normalization is performed by
Figure BDA0003584043650000041
The implementation is realized;
wherein, X norm Is the normalized data value, X is the original data in the state information of the unmanned aerial vehicle, X min Is the minimum of the original data in the group of X, X max Is the maximum of the raw data in the group of X.
Preferably, the real-time status information grouping strategy is implemented based on a joint hypothesis testing method.
The other technical scheme of the invention is as follows: the safety detection device for the unmanned aerial vehicle comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the safety detection method for the unmanned aerial vehicle.
The beneficial effects of the invention are: according to the unmanned aerial vehicle safety state identification method, the real-time state information of the unmanned aerial vehicle is grouped, the data volume used in the unmanned aerial vehicle safety state identification process is reduced, the processing efficiency can be improved, meanwhile, each sub data set after grouping is used as input information, a mixed depth identification model is adopted for identification and determination of the safety state of the unmanned aerial vehicle at the current moment, and the accuracy of unmanned aerial vehicle safety state identification can be guaranteed.
Drawings
Fig. 1 is a flowchart of a method for detecting security of an unmanned aerial vehicle according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for detecting security of an unmanned aerial vehicle according to another embodiment of the present invention;
FIG. 3 is a graph of the visual results of the F-test screening for features in an embodiment of the present invention;
FIG. 4 is a schematic diagram of a hybrid depth model according to an embodiment of the present invention;
FIG. 5 is a comparison graph of the convergence effect of training for each model of DoS attack in the verification embodiment of the present invention;
fig. 6 is a comparison diagram of the convergence effect of training of each model for GPS attack in the verification embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
Most of the existing unmanned aerial vehicle attack detection technologies are only suitable for specific types of unmanned aerial vehicle attacks, and do not have a uniform detection processing flow. For example, GPS spoofing attack detection methods are mostly based on the difference between normal GPS signals and false GPS signals, which is not suitable for other types of attacks (e.g., DoS attacks). The existing unmanned aerial vehicle attack detection technology does not know which sensor characteristics are most suitable for unmanned aerial vehicle attack detection and the minimum quantity of required characteristics, and the used sensor characteristic data sources are not comprehensive enough. The existing method with higher detection rate is mostly based on a model which needs to consume more computing resources, the problem of detection cost is not considered, for small and medium-sized commercial and civil unmanned aerial vehicles, the computing resources are limited, and in order to avoid influencing other important components which also need the computing resources, an attack detection module needs to reduce the loss of the computing resources as much as possible on the basis of ensuring the detection rate.
The invention discloses an unmanned aerial vehicle safety detection method, which comprises the following steps as shown in figure 1: step S110, acquiring real-time state information of the unmanned aerial vehicle; step S120, generating a plurality of sub-data sets according to the real-time state information based on a real-time state information grouping strategy (the real-time state information grouping strategy is realized based on a joint hypothesis testing method in the embodiment of the invention); each subdata set corresponds to an unmanned aerial vehicle attack type; step S130, determining safety state information of the unmanned aerial vehicle by using the subdata set as input information and adopting a hybrid depth recognition model; the safety state information is a probability value corresponding to each unmanned aerial vehicle attack type; the hybrid depth recognition model comprises an input layer, a convolutional layer, a bidirectional LSTM layer, an attention mechanism layer and a direct connection multiplication layer which are sequentially connected.
According to the unmanned aerial vehicle safety state identification method, the real-time state information of the unmanned aerial vehicle is grouped, the data volume used in the unmanned aerial vehicle safety state identification process is reduced, the processing efficiency can be improved, meanwhile, each sub data set after grouping is used as input information, a mixed depth identification model is adopted for identification and determination of the safety state of the unmanned aerial vehicle at the current moment, and the accuracy of unmanned aerial vehicle safety state identification can be guaranteed.
In one embodiment, as shown in FIG. 2, the hybrid depth recognition model is optimized for data parameters by: acquiring a training data set; the training data set is a plurality of groups of unmanned aerial vehicle state information in a training period, and the unmanned aerial vehicle state information and the real-time state information are the same in type; identifying each group of unmanned aerial vehicle state information; carrying out normalization processing on each group of unmanned aerial vehicle state information after identification; generating a data group corresponding to each unmanned aerial vehicle attack type according to each group of unmanned aerial vehicle state information after normalization processing; and training the mixed depth recognition model by adopting a data set.
Specifically, the training data set may be collected experimentally or acquired through other approaches as needed. The training data set is to contain all state information during flight of the drone. For example, firstly, a pyulog module (i.e., a python module) is installed in the unmanned aerial vehicle system, then, under the catalog of the ulog files, the ulog files of the unmanned aerial vehicle can be converted into csv files required by data preprocessing by using a ulog2csv command, the names of the csv files correspond to different data (except sensor data, data in many other aspects) recorded when the unmanned aerial vehicle flies, and then, the data in each csv file is visualized, wherein the purpose of visualization is to determine that the data of each sensor of the unmanned aerial vehicle can be changed significantly when the unmanned aerial vehicle is attacked, so as to verify the correctness of the method in the embodiment of the invention.
In one embodiment, identifying each set of drone state information includes: determining a first time interval in each group of unmanned aerial vehicle state information; determining a second time interval according to the plurality of first time intervals; wherein the second time interval is the intersection of the first time interval; and identifying each group of unmanned aerial vehicle state information according to the second time interval.
Preferably, the determining the first time interval in each sub-state information comprises: and determining a first time interval in each group of unmanned aerial vehicle state information through an outlier analysis method. Specifically, the most severe time of each sensor change can be determined by python statements using outlier analysis, specifically, each csv file is analyzed to determine a plurality of time intervals, and each time interval is selected from the csv files corresponding to different data. In the normal flight process of the unmanned aerial vehicle, the change trend of each type of data is not large, so that after the change trend of certain type of data is suddenly and obviously, it can be determined that the time period corresponding to the change interval is possibly the process that the unmanned aerial vehicle is attacked, and therefore, the time when each sensor changes most severely is selected as the time when the unmanned aerial vehicle is attacked.
Next, a time interval with the largest number of overlapping times is selected as a second time interval from the plurality of first time intervals. If the time period in which the data of a single sensor changes most severely (i.e., the first time interval) is directly used as the time period in which the unmanned aerial vehicle is attacked, the problem of large discrimination error may be caused, so in the embodiment of the present invention, in order to make the selected time interval more accurate, the first time interval corresponding to each sensor is selected, if the unmanned aerial vehicle is attacked, common overlapping sub-time intervals are inevitably present between the first time intervals, and finally, the sub-time interval with the largest number of overlapping times is used as the time interval in which the unmanned aerial vehicle is attacked, so that the robustness of time interval selection can be improved.
Then, because each csv file has a timestamp, the characteristic data from different csv files are all matched and combined by using a python statement to match a timestamp sub-time interval and are written into one csv file, so that the characteristic data can be conveniently read in at one time in the follow-up process, and the required characteristics after the first round of screening can be obtained.
And after the matched and combined data is read in, marking different labels on the data in the sub second time interval and the data in other time intervals. For example, the data tag in the attacked sub-time interval (second time interval) is marked as 1, and the data tags in other time intervals are marked as 0.
In order to achieve high detection rate with low cost as much as possible, a second round of feature screening process is performed in the embodiment of the present invention. In the process, firstly, F-test (joint hypothesis test) is used for feature screening, and then feature screening is carried out according to the physical significance of sensor data and the effect of GPS deception attack and DoS attack on the unmanned aerial vehicle on the basis, so that the feature data amount is reduced, and normalization processing is carried out.
Because the calculation power of the unmanned aerial vehicle is limited, the existing depth model does not consider the detection cost at all and only considers the precision, and the invention needs to start from two points to reduce the calculation cost, wherein the first point is that the designed model needs to be simplified (the point is met on the model designed later, the parameters of the model are only slightly improved compared with the baseline model, and the precision is greatly improved); the second point is to perform the screening again on the basis of the features screened in the first round, and the performance of the baseline model is necessarily reduced after the feature screening (which is also the reason for redesigning the model).
Therefore, the second round of screening needs to eliminate the accuracy degradation caused by the feature data reduction as much as possible. The first round of screened features first need to be prescreened according to F-test (joint hypothesis testing), with different effects on drone sensors due to different types of drone attacks. For example, the GPS spoofing attack often affects the flight trajectory of the unmanned aerial vehicle without causing a large change in data such as rotor angular velocity and data such as velocity; DoS attacks often cause the unmanned aerial vehicle to directly stop flying, which can cause the data such as the angular speed of the rotor wing of the unmanned aerial vehicle and the data such as the speed to be greatly changed (according to the physical meaning and the attack effect of the unmanned aerial vehicle on the unmanned aerial vehicle).
Then, on the basis of the characteristics primarily screened out by the F-test, sensor data in the unmanned aerial vehicle are grouped according to physical meanings, so that the characteristic data respectively suitable for detecting the attacks can be selected for different types of unmanned aerial vehicle attacks (for example, in DoS attack, the finally selected characteristic data attitude data is mainly divided into sensor data, attitude data and gyroscope data, and in GPS deception attack, the selected characteristic data attitude data is mainly divided into sensor data and coordinate data). As shown in fig. 3, the graph is a visualization of F-test screening features, the abscissa represents features screened in the first round in different attack types, the ordinate represents the relative significance of the features and the labels obtained by calculating the P value of the features through F-test (P value, a standard in hypothesis testing, P value used for comparison with significance level), and after setting the threshold, the written program will judge the size of the ordinate to automatically select the most suitable features.
Further, the selected specific characteristic data are shown in tables 1 and 2 below.
TABLE 1
Figure BDA0003584043650000091
TABLE 2
Figure BDA0003584043650000092
Figure BDA0003584043650000101
Finally, the most effective sensor characteristics of the detection attack in the shortest time are explored, the minimum number of required characteristics is verified, and the problem that the computing resources of small and medium-sized unmanned aerial vehicles are limited is well solved. Because the technical scheme aims at obtaining a unified detection processing flow, but different attack modes have different influences on the unmanned aerial vehicle sensor, the data characteristics screened out according to the processing flow in the technical scheme are not fixed, the data characteristics are different due to different attack modes, the data characteristics and the attack modes are in a cause-effect relationship, and the detection processing flows of different attack modes are completely unified.
In summary, a joint hypothesis testing method is adopted to generate a data group corresponding to each attack type of the unmanned aerial vehicle in each set of unmanned aerial vehicle state information after normalization processing.
As a specific implementation mode, Min-max normalization is adopted, and normalization processing is carried out through
Figure BDA0003584043650000102
The implementation is carried out; wherein, X norm Is the normalized data value, X is the original data in the state information of the unmanned aerial vehicle, X min Is the minimum of the original data in the group of X, X max Is the maximum of the raw data in the group of X. The original data is normalized, so that the characteristics of different dimensions have certain comparability on the value, the reliability of the result is ensured, and the precision of the model can be greatly improved.
In order to ensure the detection rate of the model, in one embodiment, interpolation processing is performed on a data group corresponding to the second time interval, namely, an average value is taken for every two adjacent data in the attacked data with small data quantity, a new data is created, and the new data is inserted between the adjacent data. But during the inspection of the model, we will delete these generated data in the test set to ensure that all the data used are true data. And performing downsampling processing on the data group corresponding to the non-second time interval.
Through the steps, the characteristic data to be finally used are obtained and processed, but before the detection by using the model, the data also needs to be subjected to training set and test set division (the precondition of data set division is the consistency of data distribution, and the effect of the steps meets the requirement of the consistency of the data distribution).
In one embodiment, the specific steps are first to divide the data set into a training set and a test set in a 4:1 ratio. In the training set, because the attack duration of the unmanned aerial vehicle is quite short relative to the normal flight time, the proportion of the sub-time interval in the whole time interval is quite small, the proportion of data marked with different labels is seriously unbalanced, the problem causes poor model precision on the training set, so the data is subjected to data equalization processing,
specifically, the proportion between unbalanced data is determined, most sample data is down-sampled according to the determined proportion, and interpolation processing is performed on a few samples (for example, if the majority sample is 10000 and the minority sample is 1000, the minority sample is interpolated two by two to generate 999 data, and finally the minority sample number becomes 1999, the majority sample is sampled every five times, and finally the majority sample number becomes 2000, so that data equalization is achieved). At this point, data equalization is complete. And in the test set, all real data are used to ensure the real effectiveness of the detection effect.
In the embodiment of the present invention, as shown in fig. 4, the hybrid depth recognition model is mainly divided into: an Input layer (Input layer), a convolutional layer (CNN), a bidirectional LSTM layer (BilSTM), an Attention mechanism layer (Attention layer), and a direct multiplication layer (multiplex layer). The design improvement thought of the model is determined according to the characteristics of the sensor data of the unmanned aerial vehicle and the characteristic screening process in the scheme, is completely matched with the data preprocessing flow, and can well detect the attack (namely improvement and promotion) of the unmanned aerial vehicle.
Firstly, the preprocessed feature data are transmitted to the convolutional layer through an Input layer (Input layer), and because the preprocessed feature data are one-dimensional time sequence data extracted from the unmanned aerial vehicle sensor, the convolutional layer adopts Conv1D (one-dimensional convolution) to extract the features of the unmanned aerial vehicle sensor time sequence data, and is followed by a maximum pooling layer (Max boosting 1D) to accelerate the calculation and prevent overfitting; after the feature extraction of the convolutional layer, the obtained data is transmitted to a bidirectional LSTM (BilsTM) layer, the bidirectional LSTM (BilsTM) layer consists of a forward LSTM and a backward LSTM, the LSTM can well extract the feature of time sequence data, and the time sequence data of the unmanned aerial vehicle sensor is closely related in front and back, so that the bidirectional LSTM (BilsTM) layer is more suitable for extracting the feature; after passing through the bidirectional lstm (bilstm) layer, since data is filtered and reduced in consideration of saving detection cost, in order to eliminate the influence as much as possible, an Attention mechanism layer (Attention layer) is introduced to the extracted sensor data, and it is desirable to improve the model accuracy by performing weighted transformation on the sensor data. In the direct connection multiplication layer (Multiply layer), Attention is paid to a mechanism layer (Attention layer) to perform weighted transformation on the features extracted from the bidirectional lstm (bilstm) layer, and then data is directly multiplied after passing through a maximum pooling layer (MaxPooling1D) and a Dropout layer (model overfitting can be reduced), so that the linear superposition effect of expressing output as input and nonlinear transformation of input like residual superposition (skip connection) can be brought, gradient disappearance can be prevented, and the model precision can be improved. After that, the data passes through a full connection (Dense) layer in the model and then the classification probability is output through a sigmoid function, so that the final classification judgment (whether the unmanned aerial vehicle is attacked or not) is obtained.
In the embodiment of the present invention, in order to show that the model is more stable and excellent in detection effect, a famous SVM (Supported Vector Machine), BP (Back Propagation Neural Network), CNN (Convolutional Neural Network), and LSTM (Long Short Term Neural Network) are selected as a baseline model to be compared with the model (i.e., the mixed depth recognition model) of the embodiment of the present invention, and meanwhile, each part in the CNN-BiLSTM-Attention mixed depth model is also compared, and the results are as follows:
(1) baseline model results:
as shown in fig. 5, the results of the baseline model detection for the GPS spoofing attack. The CBA Model provided by the embodiment of the invention uses a dotted line, the abscissa is the epoch number of Model training, the ordinate is the loss value of Model training, and the graph corresponds to the Model training process of DoS attack detection, so that the Model loss-DoS attack is named as 'Model loss-DoS attack'. In addition, the model provided by the embodiment of the invention has almost no difference with the convergence speed of other models when aiming at the GPS spoofing attack, can greatly improve the precision, and can improve the accuracy of the attack detection of the unmanned aerial vehicle while ensuring the timeliness of the attack detection of the unmanned aerial vehicle. (the convergence rate is visible in the model convergence map and the accuracy improvement is visible in the table)
The results of baseline model detection for Dos attacks and GPS spoofing attacks are shown in table 3 below.
TABLE 3
Model CNN LSTM BP SVM
GPS spoofing attack 85.4% 84.2% 86.1% 82.2%
DoS attack 96.4% 94.7% 91.2% 94.7%
(2) CNN + BilSTM + Attention model results and comparisons with different combinations:
as shown in fig. 6, the diagram corresponds to a Model training process of the detection of the GPS Spoofing attack, and is named as "Model loss-GPS Spoofing attack", and it can be seen that the convergence speed of the Model proposed in the embodiment of the present invention is almost the same as that of other models, and the accuracy of the detection of the unmanned aerial vehicle attack can be greatly improved, so that the timeliness of the detection of the unmanned aerial vehicle attack can be ensured, and the accuracy of the detection of the unmanned aerial vehicle attack can be improved. The invention lists the comparison results of different combinations of the model and the components thereof and the data characteristics adopted after the second round of reduction screening according to the actual physical significance.
The detection results for the GPS spoofing attack are shown in table 4:
TABLE 4
Figure BDA0003584043650000141
The detection results for DoS attacks are shown in table 5.
TABLE 5
Figure BDA0003584043650000142
Figure BDA0003584043650000151
According to the experimental result, the CNN + BilSTM + Attention mixed depth model remarkably improves the attack detection rate after characteristic reduction, meets the requirement of limited calculation capacity of commercial and civil small unmanned aerial vehicles, controls the parameters of the model in one order in the actual experiment, obtains higher detection rate with extremely small time cost, and also ensures timeliness.
In conclusion, the invention provides a unified detection processing flow aiming at the problem of unmanned aerial vehicle attack detection and different attack modes. The sensor features that detect the most effective attack in the shortest time are explored and the minimum number of features required is verified. The CNN-BilSTM-Attention mixed depth model is provided to obtain excellent and stable detection effect under the condition of low cost.
Aiming at the problems that the existing unmanned aerial vehicle attack detection technology is unclear which sensor features are most suitable for unmanned aerial vehicle attack detection, the minimum number of required features and the insufficient comprehensive source of the used sensor feature data, the technical scheme explores the sensor features which are most effective in detecting attacks in the shortest time and verifies the minimum number of the required features.
The existing method with higher detection rate is mostly based on a model which needs to consume more computing resources, and the problem that the computing resources of medium and small-sized commercial and civil unmanned aerial vehicles are limited is not considered. Aiming at the problem, the technical scheme provides a mixed model CNN-BilSTM-attack to detect the attack and obtains more excellent and more stable detection effect on the basis of reducing the used characteristics according to the actual physical significance.
The invention also discloses an unmanned aerial vehicle safety detection device which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the unmanned aerial vehicle safety detection method is realized when the processor executes the computer program.
It should be noted that, because the content of information interaction, execution process, and the like between the modules of the apparatus is based on the same concept as the method embodiment of the present invention, specific functions and technical effects thereof can be specifically referred to the method embodiment part, and details are not described herein again.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the above division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the apparatus is divided into different functional modules to perform all or part of the above described functions. Each functional module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional modules are only used for distinguishing one functional module from another, and are not used for limiting the protection scope of the present application. For the specific working processes of the units and modules in the system, reference may be made to the corresponding processes in the foregoing method embodiments, which are not described herein again.
The device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing equipment. The apparatus may include, but is not limited to, a processor, a memory. Those skilled in the art will appreciate that the apparatus may include more or fewer components, or some components in combination, or different components, and may also include, for example, input-output devices, network access devices, etc.
The Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage may in some embodiments be an internal storage unit of the device, such as a hard disk or a memory of the device. The memory may also be an external storage device of the apparatus in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the apparatus. Further, the memory may also include both an internal storage unit and an external storage device of the apparatus. The memory is used for storing an operating system, application programs, a BootLoader (BootLoader), data, and other programs, such as program codes of the computer programs. The memory may also be used to temporarily store data that has been output or is to be output.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment. Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

Claims (10)

1. The safety detection method for the unmanned aerial vehicle is characterized by comprising the following steps:
acquiring real-time state information of the unmanned aerial vehicle;
generating a plurality of sub-data sets according to the real-time state information based on a real-time state information grouping strategy; each subdata set corresponds to an unmanned aerial vehicle attack type;
determining safety state information of the unmanned aerial vehicle by using the subdata set as input information and adopting a mixed depth recognition model; the safety state information is a probability value corresponding to each unmanned aerial vehicle attack type; the mixed depth recognition model comprises an input layer, a convolution layer, a bidirectional LSTM layer, an attention mechanism layer and a direct connection multiplication layer which are sequentially connected.
2. The unmanned aerial vehicle security detection method of claim 1, wherein the hybrid depth recognition model is optimized for data parameters by:
acquiring a training data set; the training data set is a plurality of groups of unmanned aerial vehicle state information in a training period, and the unmanned aerial vehicle state information and the real-time state information are the same in type;
identifying each set of unmanned aerial vehicle state information;
carrying out normalization processing on each group of unmanned aerial vehicle state information after identification;
generating a data group corresponding to each unmanned aerial vehicle attack type according to each group of unmanned aerial vehicle state information after normalization processing;
and training the mixed depth recognition model by adopting the data set.
3. The method of claim 2, wherein identifying each set of the drone state information comprises:
determining a first time interval in each group of the unmanned aerial vehicle state information;
determining a second time interval according to a plurality of first time intervals; wherein the second time interval is an intersection of the first time intervals;
and identifying the state information of each group of unmanned aerial vehicles according to the second time interval.
4. The method of claim 2, wherein determining the first time interval in each of the sub-state information comprises:
and determining a first time interval in each group of unmanned aerial vehicle state information through an outlier analysis method.
5. The method of claim 3 or 4, wherein determining the second time interval according to the plurality of first time intervals comprises:
and selecting the time interval with the largest overlapping times from a plurality of first time intervals as the second time interval.
6. The method of claim 2, wherein generating the data set corresponding to each attack type of the unmanned aerial vehicle according to each set of unmanned aerial vehicle state information after normalization processing comprises:
and generating a data group corresponding to each unmanned aerial vehicle attack type in each group of unmanned aerial vehicle state information after normalization processing by adopting a joint hypothesis testing method.
7. The method of claim 2 or 6, wherein before training the hybrid depth recognition model with the data set, the method further comprises:
carrying out interpolation processing on the data group corresponding to the second time interval;
and carrying out downsampling processing on the data group corresponding to the second time interval.
8. The method of claim 7, wherein the normalization process is performed by
Figure FDA0003584043640000021
The implementation is carried out;
wherein, X norm Is a normalized data value, X is the original data in the unmanned aerial vehicle state information, X min Is the minimum value of the original data in the group of X, X max Is the maximum of the raw data in the group of X.
9. The method of claim 1, wherein the real-time status information grouping policy is implemented based on the joint hypothesis testing method.
10. A drone safety detection device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements a drone safety detection method according to any one of claims 1-9.
CN202210361714.XA 2022-04-07 2022-04-07 Unmanned aerial vehicle safety detection method and device Pending CN114997258A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210361714.XA CN114997258A (en) 2022-04-07 2022-04-07 Unmanned aerial vehicle safety detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210361714.XA CN114997258A (en) 2022-04-07 2022-04-07 Unmanned aerial vehicle safety detection method and device

Publications (1)

Publication Number Publication Date
CN114997258A true CN114997258A (en) 2022-09-02

Family

ID=83023849

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210361714.XA Pending CN114997258A (en) 2022-04-07 2022-04-07 Unmanned aerial vehicle safety detection method and device

Country Status (1)

Country Link
CN (1) CN114997258A (en)

Similar Documents

Publication Publication Date Title
CN108629231B (en) Obstacle detection method, apparatus, device and storage medium
CN110111113B (en) Abnormal transaction node detection method and device
CN108845321A (en) Recognition methods, device and the unmanned smart machine of target object
CN114970705B (en) Running state analysis method, device, equipment and medium based on multi-sensing data
CN110533940B (en) Method, device and equipment for identifying abnormal traffic signal lamp in automatic driving
CN110633991A (en) Risk identification method and device and electronic equipment
CN102012846A (en) Integrity check method for large video file
CN109325424A (en) Discrimination method, device and the computer equipment of break in traffic rules and regulations case
CN117081858B (en) Intrusion behavior detection method, system, equipment and medium based on multi-decision tree
CN113392794A (en) Vehicle over-line identification method and device, electronic equipment and storage medium
US9906545B1 (en) Systems and methods for identifying message payload bit fields in electronic communications
CN110263836B (en) Bad driving state identification method based on multi-feature convolutional neural network
CN110207643B (en) Folding angle detection method and device, terminal and storage medium
CN114565780A (en) Target identification method and device, electronic equipment and storage medium
CN113379469A (en) Abnormal flow detection method, device, equipment and storage medium
CN114218995A (en) Speculative acceleration-based classification based on incomplete feature sets
CN111738290B (en) Image detection method, model construction and training method, device, equipment and medium
CN114997258A (en) Unmanned aerial vehicle safety detection method and device
CN113746780A (en) Abnormal host detection method, device, medium and equipment based on host image
CN116244356A (en) Abnormal track detection method and device, electronic equipment and storage medium
CN113806413B (en) Trajectory screening and classifying method and device, computer equipment and storage medium
CN111860554A (en) Risk monitoring method and device, storage medium and electronic equipment
CN114169247A (en) Method, device and equipment for generating simulated traffic flow and computer readable storage medium
CN114708498A (en) Image processing method, image processing apparatus, electronic device, and storage medium
CN113705363A (en) Method and system for identifying uplink signal of specific satellite

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination