A Data Normalization Technique for Detecting Cyber Attacks on UAVs

The data analysis subsystem of an Unmanned Aerial Vehicle (UAV) includes two main modules: a data acquisition module for data processing and a normalization module. One of the main features of an adaptive UAV protection system is the analysis of its cyber-physical parameters. An attack on a general-purpose computer system mainly affects the integrity, confidentiality and availability of important information. By contrast, an attack on a Cyber-Physical System (CPS), such as a UAV, affects the functionality of the system and may disrupt its operation, ultimately preventing it from fulfilling its tasks correctly. Cyber-physical parameters are the internal parameters of a system node, including the states of its computing resources, data storage, actuators and sensor system. Here, we develop a data normalization technique that additionally allows us to identify the signs of a cyber-attack. In addition, we define sets of parameters that can highlight an attack and define a new database format to support intrusion detection for UAVs. To achieve these goals, we performed an experimental study of the impact of attacks on UAV parameters and developed a software module for collecting data from UAVs, as well as a technique for normalizing and presenting data for detecting attacks on UAVs. Data analysis and the evaluation of the quality of a parameter (whether the parameter changes normally, or abrupt anomalous changes are observed) are facilitated by converting different types of data to the same format. The resulting formalized CPS model allows us to identify the nature of an attack and its potential impact on UAV subsystems. In the future, such a model could be the basis of a CPS digital twin in terms of security. The presented normalization technique supports processing raw data, as well as classifying data sets for their use in machine learning (ML) analyses in the future. The data normalization technique can also help to immediately determine the presence and signs of an attack, which allows classifying raw data automatically by dividing it into different categories. Such a technique could form the basis of an intrusion detection system for CPSs. Thus, the obtained results can be used to classify attacks, including attack detection systems based on machine learning methods, and the data normalization technique can be used as an independent method for detecting attacks.