Generative Adversarial Evasion and Out-of-Distribution Detection for UAV Cyber-Attacks

TL;DR

This work addresses the vulnerability of UAV IDS to adaptive, generative-model intrusions that mimic OOD data. It couples a conditional GAN to craft stealthy adversarial perturbations that mislead a multi-class IDS while maintaining distributional similarity to OOD samples, with an iterative refinement strategy to optimize evasion. A CVAE-based detector using negative log-likelihood is proposed to distinguish such adversarial inputs from genuine OOD events, outperforming Mahalanobis-distance and likelihood-regret baselines. Experiments on a UAV cyber-attack dataset show effective evasion and strong detection performance, underscoring the need for probabilistic OOD modeling to bolster security in UAV systems.

Abstract

The growing integration of UAVs into civilian airspace underscores the need for resilient and intelligent intrusion detection systems (IDS), as traditional anomaly detection methods often fail to identify novel threats. A common approach treats unfamiliar attacks as out-of-distribution (OOD) samples; however, this leaves systems vulnerable when mitigation is inadequate. Moreover, conventional OOD detectors struggle to distinguish stealthy adversarial attacks from genuine OOD events. This paper introduces a conditional generative adversarial network (cGAN)-based framework for crafting stealthy adversarial attacks that evade IDS mechanisms. We first design a robust multi-class IDS classifier trained on benign UAV telemetry and known cyber-attacks, including Denial of Service (DoS), false data injection (FDI), man-in-the-middle (MiTM), and replay attacks. Using this classifier, our cGAN perturbs known attacks to generate adversarial samples that misclassify as benign while retaining statistical resemblance to OOD distributions. These adversarial samples are iteratively refined to achieve high stealth and success rates. To detect such perturbations, we implement a conditional variational autoencoder (CVAE), leveraging negative log-likelihood to separate adversarial inputs from authentic OOD samples. Comparative evaluation shows that CVAE-based regret scores significantly outperform traditional Mahalanobis distance-based detectors in identifying stealthy adversarial threats. Our findings emphasize the importance of advanced probabilistic modeling to strengthen IDS capabilities against adaptive, generative-model-based cyber intrusions.

Figures (7)

• Figure 1: The attacker can manipulate the telemetry information sent by UAV to the UAM operator, which can influence the conformance monitoring for the UAV.
• Figure 2: Schematic for obtaining negative likelihood (NLL) to detect stealthy adversarial attacks from OOD samples.
• Figure 3: Loss function with the training epochs for the (a) Feedforward IDS network (b) cGAN discrimator training (c) VAE and CVAE training.
• Figure 4: (a) Distributional distance between $X_{\text{adv}}$ and $X_{\text{att}}$ with various refinements. (b) Distributional distance between $X_{\text{ood}}$ and $X_{\text{att}}$ with various refinements. (c) Attack success rate for different refinements (c) Attack success rates for different OOD samples.
• Figure 5: Distributional Distance between distributional distance between attacked and OOD samples and attacked and adversarial samples for different refinement iterations

Theorems & Definitions (1)

• Definition 1