Global Navigation Satellite Systems(GNSSs)face significant security threats from spoofing attacks.Typical anti-spoofing methods rely on estimating the delays between spoofing and authentic signals using multicorrelato...Global Navigation Satellite Systems(GNSSs)face significant security threats from spoofing attacks.Typical anti-spoofing methods rely on estimating the delays between spoofing and authentic signals using multicorrelator outputs.However,the accuracy of the delay estimation is limited by the spacing of the correlators.To address this,an innovative anti-spoofing method is introduced,which incorporates distinct coarse and refined stages for more accurate spoofing estimation.By leveraging the coarse delay estimates obtained through maximum likelihood estimation,the proposed method establishes the Windowed Sum of the Relative Delay(WSRD)statistics to detect the presence of spoofing signals.The iterative strategy is then employed to enhance the precision of the delay estimation.To further adapt to variations in the observation noise caused by spoofing intrusions and restore precise position,velocity,and timing solutions,an adaptive extended Kalman filter is proposed.This comprehensive framework offers detection,mitigation,and recovery against spoofing attacks.Experimental validation using datasets from the Texas Spoofing Test Battery(TEXBAT)demonstrates the effectiveness of the proposed anti-spoofing method.With 41 correlators,the method achieves a detection rate exceeding 90%at a false alarm rate of 10-5,with position or time errors below 15 m.Notably,this refined anti-spoofing approach shows robust detection and mitigation capabilities,requiring only a single antenna without the need for additional external sensors.These advancements can significantly contribute to the development of GNSS anti-spoofing measures.展开更多
Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP s...Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.展开更多
The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can le...The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can lead to wrong location reports and time indication.In order to deal with this threat,we proposed a scheme of anti-spoofing for BDⅡ-CNAV based on integrated information authentication.This scheme generates two type authentication information,one is authentication code information(ACI),which is applied to confirm the authenticity and reliability of satellite time information,and the other is signature information,which is used to authenticate the integrity of satellite location information and other information.Both authentication information is designed to embed into the reserved bits in BDⅡ-CNAV without changing the frame structure.In order to avoid authentication failure caused by public key error or key error,the key or public key prompt information(KPKPI)are designed to remind the receiver to update both keys in time.Experimental results indicate that the scheme can successfully detect spoofing attacks,and the authentication delay is less than 1%of the transmission delay,which meets the requirements of BDⅡ-CNAV information authentication.展开更多
In this paper,a method for spoofing detection based on the variation of the signal’s carrier-to-noise ratio(CNR)is proposed.This method leverages the directionality of the antenna to induce varying gain changes in th...In this paper,a method for spoofing detection based on the variation of the signal’s carrier-to-noise ratio(CNR)is proposed.This method leverages the directionality of the antenna to induce varying gain changes in the signals across different incident directions,resulting in distinct CNR variations for each signal.A model is developed to calculate the variation value of the signal CNR based on the antenna gain pattern.This model enables the differentiation of the variation values of the CNR for authentic satellite signals and spoofing signals,thereby facilitating spoofing detection.The proposed method is capable of detecting spoofing signals with power and CNR similar to those of authentic satellite signals.The accuracy of the signal CNR variation value calculation model and the effectiveness of the spoofing detection method are verified through a series of experiments.In addition,the proposed spoofing detection method works not only for a single spoofing source but also for distributed spoofing sources.展开更多
The Internet of Things(IoT)has permeated various fields relevant to our lives.In these applications,countless IoT devices transmit vast amounts of data,which often carry important and private information.To prevent ma...The Internet of Things(IoT)has permeated various fields relevant to our lives.In these applications,countless IoT devices transmit vast amounts of data,which often carry important and private information.To prevent malicious users from spoofing these information,the first critical step is effective authentication.Physical Layer Authentication(PLA)employs unique characteristics inherent to wireless signals and physical devices and is promising in the IoT due to its flexibility,low complexity,and transparency to higher layer protocols.In this paper,the focus is on the interaction between multiple malicious spoofers and legitimate receivers in the PLA process.First,the interaction is formulated as a static spoof detection game by including the spoofers and receivers as players.The best authentication threshold of the receiver and the attack rate of the spoofers are consideblack as Nash Equilibrium(NE).Then,closed-form expressions are derived for all NEs in the static environment in three cases:multiplayer games,zero-sum games with collisions,and zero-sum games without collisions.Considering the dynamic environment,a Multi-Agent Deep Deterministic Policy Gradient(MADDPG)algorithm is proposed to analyze the interactions of receiver and spoofers.Last,comprehensive simulation experiments are conducted and demonstrate the impact of environmental parameters on the NEs,which provides guidance to design effective PLA schemes.展开更多
In order to solve the problem that the global navigation satellite system(GNSS) receivers can hardly detect the GNSS spoofing when they are deceived by a spoofer,a model-based approach for the identification of the ...In order to solve the problem that the global navigation satellite system(GNSS) receivers can hardly detect the GNSS spoofing when they are deceived by a spoofer,a model-based approach for the identification of the GNSS spoofing is proposed.First,a Hammerstein model is applied to model the spoofer/GNSS transmitter and the wireless channel.Then,a novel method based on the uncultivated wolf pack algorithm(UWPA) is proposed to estimate the model parameters.Taking the estimated model parameters as a feature vector,the identification of the spoofing is realized by comparing the Euclidean distance between the feature vectors.Simulations verify the effectiveness and the robustness of the proposed method.The results show that,compared with the other identification algorithms,such as least square(LS),the iterative method and the bat-inspired algorithm(BA),although the UWPA has a little more time-eomplexity than the LS and the BA algorithm,it has better estimation precision of the model parameters and higher identification rate of the GNSS spoofing,even for relative low signal-to-noise ratios.展开更多
The spoofing capability of Global Navigation Satellite System(GNSS)represents an important confrontational capability for navigation security,and the success of planned missions may depend on the effective evaluation ...The spoofing capability of Global Navigation Satellite System(GNSS)represents an important confrontational capability for navigation security,and the success of planned missions may depend on the effective evaluation of spoofing capability.However,current evaluation systems face challenges arising from the irrationality of previous weighting methods,inapplicability of the conventional multi-attribute decision-making method and uncertainty existing in evaluation.To solve these difficulties,considering the validity of the obtained results,an evaluation method based on the game aggregated weight model and a joint approach involving the grey relational analysis and technique for order preference by similarity to an ideal solution(GRA-TOPSIS)are firstly proposed to determine the optimal scheme.Static and dynamic evaluation results under different schemes are then obtained via a fuzzy comprehensive assessment and an improved dynamic game method,to prioritize the deceptive efficacy of the equipment accurately and make pointed improvement for its core performance.The use of judging indicators,including Spearman rank correlation coefficient and so on,combined with obtained evaluation results,demonstrates the superiority of the proposed method and the optimal scheme by the horizontal comparison of different methods and vertical comparison of evaluation results.Finally,the results of field measurements and simulation tests show that the proposed method can better overcome the difficulties of existing methods and realize the effective evaluation.展开更多
This paper presents a new approach to estimate the true position of an unmanned aerial vehicle (UAV) in the conditions of spoofing attacks on global positioning system (GPS) receivers. This approach consists of tw...This paper presents a new approach to estimate the true position of an unmanned aerial vehicle (UAV) in the conditions of spoofing attacks on global positioning system (GPS) receivers. This approach consists of two phases, the spoofing detection phase which is accomplished by hypothesis test and the trajectory estimation phase which is carried out by applying the adapted particle filters to the integrated inertial navigation system (INS) and GPS. Due to nonlinearity and unfavorable impacts of spoofing signals on GPS receivers, deviation in position calculation is modeled as a cumulative uniform error. This paper also presents a procedure of applying adapted particle swarm optimization filter (PSOF) to the INS/GPS integration system as an estimator to compensate spoofing attacks. Due to memory based nature of PSOF and benefits of each particle's experiences, application of PSOF algorithm in the INS/GPS integ- ration system leads to more precise positioning compared with general particle filter (PF) and adaptive unscented particle filer (AUPF) in the GPS spoofing attack scenarios. Simulation results show that the adapted PSOF algorithm is more reliable and accurate in estim- ating the true position of UAV in the condition of spoofing attacks. The validation of the proposed method is done by root mean square error (RMSE) test.展开更多
The Global Positioning System(GPS)has become a foundation for most location-based services and navigation systems,such as autonomous vehicles,drones,ships,and wearable devices.However,it is a challenge to verify if th...The Global Positioning System(GPS)has become a foundation for most location-based services and navigation systems,such as autonomous vehicles,drones,ships,and wearable devices.However,it is a challenge to verify if the reported geographic locations are valid due to various GPS spoofing tools.Pervasive tools,such as Fake GPS,Lockito,and software-defined radio,enable ordinary users to hijack and report fake GPS coordinates and cheat the monitoring server without being detected.Furthermore,it is also a challenge to get accurate sensor readings on mobile devices because of the high noise level introduced by commercial motion sensors.To this end,we propose DeepPOSE,a deep learning model,to address the noise introduced in sensor readings and detect GPS spoofing attacks on mobile platforms.Our design uses a convolutional and recurrent neural network to reduce the noise,to recover a vehicle's real-time trajectory from multiple sensor inputs.We further propose a novel scheme to map the constructed trajectory from sensor readings onto the Google map,to smartly eliminate the accumulation of errors on the trajectory estimation.The reconstructed trajectory from sensors is then used to detect the GPS spoofing attack.Compared with the existing method,the proposed approach demonstrates a significantly higher degree of accuracy for detecting GPS spoofing attacks.展开更多
This paper analyzes the influence of the global positionong system(GPS)spoofing attack(GSA)on phasor measurement units(PMU)measurements.We propose a detection method based on improved Capsule Neural Network(CapsNet)to...This paper analyzes the influence of the global positionong system(GPS)spoofing attack(GSA)on phasor measurement units(PMU)measurements.We propose a detection method based on improved Capsule Neural Network(CapsNet)to handle this attack.In the improved CapsNet,the gated recurrent unit(GRU)is added to the front of the full connection layer of the CapsNet.The improved CapsNet trains and updates the network parameters according to the historical measurements of the smart grid.The detection method uses different structures to extract the temporal and spatial features of the measurements simultaneously,which can accurately distinguish the attacked data from the normal data,to improve the detection accuracy.Finally,simulation experiments are carried out on IEEE 14-,IEEE 118-bus systems.The experimental results show that compared with other detection methods,our method is proved to be more efficient.展开更多
In recent years,with the rapid development of the drone industry,drones have been widely used in many fields such as aerial photography,plant protection,performance,and monitoring.To effectively control the unauthoriz...In recent years,with the rapid development of the drone industry,drones have been widely used in many fields such as aerial photography,plant protection,performance,and monitoring.To effectively control the unauthorized flight of drones,using GPS spoofing attacks to interfere with the flight of drones is a relatively simple and highly feasible attack method.However,the current method uses ground equipment to carry out spoofing attacks.The attack range is limited and the flexibility is not high.Based on the existing methods,this paper proposes a multi-UAV coordinated GPS spoofing scheme based on YOLO Nano,which can launch effective attacks against target drones with autonomous movement:First,a single-attack drone based on YOLO Nano is proposed.The target tracking scheme achieves accurate tracking of the target direction on a single-attack drone;then,based on the single-UAV target tracking,a multi-attack drone coordinated target tracking scheme based on the weighted least squares method is proposed to realize the target drone Finally,a new calculation method for false GPS signals is proposed,which adaptively adjusts the flight trajectory of the attacking drone and the content of the false GPS signal according to the autonomous movement of the target drone.展开更多
Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the ...Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the process of establishing these networks. Nevertheless, security-wise precautions were not taken in some of them. In this paper, we expose some of the vulnerability that exists in a commonly and widely used network protocol, the Address Resolution Protocol (ARP) protocol. Effectively, we will implement a user friendly and an easy-to-use tool that exploits the weaknesses of this protocol to deceive a victim’s machine and a router through creating a sort of Man-in-the-Middle (MITM) attack. In MITM, all of the data going out or to the victim machine will pass first through the attacker’s machine. This enables the attacker to inspect victim’s data packets, extract valuable data (like passwords) that belong to the victim and manipulate these data packets. We suggest and implement a defense mechanism and tool that counters this attack, warns the user, and exposes some information about the attacker to isolate him. GNU/Linux is chosen as an operating system to implement both the attack and the defense tools. The results show the success of the defense mechanism in detecting the ARP related attacks in a very simple and efficient way.展开更多
As a result of the exponential growing rate of worldwide Internet usage, satellite systems are required to support broadband Internet applications. The transmission control protocol (TCP) which is widely used in the...As a result of the exponential growing rate of worldwide Internet usage, satellite systems are required to support broadband Internet applications. The transmission control protocol (TCP) which is widely used in the Internet, performs very well on wired networks. However, in the case of satellite channels, clue to the delay and transmission errors, TCP performance degrades significantly and bandwidth of satellite links can not be fully utilized. To improve the TCP performance, a new idea of placing a TCP spoofing proxy in the satellite is considered. A Novel Satellite Transport Protocol (NSTP) which takes advantage of the special properties of the satellite channel is also proposed. By using simulation, as compared with traditional TCPs, the on-board spoofing proxy integrated with the special transport protocol can significantly enhance throughput performance on the high BER satellite link, the time needed to transfer files and the bandwidth used in reverse path are sharply reduced.展开更多
The hidden danger of the automatic speaker verification(ASV)system is various spoofed speeches.These threats can be classified into two categories,namely logical access(LA)and physical access(PA).To improve identifica...The hidden danger of the automatic speaker verification(ASV)system is various spoofed speeches.These threats can be classified into two categories,namely logical access(LA)and physical access(PA).To improve identification capability of spoofed speech detection,this paper considers the research on features.Firstly,following the idea of modifying the constant-Q-based features,this work considered adding variance or mean to the constant-Q-based cepstral domain to obtain good performance.Secondly,linear frequency cepstral coefficients(LFCCs)performed comparably with constant-Q-based features.Finally,we proposed linear frequency variance-based cepstral coefficients(LVCCs)and linear frequency mean-based cepstral coefficients(LMCCs)for identification of speech spoofing.LVCCs and LMCCs could be attained by adding the frame variance or the mean to the log magnitude spectrum based on LFCC features.The proposed novel features were evaluated on ASVspoof 2019 datase.The experimental results show that compared with known hand-crafted features,LVCCs and LMCCs are more effective in resisting spoofed speech attack.展开更多
Unmanned aerial vehicle(UAV)swarm network consisting of a collection of micro UAVs can be used for many applications.It is well established that packet routing is a fundamental problem to achieve UAV collaboration.How...Unmanned aerial vehicle(UAV)swarm network consisting of a collection of micro UAVs can be used for many applications.It is well established that packet routing is a fundamental problem to achieve UAV collaboration.However,the highly dynamic nature of UAVs,frequently changing network topologies and security issues,poses significant challenges to packet forwarding in UAV networks.The existing topology-based routing protocols are not well suited in UAV network due to their high controlling overhead or excessive end-to-end delay.Geographic routing is regarded as a promising solution,as it only requires local information.In order to enhance the accuracy and security of geographic routing in highly dynamic UAV network,in this paper,we propose a new predictive geographic(PGeo)routing strategy with location verification.First,a detection mechanism is adopted to recognize malicious UAVs falsifying their location.Then,an accurate average service time of a packet in the medium access control(MAC)layer is derived to assist location prediction.The proposed delay model can provide a theoretical basis for future work,and our simulation results reveal that PGeo outstrips the existing geographic routing protocols in terms of packet delivery ratio in the presence of location spoofing behavior.展开更多
The Global Positioning System(GPS)plays an indispensable role in the control of Unmanned Aerial Vehicle(UAV).However,the civilian GPS signals,transmitted over the air without any encryption,are vulnerable to spoofing ...The Global Positioning System(GPS)plays an indispensable role in the control of Unmanned Aerial Vehicle(UAV).However,the civilian GPS signals,transmitted over the air without any encryption,are vulnerable to spoofing attacks,which further guides the UAV on deviated positions or trajectories.To counter the GPS,,m spoofing on UAV system and to detect the position/trajectory anomaly in real time,a motion state vector based stack long short-term memory trajectory prediction scheme is firstly proposed,leveraging the temporal and spatial features of UAV kinematics.Based on the predicted results,an ensemble voting-based trajectory anomaly detection scheme is proposed to detect the position anomalies in real time with the information of motion state sequences.The proposed prediction-based trajectory anomaly detection scheme outperforms the existing offline detection schemes designed for fixed trajectories.Software In The Loop(SITL)based online prediction and online anomaly detection are demonstrated with random 3D flight trajectories.Results show that the coefficient of determination(R^(2))and Root Mean Square Error(RMSE)of the prediction scheme can reach 0.996 and 3.467,respectively.The accuracy,recall,and F1-score of the proposed anomaly detection scheme can reach 0.984,0.988,and 0.983,respectively,which outperform deep ensemble learning,LSTM-based classifier,machine learning classifier and GA-XGBoost based schemes.Moreover,results show that compared with LSTM-based classifier,the average duration(from the moment starting an attack to the moment the attack being detected)and distance of the proposed scheme are reduced by 24.4%and 19.5%,respectively.展开更多
Face anti-spoofing aims at detecting whether the input is a real photo of a user(living)or a fake(spoofing)image.As new types of attacks keep emerging,the detection of unknown attacks,known as Zero-Shot Face Anti-Spoo...Face anti-spoofing aims at detecting whether the input is a real photo of a user(living)or a fake(spoofing)image.As new types of attacks keep emerging,the detection of unknown attacks,known as Zero-Shot Face Anti-Spoofing(ZSFA),has become increasingly important in both academia and industry.Existing ZSFA methods mainly focus on extracting discriminative features between spoofing and living faces.However,the nature of the spoofing faces is to trick anti-spoofing systems by mimicking the livings,therefore the deceptive features between the known attacks and the livings,which have been ignored by existing ZSFA methods,are essential to comprehensively represent the livings.Therefore,existing ZSFA models are incapable of learning the complete representations of living faces and thus fall short of effectively detecting newly emerged attacks.To tackle this problem,we propose an innovative method that effectively captures both the deceptive and discriminative features distinguishing between genuine and spoofing faces.Our method consists of two main components:a two-against-all training strategy and a semantic autoencoder.The two-against-all training strategy is employed to separate deceptive and discriminative features.To address the subsequent invalidation issue of categorical functions and the dominance disequilibrium issue among different dimensions of features after importing deceptive features,we introduce a modified semantic autoencoder.This autoencoder is designed to map all extracted features to a semantic space,thereby achieving a balance in the dominance of each feature dimension.We combine our method with the feature extraction model ResNet50,and experimental results show that the trained ResNet50 model simultaneously achieves a feasible detection of unknown attacks and comparably accurate detection of known spoofing.Experimental results confirm the superiority and effectiveness of our proposed method in identifying the living with the interference of both known and unknown spoofing types.展开更多
A signature-and-verification-based method, automatic peer-to-peer anti-spoofing (APPA), is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer,...A signature-and-verification-based method, automatic peer-to-peer anti-spoofing (APPA), is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer, and verified and removed at the verification peer where packets with incorrect signatures are filtered. A unique state machine, which is used to generate signatures, is associated with each ordered pair of APPA peers. As the state machine automatically transits, the signature changes accordingly. KISS ran- dom number generator is used as the signature generating algorithm, which makes the state machine very small and fast and requires very low management costs. APPA has an intra-AS (autonomous system) level and an inter-AS level. In the intra-AS level, signatures are tagged into each departing packet at the host and verified at the gateway to achieve finer-grained anti-spoofing than ingress filtering. In the inter-AS level, signatures are tagged at the source AS border router and verified at the destination AS border router to achieve prefix-level anti-spoofing, and the automatic state machine enables the peers to change signatures without negotiation which makes APPA attack-resilient compared with the spoofing prevention method. The results show that the two levels are both incentive for deployment, and they make APPA an integrated anti-spoofing solution.展开更多
The Industrial Internet of Things(IIoT)is increasingly vulnerable to sophisticated cyber threats,particularly zero-day attacks that exploit unknown vulnerabilities and evade traditional security measures.To address th...The Industrial Internet of Things(IIoT)is increasingly vulnerable to sophisticated cyber threats,particularly zero-day attacks that exploit unknown vulnerabilities and evade traditional security measures.To address this critical challenge,this paper proposes a dynamic defense framework named Zero-day-aware Stackelberg Game-based Multi-Agent Distributed Deep Deterministic Policy Gradient(ZSG-MAD3PG).The framework integrates Stackelberg game modeling with the Multi-Agent Distributed Deep Deterministic Policy Gradient(MAD3PG)algorithm and incorporates defensive deception(DD)strategies to achieve adaptive and efficient protection.While conventional methods typically incur considerable resource overhead and exhibit higher latency due to static or rigid defensive mechanisms,the proposed ZSG-MAD3PG framework mitigates these limitations through multi-stage game modeling and adaptive learning,enabling more efficient resource utilization and faster response times.The Stackelberg-based architecture allows defenders to dynamically optimize packet sampling strategies,while attackers adjust their tactics to reach rapid equilibrium.Furthermore,dynamic deception techniques reduce the time required for the concealment of attacks and the overall system burden.A lightweight behavioral fingerprinting detection mechanism further enhances real-time zero-day attack identification within industrial device clusters.ZSG-MAD3PG demonstrates higher true positive rates(TPR)and lower false alarm rates(FAR)compared to existing methods,while also achieving improved latency,resource efficiency,and stealth adaptability in IIoT zero-day defense scenarios.展开更多
Intermediate spoofing can impact most off-the-shelf Global Navigation Satellite Systems (GNSS) receivers, therefore low cost detection of such spoofing is very important to protect the reliability of the GNSS receiv...Intermediate spoofing can impact most off-the-shelf Global Navigation Satellite Systems (GNSS) receivers, therefore low cost detection of such spoofing is very important to protect the reliability of the GNSS receivers used in critical safety and financial applications. This paper presents two strategies to analyze attacks by intermediate spoofing attackers to identify the weaknesses of such attacks. The analyses lead to a code and carrier phase consistency detection method with simulation results showing that this method can indicate the receiver when spoofing has occurred. The method can be used by most receivers, is inexpensive, and requires only a small software upgrade.展开更多
基金co-supported by the Tianjin Research innovation Project for Postgraduate Students,China(No.2022BKYZ039)the China Postdoctoral Science Foundation(No.2023M731788)the National Natural Science Foundation of China(No.62303246)。
文摘Global Navigation Satellite Systems(GNSSs)face significant security threats from spoofing attacks.Typical anti-spoofing methods rely on estimating the delays between spoofing and authentic signals using multicorrelator outputs.However,the accuracy of the delay estimation is limited by the spacing of the correlators.To address this,an innovative anti-spoofing method is introduced,which incorporates distinct coarse and refined stages for more accurate spoofing estimation.By leveraging the coarse delay estimates obtained through maximum likelihood estimation,the proposed method establishes the Windowed Sum of the Relative Delay(WSRD)statistics to detect the presence of spoofing signals.The iterative strategy is then employed to enhance the precision of the delay estimation.To further adapt to variations in the observation noise caused by spoofing intrusions and restore precise position,velocity,and timing solutions,an adaptive extended Kalman filter is proposed.This comprehensive framework offers detection,mitigation,and recovery against spoofing attacks.Experimental validation using datasets from the Texas Spoofing Test Battery(TEXBAT)demonstrates the effectiveness of the proposed anti-spoofing method.With 41 correlators,the method achieves a detection rate exceeding 90%at a false alarm rate of 10-5,with position or time errors below 15 m.Notably,this refined anti-spoofing approach shows robust detection and mitigation capabilities,requiring only a single antenna without the need for additional external sensors.These advancements can significantly contribute to the development of GNSS anti-spoofing measures.
基金partially supported by Asia Pacific University of Technology&Innovation(APU)Bukit Jalil,Kuala Lumpur,MalaysiaThe funding body had no role in the study design,data collection,analysis,interpretation,or writing of the manuscript.
文摘Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)。
文摘The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can lead to wrong location reports and time indication.In order to deal with this threat,we proposed a scheme of anti-spoofing for BDⅡ-CNAV based on integrated information authentication.This scheme generates two type authentication information,one is authentication code information(ACI),which is applied to confirm the authenticity and reliability of satellite time information,and the other is signature information,which is used to authenticate the integrity of satellite location information and other information.Both authentication information is designed to embed into the reserved bits in BDⅡ-CNAV without changing the frame structure.In order to avoid authentication failure caused by public key error or key error,the key or public key prompt information(KPKPI)are designed to remind the receiver to update both keys in time.Experimental results indicate that the scheme can successfully detect spoofing attacks,and the authentication delay is less than 1%of the transmission delay,which meets the requirements of BDⅡ-CNAV information authentication.
基金supported by the National Natural Science Foundation of China(62273195).
文摘In this paper,a method for spoofing detection based on the variation of the signal’s carrier-to-noise ratio(CNR)is proposed.This method leverages the directionality of the antenna to induce varying gain changes in the signals across different incident directions,resulting in distinct CNR variations for each signal.A model is developed to calculate the variation value of the signal CNR based on the antenna gain pattern.This model enables the differentiation of the variation values of the CNR for authentic satellite signals and spoofing signals,thereby facilitating spoofing detection.The proposed method is capable of detecting spoofing signals with power and CNR similar to those of authentic satellite signals.The accuracy of the signal CNR variation value calculation model and the effectiveness of the spoofing detection method are verified through a series of experiments.In addition,the proposed spoofing detection method works not only for a single spoofing source but also for distributed spoofing sources.
基金supported in part by the Fundamental Research Funds for the Central Universities under Grant 2022YJS008 and Grant 2019JBZ001in part by the National Natural Science Foundation of China under Grant 61931001 and Grant 61871023in part by the Beijing Natural Science Foundation under Grant 4202054。
文摘The Internet of Things(IoT)has permeated various fields relevant to our lives.In these applications,countless IoT devices transmit vast amounts of data,which often carry important and private information.To prevent malicious users from spoofing these information,the first critical step is effective authentication.Physical Layer Authentication(PLA)employs unique characteristics inherent to wireless signals and physical devices and is promising in the IoT due to its flexibility,low complexity,and transparency to higher layer protocols.In this paper,the focus is on the interaction between multiple malicious spoofers and legitimate receivers in the PLA process.First,the interaction is formulated as a static spoof detection game by including the spoofers and receivers as players.The best authentication threshold of the receiver and the attack rate of the spoofers are consideblack as Nash Equilibrium(NE).Then,closed-form expressions are derived for all NEs in the static environment in three cases:multiplayer games,zero-sum games with collisions,and zero-sum games without collisions.Considering the dynamic environment,a Multi-Agent Deep Deterministic Policy Gradient(MADDPG)algorithm is proposed to analyze the interactions of receiver and spoofers.Last,comprehensive simulation experiments are conducted and demonstrate the impact of environmental parameters on the NEs,which provides guidance to design effective PLA schemes.
基金The National Natural Science Foundation of China(No.61271214,61471152)the Postdoctoral Science Foundation of Jiangsu Province(No.1402023C)the Natural Science Foundation of Zhejiang Province(No.LZ14F010003)
文摘In order to solve the problem that the global navigation satellite system(GNSS) receivers can hardly detect the GNSS spoofing when they are deceived by a spoofer,a model-based approach for the identification of the GNSS spoofing is proposed.First,a Hammerstein model is applied to model the spoofer/GNSS transmitter and the wireless channel.Then,a novel method based on the uncultivated wolf pack algorithm(UWPA) is proposed to estimate the model parameters.Taking the estimated model parameters as a feature vector,the identification of the spoofing is realized by comparing the Euclidean distance between the feature vectors.Simulations verify the effectiveness and the robustness of the proposed method.The results show that,compared with the other identification algorithms,such as least square(LS),the iterative method and the bat-inspired algorithm(BA),although the UWPA has a little more time-eomplexity than the LS and the BA algorithm,it has better estimation precision of the model parameters and higher identification rate of the GNSS spoofing,even for relative low signal-to-noise ratios.
基金supported by the National Natural Science Foundation of China(41804035,41374027)。
文摘The spoofing capability of Global Navigation Satellite System(GNSS)represents an important confrontational capability for navigation security,and the success of planned missions may depend on the effective evaluation of spoofing capability.However,current evaluation systems face challenges arising from the irrationality of previous weighting methods,inapplicability of the conventional multi-attribute decision-making method and uncertainty existing in evaluation.To solve these difficulties,considering the validity of the obtained results,an evaluation method based on the game aggregated weight model and a joint approach involving the grey relational analysis and technique for order preference by similarity to an ideal solution(GRA-TOPSIS)are firstly proposed to determine the optimal scheme.Static and dynamic evaluation results under different schemes are then obtained via a fuzzy comprehensive assessment and an improved dynamic game method,to prioritize the deceptive efficacy of the equipment accurately and make pointed improvement for its core performance.The use of judging indicators,including Spearman rank correlation coefficient and so on,combined with obtained evaluation results,demonstrates the superiority of the proposed method and the optimal scheme by the horizontal comparison of different methods and vertical comparison of evaluation results.Finally,the results of field measurements and simulation tests show that the proposed method can better overcome the difficulties of existing methods and realize the effective evaluation.
文摘This paper presents a new approach to estimate the true position of an unmanned aerial vehicle (UAV) in the conditions of spoofing attacks on global positioning system (GPS) receivers. This approach consists of two phases, the spoofing detection phase which is accomplished by hypothesis test and the trajectory estimation phase which is carried out by applying the adapted particle filters to the integrated inertial navigation system (INS) and GPS. Due to nonlinearity and unfavorable impacts of spoofing signals on GPS receivers, deviation in position calculation is modeled as a cumulative uniform error. This paper also presents a procedure of applying adapted particle swarm optimization filter (PSOF) to the INS/GPS integration system as an estimator to compensate spoofing attacks. Due to memory based nature of PSOF and benefits of each particle's experiences, application of PSOF algorithm in the INS/GPS integ- ration system leads to more precise positioning compared with general particle filter (PF) and adaptive unscented particle filer (AUPF) in the GPS spoofing attack scenarios. Simulation results show that the adapted PSOF algorithm is more reliable and accurate in estim- ating the true position of UAV in the condition of spoofing attacks. The validation of the proposed method is done by root mean square error (RMSE) test.
基金This work was supported in part by NSF under Grants CNS-1950704,CNS-1828593,and OAC-1829771,ONR under Grant N00014-20-1-2065,NSA under Grant H98230-21-1-0278,and the Commonwealth Cyber Initiative.
文摘The Global Positioning System(GPS)has become a foundation for most location-based services and navigation systems,such as autonomous vehicles,drones,ships,and wearable devices.However,it is a challenge to verify if the reported geographic locations are valid due to various GPS spoofing tools.Pervasive tools,such as Fake GPS,Lockito,and software-defined radio,enable ordinary users to hijack and report fake GPS coordinates and cheat the monitoring server without being detected.Furthermore,it is also a challenge to get accurate sensor readings on mobile devices because of the high noise level introduced by commercial motion sensors.To this end,we propose DeepPOSE,a deep learning model,to address the noise introduced in sensor readings and detect GPS spoofing attacks on mobile platforms.Our design uses a convolutional and recurrent neural network to reduce the noise,to recover a vehicle's real-time trajectory from multiple sensor inputs.We further propose a novel scheme to map the constructed trajectory from sensor readings onto the Google map,to smartly eliminate the accumulation of errors on the trajectory estimation.The reconstructed trajectory from sensors is then used to detect the GPS spoofing attack.Compared with the existing method,the proposed approach demonstrates a significantly higher degree of accuracy for detecting GPS spoofing attacks.
文摘This paper analyzes the influence of the global positionong system(GPS)spoofing attack(GSA)on phasor measurement units(PMU)measurements.We propose a detection method based on improved Capsule Neural Network(CapsNet)to handle this attack.In the improved CapsNet,the gated recurrent unit(GRU)is added to the front of the full connection layer of the CapsNet.The improved CapsNet trains and updates the network parameters according to the historical measurements of the smart grid.The detection method uses different structures to extract the temporal and spatial features of the measurements simultaneously,which can accurately distinguish the attacked data from the normal data,to improve the detection accuracy.Finally,simulation experiments are carried out on IEEE 14-,IEEE 118-bus systems.The experimental results show that compared with other detection methods,our method is proved to be more efficient.
基金This work is supported by the National Natural Science Foundation of China under Grants U1836110,U1836208by the Jiangsu Basic Research Programs-Natural Science Foundation under Grant No.BK20200039。
文摘In recent years,with the rapid development of the drone industry,drones have been widely used in many fields such as aerial photography,plant protection,performance,and monitoring.To effectively control the unauthorized flight of drones,using GPS spoofing attacks to interfere with the flight of drones is a relatively simple and highly feasible attack method.However,the current method uses ground equipment to carry out spoofing attacks.The attack range is limited and the flexibility is not high.Based on the existing methods,this paper proposes a multi-UAV coordinated GPS spoofing scheme based on YOLO Nano,which can launch effective attacks against target drones with autonomous movement:First,a single-attack drone based on YOLO Nano is proposed.The target tracking scheme achieves accurate tracking of the target direction on a single-attack drone;then,based on the single-UAV target tracking,a multi-attack drone coordinated target tracking scheme based on the weighted least squares method is proposed to realize the target drone Finally,a new calculation method for false GPS signals is proposed,which adaptively adjusts the flight trajectory of the attacking drone and the content of the false GPS signal according to the autonomous movement of the target drone.
文摘Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the process of establishing these networks. Nevertheless, security-wise precautions were not taken in some of them. In this paper, we expose some of the vulnerability that exists in a commonly and widely used network protocol, the Address Resolution Protocol (ARP) protocol. Effectively, we will implement a user friendly and an easy-to-use tool that exploits the weaknesses of this protocol to deceive a victim’s machine and a router through creating a sort of Man-in-the-Middle (MITM) attack. In MITM, all of the data going out or to the victim machine will pass first through the attacker’s machine. This enables the attacker to inspect victim’s data packets, extract valuable data (like passwords) that belong to the victim and manipulate these data packets. We suggest and implement a defense mechanism and tool that counters this attack, warns the user, and exposes some information about the attacker to isolate him. GNU/Linux is chosen as an operating system to implement both the attack and the defense tools. The results show the success of the defense mechanism in detecting the ARP related attacks in a very simple and efficient way.
文摘As a result of the exponential growing rate of worldwide Internet usage, satellite systems are required to support broadband Internet applications. The transmission control protocol (TCP) which is widely used in the Internet, performs very well on wired networks. However, in the case of satellite channels, clue to the delay and transmission errors, TCP performance degrades significantly and bandwidth of satellite links can not be fully utilized. To improve the TCP performance, a new idea of placing a TCP spoofing proxy in the satellite is considered. A Novel Satellite Transport Protocol (NSTP) which takes advantage of the special properties of the satellite channel is also proposed. By using simulation, as compared with traditional TCPs, the on-board spoofing proxy integrated with the special transport protocol can significantly enhance throughput performance on the high BER satellite link, the time needed to transfer files and the bandwidth used in reverse path are sharply reduced.
基金National Natural Science Foundation of China(No.62001100)。
文摘The hidden danger of the automatic speaker verification(ASV)system is various spoofed speeches.These threats can be classified into two categories,namely logical access(LA)and physical access(PA).To improve identification capability of spoofed speech detection,this paper considers the research on features.Firstly,following the idea of modifying the constant-Q-based features,this work considered adding variance or mean to the constant-Q-based cepstral domain to obtain good performance.Secondly,linear frequency cepstral coefficients(LFCCs)performed comparably with constant-Q-based features.Finally,we proposed linear frequency variance-based cepstral coefficients(LVCCs)and linear frequency mean-based cepstral coefficients(LMCCs)for identification of speech spoofing.LVCCs and LMCCs could be attained by adding the frame variance or the mean to the log magnitude spectrum based on LFCC features.The proposed novel features were evaluated on ASVspoof 2019 datase.The experimental results show that compared with known hand-crafted features,LVCCs and LMCCs are more effective in resisting spoofed speech attack.
基金co-supported by the National Key Research and Development Program of China(No.2024YFE0107900)the National Natural Science Foundation of China(No.62222105)+1 种基金the Natural Science Foundation of Guangdong Province,China(No.2024A1515010235)the 2024 China Unicom Guangdong low-altitude communication and sensing key technology research and digital twin platform research and development project(No.20241890).
文摘Unmanned aerial vehicle(UAV)swarm network consisting of a collection of micro UAVs can be used for many applications.It is well established that packet routing is a fundamental problem to achieve UAV collaboration.However,the highly dynamic nature of UAVs,frequently changing network topologies and security issues,poses significant challenges to packet forwarding in UAV networks.The existing topology-based routing protocols are not well suited in UAV network due to their high controlling overhead or excessive end-to-end delay.Geographic routing is regarded as a promising solution,as it only requires local information.In order to enhance the accuracy and security of geographic routing in highly dynamic UAV network,in this paper,we propose a new predictive geographic(PGeo)routing strategy with location verification.First,a detection mechanism is adopted to recognize malicious UAVs falsifying their location.Then,an accurate average service time of a packet in the medium access control(MAC)layer is derived to assist location prediction.The proposed delay model can provide a theoretical basis for future work,and our simulation results reveal that PGeo outstrips the existing geographic routing protocols in terms of packet delivery ratio in the presence of location spoofing behavior.
基金supported in part by the National Natural Science Foundation of China(No.62271076)in part by the Fundamental Research Funds for the Central Universities,China(No.2242022k60006).
文摘The Global Positioning System(GPS)plays an indispensable role in the control of Unmanned Aerial Vehicle(UAV).However,the civilian GPS signals,transmitted over the air without any encryption,are vulnerable to spoofing attacks,which further guides the UAV on deviated positions or trajectories.To counter the GPS,,m spoofing on UAV system and to detect the position/trajectory anomaly in real time,a motion state vector based stack long short-term memory trajectory prediction scheme is firstly proposed,leveraging the temporal and spatial features of UAV kinematics.Based on the predicted results,an ensemble voting-based trajectory anomaly detection scheme is proposed to detect the position anomalies in real time with the information of motion state sequences.The proposed prediction-based trajectory anomaly detection scheme outperforms the existing offline detection schemes designed for fixed trajectories.Software In The Loop(SITL)based online prediction and online anomaly detection are demonstrated with random 3D flight trajectories.Results show that the coefficient of determination(R^(2))and Root Mean Square Error(RMSE)of the prediction scheme can reach 0.996 and 3.467,respectively.The accuracy,recall,and F1-score of the proposed anomaly detection scheme can reach 0.984,0.988,and 0.983,respectively,which outperform deep ensemble learning,LSTM-based classifier,machine learning classifier and GA-XGBoost based schemes.Moreover,results show that compared with LSTM-based classifier,the average duration(from the moment starting an attack to the moment the attack being detected)and distance of the proposed scheme are reduced by 24.4%and 19.5%,respectively.
基金supported by the National Natural Science Foundation of China under Grant Nos.62072427 and 12227901the Project of Stable Support for Youth Team in Basic Research Field of Chinese Academy of Sciences under Grant No.YSBR-005the Academic Leaders Cultivation Program of University of Science and Technology of China.
文摘Face anti-spoofing aims at detecting whether the input is a real photo of a user(living)or a fake(spoofing)image.As new types of attacks keep emerging,the detection of unknown attacks,known as Zero-Shot Face Anti-Spoofing(ZSFA),has become increasingly important in both academia and industry.Existing ZSFA methods mainly focus on extracting discriminative features between spoofing and living faces.However,the nature of the spoofing faces is to trick anti-spoofing systems by mimicking the livings,therefore the deceptive features between the known attacks and the livings,which have been ignored by existing ZSFA methods,are essential to comprehensively represent the livings.Therefore,existing ZSFA models are incapable of learning the complete representations of living faces and thus fall short of effectively detecting newly emerged attacks.To tackle this problem,we propose an innovative method that effectively captures both the deceptive and discriminative features distinguishing between genuine and spoofing faces.Our method consists of two main components:a two-against-all training strategy and a semantic autoencoder.The two-against-all training strategy is employed to separate deceptive and discriminative features.To address the subsequent invalidation issue of categorical functions and the dominance disequilibrium issue among different dimensions of features after importing deceptive features,we introduce a modified semantic autoencoder.This autoencoder is designed to map all extracted features to a semantic space,thereby achieving a balance in the dominance of each feature dimension.We combine our method with the feature extraction model ResNet50,and experimental results show that the trained ResNet50 model simultaneously achieves a feasible detection of unknown attacks and comparably accurate detection of known spoofing.Experimental results confirm the superiority and effectiveness of our proposed method in identifying the living with the interference of both known and unknown spoofing types.
基金Supported by the Basic Research Foundation of the Tsinghua National Laboratory for Information Science and Technology (TNList)the National Key Basic Research and Development (973) Program of China (No. 2008BAH37B02)
文摘A signature-and-verification-based method, automatic peer-to-peer anti-spoofing (APPA), is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer, and verified and removed at the verification peer where packets with incorrect signatures are filtered. A unique state machine, which is used to generate signatures, is associated with each ordered pair of APPA peers. As the state machine automatically transits, the signature changes accordingly. KISS ran- dom number generator is used as the signature generating algorithm, which makes the state machine very small and fast and requires very low management costs. APPA has an intra-AS (autonomous system) level and an inter-AS level. In the intra-AS level, signatures are tagged into each departing packet at the host and verified at the gateway to achieve finer-grained anti-spoofing than ingress filtering. In the inter-AS level, signatures are tagged at the source AS border router and verified at the destination AS border router to achieve prefix-level anti-spoofing, and the automatic state machine enables the peers to change signatures without negotiation which makes APPA attack-resilient compared with the spoofing prevention method. The results show that the two levels are both incentive for deployment, and they make APPA an integrated anti-spoofing solution.
基金funded in part by the Humanities and Social Sciences Planning Foundation of Ministry of Education of China under Grant No.24YJAZH123National Undergraduate Innovation and Entrepreneurship Training Program of China under Grant No.202510347069the Huzhou Science and Technology Planning Foundation under Grant No.2023GZ04.
文摘The Industrial Internet of Things(IIoT)is increasingly vulnerable to sophisticated cyber threats,particularly zero-day attacks that exploit unknown vulnerabilities and evade traditional security measures.To address this critical challenge,this paper proposes a dynamic defense framework named Zero-day-aware Stackelberg Game-based Multi-Agent Distributed Deep Deterministic Policy Gradient(ZSG-MAD3PG).The framework integrates Stackelberg game modeling with the Multi-Agent Distributed Deep Deterministic Policy Gradient(MAD3PG)algorithm and incorporates defensive deception(DD)strategies to achieve adaptive and efficient protection.While conventional methods typically incur considerable resource overhead and exhibit higher latency due to static or rigid defensive mechanisms,the proposed ZSG-MAD3PG framework mitigates these limitations through multi-stage game modeling and adaptive learning,enabling more efficient resource utilization and faster response times.The Stackelberg-based architecture allows defenders to dynamically optimize packet sampling strategies,while attackers adjust their tactics to reach rapid equilibrium.Furthermore,dynamic deception techniques reduce the time required for the concealment of attacks and the overall system burden.A lightweight behavioral fingerprinting detection mechanism further enhances real-time zero-day attack identification within industrial device clusters.ZSG-MAD3PG demonstrates higher true positive rates(TPR)and lower false alarm rates(FAR)compared to existing methods,while also achieving improved latency,resource efficiency,and stealth adaptability in IIoT zero-day defense scenarios.
基金National Natural Science Foundation of China(No.61101070)
文摘Intermediate spoofing can impact most off-the-shelf Global Navigation Satellite Systems (GNSS) receivers, therefore low cost detection of such spoofing is very important to protect the reliability of the GNSS receivers used in critical safety and financial applications. This paper presents two strategies to analyze attacks by intermediate spoofing attackers to identify the weaknesses of such attacks. The analyses lead to a code and carrier phase consistency detection method with simulation results showing that this method can indicate the receiver when spoofing has occurred. The method can be used by most receivers, is inexpensive, and requires only a small software upgrade.
