Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Attention Meets UAVs: A Comprehensive Evaluation of DDoS Detection in Low-Cost UAVs

Ashish Sharma, SVSLN Surya Suhas Vaddhiparthy, Sai Usha Goparaju, Deepak Gangadharan, Harikumar Kandath

TL;DR

The paper addresses securing Wi‑Fi based, low-cost UAVs against DDoS by implementing onboard detection on the companion computer and evaluating multiple ML/DL approaches. It introduces a three-attack DDoS framework (TCP, ICMP, and TCP+ICMP) and collects realistic UAV traffic data to benchmark models, with Time Series Transformer achieving the best performance and real-time feasibility. Key contributions include an on-board data pipeline, an extensive ablation study of TST hyperparameters, and demonstration that learnable positional embeddings significantly boost detection F1. The findings highlight the practical viability of attack detection directly on UAV hardware, enabling timely defense in field deployments and informing future DDoS mitigation strategies for UAV flight scenarios.

Abstract

This paper explores the critical issue of enhancing cybersecurity measures for low-cost, Wi-Fi-based Unmanned Aerial Vehicles (UAVs) against Distributed Denial of Service (DDoS) attacks. In the current work, we have explored three variants of DDoS attacks, namely Transmission Control Protocol (TCP), Internet Control Message Protocol (ICMP), and TCP + ICMP flooding attacks, and developed a detection mechanism that runs on the companion computer of the UAV system. As a part of the detection mechanism, we have evaluated various machine learning, and deep learning algorithms, such as XGBoost, Isolation Forest, Long Short-Term Memory (LSTM), Bidirectional-LSTM (Bi-LSTM), LSTM with attention, Bi-LSTM with attention, and Time Series Transformer (TST) in terms of various classification metrics. Our evaluation reveals that algorithms with attention mechanisms outperform their counterparts in general, and TST stands out as the most efficient model with a run time of 0.1 seconds. TST has demonstrated an F1 score of 0.999, 0.997, and 0.943 for TCP, ICMP, and TCP + ICMP flooding attacks respectively. In this work, we present the necessary steps required to build an on-board DDoS detection mechanism. Further, we also present the ablation study to identify the best TST hyperparameters for DDoS detection, and we have also underscored the advantage of adapting learnable positional embeddings in TST for DDoS detection with an improvement in F1 score from 0.94 to 0.99.

Attention Meets UAVs: A Comprehensive Evaluation of DDoS Detection in Low-Cost UAVs

TL;DR

The paper addresses securing Wi‑Fi based, low-cost UAVs against DDoS by implementing onboard detection on the companion computer and evaluating multiple ML/DL approaches. It introduces a three-attack DDoS framework (TCP, ICMP, and TCP+ICMP) and collects realistic UAV traffic data to benchmark models, with Time Series Transformer achieving the best performance and real-time feasibility. Key contributions include an on-board data pipeline, an extensive ablation study of TST hyperparameters, and demonstration that learnable positional embeddings significantly boost detection F1. The findings highlight the practical viability of attack detection directly on UAV hardware, enabling timely defense in field deployments and informing future DDoS mitigation strategies for UAV flight scenarios.

Abstract

This paper explores the critical issue of enhancing cybersecurity measures for low-cost, Wi-Fi-based Unmanned Aerial Vehicles (UAVs) against Distributed Denial of Service (DDoS) attacks. In the current work, we have explored three variants of DDoS attacks, namely Transmission Control Protocol (TCP), Internet Control Message Protocol (ICMP), and TCP + ICMP flooding attacks, and developed a detection mechanism that runs on the companion computer of the UAV system. As a part of the detection mechanism, we have evaluated various machine learning, and deep learning algorithms, such as XGBoost, Isolation Forest, Long Short-Term Memory (LSTM), Bidirectional-LSTM (Bi-LSTM), LSTM with attention, Bi-LSTM with attention, and Time Series Transformer (TST) in terms of various classification metrics. Our evaluation reveals that algorithms with attention mechanisms outperform their counterparts in general, and TST stands out as the most efficient model with a run time of 0.1 seconds. TST has demonstrated an F1 score of 0.999, 0.997, and 0.943 for TCP, ICMP, and TCP + ICMP flooding attacks respectively. In this work, we present the necessary steps required to build an on-board DDoS detection mechanism. Further, we also present the ablation study to identify the best TST hyperparameters for DDoS detection, and we have also underscored the advantage of adapting learnable positional embeddings in TST for DDoS detection with an improvement in F1 score from 0.94 to 0.99.
Paper Structure (27 sections, 6 figures, 13 tables)

This paper contains 27 sections, 6 figures, 13 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. UAV Network Attack Scenario
  4. DDoS Attacks
  5. DDoS Detection
  6. DDoS Attack Framework and Scenario
  7. Overall Flooding Architecture
  8. DDoS Flooding Approaches
  9. TCP Flooding
  10. ICMP Flooding
  11. TCP With ICMP Flooding
  12. Preliminary observations of a Flood Attack
  13. DDoS Detection
  14. Data Collection for Model Training and Evaluation
  15. Data Pre-Processing
  16. ...and 12 more sections

Figures (6)

  • Figure 1: General Wi-Fi-based UAV System
  • Figure 2: System Architecture for DDoS Flooding Attacks
  • Figure 3: System Pipeline for companion computer based DDoS Detection for UAVs using Pixhawk flight controller
  • Figure 4: MAVLink Packet count in a DDoS attack
  • Figure 5: Architecture of Time Series Transformer
  • ...and 1 more figures