IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL.

19, 2024 1883

Detection and Mitigation of Position Spoofing

Attacks on Cooperative UAV Swarm Formations
Siguo Bi , Kai Li , Senior Member, IEEE, Shuyan Hu , Member, IEEE, Wei Ni , Fellow, IEEE,
Cong Wang, and Xin Wang , Fellow, IEEE

Abstract— Detecting spoofing attacks on the positions of

unmanned aerial vehicles (UAVs) within a swarm is challeng-
ing. Traditional methods relying solely on individually reported
positions and pairwise distance measurements are ineffective
in identifying the misbehavior of malicious UAVs. This paper
presents a novel systematic structure designed to detect and mit-
igate spoofing attacks in UAV swarms. We formulate the problem
of detecting malicious UAVs as a localization feasibility problem,
leveraging the reported positions and distance measurements.
To address this problem, we develop a semidefinite relaxation
(SDR) approach, which reformulates the non-convex localization
problem into a convex and tractable semidefinite program (SDP).
Additionally, we propose two innovative algorithms that leverage
the proximity of neighboring UAVs to identify malicious UAVs
effectively. Simulations demonstrate the superior performance Fig. 1. An illustration of the attack model, where a malicious UAV falsifies
its position and broadcasts the fake position to the other benign UAVs.
of our proposed approaches compared to existing benchmarks.
Our methods exhibit robustness across various swarm networks,
showcasing their effectiveness in detecting and mitigating spoof-
ing attacks. Specifically, the detection success rate is improved UAVs, and their flexibly adjustable positions conducive to
by up to 65%, 55%, and 51% against distributed, collusion, and line-of-sight (LOS) communications, facilitated by rapid tech-
mixed attacks, respectively, compared to the benchmarks. nological advancements [6]. The varieties of practical needs
Index Terms— Malicious UAV detection, position spoofing for UAV swarms further ignite and necessitate the protection
attack, cooperative localization, semidefinite programming. of security for UAV swarms [7]. For instance, the reliability
of information propagation has been analyzed in large-scale
I. I NTRODUCTION
networks, including UAV swarms [8]. The connectivity of a
R ECENTLY, there has been a widespread utilization of
unmanned aerial vehicles (UAVs) [1], including parcel
delivery [2], radio surveillance [3], [4], and rescue mis-
UAV swarm has been studied in the presence of jamming
attacks from the ground [9]. To enhance reliability and mitigate
potential flight collisions, it is crucial to establish a formation
sions [5]. This is due to the affordability and endurance of
flight and coordination among UAVs [10]. In the formation
Manuscript received 17 July 2023; revised 18 October 2023; flight of a UAV swarm, individual UAVs rely on position
accepted 3 December 2023. Date of publication 8 December 2023; reports from their peers and their pairwise distance measure-
date of current version 26 December 2023. This work was supported in part
by the National Natural Science Foundation of China under Grant 62231010, ments with neighboring UAVs to maintain inter-UAV distances
Grant 62071126, and Grant 62101135; and in part by the Innovation Program and avoid collisions. Compromised or malicious UAVs can
of Shanghai Municipal Science and Technology Commission under Grant launch position spoofing attacks, potentially leading to catas-
21XD1400300. The work of Kai Li was supported by the Real-Time and
Embedded Computing Systems Research Centre (CISTER) Research Unit trophic consequences for the UAV swarm [11]. A malicious
under Grant UIDP/UIDB/04234/2020 and in part by Project ADANET UAV might transmit a deceptive position report, misleading
financed by National Funds through Portuguese Foundation for Science other UAVs while simultaneously concealing its true location,
and Technology [FCT/Portuguese Ministry of Science, Technology, and
Higher Education (MCTES)] under Grant PTDC/EEICOM/3362/2021. The as illustrated in Fig. 1. Such conditions can disrupt the
associate editor coordinating the review of this manuscript and approving it control mechanism that maintains swarm formation, resulting
for publication was Prof. Haijun Zhang. (Corresponding author: Xin Wang.) in disorders [12].
Siguo Bi, Shuyan Hu, Cong Wang, and Xin Wang are with
Fudan University, Shanghai 200433, China (e-mail: [email protected]; Detecting and identifying malicious UAVs within a swarm is
[email protected]; [email protected]; [email protected]). challenging. This problem seeks to establish whether a feasible
Kai Li is with the Division of Electrical Engineering, Department of position realization for each UAV that aligns with all reported
Engineering, University of Cambridge, CB3 0FA Cambridge, U.K., and also
with the Real-Time and Embedded Computing Systems Research Centre distances and measurements exists. Such a feasibility problem
(CISTER), Porto 4249-015, Portugal (e-mail: [email protected]). is non-trivial and non-convex, and has never been studied
Wei Ni is with the Commonwealth Scientific and Industrial and addressed in the existing literature. As delineated in this
Research Organization (CSIRO), Sydney, NSW 2122, Australia (e-mail:
[email protected]). paper, the problem can be transformed into a convex semidef-
Digital Object Identifier 10.1109/TIFS.2023.3341398 inite program (SDP), allowing for efficient use of convex
1556-6021 © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1884 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 19, 2024

optimization solvers in polynomial time. However, solving TABLE I

the SDP problem alone does not enable the identification of N OTATION AND D EFINITION
individual malicious UAVs. On the one hand, the number
of malicious UAVs is typically unknown and needs to be
detected. On the other hand, the effectiveness of SDP can
be penalized by the interdependence among the positions of
neighboring UAVs.
To address these challenges and precisely identify mali-
cious UAVs, this paper proposes two new algorithms: the
Cooperative Detection and Identification (CDI) algorithm and
the Enhanced CDI (E-CDI) algorithm. The CDI algorithm
initiates its process by creating sets of possible malicious
and benign UAVs. Subsequently, it combines the selected
potentially malicious UAVs with the benign set, establishing a
connected sub-network for the SDP-based position feasibility
check. If all the neighboring UAVs of a selected UAV are
themselves malicious, the CDI algorithm may misjudge the
UAV as malicious, as attempting to localize a sub-network
with an entire malicious neighborhood is inherently unfeasi-
ble. In contrast, the E-CDI algorithm conducts an additional
localization feasibility check on each individual UAV in the
neighborhood, compared to the CDI algorithm. By this means,
collusion attacks launched by multiple closely located, mali-
cious UAVs can be detected and mitigated.
Compared to the existing relevant works, e.g., [11], [12],
[13], and [14], the new contributions of this paper include: The rest of this paper is organized as follows. Section II
1) To detect position spoofing attacks, we propose a novel reviews the related works. Section III formulates and con-
mechanism for malicious UAV detection and identifi- vexifies the malicious UAV’s misbehavior detection problem.
cation, where we cast the challenging malicious UAV In Section IV, two efficient iterative algorithms are proposed to
detection problem as a localization feasibility problem. identify malicious UAVs. Section V provides numerical results
2) A semidefinite relaxation (SDR) approach is put forth to evaluate the proposed algorithm, followed by conclusions
to transform the non-convex feasibility problem into in Section VI.
a convex problem. The presence of malicious UAVs Notation: Upper- and lower-case boldface symbols denote
can then be efficiently ascertained by evaluating the matrices and vectors, respectively; | · | takes the absolute value
feasibility of the convex problem. if a scalar is concerned or the cardinality if a set is concerned;
3) We develop two iterative algorithms, i.e., CDI and ∥·∥ denotes ℓ2 -norm; (·)
ˆ indicates a reported, noise-corrupted
E-CDI, to identify malicious UAVs by leveraging the version of (·). The notation used is collated in Tab. I.
proximity of neighboring UAVs.
• The CDI algorithm dynamically merges selected II. R ELATED W ORK
potentially malicious UAVs into the benign set to A. Spoofing Attacks on UAVs
form a connected positioning sub-network. This
Spoofing attacks on UAVs have been extensively inves-
sub-network is used to determine whether the
tigated in the recent literature. However, most works have
selected UAV is malicious.
focused on the direct hijack of the Global Positioning System
• The E-CDI algorithm enhances identification effi-
(GPS) of a specific single UAV. Aiming at identifying fake
ciency by further assessing each neighboring UAV
GPS coordinates due to the hijack of the GPS communication
in the neighborhood of a potentially malicious UAV.
software, the authors of [15] proposed a convolutional neural
As a result, collusion attacks launched by multiple
network (CNN) integrated with a recurrent neural network
closely located, malicious UAVs can be detected.
(RNN) to predict a vehicle’s real-time trajectory based on
Both algorithms are designed to conclude within a finite the data from multiple sensors. With a similar purpose of
number of iterations and exhibit robust performance handling GPS spoofing attacks, the authors of [16] proposed
across various network configurations of UAV swarms. a two-step approach based on data sensed and fused from
Extensive simulations demonstrate that the proposed CDI and distributed radar ground stations equipped with a local tracker.
E-CDI algorithms achieve superior performance on classic The approach consists of spoofing detection and mitigation.
metrics compared to the benchmark techniques. Under the pro- In the spoofing detection step, a track-to-track association
posed algorithms, the detection success rate can be improved approach was adopted to detect spoofing attacks with fused
by up to 65%, 55%, and 51% against distributed, collusion, data from UAVs and a local tracker. In the mitigation step, the
and mixed attacks, respectively, compared to their benchmarks. fused data was input to a controller to mitigate the spoofing

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
BI et al.: DETECTION AND MITIGATION OF POSITION SPOOFING ATTACKS
attack detected. The proposed two-step approach was reported
to achieve almost the same accuracy as GPS efficiently.
To enhance the reliability of flight controllers when the
UAV is under GPS spoofing attack, the authors of [17]
utilized an extended Kalman filter (EKF)-based approach.
They investigated the impact of GPS spoofing on the EKF
estimation and the UAV itself under different levels of attack
strength. It was reported that the classic EKF-based approach
can tolerate small errors from spoofing attacks, but can be
inefficient when the attack intensifies. Similar works on GPS-
related spoofing attacks on a specific single UAV can be found
in [13], [18], [19], and [20], and spoofing attacks related to the
time-of-arrival (TOA) or time difference-of-arrival (TDOA)
can be found in [21].
The security issue of UAV swarms has attracted increasing
attention. In order to mitigate the navigation spoofing attacks
on aerial formations, the authors of [22] proposed a cascaded
estimation algorithm used for concurrent GPS spoofing detec-
tion and localization. An attack detection module was based on
the consistency of multimodal measurement to realize thresh-
old tests. A localization module was then used for a decision
based on remarkable differences between safe and under-attack
conditions of UAV self-localization. The cascaded approach
can achieve a safe self-localization for a UAV swarm under a
spoofing attack. Aiming at solving the GPS spoofing attack in
a UAV swarm, the authors of [23] proposed a security-aware
monitoring method to monitor the potential malicious UAVs
and protect the benign ones from attacks. The method was
implemented by the received-signal-strength-indicator (RSSI)-
based triangulation.
B. Cooperative Network Localization
Position-related spoofing attacks destroy the localization of
UAVs in a UAV swarm, since a UAV swarm can be considered
a cooperative network. SDP, an efficient convex optimization
approach, has been extensively applied to cooperative network
localization. Employing the SDP, the authors of [24] proposed
a novel difference-of-convex (DC)-based algorithm to achieve
accurate cooperative localization. The authors of [25] proposed
an SDP-based method to estimate the relative transformation
of a robot in a cooperative robotic swarm. The SDP-based
method could achieve global optimality and scalability. The
authors of [26] developed an efficient SDP-based scheduling
strategy to optimize UAV deployment in intelligent trans-
portation cooperative networks. More SDP-based cooperative
localization techniques can be found in [14], [27], and [28].
Unlike existing works that rely heavily on extensive training
using historical data, we put forth an SDP-based UAV misbe-
havior detection mechanism with no need for historical data.
The proposed SDP-based mechanism detects and identifies
malicious UAVs that misreport their positions by leveraging
the proximity of neighboring UAVs. This mechanism is appli-
cable regardless of the specific type of localization signals
hijacked and spoofed, including GPS, TDA, or TDOA.
III. S YSTEM M ODEL AND P ROBLEM F ORMULATION
In this section, we first provide the threat model considered
and formally formulate the malicious UAV detection problem
Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1885
Fig. 2. An illustration of the collusion spoofing attack model, where two
malicious UAVs falsify their positions to be within the one-hop neighborhood
of the benign UAV.
as a localization feasibility problem. By applying the SDR,
we convexify the feasibility problem into a convex problem.
A. Threat Model
Consider a swarm of UAVs executing a routine cruising
mission, during which the UAVs cooperatively maintain a
specific formation to prevent collisions. Each UAV within the
swarm communicates its position, ascertained by the GPS,
to its counterparts. Each UAV also conducts relative distance
measurements with the other UAVs that are within the per-
missible communication range of the UAV. Random receiver
noises or GPS errors can corrupt these distance measurements,
rendering the reported positions inaccurate. During the forma-
tion flight, each UAV adjusts its flight position based on the
reported positions and distance measurements of neighboring
UAVs, thereby averting potential flight collisions.
Malicious UAVs, under the control of attackers, have the
capability to fabricate their position information and dissemi-
nate this information among all other UAVs. More precisely,
malicious UAVs can initiate a spoofing attack by falsely report-
ing their positions within the detection measurement range of
benign UAVs. This deliberate misrepresentation of positions
can directly disrupt the formation. Moreover, malicious UAVs
may target a specific benign UAV by deceptively reporting
their positions within the detection measurement range of that
UAV, which is a tactic known as a collusion attack; see Fig. 2.
This coordinated misrepresentation is aimed at framing a target
UAV. Given the substantial evidence presented through this
deceptive conspiracy, the swarm may erroneously conclude
that the framed UAV is perpetrating a spoofing attack.
The two above-mentioned attacks, i.e., the distributed attack
and the collusion attack, can be amalgamated to initiate a
mixed spoofing attack; see Fig. 3. In this composite attack,
some malicious UAVs execute a distributed attack while the
remaining UAVs engage in a collusion attack. The mixed
nature of this attack significantly intensifies its severity, poten-
tially hastening the breakdown of the entire formation.
B. Problem Statement
We propose to formulate the problem of identifying mali-
cious UAVs as a localization feasibility problem. If localization
1886 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 19, 2024

measurement error. Nonetheless, the right-hand side (RHS) of

constraint (1c), i.e., ( d2 )2 , can adapt to the needs of different
measurement devices.

C. Proposed SDP-Based Reformulation

Because of the non-convex constraints (1a)–(1c), finding X
in (1) is a non-convex feasibility checking problem, which is
difficult to solve. To convexify (1a)–(1c), auxiliary variables,
denoted by αi j , ∀i, j ∈ [1, N ], are introduced to substitute
those non-convex parts in (1a)–(1c). As a result, the non-
convex feasibility problem in (1) can be rewritten as
Fig. 3. An illustration of the mixed spoofing attack model, where two
malicious UAVs conduct a collusion attack while the other malicious UAVs
falsify their positions.
findX
s.t. αi j < d 2 , ∀i ∈ N, j ∈ Ni , (2a)
αii ≤ ϵ, ∀i ∈ N, (2b)
is infeasible under the positions and distance measurements d
reported, there is at least one malicious UAV attacking |r̂i2j − αi j | < ( )2 , ∀i ∈ N, j ∈ Ni , (2c)
2
the UAV swarm in an attempt to compromise the swarm
formation. ||x i − x̂ j ||2 = αi j , ∀i ∈ N, j ∈ Ni ∪ {i}, (2d)
Let X := {x 1 , . . . , x N } define the three-dimensional (3D) where constraints (2a) and (2d) are homogenized from (1a),
coordinates of the UAVs in an N -UAV swarm studied, where and (2b) is homogenized from (1b). Constraints (2a)–(2c)
x i ∈ R3×1 is the unknown actual 3D coordinates of UAV i. are affine and convex. Constraint (2d) is still non-convex.
Let N = {1, . . . , N } collect the indexes of the N UAVs. To convexify (2d), we rewrite ||x i − x̂ j ||2 in a matrix form as
The permissible range for pairwise distance measurement is   
T I3 X x̂ j
denoted by d. The reported position of UAV i is given as xˆi , 2 T
∥x i − x̂ j ∥ = [ x̂ j − ei ] , (3)
which can be contaminated by the measurement noise, i.e., XT Y −ei
wi ∼ N (0, σi2 I 3 ). x̂ i = x i +wi , ∀i. Here, N (0, σi2 I 3 ) stands where ei ∈ R N ×1 is a vector whose i-th element is “1” and
for the zero-mean Gaussian distribution with the variance of the rest are all “0”. X ∈ R3×N is a 3 × N matrix with its i-th
σi2 I 3 and I 3 is the 3 × 3 identity matrix. column being x i . Moreover,
The feasibility problem of finding a solution of X can be
formulated as Y = X T X ∈ R N ×N . (4)

findX As a result, finding X in problem (2) can be equivalently

reformulated as
s.t. ∥x i − x̂ j ∥2 < d 2 , ∀i ∈ N, j ∈ Ni , (1a)
|x i − x̂ i ∥ ≤ ϵ, ∀i ∈ N,
2
(1b) find X, Y
d s.t. αi j < d 2 , ∀i ∈ N, j ∈ Ni , (5a)
|r̂i2j − ∥x i − x̂ j ∥2 | < ( )2 , ∀i ∈ N, j ∈ Ni , (1c)
2 αii ≤ ϵ, ∀i ∈ N, (5b)
where Ni collects all one-hop neighbors of UAV i and can d
|r̂i2j − αi j | < ( )2 , ∀i ∈ N, j ∈ Ni , (5c)
be obtained based on the reports of UAV i; ϵ ≥ 0 is a  2  
small constant; and r̂i j denotes the reported pairwise distance I3 X x̂ j
[ x̂ Tj − eiT ] = αi j , ∀i ∈ N, j ∈ Ni ∪ {i},
between UAVs i and j contaminated with measurement noise, X T Y −ei
e.g., wi j ∼ N (0, σi2j ). Here, σi2j is the variance of the distance (5d)
measurement error. T
Constraint (1a) defines that the relative distance measure- Y = X X. (5e)
ment between UAV i and the reported position of UAV j, i.e., Here, constraints (5d) and (5e) are non-convex. Yet, constraint
∥x i − x̂ j ∥, has to be within the permissible communication (5e) can be relaxed as [24] and [29]
range, d, if UAV i is a one-hop neighbor of UAV j and
can hear its ranging signals. Constraint (1b) dictates that the Y ⪰ X T X, (6)
difference between x i and xˆi is smaller than a pre-specified where “⪰” stands for element-wise inequality. According to
threshold ϵ, ensuring that the model must rely on the individual Schur complement [30], (6) is equivalent to
reported position to output a solution (if such a solution does  
not exist, it is reasonable to suspect there exist misreported I3 X
⪰ 0, (7)
UAV positions). Constraint (1c) indicates that the difference XT Y
between the reported pairwise distance and the Euclidean Further let Z denote the left-hand side (LHS) of (7), yielding
distance (between the estimated and reported positions) should  
be smaller than half of the distance measurement range, which I3 X
Z= ⪰ 0. (8)
is also considered to be the maximum tolerable distance XT Y

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
BI et al.: DETECTION AND MITIGATION OF POSITION SPOOFING ATTACKS 1887

The relaxation of (5e) to (6) is tight if Rank(Z) = 3. Algorithm 1 The Proposed CDI Algorithm
Also, define Input: B; M; xˆi , ∀i ∈ [1, N ]; rˆi j ,
∀i, j ∈ [1, N ], i ̸ = j; d; ϵ.
 
x̂ j
Ĝ i j = [ x̂ Tj − eiT ]. (9)
−ei Output: M
1 Set k ← 1;
Based on (8) and (9), (5d) can be rewritten as
   2 while M can be further reduced do
I3 X x̂ j
[ x̂ Tj − eiT ] = Tr(Ĝ i j Z) = αi j , (10) 3 Select the k-th UAV of M and the set of its
XT Y −ei one-hop neighbors Nk ;
Based on (6)–(10), the feasibility problem (5) is further 4 Construct T ← B ∪ {k, Nk };
equivalently rewritten as the following feasibility problem: 5 Apply T to (12), and check feasibility using SDP.
find Z 6 if problem (12) is feasible T then
7 M ← M \ {k, Nk };
s.t. Z 1:3,1:3 = I 3 , (11a) 8 B ← B ∪ {k, Nk };
αi j < d ,
2
∀i ∈ N, j ∈ Ni , (11b) 9 end
αii ≤ ϵ, = ∀i ∈ N, (11c) 10 Set k ← (k + 1) mod |M|;
11 end
d
|r̂i2j − αi j | < ( )2 , ∀i ∈ N, j ∈ Ni , (11d)
2
Tr(Ĝ i j Z) = αi j , ∀i ∈ N, j ∈ Ni ∪ {i}, (11e)
A. Initialization of Malicious UAV Set
Z ⪰ 0, (11f)
Let M and B denote the sets of malicious and benign UAVs,
Rank(Z) = 3. (11g)
respectively. M ∪ B = N. Based on E r and E n , we propose
where constraint (11a) enforces the upper left 3 × 3 block to initialize M and B, as follows.
of Z to be an identity matrix, ensuring that the rank of the We come up with two Euclidean matrices, i.e., the generated
solution is at least three. Constraints (11a), (11f), and (11g) Euclidean matrix from individual reported positions, denoted
are equivalently derived from (5e). This is because both (11a) by E r ∈ R N ×N , and the detected Euclidean distances matrix
and (11f) constrain Z to be symmetric and in the form of (8), contaminated with noise, denoted by E n ∈ R N ×N , as
while rank constraint (11g) forces the lower right N × N block 
ρ11 ∥ xˆ1 − xˆ1 ∥ ··· ρ1N ∥ xˆ1 − xˆN ∥

of Z, i.e., Y in (8), to be X T X, according to classic linear .. .. ..
Er =  . . .  , (13)
 
algebra theory.
Dropping the rank constraint (11g), we have the following ρ N 1 ∥ xˆN − xˆ1 ∥ · · · ρ N N ∥ xˆN − xˆN ∥
SDR problem:
 
r̂11 · · · r̂1N
find Z E n =  ... ..
.
..  ,
.  (14)


s.t. Z 1:3,1:3 = I 3 , (12a) r̂ N 1 ··· r̂ N N

αi j < d , ∀i ∈ N, j ∈ Ni ,
2
αii ≤ ϵ, ∀i ∈ N,
d communication range, i.e., r̂i j > 0; otherwise, ρi j = 0. In this
|r̂i2j − αi j | < ( )2 , ∀i ∈ N, j ∈ Ni ,
2
Tr(Ĝ i j Z) = αi j , ∀i ∈ N, j ∈ Ni ∪ {i},
Z ⪰ 0.
Problem (12) is convex and can be efficiently solved using
off-the-shelf CVX solvers, e.g., MATLAB CVX toolbox [31].
Clearly, problem (12) is a relaxed (but generally tight) version
of the original feasibility problem (1), with a larger feasible
solution region. If the problem in (12) is infeasible, i.e.,
no feasible solution exists for the problem in (12), then
problem (1) is surely infeasible. As a result, we can detect
whether at least one malicious UAV misreports its position by
checking the feasibility of the problem in (12).
IV. P ROPOSED A PPROACH FOR M ALICIOUS UAV
I DENTIFICATION
Leveraging the SDP problem in (12), we proceed to develop
two new algorithms, CDI and E-CDI, to exploit the proxim-
ity of adjacent UAVs to facilitate the effective detection of
malicious UAVs and eliminate spoofing attacks.
(12b) where ρi j indicates if UAVs i and j are directly connected.
(12c) ρi j = 1, if UAVs i and j are within each other’s permissible
(12d) sense, E r can be a sparse matrix (like E n ), depending on the
communication range of the UAV.
(12e) We can carry out element-wise comparisons between E r
(12f) and E n . Specifically, if the (i, j)-th elements of the two
matrices have a smaller difference than the pre-specified
threshold d2 , i.e., (1c) is unsatisfied, then UAVs i and/or j
are potentially malicious. Both of the UAVs are added into
M, i.e., M = M ∪ {i, j}. After all N 2 elements of E r and E n
are assessed, the initial M is obtained. B can be accordingly
initialized to be B = N \ M.
B. Proposed CDI Algorithm
As summarized in Algorithm 1, we propose to assess the
potentially malicious UAVs in M one after another and move
those actually benign from M to B until both M and B
stop changing. When assessing a UAV, i.e., UAV k, from M,
we also consider its one-hop neighbors. Part of Nk may belong
to B, and the rest belong to M.
We apply the feasibility checking problem in (12) to the
collection of B, {k}, and Nk , i.e., B∪ {k, Nk }. If the problem is

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1888 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 19, 2024

feasible, UAV k and its one-hop neighbors Nk are benign. They Algorithm 2 The Proposed E-CDI Algorithm
can be removed from M and added to B; i.e., M = M\{k, Nk } Input: B; M; xˆi , ∀i ∈ [1, N ]; rˆi j ,
and B = B∪{k, Nk }. Otherwise, they remain in M. The reason ∀i, j ∈ [1, N ], i ̸ = j; d; ϵ.
for considering a potentially malicious UAV k together with Output: M
its one-hop neighbors Nk is to increase the chance that UAV k 1 Set k ← 1;
is connected to B. Therefore, the feasibility checking problem 2 while M can be further reduced do
can be meaningfully carried out. In the case where UAV k and 3 Select the k-th UAV in M and the set of its
its one-hop neighbors Nk are disconnected from B (in other one-hop neighbors Nk ;
words, Nk and their neighbors all belong to M), then UAV k 4 Construct T ← B ∪ {k, Nk };
and its one-hop neighbors Nk remain in M. 5 Apply T to (12), and check feasibility using SDP.
In this way, we repeatedly assess the remaining UAVs in 6 if problem (12) is feasible upon T then
M until M cannot be further reduced. This algorithm can 7 M ← M \ {k, Nk };
quickly detect and identify malicious UAVs; but may overkill, 8 B ← B ∪ {k, Nk };
i.e., misjudge a benign UAV to be malicious in the situation 9 else
where the benign UAV only has a malicious one-hop neighbor 10 Set T1 ← {k, Nk }; i ← 1;
since they are always assessed together for feasibility and 11 while i ≤ |T1 | do
cannot be individually arbitrated. In this sense, the algorithm 12 Select the i-th UAV of {k, Nk }, denoted
is conservative and can be overprotective. by πi ;
13 Construct T2 ← B ∪ {πi };
C. Proposed E-CDI Algorithm 14 Apply T2 to (12) and check feasibility
A key difference between the E-CDI algorithm and the CDI using SDP;
algorithm (Algorithm 1) is that the E-CDI algorithm assesses 15 if problem (12) is feasible upon T2 then
each of the potentially malicious one-hop neighbors of a UAV 16 M ← M \ {πi };
belonging to M individually, each time the UAV and its one- 17 B ← B ∪ {πi };
hop neighbors fail the feasibility check. Specifically, each of 18 end
UAV k and its potentially malicious one-hop neighbors in Nk 19 i ← i + 1;
are assessed by temporarily joining B for feasibility check 20 end
again. Those that turn out to be benign are removed from 21 end
M and added to B. By this means, each connected malicious 22 Set k ← (k + 1) mod |M|;
UAV can be detected and identified. The details are provided 23 end
in Algorithm 2. The flowchart of the proposed CDI/E-CDI
algorithm is provided in Fig. 4.
Another key difference is that the E-CDI algorithm is able TABLE II
to detect collusion attacks, while the CDI algorithm cannot. S IMULATION PARAMETERS AND C ONFIGURATION
This is because the E-CDI assesses individual UAVs in a
neighborhood {k, Nk } if the neighborhood is detected to be
infected by malicious UAVs in the neighborhood. As a result,
the malicious UAVs (or UAVs that cannot be confirmed benign
due to their poor connectivity to other benign UAVs) can
be individually assessed and verified. In contrast, the CDI
algorithm may not achieve this since its assessment is based
on neighborhoods {k, Nk }, ∀k ∈ M.
d = 0.3. Note that both the reported positions and reported
V. S IMULATION R ESULTS distance measurements are contaminated with additive Gaus-
In this section, we consider three types of spoofing attacks to sian noises, wi ∼ N (0, 10−6 I 3 ) [32] and wi j ∼ N (0, 10−6 ),
gauge the capability of the proposed algorithm to counteract respectively. The key parameters of the simulations are sum-
these attacks. We conduct extensive simulations to compre- marized in Tab. II.
hensively evaluate the proposed algorithms in comparison We assess the performances of the proposed algorithms
with the established benchmarks on the key factors, i.e., the against three types of position spoofing attacks, as follows.
number of malicious UAVs, the scale of the network, distance
• Distributed spoofing attack Under this attack, several
measurement noise, and measurement distance.
malicious UAVs independently misreport their positions
in an attempt to compromise the UAV swarm formation.
A. Simulation Setting • Collusion attack Under this attack, several malicious
We consider a UAV swarm with the UAVs’ positions UAVs conspire to frame some benign UAVs and make
randomly generated according to a uniform distribution inside them falsely identified as malicious. Based on the
a unit cube [−0.5, +0.5]3 . The malicious UAVs are randomly reported positions from targeted benign UAVs, the mali-
chosen from the nodes. The distance measurement range is cious UAVs misreport their positions to be within the

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
BI et al.: DETECTION AND MITIGATION OF POSITION SPOOFING ATTACKS 1889

Fig. 4. The flowchart of the proposed CDI/E-CDI algorithm, where the shaded part accounts for the CDI algorithm, which is part of the more comprehensive
E-CDI algorithm.

neighborhood of those benign UAVs, though they can be malicious UAVs and the sampled UAVs as the output of
far away from the UAVs under attack. the approach.
• Mixed spoofing attack Under this attack, malicious The performance metrics considered are Precision, Recall,
UAVs launch attacks in both distributed and collu- and F1. The three classic metrics are given by [34]
sive fashions. Specifically, some of the malicious UAVs
independently carry out distributed spoofing attacks to |Q p ∩ Q t |
compromise the swarm formation. The rest of the mali- Precision = , (15a)
|Q p |
cious UAVs cooperate to further impair or corrode the |Q p ∩ Q t |
integrity of the UAV swarm. Recall = , (15b)
|Q t |
The benchmark algorithms considered are 2 × Precision × Recall
• NLOS-based approach: This approach [33] treats errors F1 = , (15c)
Precision + Recall
induced by the misbehavior of malicious UAVs as a
variant of NLOS, since NLOS and spoofed positions are where Q p stands for the predicted set by a specific algorithm,
alike, i.e., causing considerable deviations from the gen- Q t denotes the ground-truth test set, and |·| denotes cardinality.
uine positions. However, NLOS is a path error involving To evaluate the effect of the network topology, we consider
two UAVs in a swarm. Therefore, we mildly adjust it two other metrics, including “malicious ratio”, i.e., the ratio
to suit comparison by random sampling according to the of the number of malicious UAVs detected initially (as done
scale of the test sample. in Section IV-A) to the total number of UAVs, denoted by
• Random approach: This approach directly relies on R M = |M|/|N|. Correspondingly, the “benign ratio”, i.e., the
the earlier potential candidate set of malicious UAVs ratio of the number of UAVs initially determined as benign to
to conduct random sampling adjusted to the number of the total number of UAVs, is R B = 1 − R M .

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1890
Fig. 5. An identification sample of the proposed approach against distributed
spoofing attack in a UAV swarm with N = 30 UAVs and M = 4 malicious
UAVs, where d = 0.3. The dashed lines exhibit the misreported distance.
Fig. 6. An identification sample of the proposed approach against collusion
spoofing attack, in a UAV swarm with N = 30 UAVs and M = 4 malicious
UAVs, where d = 0.3. The dashed lines exhibit the misreported distance.
B. Visualization of Proposed Malicious UAV Detection
Fig. 5 shows the identifications of malicious UAVs in a
UAV swarm with N = 30 UAVs under distributed spoofing
attacks. There are four malicious UAVs launching distributed
spoofing attacks. Both the proposed CDI and E-CDI algo-
rithms are simulated. Fig. 6 shows the identifications of
malicious UAVs in the 30-UAV swarm under collusion attacks,
where four malicious UAVs conspire collusion attacks towards
a benign UAV. In Fig. 6, we only simulate the proposed
E-CDI algorithm since the CDI algorithm is inapplicable to
collusion attacks, as discussed in Section IV-C. Fig. 7 shows
the identifications of malicious UAVs in the 30-UAV swarm
under mixed attacks, where three malicious UAVs conspire
collusion attacks towards a benign UAV, while three other
malicious UAVs launch distributed attacks. We only run the
proposed E-CDI algorithm in Fig. 7 for the same reason as
considered for Fig. 6. From Figs. 5, 6, and 7, we can see that
the proposed CDI and E-CDI algorithms can effectively detect
and identify malicious UAVs in applicable scenarios.
Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 19, 2024
Fig. 7. An identification sample of the proposed approach against mixed
spoofing attack, in a UAV swarm with N = 30 UAVs and M = 6 malicious
UAVs, where d = 0.3. The dashed lines exhibit the misreported distance.
Fig. 8. The variations of malicious ratio.
C. Resistance to Distributed Spoofing Attacks
Fig. 8 plots the malicious ratio and average available
degree across different numbers of malicious UAVs, where
the average of 100 independently randomly generated swarms
with consistent parameters with Fig. 5 is plotted. It is noticed
that the malicious ratio is nearly linear to the number of
malicious UAVs. When there are seven malicious UAVs,
the potential malicious ratio can reach zero, highlighting the
presence of multiple malicious UAVs can severely disrupt or
even dismantle the normal operation of a swarm.
In Fig. 9(a), we observe the Precision of the proposed
algorithms compared to the benchmark methods. It is evident
that both the CDI and E-CDI algorithms outperform the others
significantly. The difference in Precision between the two
algorithms can be attributed to the strategy they employ for
handling neighboring index sets. The E-CDI algorithm, which
selects multiple indices simultaneously, may introduce some
redundancies, leading to a slightly inferior Precision compared
to the CDI algorithm, which selects one index at a time.
Additionally, the decreasing trend in performance of both
BI et al.: DETECTION AND MITIGATION OF POSITION SPOOFING ATTACKS 1891

Fig. 9. (a) The performance on precision of the proposed and baseline approaches. (b) The performance on recall of the proposed and baseline approaches.
(c) The performance on F1 of the proposed and baseline approaches. (d) The performance on F1 of the proposed and baseline approaches under different
scales of the swarm network. (e) The performance on F1 of the proposed and baseline approaches under different levels of distance measurement noise.
(f) The performance on F1 of the proposed and baseline approaches under different levels of measurement distance.

proposed approaches can be linked to the degradation of the
network structure, as indicated by the increasing malicious
ratio in Fig. 8.
On the other hand, there is a noticeable upward trend in the
detection of malicious UAVs under the NLOS-based approach,
especially those with significant distance errors akin to NLOS
conditions. The NLOS-based approach, which involves select-
ing UAVs with the largest distance errors, simultaneously
amplifies the likelihood of encountering malicious UAVs. The
ascending trend in the Random approach can be explained
by the situation where the rate of capturing malicious UAVs
surpasses the expansion rate of the malicious set.
In Fig. 9(b), we examine the Recall of the proposed methods
compared to the benchmarks across varying numbers of mali-
cious UAVs. Both the CDI and E-CDI algorithms outperform
all benchmarks significantly. Moreover, E-CDI offers higher
Recall than CDI. The reason is that E-CDI sacrifices some
precision, potentially introducing redundancies, to ensure the
capture of more malicious UAVs. Given the critical security
nature of the problem studied, it is imperative to emphasize
high Recall to identify as many malicious UAVs as possible
to safeguard the swarm. As also noticed, the Recall of both
proposed algorithms declines due to the deteriorating network
structure, as discussed in Fig. 9(a). For the same reason, the
Recall of the NLOS-based approach also declines, as discussed
in Fig. 9(a). As for the Random-based approach, it is intriguing
to note that the trends in Precision in Fig. 9(a) and Recall in
Fig. 9(b) bear resemblance. The conclusion drawn is that the
expansion rate of captured malicious UAVs exceeds that of the
malicious set enlargement, leading to this consistent trend.
Fig. 9(c) illustrates the F1 of the proposed methods along-
side the benchmarks across varying numbers of malicious
UAVs, where the proposed CDI and E-CDI algorithms con-
sistently outperform all other algorithms. It is noticed that the
E-CDI algorithm is initially better than the CDI algorithm.
However, as the number of malicious UAVs increases, the CDI
algorithm gradually surpasses the E-CDI algorithm when the
number of malicious UAVs exceeds five. The reason is that
when there are only a small number of malicious UAVs in
a swarm, the E-CDI algorithm is more likely to misclassify
benign UAVs as malicious. As the number of malicious UAVs
increases and the network structure deteriorates, the E-CDI
algorithm is increasingly advantageous. With a higher number
of malicious UAVs, the E-CDI algorithm exhibits a greater
likelihood of correctly detecting malicious UAVs.
We also notice in Fig. 9(c) that the NLOS-based approach
outperforms the Random approach due to its selection from
a relatively smaller malicious set with a higher probability,
achieved through sorting based on absolute distance error.
In contrast, the Random approach selects from a larger set
encompassing all possible malicious UAVs. The increasing
trend observed in both benchmark algorithms is attributed to
the growing number of malicious UAVs, resulting in a higher
probability of detection by both benchmarks.
Fig. 9(d) presents the F1 performance of our proposed
algorithms compared to the benchmark algorithms across
these varying network scales. Both the proposed CDI and E-
CDI algorithms consistently outperform the other algorithms.
An intriguing observation is that the CDI algorithm surpasses
the E-CDI algorithm across all network scales. This is primar-
ily attributed to the fixed number of malicious UAVs: As the
network scales up, a larger number of benign UAVs are likely
to be present, offering supporting evidence. However, this
also introduces a risk for the E-CDI algorithm, which, while

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1892
aiming for higher Recall, may inadvertently incorporate benign
UAVs. By contrast, the CDI algorithm, which emphasizes
higher Precision by meticulously identifying one UAV at a
time, mitigates this risk. On the other hand, the declining trend
observed in both benchmarks can be attributed to the larger
network scale, leading to a lower probability of detection
for both benchmarks. In particular, the increased number of
malicious UAVs in a larger-scale network makes it hard for
the benchmarks, which employ methods like selecting the
largest absolute distance error or sampling from the potential
malicious set, to identify the malicious UAVs effectively.
Fig. 9(e) presents the F1 performance of the proposed algo-
rithms in comparison to the benchmarks across different levels
of distance measurement inaccuracies. It is evident that all the
algorithms exhibit a consistent declining trend, resulting from
the adverse influence of inaccurate distance measurements
on the effectiveness of constraints in (12). Nevertheless, the
proposed algorithms maintain efficiency and robustness even
in the face of elevated levels of measurement noise. This
resilience stems from the fact that the algorithms leverage
the entire swarm to aggregate evidence, effectively mitigating
the impact of inaccurate distance measurements. On the other
hand, the benchmarks face challenges with an increase in
noise, as these inaccuracies can lead to greater disparities
between the distances computed based on reported positions
and the reported distance measurements. This, in turn, expands
the candidate set of malicious UAVs, reducing the likelihood
of detection by the benchmarks.
Fig. 9(f) provides an overview of the F1 performance of
the proposed algorithms and the benchmarks across different
measurement distances. In the case of the proposed algorithms,
both initially exhibit an ascending trend, followed by a descent
after reaching a threshold of 0.35. This is because the increase
in measurement distance prompts more UAVs to become
neighbors, thereby generating additional evidence for decision-
making at the beginning. However, the larger measurement
distance relaxes the constraints applied to directly counter-
spoofing, permitting more malicious UAVs to evade detection
and the F1 declines. In contrast, when considering the bench-
mark algorithms, the expansion of measurement distance
implies that more neighbors are involved in the evidence-
gathering process. This can result in a higher number of
UAVs reporting pairwise distance measurements, consequently
leading to greater disparities between the distances computed
based on reported positions and the reported distance measure-
ments. The resulting larger candidate set of malicious UAVs
reduces the probability of detection by the benchmarks.
We further compare the proposed CDI and E-CDI algo-
rithms in the number of iterations, as shown in Fig. 10. All
parameters are kept consistent with those in Fig. 5, except for
the number of malicious UAVs. When the number of malicious
UAVs is relatively small, the CDI algorithm outperforms the
E-CDI algorithm. As the number of malicious UAVs increases,
a shift unfolds: the E-CDI algorithm gradually overtakes
the CDI algorithm, and the performance gap between them
widens with the growing number of malicious UAVs. This
is because, when dealing with a small number of malicious
UAVs, the CDI algorithm’s scrutiny of each individual UAV is
Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 19, 2024
Fig. 10. The number of iterations required by the CDI and E-CDI algorithms.
advantageous. But, as the number of malicious UAVs expands,
the escalating number of malicious UAVs poses increasing
feasibility challenges for the CDI algorithm. On the other
hand, by prioritizing high Recall, the E-CDI algorithm aims
to identify as many malicious UAVs as possible.
D. Resistance to Collusion Spoofing Attacks
In line with Fig. 6, we delve into the evaluation of the F1
metric for the proposed E-CDI algorithm in comparison to the
benchmarks. The CDI algorithm is not assessed, as explained
in Section IV. To maintain consistency, we generate 100
UAV swarms randomly and independently with consistent
parameters with those in Fig. 6, except for the number of
malicious UAVs. Each data point represents the average of
the 100 swarms.
Fig. 11(a) compares the F1 score between the E-CDI
algorithm and the benchmarks under a collusion spoofing
attack. Unlike the declining trend observed in Fig. 9(c),
the proposed E-CDI algorithm exhibits an upward trend as
malicious UAVs increase. On the one hand, collusion spoof-
ing attacks have a distinct structure compared to distributed
spoofing attacks in the sense that attackers are more likely
to be densely concentrated around a targeted UAV. On the
other hand, the E-CDI algorithm assesses potentially malicious
UAVs individually if their neighborhood is detected to be
infected by malicious UAVs, which is particularly effective
in the densely populated neighborhood of a collusion attack.
Consequently, the E-CDI can exploit the specific characteris-
tics of collusion spoofing attacks.
The ascending trend is also observed under the benchmark
algorithms, resulting from the presence of densely concen-
trated UAVs, which tend to induce fewer disparities between
the distance computed based on reported positions and the
reported distance measurements. This, in turn, results in
smaller candidate sets of malicious UAVs, which are more
likely to be detected by the benchmarks.
We proceed to assess the impact of two critical parame-
ters: distance measurement error and the range for distance
measurement on the performance of the proposed E-CDI
algorithm. With the increasing distance measurement noises,
a descending trend of the F1 score can be observed in
BI et al.: DETECTION AND MITIGATION OF POSITION SPOOFING ATTACKS 1893

Fig. 11. The performance on F1 of the proposed and baseline approaches in collusion spoofing attack scenario. (a) Under different scales of malicious UAVs.
(b) Under different levels of distance measurement noise. (c) Under different levels of measurement distance.

Fig. 12. The performance evaluation on F1 of the proposed and baseline approaches in mixed spoofing attack scenario. (a) Under different scales of malicious
UAVs. (b) Under different levels of distance measurement noise. (c) Under different levels of measurement distance.

Fig. 11(b), as done in Fig. 9(e). On the other hand, a descend-
ing trend is also noticed with the increasing permissible
distance in Fig. 11(c), which is consistent with the observation
made in Fig. 9(f). Given that these two parameters exhibit a
similar influence in both distributed and collusion scenarios,
we can refer to the discussions about distributed spoofing in
Section V-C for the sake of brevity.
E. Resistance to Mixed Spoofing Attack
As considered in Fig. 7, we proceed to assess the F1
metric of the proposed E-CDI algorithm, comparing it to
the benchmarks. A total of 100 UAV swarms are generated
randomly and independently with consistent parameters with
those considered in Fig. 7, except for the number of mali-
cious UAVs. Each data point represents the average of the
100 swarms.
In Fig. 12(a), we analyze the F1 performance of the
proposed E-CDI algorithm compared to the benchmarks in
the context of a mixed spoofing attack. In order to con-
duct a fair evaluation across various numbers of malicious
UAVs, we evenly distribute the malicious UAVs into two
distinct groups. For instance, when dealing with six malicious
UAVs, we assign three of them to execute distributed attacks.
The remaining three are directed toward launching collusion
attacks against a benign UAV. It is noted that the mixed
spoofing attack cannot be simply regarded as the superposition
of distributed and collusion attacks. The amalgamation of these
different attack types within the mixed scenario introduces
substantial variations in the network structure.
Comparing the trends seen in Fig. 12(a) to those in Figs. 9(c)
and 11(a), it is evident that the performance of the proposed
E-CDI algorithm follows a similar ascending trend as observed
in Fig. 11(a), which is different from the trend in Fig. 9(c).
As malicious UAVs increase, the network structure undergoes
a notable transformation. Initially, both distributed attacks and
collusion attacks contribute evenly. However, with a greater
number of attackers, more malicious UAVs initially involved
in distributed attacks inadvertently become participants in
collusion attacks. This shift results in the gradual dominance
of collusion attacks. Consequently, the performance trend
observed in the mixed spoofing attack aligns with the pattern
shown in Fig. 11(a), although there can be a slight performance
degradation for the same number of malicious UAVs.
In the case of the benchmarks, the ascending trend of
their F1 scores can be attributed to the presence of densely
concentrated UAVs, which tends to reduce the disparities
between the distance computed based on reported positions
and the reported distance measurements, as discussed earlier.
Last but not least, we assess the impact of distance mea-
surement error and the permissible distance for distance
measurement on the performance of the proposed E-CDI
algorithm. It is noticed that Fig. 12(b) yields a declining
trend like the one observed in Fig. 9(e), while Fig. 12(c)
displays a decreasing pattern like the one shown in Fig. 9(f).
Given that these two parameters have consistent effects under
the distributed and collusion attacks, the reason underlying
the observations in Figs. 12(b) and 12(c) can be established,
as discussed in Section V-C. It is worth highlighting that there

Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1894 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 19, 2024
exists a marginal performance decline for the same number
of malicious UAVs when compared to the distributed attacks.
This is due to the more intricate degradation of the network
structure exacerbated by the interplay of mixed attacks.
VI. C ONCLUSION
In this paper, we judiciously formulated a complicated
malicious UAV detection problem based on the reported
positions and pairwise distance measurements of the UAVs as
a localization feasibility problem. Then, we relied on an SDR
approach to recast the formulated non-convex problem into a
convex SDP, which is the key to assessing the feasibility of
the reported positions and distance measurements. Moreover,
we proposed two tailored iterative algorithms based on the
proposed SDP approach to detect and identify malicious UAVs
in UAV swarms. Extensive simulations demonstrated that the
proposed algorithms can achieve superior performance to the
existing benchmarks and exhibit robustness across various
UAV swarms.
R EFERENCES
[1] S. Hu, W. Ni, X. Wang, A. Jamalipour, and D. Ta, “Joint optimization of
trajectory, propulsion, and thrust powers for covert UAV-on-UAV video
tracking and surveillance,” IEEE Trans. Inf. Forensics Security, vol. 16,
pp. 1959–1972, 2021.
[2] B. Liu, W. Ni, R. P. Liu, Y. J. Guo, and H. Zhu, “Decentralized, privacy-
preserving routing of cellular-connected unmanned aerial vehicles for
joint goods delivery and sensing,” IEEE Trans. Intell. Transp. Syst.,
vol. 24, no. 9, pp. 9627–9641, 2023.
[3] X. Yuan, S. Hu, W. Ni, X. Wang, and A. Jamalipour, “Deep reinforce-
ment learning-driven reconfigurable intelligent surface-assisted radio
surveillance with a fixed-wing UAV,” IEEE Trans. Inf. Forensics Secu-
rity, vol. 18, pp. 4546–4560, 2023.
[4] A. V. Savkin, W. Ni, and M. Eskandari, “Effective UAV navigation for
cellular-assisted radio sensing, imaging, and tracking,” IEEE Trans. Veh.
Technol., vol. 72, no. 10, pp. 13729–13733, Oct. 2023.
[5] K. Li, R. C. Voicu, S. S. Kanhere, W. Ni, and E. Tovar, “Energy efficient
legitimate wireless surveillance of UAV communications,” IEEE Trans.
Veh. Technol., vol. 68, no. 3, pp. 2283–2293, Mar. 2019.
[6] S. Hu, X. Yuan, W. Ni, and X. Wang, “Trajectory planning of cellular-
connected UAV for communication-assisted radar sensing,” IEEE Trans.
Commun., vol. 70, no. 9, pp. 6385–6396, Sep. 2022.
[7] X. Yuan, Z. Feng, W. Ni, R. P. Liu, J. A. Zhang, and W. Xu,
“Secrecy performance of terrestrial radio links under collaborative
aerial eavesdropping,” IEEE Trans. Inf. Forensics Security, vol. 15,
pp. 604–619, 2020.
[8] B. Song et al., “Reliability analysis of large-scale adaptive weighted net-
works,” IEEE Trans. Inf. Forensics Security, vol. 15, pp. 651–665, 2020.
[9] X. Yuan, Z. Feng, W. Ni, Z. Wei, R. P. Liu, and C. Xu, “Connectivity
of UAV swarms in 3D spherical spaces under (un)intentional ground
interference,” IEEE Trans. Veh. Technol., vol. 69, no. 8, pp. 8792–8804,
Aug. 2020.
[10] S. Bi et al., “A comprehensive survey on applications of AI technologies
to failure analysis of industrial systems,” Eng. Failure Anal., vol. 148,
Jun. 2023, Art. no. 107172.
[11] Y. E. Yao, P. Dash, and K. Pattabiraman, “May the swarm be with you:
Sensor spoofing attacks against drone swarms,” in Proc. ACM SIGSAC
CCS, 2022, pp. 3511–3513.
[12] H. Choi et al., “Detecting attacks against robotic vehicles: A control
invariant approach,” in Proc. ACM SIGSAC Conf. Comput. Commun.
Secur., Oct. 2018, pp. 801–816.
[13] I. Buske, A. Walther, D. Fitz, J. Acosta, A. Konovaltsev, and L. Kurz,
“Smart GPS spoofing to countermeasure autonomously approaching
agile micro UAVs,” Proc. SPIE, vol. 12273, pp. 62–67, Nov. 2022.
[14] Y. Liu, Y. Wang, J. Wang, and Y. Shen, “Distributed 3D relative
localization of UAVs,” IEEE Trans. Veh. Technol., vol. 69, no. 10,
pp. 11756–11770, Oct. 2020.
[15] P. Jiang, H. Wu, and C. Xin, “DeepPOSE: Detecting GPS spoofing attack
via deep recurrent neural network,” Digit. Commun. Netw., vol. 8, no. 5,
pp. 791–803, Oct. 2022.
Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
[16] B. Pardhasaradhi and L. R. Cenkeramaddi, “GPS spoofing detection and
mitigation for drones using distributed radar tracking and fusion,” IEEE
Sensors J., vol. 22, no. 11, pp. 11122–11134, Jun. 2022.
[17] A. Khan, N. Ivaki, and H. Madeira, “Are UAVs’ flight controller software
reliable?” in Proc. IEEE PRDC, 2022, pp. 194–204.
[18] K. Liu, Y. Zhao, G. Wang, and R. Xue, “Quadrotor visual navigation
under GPS spoofing attack,” in Proc. 6th Int. Conf. Wireless Commun.,
Signal Process. Netw. (WiSPNET), Mar. 2021, pp. 270–277.
[19] Y. Dang, C. Benzaïd, T. Taleb, B. Yang, and Y. Shen, “Transfer learning
based GPS spoofing detection for cellular-connected UAVs,” in Proc. Int.
Wireless Commun. Mobile Comput. (IWCMC), May 2022, pp. 629–634.
[20] W. Chen, Y. Dong, and Z. Duan, “Accurately redirecting a malicious
drone,” in Proc. IEEE 19th Annu. Consum. Commun. Netw. Conf.
(CCNC), Jan. 2022, pp. 827–834.
[21] Z. Wang, X. Zhang, Z. Zhou, M. Lu, and H. Li, “GNSS spoofer
localization for vehicles based on Doppler and clock drift double
difference,” IEEE Trans. Veh. Technol., vol. 72, no. 4, pp. 4466–4481,
Apr. 2023.
[22] G. Michieletto, F. Formaggio, A. Cenedese, and S. Tomasin, “Robust
localization for secure navigation of UAV formations under GNSS
spoofing attack,” IEEE Trans. Autom. Sci. Eng., vol. 20, no. 4,
pp. 2383–2396, Oct. 2023.
[23] M. Babaghayou, N. Labraoui, A. A. A. Ari, N. Lagraa, M. A. Ferrag, and
L. Maglaras, “SAMA: Security-aware monitoring approach for location
abusing and UAV GPS-spoofing attacks on Internet of Vehicles,” in Proc.
LNICST, vol. 427, 2022, pp. 343–360.
[24] S. Bi, J. Cui, W. Ni, Y. Jiang, S. Yu, and X. Wang, “Three-dimensional
cooperative positioning for Internet of Things provenance,” IEEE Inter-
net Things J., vol. 9, no. 20, pp. 19945–19958, Oct. 2022.
[25] Y. Wang, X. Wen, Y. Cao, C. Xu, and F. Gao, “Bearing-based relative
localization for robotic swarm with partially mutual observations,” IEEE
Robot. Autom. Lett., vol. 8, no. 4, pp. 2142–2149, Apr. 2023.
[26] J. Yang, T. Zhang, X. Wu, T. Liang, and Q. Zhang, “Efficient scheduling
in space–air–ground-integrated localization networks,” IEEE Internet
Things J., vol. 9, no. 18, pp. 17689–17704, Sep. 2022.
[27] B. Jiang, B. D. O. Anderson, and H. Hmam, “3-D relative localization
of mobile systems using distance-only measurements via semidefinite
optimization,” IEEE Trans. Aerosp. Electron. Syst., vol. 56, no. 3,
pp. 1903–1916, Jun. 2020.
[28] Z. Wu, W. Quan, and T. Zhang, “Resource allocation in UAV-aided
vehicle localization frameworks,” in Proc. IEEE/CIC Int. Conf. Commun.
Workshops China, Aug. 2019, pp. 98–103.
[29] P. Biswas, T.-C. Lian, T.-C. Wang, and Y. Ye, “Semidefinite pro-
gramming based algorithms for sensor network localization,” ACM
Trans. Sensor Netw., vol. 2, no. 2, pp. 188–220, May 2006, doi:
10.1145/1149283.1149286.
[30] S. Boyd and L. Vandenberghe, Convex Optimization. Cambridge, U.K.:
Cambridge Univ. Press, 2004.
[31] M. Grant and S. Boyd. (2008). CVX: MATLAB Software for Disciplined
Convex Programming. [Online]. Available: http://cvxr.com/cvx
[32] I. Um, S. Park, S. Oh, and H. Kim, “Analyzing location accu-
racy of unmanned vehicle according to RTCM message frequency
of RTK-GPS,” in Proc. 25th Asia–Pacific Conf. Commun. (APCC),
Nov. 2019, pp. 326–330.
[33] W. Zhao, R. He, B. Ai, Z. Zhong, and H. Zhang, “Vehicle localization
based on hypothesis test in NLOS scenarios,” IEEE Trans. Veh. Technol.,
vol. 71, no. 2, pp. 2198–2203, Feb. 2022.
[34] S. Bi, W. Ni, Y. Jiang, and X. Wang, “Novel recommendation-based
approach for multidisciplinary development of future universities,” Sus-
tainability, vol. 14, no. 10, p. 5881, May 2022.
Siguo Bi received the Ph.D. degree in electronic
science and technology from Fudan University,
Shanghai, China, in 2020. He is currently an Engi-
neer with Fudan University. His research interests
include wireless sensor networks, convex optimiza-
tion, network security in UAV swarm, and machine
learning applied in communications.
BI et al.: DETECTION AND MITIGATION OF POSITION SPOOFING ATTACKS
Kai Li (Senior Member, IEEE) received the B.E.
degree from Shandong University, Weihai, China,
in 2009, the M.S. degree from The Hong Kong
University of Science and Technology, Hong Kong,
in 2010, and the Ph.D. degree in computer science
from The University of New South Wales, Sydney,
NSW, Australia, in 2014. Currently, he is a Visiting
Research Scientist with the Division of Electrical
Engineering, Department of Engineering, University
of Cambridge, U.K. Additionally, he is also a Senior
Research Scientist with the CISTER Research Cen-
tre, Porto, Portugal. He is also a CMU-Portugal Research Fellow, jointly
supported by Carnegie Mellon University, Pittsburgh, PA, USA, and the
Foundation for Science and Technology (FCT), Lisbon, Portugal. In 2022,
he was a Visiting Research Scholar with the CyLab Security and Privacy
Institute, CMU. Prior to this engagement, he was a Post-Doctoral Research
Fellow with the SUTD-MIT International Design Centre, Singapore University
of Technology and Design, Singapore, from 2014 to 2016. He has also held
positions as a Visiting Research Assistant with the ICT Centre, CSIRO,
Brisbane, QLD, Australia, from 2012 to 2013, and a Research Assistant with
the Mobile Technologies Centre, The Chinese University of Hong Kong,
Hong Kong, from 2010 to 2011. He has been an Associate Editor for
the Nature Computer Science journal (Springer) since 2023, the Computer
Communications journal (Elsevier) and Ad Hoc Networks journal (Elsevier)
since 2021, and IEEE ACCESS journal since 2018.
Shuyan Hu (Member, IEEE) received the B.Eng.
degree in electrical engineering from Tongji Uni-
versity, China, in 2014, and the Ph.D. degree
in electronic science and technology from Fudan
University, China, in 2019. She is currently a
Post-Doctoral Research Fellow with the School of
Information Science and Technology, Fudan Univer-
sity. She was selected by the Shanghai Post-Doctoral
Excellence Program in 2019. Her research interests
include machine learning and convex optimizations
and their applications to unmanned aerial vehicle
(UAV) networks and intelligent systems.
Wei Ni (Fellow, IEEE) received the B.E. and
Ph.D. degrees in electronic engineering from Fudan
University, Shanghai, China, in 2000 and 2005,
respectively.
Currently, he is a Principal Research Scientist
with CSIRO, Sydney, Australia, a Conjoint Pro-
fessor with the University of New South Wales,
an Adjunct Professor with the University of Tech-
nology Sydney, and an Honorary Professor with
Macquarie University. He was a Post-Doctoral
Research Fellow with Shanghai Jiao Tong Univer-
sity from 2005 to 2008, the Deputy Project Manager with Bell Labs,
Alcatel/Alcatel-Lucent from 2005 to 2008, and a Senior Researcher with
Devices Research and Development, Nokia, from 2008 to 2009. He has
authored eight book chapters, over 300 journal articles, 100 conference
papers, 26 patents, and ten standard proposals accepted by IEEE. His research
interests include machine learning, online learning, stochastic optimization,
and their applications to system efficiency and integrity. He has been serving
as an Editor for IEEE T RANSACTIONS ON W IRELESS C OMMUNICATIONS
Authorized licensed use limited to: XIDIAN UNIVERSITY. Downloaded on December 09,2024 at 13:00:07 UTC from IEEE Xplore. Restrictions apply.
1895
since 2018 and an Editor for IEEE T RANSACTIONS ON V EHICULAR T ECH -
NOLOGY . He served as the Secretary, then the Vice-Chair and Chair of the
IEEE Vehicular Technology Society (VTS) New South Wales (NSW) Chapter
from 2015 to 2022, the Workshop Chair for ISCIT 2023, the Track Chair
for VTC-Spring 2017, the Track Co-Chair for IEEE VTC-Spring 2016, the
Publication Chair for BodyNet 2015, and the Student Travel Grant Chair for
WPMC 2014.
Cong Wang received the B.E. and M.S. degrees
from Fudan University, China. Her research inter-
ests include machine learning, bioinformatics, and
statistics.
Xin Wang (Fellow, IEEE) received the B.Sc. and
M.Sc. degrees in electrical engineering from Fudan
University, Shanghai, China, in 1997 and 2000,
respectively, and the Ph.D. degree in electrical engi-
neering from Auburn University, Auburn, AL, USA,
in 2004.
From September 2004 to August 2006, he was a
Post-Doctoral Research Associate with the Depart-
ment of Electrical and Computer Engineering,
University of Minnesota, Minneapolis. In August
2006, he joined the Department of Electrical Engi-
neering, Florida Atlantic University, Boca Raton, FL, USA, as an Assistant
Professor, then was promoted to a tenured Associate Professor in 2010.
He is currently a Distinguished Professor and the Chair of the Department
of Communication Science and Engineering, Fudan University. His research
interests include stochastic network optimization, energy-efficient communica-
tions, cross-layer design, and signal processing for communications. He served
as a Senior Area Editor for IEEE T RANSACTIONS ON S IGNAL P ROCESSING,
an Associate Editor for IEEE T RANSACTIONS ON S IGNAL P ROCESSING,
an Editor for IEEE T RANSACTIONS ON W IRELESS C OMMUNICATIONS,
an Editor for IEEE T RANSACTIONS ON V EHICULAR T ECHNOLOGY, and an
Associate Editor for IEEE S IGNAL P ROCESSING L ETTERS. He is a member
of the Signal Processing for Communications and Networking Technical
Committee of IEEE Signal Processing Society and a Distinguished Speaker
of the IEEE Vehicular Technology Society.