Keywords

1 Introduction

Positioning is an essential utility for many cyber-physical system operations such as smart vehicles and intelligent transportation. The Global Positioning System (GPS) and other Global Navigation Satellite Systems (GNSS) are accurate sources for positioning but may be vulnerable to intentional attacks [5, 14, 15]. There are two main types of attacks for GNSS systems: a) jamming [3] to affect the availability of the GNSS satellite signals by generating powerful signals in the GNSS band; and b) spoofing to deceive the GNSS user navigation by transmitting signals that share the same characteristics with the legitimate GNSS satellite signals [13]. GNSS spoofing can even take over the control of UASs that rely on GNSS for navigation [20]. To detect attacks, signal processing techniques based on the characterization of the attacks have been developed by checking distortions or disruptions of signals [19]. Furthermore, the integration of independent measurements and information has been considered for attack detection by monitoring drifts of the receiver position and/or clock. Moreover, simultaneously using complementary strategies has been proposed to compensate for the weaknesses of an individual attack detection technique that might be exploited by a sophisticated spoofer.

Other methods to provide security for communications include blockchain security, data encryption, user authentication, message hiding, and signal analysis. Monitoring the signals analysis can only detect spoofing and cannot correct the error [24]. A hidden message would require a larger channel capacity and methods to resolve the true signal [9]. While authentication could be a solution [26], if the signal is spoofed, it would require protocols that cause timing delays amongst many sources requiring ID-based signature message recovery [31]. Since navigation methods like GPS and automatic dependent surveillance-Broadcast (ADS-B) could add authentication, there are still ways to send incorrect messages. Encryption is challenging as it is not backward compatible and would require a fundamental alteration of the signals with standardized approaches [25]. Currently, there are efforts towards secure distributed edge-based methods [8] that could use blockchain which is popular for smart sensors [28]. Analysis of blockchain for avionics shows promise, but increases the message size, reduces timing, and requires more memory [27], and efforts are underway to make the system lighter [29]. Hence the only current solution is to have another massage source such as a designated radar signal that is typically only located at designated airports. Using another onboard edge sensing source to detect and correct the spoofing as well as be available for GNSS jamming would provide a practical solution for continuous navigation.

Range-only positioning provides an alternate source of position estimations using relative distances to fixed or dynamic beacons [2]. In the case of multiple UASs, cooperative navigation/positioning where individual UASs exchange information to improve their own position estimation has been developed for robust positioning [21]. For example, the authors [12] proposed a distributed consensus-based distributed EKF approach for collaborative relative navigation. Furthermore, observability for range-only cooperative localization using extended/unscented Kalman filters (KF) has been established [6] as well as bearings-only tracking [10]. Trajectory planning for favorable network configuration in terms of optimality measures has been studied to control the statistical properties of the localization error [17, 30]. However, the existing works do not consider the attacks on the range sensors or information exchange in adverse environments which may cause large errors in range measurements besides the normal measurement noise and thus degrade the positioning performance [22]. Moreover, since the commonly used extended/unscented KF assumes Gaussian noise for range-only positioning, non-Gaussian attacks may cause severe performance degradation and escape attack detections like the innovation testing [1]. In this paper, we investigate the performance of distributed range-only positioning systems under both Gaussian and non-Gasussian attacks.

To detect and mitigate the attacks on the range-only positioning, we use inertial measurement units (IMU) as another source of positioning, similar to the integration of GNSS and IMU for anti-attacks [7, 19]. It is noted that dead reckoning based on IMU measurements cannot provide precise positioning without an accurate previously determined position. However, the IMU is less susceptible to signal/data attacks. Therefore, we can combine the range-only positioning and IMU to detect attacks. By discarding the attacked UASs, the rest UASs may still achieve accurate positioning when the unattacked nodes can ensure the observability of the cooperative positioning system.

The main contribution of this paper lies in presenting a distributed EKF-based approach integrated with IMU-based positioning for the detection and mitigation of distance manipulation attacks on the range-only cooperative positioning of multiple UASs in GNSS-denied environments. The remainder of the paper is organized as follows: Sect. 2 gives the problem formulation, including the dynamic models and the preliminaries of the distributed EKF (DEKF); Sect. 3 introduces the distance manipulation attacks and anti-attack approach based on DEKF and IMU; Sect. 4 provides experimental results; and finally, Sect. 5 summarizes this paper.

2 Problem Formulation

Consider a system of multiple UASs that consist of a leader node \(N_{0}\) and \(N_{s}\) follower nodes where \(s=1,\cdots ,S\); the leader node is hovering at a position/maintains high-precision positioning while the follower nodes need to fly through a potential GPS-denied region towards a target area. Each UAS can obtain the relative distance to the leader node and the neighboring UASs using the time of arrival (TOA) mode via a data link during the flight. Moreover, the data link may be spoofed and transmit misleading range measurements. Additionally, the UASs can obtain measurements of gyro rate and acceleration from the onboard low-cost IMU, azimuth from the magnetometer, air speed measured from a Pitot tube, and height (from the ground) from a baro-altimeter.

The problem addressed in this work is how to design a resilient scheme for employing the range measurements and internal measurements to achieve an acceptable estimation of positions in the GPS-denied and/or spoofing environments, as shown by Fig. 1.

Fig. 1.
figure 1

Range-only positioning in GPS-denied environments under distance manipulation attacks.

Full size image

2.1 Dynamic Models and Measurements

Denote \(x_{0}\) as the 3-D coordinates of the leader node. Without loss of generality, we use a global coordinate/frame without considering the transition from the local frame to the global frame and \(x_{0}=[0,0,0]^{\top }\). The dynamic process and the local observation of each node i can be described using the following state-space model:

$$\begin{aligned} x_{i}(k+1)&:=\begin{bmatrix} x_{i,1}(k+1)~x_{i,2}(k+1)~x_{i,3}(k+1) \end{bmatrix}^{\top } \end{aligned}$$
(1a)
$$\begin{aligned} &= \begin{bmatrix} x_{i,1}(k)\\ x_{i,2}(k)\\ x_{i,3}(k) \end{bmatrix} + \begin{bmatrix} u_{i,1}(k)\\ u_{i,2}(k)\\ u_{i,3}(k), \end{bmatrix}\text {d}t + \omega _{i}(k), \end{aligned}$$
(1b)
$$\begin{aligned} y_{i,j}(k) = &\sqrt{(x_{i}(k)-x_{j}(k))^{\top }(x_{i}(k)-x_{j}(k))}+ \nu _{i}(k), \end{aligned}$$
(1c)
$$\begin{aligned} i=&1,\cdots , N_{s},j\in \mathcal {N}_{i}(k), \end{aligned}$$
(1d)

where \(x_{i}\) and \(u_{i}\) denote the coordinates and velocities of the i-th node, respectively; \(k\in \mathbb {N}\) is the time instant and \(\text {d}t\) is the time increment; \(\omega _{i}\in \mathbb {R}^{3}\) is the process noise with covariance matrix denoted by Q(k); \(y_{i,j}\) is the range measurements between node i and j and \(\nu _{i}\in \mathbb {R}^{3}\) is measurement noise with covariance matrix denoted by R(k) which is assumed to follow normal distribution; \(\mathcal {N}_{i}\) is the set of neighboring nodes for the node i. It is noted that \(\mathcal {N}_{i}\) is varying as a result of the dynamics of UASs. Moreover, the cardinality \(|\mathcal {N}_{i}|\) (i.e., the number of neighbors) is a tuning parameter, which can be determined based on the verification of the measurement data for resilience.

It is noted that \(y_{i,j}=y_{j,i}\) may not hold due to measurement errors. One approach for positioning is a centralized method, i.e., the follower nodes transmit the measurements to the leader and the leader uses the extended/unscented Kalman filter to estimate the positions. However, regardless of the computational and communication cost, this approach may not work in case parts of the nodes fail to transmit reliable measurements to the leader node due to interruptions of communications or spoofing.

Instead, we consider a distributed approach where each follower node uses the range measurements w.r.t. the leader node and neighboring nodes for positioning such that an acceptable estimation can still be achieved in case of failures of partial nodes. It is assumed that the leader node is far enough away, has anti-jamming and anti-spoofing extra analytic capabilities, and otherwise is resilient to attacks. Moreover, the follower node can use internal measurements and previous estimations for positioning when attacks are detected and reliable range measurements are not available.

2.2 Distributed Extended Kalman Filter

Range-only positioning requires a nonlinear state estimator due to the nonlinearity of Eq. (1c). EKF is an efficient approach for nonlinear state estimation. In particular, the EKF linearizes the nonlinear measurement and/or state transition functions using the first-order Taylor series at the current best state estimate for filtering and predictions of states. Specifically, the linearized model at time instant k is

$$\begin{aligned} x(k+1) &= F(k)x(k)+G(k)\omega (k)+u(k), \end{aligned}$$
(2a)
$$\begin{aligned} \bar{y}(k) &\approx H(k)x(k)+\nu (k), \end{aligned}$$
(2b)

where \(x=[x_{1}^{\top },\cdots ,x_{S}^{\top }]^{\top }\) represents the augmented states that consist of the states of all the follower nodes, \(F(k) = \frac{\partial f}{\partial x}|_{\hat{x}(k|k-1)}\) with \(x(k+1)=f(x(k))+G(k)\omega (k)+u(k)\) denoting the state transition function; \(H(k) = \frac{\partial h}{\partial x}|_{\hat{x}(k|k-1)}\) with \(y=h(x)\) denoting the nonlinear measurement functions; \(\bar{y}(k) = y(k)-h(\hat{x}(k|k-1))+H(k)\hat{x}(k|k-1)\). Then, at time instant k, the correct step based on the measurements is

$$\begin{aligned} &P(k|k) = (P^{-1}(k|k-1)+H^{\top }(k)R^{-1}(k)H(k))^{-1}, \end{aligned}$$
(3a)
$$\begin{aligned} &\hat{x}(k|k) = \hat{x}(k|k-1) + P(k|k)H^{\top }(k)R^{-1}(k)\left( \bar{y}(k)-H(k)\hat{x}(k|k-1)\right) ; \end{aligned}$$
(3b)

the prediction step is

$$\begin{aligned} &\hat{x}(k+1|k) = f(\hat{x}(k|k)), \end{aligned}$$
(4a)
$$\begin{aligned} &P(k+1|k) = F(k)P(k|k)F^{\top }(k)+G(k)Q(k)G^{\top }(k). \end{aligned}$$
(4b)

Instead, the distributed EKF uses the local measurements for correction and prediction and obtains an accurate estimate of the entire system state variables based on consensus [4]. In particular, the consensus-based correct step [23] for the i-th node in a network of homogeneous nodes is

$$\begin{aligned} &\hat{\textbf{x}}_{i}^{l}(k|k) \nonumber = \\ & \left( \frac{1}{N_{s}^{+}}P_{i}^{-1}(k|k-1)+H_{i}^{\top }(k)R_{i}^{-1}(k)H_{i}(k) \frac{|\mathcal {N}_{i}^{+}|}{\mu }I\right) ^{-1}\cdot \nonumber \\ &\bigg [H_{i}^{\top }(k)R_{i}^{-1}(k)\bar{y}_{i}(k)+\frac{1}{N_{s}^{+}}P_{i}^{-1}(k|k-1)\hat{\textbf{x}}_{i}(k|k-1) + \nonumber \\ &\sum _{j\in \mathcal {N}_{i}^{+}}\left( \frac{z_{j}(k)^{l-1}}{\mu }+\lambda _{ij}^{l-1}\right) \bigg ] \end{aligned}$$
(5a)
$$\begin{aligned} &z_{i}(k)^{l} = \frac{\mu }{|\mathcal {N}_{i}^{+}|}\sum _{j\in \mathcal {N}_{i}^{+}}\left( \frac{1}{\mu }\hat{\textbf{x}}_{j}^{l}(k|k)-\lambda _{ji}^{l-1}\right) ,\end{aligned}$$
(5b)
$$\begin{aligned} &\lambda _{ij}^{l} = \lambda _{ij}^{l-1}-\frac{1}{\mu }\left( \hat{\textbf{x}}_{i}^{l}(k)-z^{l}_{j}(k)\right) ,\end{aligned}$$
(5c)
$$\begin{aligned} &\forall ~i=1,\cdots , N_{s},~ j\in \mathcal {N}_{i}^{+},~l = 1,\cdots , L \end{aligned}$$
(5d)

where \(\hat{\textbf{x}}_{i}^{l}\) is Node i’s estimate of x using local \(P_{i}\),\(H_{i}\), and \(R_{i}\) at Node i for the l-th iteration, and \(P_{i}(0|0)=P_{0}\); \(z_{i}^{l}\) is the auxiliary variable with initialization \(z_{i}^{0}(k)=\hat{\textbf{x}}_{i}(k|k-1)\), \(\lambda _{i,j}^{l}\) is the Lagrange multiplier with initialization \(\lambda _{i,j}^{0}=0\), and \(\mu \) is a scalar penalty parameter; \(z_{j}\), \(\hat{\textbf{x}}_{j}, j\in \mathcal {N}_{i}\) are transmitted from the \(|\mathcal {N}_{j}|\) nearest neighbors of Node i based on the noisy range measurements; \(N_{s}^{+}=N_{s}+1\), and \(\mathcal {N}_{i}^{+}=\mathcal {N}_{i}\cup \{i\}\); the correction of the covariance matrix is

$$\begin{aligned} P_{i}(k|k) = \left( P_{i}^{-1}(k|k-1)+\sum _{i=1}^{N_{s}}H_{i}^{\top }(k)R_{i}^{-1}(k)H_{i}(k)\right) ^{-1}; \end{aligned}$$
(6)

The prediction step for the i-th node is

$$\begin{aligned} &\hat{x}_{i}(k+1|k) = f(\hat{x}_{i}(k|k)), \end{aligned}$$
(7a)
$$\begin{aligned} &P_{i}(k+1|k) = F_{i}(k)P_{i}(k|k)F_{i}^{\top }(k)+G(k)Q(k)G^{\top }(k). \end{aligned}$$
(7b)

The main advantage of the DEKF approach is that it can reduce the computational burden and communication overhead as compared to a centralized approach. The DEKF can be more scalable and robust versus a centralized (CEKF), especially in systems with a large number of sensors distributed across different locations and limited, unreliable, or costly communication between nodes.

3 Distance Manipulation Attacks

In this section, we introduce the distance manipulation attacks on the range-only cooperative positioning and present the proposed approaches to detecting and preventing the attacks.

3.1 Attacks on Range Measurements

The demand for ranging information is increasing for autonomous and cyber-physical systems in various applications such as positioning and navigation, which makes it a target of attackers with different motivations. Existing ranging systems such as ultra-wideband (UWB) ranging systems are vulnerable to distance manipulation attacks. Distance manipulation attacks can be performed by manipulating the logical or physical layer. Logical-layer attacks manipulate message bits while physical-layer attacks involve manipulating signal characteristics to incorrectly measure the signal’s phase, amplitude, frequency, or arrival time [22]. Additionally, distance manipulation attacks can be divided into distance reduction and enlargement attacks. An attacker may reduce the measured distance by manipulating the time of arrival (ToA) estimation of the preamble (via cicada attack [18] ) and the payload (via Early Detect Late Commit (ED/LC) attack) [11] and enlarge the measured distance by preventing legitimate payload detection by increasing the bit error by adding noise in the channel or canceling some of the pulses. The availability of affordable radio devices like the software-defined radio has opened up vast possibilities for cybersecurity and infosec professionals to explore radio frequency (RF) communication and control devices, enabling them to delve into hacking in this domain.

In the case of range-only positioning, we consider the distance manipulation attacks introducing extra range measurement disturbances. Specifically, the attacked range measurements

$$\begin{aligned} \tilde{y}_{i,j}(k) = \left\{ \begin{matrix}y_{i,j}(k) + b_{i,j}(k), &{} i\in \mathcal {A}_{V}(k), k\in \mathcal {A}_{T} \\ y_{i,j}(k) &{} \text {otherwise}\end{matrix} \right. , \end{aligned}$$
(8)

where \(b_{i,j}(k)\) denotes the modification of Node i’s measurement of the range between Node i and j at time k; \(\mathcal {A}_{V}(k)\) is the set of attacked nodes and \(\mathcal {A}_{T}\) is the set of attacked time steps. Then, the centralized/distributed EKF use \(\tilde{y}_{i,j}(k)\) at each time step to correct positioning estimation, which may cause large deviations from the real positioning.

3.2 Attack Detection and Mitigation

Using alternative positioning sources is a common strategy to detect and mitigate attacks. In addition to the range measurements, IMU measurements can be used for positioning. In particular, the raw IMU measurements can be utilized to calculate position relative to a global reference frame via a method known as dead reckoning. Using a previously determined position, dead reckoning can provide an accurate current position by \(\hat{x}(k) = \hat{x}(k-1)+\delta \hat{x}(k-1)\) where \(\delta \hat{x}\) denotes the displacement computed by the data of IMU sensors. Moreover, the IMU is less vulnerable to attacks than range-only positioning for which communications between nodes are required. However, dead reckoning is subject to cumulative errors over time and causes significant drifts over great distances.

For attack detection of GNSS and IMU, innovation testing [1] is widely used. However, the EKF may mitigate the effects of attacks such that the differences between the position estimates of range and IMU measurements are unreliable for detecting attacks on range measurements. In consequence, accumulating the faults within a time window is needed to detect the slowly drifting faults introduced by GNSS spoofing attacks [16], which may disable the in-time detection and mitigation of attacks. Instead, we use the differences between the range measurements and the range estimates based on the IMU measurements to detect the attacks, as the dead reckoning can maintain high accuracy for a short period and is less vulnerable to communication attacks. In particular,

$$\begin{aligned} \mathbbm {1}^{a}_{i}(k)=\left\{ \begin{matrix} 1, &{} \text {if}~\exists j ~\text {s.t.}~ |\hat{y}_{i,j}(k)-y_{i,j}(k)|> \gamma \\ 0 &{} \text {otherwise} \end{matrix} \right. \end{aligned}$$
(9)

where \(\mathbbm {1}^{a}_{i}\) indicates whether the i-th node is attacked and \(\gamma \) is a predefined threshold and \(\hat{y}_{i,j}(k)\) is the range estimates between Node i and Node j based on the IMU measurements. It is noted that there can be detection errors including false alarms and mis-detections.

Algorithm 1.
figure a

Detecting and Mitigating Distance Manipulation Attacks

Full size image

Then, we combine range-based positioning and dead reckoning of IMU to enhance the resilience of the positioning system. In particular, we use the range-only positioning in the normal environment and IMU when attacks occur. To avoid the drifts of IMU-based positioning, the IMU is calibrated using the range-only positioning at a predefined frequency, when no attacks are detected. However, the IMU will not be calibrated once the attacks are detected, and dead reckoning will be used for positioning until the attack alarms cease. The difference between the range measurements and estimates will be monitored in real-time to detect attacks.

Furthermore, we consider two cases of reducing performance degradation when the attacks are detected. First, when the number of unattacked nodes based on the detection is greater than the number of nodes required for distributed EKF, the information from the attacked nodes will be discarded to prevent the adverse effects of incorrect measurements. The second case is when the number of unattacked nodes is less than the number of nodes required for DEKF, the attacked nodes use the IMU-based position estimates as their position estimates. Additionally, the procedures for attack detection and mitigation are summarized in Algorithm 1.

4 Experimental Results and Validation

4.1 Scenario Description

Table 1. Specifications of the UVA
Full size table

We assume each UAS to be a point UAS and that there are no kinematic restrictions on a UAS’s movement, similar to [17]. The UAV specificationsFootnote 1 are summarized in Table 1. The leader node stays at \(x_{0}=[0~0~0]^{\top } \text {(m)}\). The initial positions of the follower nodes \(x_{i}(0)=[x_{i,1}(0)~x_{i,2}(0)~x_{i,3}(0)]^{\top } +[0~0~150]^{\top }\) where \(x_{i,j}(0)\) are randomly drawn from the normal distribution \(\mathcal {N}(0, 0.1)\). The target is \(x_{\text {target}}=[5000 ~5000~150]^{\top } \text {(m)}\). There are \(S^{2}\) range measurements, including the measurements between the leader node and follower nodes and between each two follower nodes. Each node adjusts the control inputs \(u_{i}\) by

$$\begin{aligned} u_{i}(k) = \frac{\hat{x}_{i}(k|k)-x_{\text {target}}}{\Vert \hat{x}_{i}(k|k)-x_{\text {target}}\Vert _{2}} \times 8 ~ \text {(m/s)}, \end{aligned}$$
(10)

where \(\hat{x}_{i}(k|k)\) is the position estimate at time k based on the measurements and \(\Vert \cdot \Vert _{2}\) denotes the Euclidean norm. \(\text {d}t = 9 ~ \text {s}\). The covariance matrix R of the measurement noises is diagonal and \(R = \text {diag}([\sigma _{1,0},\cdots ,\sigma _{S,S-1}])\) where \(\sigma _{i,j}\) denotes the standard deviation of the noise for node i’s range measurement w.r.t. node j. A follower node finishes the task if \(\Vert x_{i}(k)-x_{\text {target}}\Vert \le 16~\text {(m)}\). The maximal time steps for the task is 100. Additionally, the process noise is not considered.

Moreover, spoofing can take place on the data during the flights. To thoroughly test the performance of the range-only cooperative positioning and anti-attack techniques under various types of attacks, we consider both (1) non-Gaussian attacks which add a fixed \(y_{a}\) to the measurements of the \(|\mathcal {A}_{V}|\) attacked follower nodes with a probability \(p_{a}\) during the attack period from time step 21 to 30; and (2) Gaussian attacks which add i.i.d. Gaussian noise with \(y_{a}\sim \mathcal {N}(0, \sigma _{a})\) to the measurements of the \(|\mathcal {A}_{V}|\) attacked follower nodes during the attack period. The non-Gaussian attacks are supposed to cause more performance degradation and bring more challenges for anti-attacks than the Gaussian attacks, as the EKF assumes Gaussian process and measurement noise. Furthermore, since we assume homogeneous follower UAV nodes, the attacked UAV nodes are randomly selected given a number of attacked nodes.

We use a measurement-level simulator which is sufficient for attack detection and impact moderation of spoofing. To evaluate the range-only positioning approach, we use the average estimation errors computed by

$$\begin{aligned} \bar{e} = \frac{1}{M}\sum _{l=1}^{M}\frac{1}{S} \sum _{i=1}^{S} \frac{1}{K}\sum _{k=1}^{K}\left\| \hat{x}_{i}^{(l)}(k|k)-x_{i}^{(l)}(k)\right\| _{2}, \end{aligned}$$
(11)

where M is the number of Monte Carlo (MC) simulations, and K is the number of time steps for the i-th node. Moreover, we evaluate the success rate which is defined as the ratio of the number of follower nodes that reach the target area over the total number of follower nodes in a simulation, and the average success rate is the average of the success rates of M MC simulations.

4.2 Performance of Centralized EKF

The Centralized EKF (CEKF) requires the follower nodes to send their range measurements to the leader node to estimate the positions of all the nodes. Then, the leader node sends the position estimates to the follower nodes. In the experiments, we assume the timing is synchronized for all the nodes and omit the processing and communicating time to focus on the positioning problem. First, we evaluate the performance of CEKF for different numbers of follower nodes and different \(\sigma _{\nu }\)’s.

Fig. 2.
figure 2

The performance of CEKF for different numbers of follower nodes.

Full size image

Results. Figure 2 shows the results of evaluating CEKF. The average estimation errors decrease as the number of follower nodes increases and increase as the standard deviation of the measurement noise increases. All the follower nodes fulfilled the tasks for different measurement noises when no attacks took place, which demonstrates the good performance of CEKF when its assumptions are satisfied.

4.3 Performance of Distributed EKF

The distributed EKF (DEKF) requires each follower node to estimate positions based on the consensus with the neighboring follower nodes. In particular, Node i needs to update and transmit \(\hat{x}_{i}^{l}(k|k)\) and \(z_{i}^{l}(k|k),l=1,\cdots ,L\) for consensus. We consider \(S=10\) for the following simulations. The parameters for consensus in () are determined as \(L=40\),\(\mu =0.1\). We assume all the follower nodes can maintain the range measurements w.r.t. the leader node. First, we evaluate the performance of the DEKF using different numbers of neighboring nodes.

Fig. 3.
figure 3

The performance of DEKF for different numbers of neighboring nodes.

Full size image

Results. Figure 3 shows the results of evaluating DEKF. The average estimation errors decrease as the number of neighboring follower nodes increases and are smaller than those of CEKF when the number of neighboring nodes is greater than 3. All the follower nodes fulfilled the tasks for different measurement noises when no attacks took place, which demonstrates that DEKF can achieve acceptable precision without using all the measurements as CEKF.

4.4 Resilience Against Attacks

In this subsection, we evaluate the performance of range-only positioning under attacks. First, we evaluate the performance degradation under different realizations of attacks and show the performance of dead reckoning using IMU. Then, we validate the proposed attack detection and mitigation approach. Additionally, the number of neighboring follower nodes for the experiments in this subsection was set to 4 which is sufficient for DEKF to achieve comparable precision with CEKF based on the results in Sect. 4.3 (Fig. 4).

Fig. 4.
figure 4

The comparison between the performance of CEKF and DEKF under attacks.

Full size image

Performance Under Attacks. As the number of attacked follower nodes increases, the average estimation errors increase. Non-Gaussian attacks cause more significant decreases in performance. The differences between the average estimation errors of CEKF and DEKF were not significant. However, CEKF achieved higher average success rates than DEKF without anti-attack techniques.

Fig. 5.
figure 5

The average estimation errors over time using only IMU for positioning.

Full size image

Performance of Dead Reckoning. Since the considered attacks only impact the range measurements, the IMU will not be affected but still suffer from the drifts by dead reckoning. For simulations, we assume that the velocity estimated from the IMU measurements suffers from an additive Gaussian noise with \(\sigma _{\text {IMU}}=0.1 (m/s)\). The red line with downward-pointing triangle marks in Fig. 5 shows the average estimation errors over time using only IMU in one simulation. The average estimation errors at a time step are the average of the estimation errors of the 10 follower nodes at that time step. Additionally, the black line with the square marks shows the result of DEKF without using the anti-attack technique in one simulation under non-Gaussian attacks with \(y_{a}=48\) and \(|\mathcal {A}_{V}|=5\). 10 follower nodes finished the task using DEKF in that simulation.

Fig. 6.
figure 6

Validation results of the anti-attack approach.

Full size image

Performance of the Anti-attack Approach. Figure 6 shows the validation results of the anti-attack approach. We evaluated the detection errors of the proposed attack detection approach. The detection error is the number of false detections (including false positives and false negatives) in a simulation and the average detection errors are the average of the detection errors of M simulations. The average detection errors for Gaussian attacks were larger than those of non-Gaussian attacks. The proposed detection approach correctly detected the attacked nodes with a high probability (that is greater than 0.94 for all the attacks), selected the unattacked neighboring nodes for consensus-based DEKF, and achieved similar performance to the CEKF without attacks (black lines with square marks).

5 Concluding Remarks

This paper presented a DEKF approach to detecting and mitigating distance manipulation attacks on range-only positioning of multiple smart UASs with IMU-based positioning. In particular, both Gaussian and non-Gaussian types of attacks were considered. The attacks were detected based on the differences between the IMU-based distance estimates and the range measurements and the UAS exchanged information with adjacent UASs that were free of attacks to enhance positioning precision. Experiments demonstrated that DEKF were more robust to attacks than CEKF and using the anti-attack approach based on DEKF and IMU further reduced the positioning errors and improved the probability of fulfilling tasks.

In future works, we will consider other types of distance manipulation attacks and enhance the attack detection and mitigation performance by statistical analysis and machine learning algorithms.