Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Label Hijacking in Track Consensus-Based Distributed Multi-Target Tracking

Helena Calatrava, Shuo Tang, Pau Closas

TL;DR

This work introduces the concept of label hijacking: an attack in which an adversary injects spoofed tracks to corrupt target identities across the network and highlights the need to rethink robustness at the consensus layer in DMTT frameworks.

Abstract

Distributed multi-target tracking (DMTT) in limited field-of-view (FoV) sensor networks commonly suffers from label inconsistency, whereby different nodes disagree on the identity of the same target. Recent track-consensus DMTT (TC-DMTT) strategies mitigate this issue by enforcing kinematic and label agreement through metric-based track matching. Nevertheless, their behavior under adversarial conditions remains largely unexplored. In this paper, we reveal identity-level vulnerabilities in TC-DMTT and introduce the concept of label hijacking: an attack in which an adversary injects spoofed tracks to corrupt target identities across the network. Drawing on an analogy to classical pull-off deception in radar, we formalize a notion of attack stealthiness and derive an optimization-based strategy for crafting such attacks. A three-sensor network case study demonstrates the impact of the proposed attack on label consistency and tracking accuracy, showing successful target impersonation. Overall, this work highlights the need to rethink robustness at the consensus layer in DMTT frameworks.

Label Hijacking in Track Consensus-Based Distributed Multi-Target Tracking

TL;DR

This work introduces the concept of label hijacking: an attack in which an adversary injects spoofed tracks to corrupt target identities across the network and highlights the need to rethink robustness at the consensus layer in DMTT frameworks.

Abstract

Distributed multi-target tracking (DMTT) in limited field-of-view (FoV) sensor networks commonly suffers from label inconsistency, whereby different nodes disagree on the identity of the same target. Recent track-consensus DMTT (TC-DMTT) strategies mitigate this issue by enforcing kinematic and label agreement through metric-based track matching. Nevertheless, their behavior under adversarial conditions remains largely unexplored. In this paper, we reveal identity-level vulnerabilities in TC-DMTT and introduce the concept of label hijacking: an attack in which an adversary injects spoofed tracks to corrupt target identities across the network. Drawing on an analogy to classical pull-off deception in radar, we formalize a notion of attack stealthiness and derive an optimization-based strategy for crafting such attacks. A three-sensor network case study demonstrates the impact of the proposed attack on label consistency and tracking accuracy, showing successful target impersonation. Overall, this work highlights the need to rethink robustness at the consensus layer in DMTT frameworks.
Paper Structure (23 sections, 7 equations, 7 figures, 1 algorithm)

This paper contains 23 sections, 7 equations, 7 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background: Track Consensus-Based Distributed Multi-Target Tracking
  3. System Model
  4. Network topology
  5. Message exchange and global labeling
  6. Track formation
  7. Track Consensus
  8. Kinematic consensus
  9. Label consensus
  10. Track Matching Metric
  11. OSPA
  12. OSPA$^{(2)}$
  13. Adversarial Model
  14. Adversarial Scenario
  15. Identity Theft Attack Strategy
  16. ...and 8 more sections

Figures (7)

  • Figure 1: Cyberattack taxonomy for distributed sensor networks yu2021secure. We specialize false data injection to the MTT setting, focusing on identity threats.
  • Figure 2: We introduce label hijacking (extraction + injection) as the data-layer analogue of pull-off radar deception Calatrava2024DeceptionSurvey. The spoofed track hijacks label $\ell_\text{v}$ from the victim target, which is then tracked under an incorrect label $\ell_\ast$. After hijacking $\ell_\text{v}$, the spoofed track can move freely while remaining associated with that identity; by aligning with another target, $\ell_\text{v}$ can be transferred to an impostor target.
  • Figure 3: Pairwise kinematic consensus between two nodes. Tracks in $\{\mathbf{T}^{(a)},\mathbf{T}^{(b)}\}$ are matched using a track-distance metric (Sec. \ref{['sec:tcdmtt:ospa']}); matched tracks are fused and combined with retained unmatched tracks to form $\mathbf{X}^{(a,b,\mathrm{con})}$. As shown in Sec. \ref{['sec:method']}, manipulating the track-matching stage alone is sufficient to induce identity theft (see Remark \ref{['remark:attack']}).
  • Figure 4: False-data injection scenario in TC-DMTT (naturally extensible to larger networks). At time $k$, each node $i$ forms local tracks $\mathbf{X}_k^{(i)}$ from its measurements $\mathbf{Z}_k^{(i)}$. The attacker compromises node $b$, replaces its nominal tracks $\mathbf{X}_k^{(b)}$ with adversarial ones $\mathbf{X}_{k,\ast}^{(b)}$, and forwards them to non-compromised neighbors, thereby corrupting their local fusion outputs $\mathbf{X}_k^{(a,\mathrm{con})}$.
  • Figure 5: Overview of the three stages of TC-ITA and the associated notation (see Sec. \ref{['sec:attack_description']}). White and gray areas denote non-compromised and blind regions, respectively.
  • ...and 2 more figures

Theorems & Definitions (2)

  • Remark 1: Targeted track consensus stage
  • Remark 2: Single-step sufficiency