Evaluation of Drone Neutralization Methods using Radio Jamming and Spoofing Techniques / Utvärdering av drönar-neutraliseringsmetoder genom användandet av radiostörning- och spoofingtekniker

Rozenbeek, David Jan

January 2020

The usage of drones is steadily increasing as drones are becoming more available and useful to the general public, but drone usage also leads to problems as for example airports have had to shutdown due to drone sightings. It has become clear that a counter-drone system must be in place to neutralize intruding drones. However, neutralizing a drone is not an easy task, the risk of causing collateral damage and interfering with other radio systems must be highly considered when designing a counter-drone system. In this thesis a set of consumer drones was selected based on market popularity. By studying the wireless communication links of the selected drones a set of drone neutralization methods was identified. For each neutralization method a set of jamming and spoofing techniques was selected from current research. The techniques was used in practise by subjecting the drones to the techniques in a series of drone behaviour experiments. The results was used to evaluate the techniques in four criteria based on avoiding collateral damage, mitigating radio interference, identification requirement and handling multiple intruding drones. The evaluation was then summarized to discuss suitable drone neutralization methods and jamming & spoofing techniques. The results showed that there are neutralization methods that could potentially avoid causing col- lateral damage for certain drones. A full-band barrage jamming technique was shown to best the best performing based on the evaluation criteria, but was also the technique that theoretically induced the most radio interference. Furthermore, drones operating in way-point mode can only be neutralized using a GNSS jamming or spoofing neutralization method. Also using a GPS spoofing neutralization method was shown to be difficult to implement in practise. / Populariteten av att flyga drönare ökar stadigt i och med att drönartekniken blir mer tillgänglig och an- vändbart för allmänheten. Men användningen av drönare leder också till problem när till exempel flyg- platser har varit tvungna att stänga av på grund av drönar observationer. Det har blivit tydligt att ett anti-drönarsystem måste vara på plats för att neutralisera inkräktande drönare. Men att neutralisera en drönare är inte en enkel uppgift, risken för att orsaka sido-skador på personer, byggander eller objekt; eller störa andra radiosystem måste beaktas starkt när man utformar ett anti-drönarsystem. I detta examensarbete valdes en uppsättning konsumentdrönare ut baserat på marknadens popularitet. Genom att studera de trådlösa kommunikationslänkarna för de valda drönarna identifierades en uppsättning av drönar-neutraliseringsmetoder. För varje neutraliseringsmetod valdes en uppsättning av störnings- och spoofing-tekniker ut från aktuell forskning. Teknikerna användes i praktiken genom att utsätta drönarna för teknikerna i en serie drönar-beteendeexperiment. Resultaten användes sedan för att utvärdera teknikerna i fyra utvärderingskriterier baserade på att undvika sido-skador, mildra radiostörningar, identifieringsbehov och hantering av flera inkräktande drönare. Utvärderingen sammanfattades sedan för att diskutera lämpliga drönar-neutraliseringsmetoder och störnings- spoofing-tekniker. Resultaten visade att det finns neutraliseringsmetoder som potentiellt kan undvika att orsaka sido- skador eller radio-störningar för vissa typer av drönare. En full-bands störningsteknik visade sig vara bäst presterande baserat på utvärderingskriterierna, men var också den teknik som teoretiskt inducerade mest radiostörningar. Dessutom visades det att drönare som flyger i navigeringsläge endast kan neutraliseras med hjälp av en GNSS-störnings- eller spoofing metoder. Att använda en GPS-spoofing metod visade sig också vara svår att implementera i praktiken.

C-UAS

Drone

UAV

Counter-drone

Jamming

GPS Spoofing

Elektroteknik och elektronik

Cardiac Signals: Remote Measurement and Applications

Sarkar, Abhijit

25 August 2017

The dissertation investigates the promises and challenges for application of cardiac signals in biometrics and affective computing, and noninvasive measurement of cardiac signals. We have mainly discussed two major cardiac signals: electrocardiogram (ECG), and photoplethysmogram (PPG). ECG and PPG signals hold strong potential for biometric authentications and identifications. We have shown that by mapping each cardiac beat from time domain to an angular domain using a limit cycle, intra-class variability can be significantly minimized. This is in contrary to conventional time domain analysis. Our experiments with both ECG and PPG signal shows that the proposed method eliminates the effect of instantaneous heart rate on the shape morphology and improves authentication accuracy. For noninvasive measurement of PPG beats, we have developed a systematic algorithm to extract pulse rate from face video in diverse situations using video magnification. We have extracted signals from skin patches and then used frequency domain correlation to filter out non-cardiac signals. We have developed a novel entropy based method to automatically select skin patches from face. We report beat-to-beat accuracy of remote PPG (rPPG) in comparison to conventional average heart rate. The beat-to-beat accuracy is required for applications related to heart rate variability (HRV) and affective computing. The algorithm has been tested on two datasets, one with static illumination condition and the other with unrestricted ambient illumination condition. Automatic skin detection is an intermediate step for rPPG. Existing methods always depend on color information to detect human skin. We have developed a novel standalone skin detection method to show that it is not necessary to have color cues for skin detection. We have used LBP lacunarity based micro-textures features and a region growing algorithm to find skin pixels in an image. Our experiment shows that the proposed method is applicable universally to any image including near infra-red images. This finding helps to extend the domain of many application including rPPG. To the best of our knowledge, this is first such method that is independent of color cues. / Ph. D. / The heart is an integral part of the human body. With every beat, the heart continuously pumps oxygen-enriched blood to providing fuel to our cells and thus enabling life. The heartbeat is initiated by electrical signals generated in the heart muscles. This electrical activity, which are often governed by our autonomic nervous system, can be measured directly by electrocardiogram (ECG) using advanced and often obtrusive instrumentation. Photoplethysmogram (PPG), on the other hand, measures how the blood volume changes and can be readily measured with inexpensive instrumentation at certain locations (e.g. at the fingertip). The ECG and PPG are widely used cardiac signals in medical science for diagnosis and health monitoring. But, these signals hold greater potential than just its medical diagnostic applications. In this work, we have mainly investigated if these signals can be used to identify an individual. Every human heart differs by their size, shape, locations inside body, and internal structure. This motivated us to represent the signals using a mathematical model and use machine learning algorithm to identify individual persons. We have discussed how our method improves the identification accuracy and can be used with current biometric methods like fingerprint in our phone. The measurement procedures of cardiac signals are often cumbersome and need instruments which may not be available outside medical facilities. Therefore, we have investigated alternative method of remote photoplethysmography (rPPG) that are relatively inexpensive and unobtrusive. In this dissertation, we have used face video of an individual to extract the heart rate information. The flow of blood causes small changes in the color of face skin. This is not visible to human eyes without digital magnification, but we have shown how knowledge of distinct behavior of human heart rate and use of advanced computer vision algorithms helped us to extract vital signals like heart rate with a significant accuracy. In addition, to measure rPPG using face video, we integrated a method for automatic detection of skin from images and videos. Existing skin detection methods depended on color information which is not always available within available video sources. We have developed a novel standalone skin detection method to show that it is not necessary to have color cues for skin detection. Our method relies on the context and the texture based appearance of skin. To the best of our knowledge, this is first such method that is independent of color cues. In summary, the dissertation investigates the promises and challenges for application of cardiac signals in biometrics and nonobtrusive measurement of cardiac signals using face video.

Electrocardiogram

Blood volume pulse

Remote plethysmography

ECG biometrics

PPG biometrics

Skin detection

Driver monitoring

Face anti-spoofing.

Analysis of Jamming-Vulnerabilities of Modern Multi-carrier Communication Systems

Mahal, Jasmin Ara

19 June 2018

The ever-increasing demand for private and sensitive data transmission over wireless networks has made security a crucial concern in the current and future large-scale, dynamic, and heterogeneous wireless communication systems. To address this challenge, wireless researchers have tried hard to continuously analyze the jamming threats and come up with improved countermeausres. In this research, we have analyzed the jamming-vulnerabilities of the leading multi-carrier communication systems, Orthogonal Frequency Division Multiplexing (OFDM) and Single-Carrier Frequency Division Multiple Access (SC-FDMA). In order to lay the necessary theoretical groundwork, first we derived the analytical BER expressions for BPSK/QPSK and analytical upper and lower bounds for 16-QAM for OFDMA and SC-FDMA using Pilot Symbol Assisted Channel Estimation (PSACE) techniques in Rayleigh slow-fading channel that takes into account channel estimation error as well as pilot-jamming effect. From there we advanced to propose more novel attacks on the Cyclic Prefix (CP) of SC-FDMA. The associated countermeasures developed prove to be very effective to restore the system. We are first to consider the effect of frequency-selectivity and fading correlation of channel on the achievable rates of the legitimate system under pilot-spoofing attack. With respect to jamming mitigation techniques, our approaches are more focused on Anti-Jamming (AJ) techniques rather than Low Probability of Intercept (LPI) methods. The Channel State Information (CSI) of the two transceivers and the CSI between the jammer and the target play critical roles in ensuring the effectiveness of jamming and nulling attacks. Although current literature is rich with different channel estimation techniques between two legitimate transceivers, it does not have much to offer in the area of channel estimation from jammer's perspective. In this dissertation, we have proposed novel, computationally simple, deterministic, and optimal blind channel estimation techniques for PSK-OFDM as well as QAM-OFDM that estimate the jammer channel to the target precisely in high Signal-to-Noise (SNR) environment from a single OFDM symbol and thus perform well in mobile radio channel. We have also presented the feasibility analysis of estimating transceiver channel from jammer's perspective at the transmitter as well as receiver side of the underlying OFDM system. / Ph. D. / Susceptibility to interferences is one of the major inherent vulnerabilities of open and pervasive wireless communications systems. The recent trends to more and more decentralized and ad-hoc communication systems that allow various types of network mobile terminals to join and leave simply add to this susceptibility. As these networks continue to flourish worldwide, the issues of privacy and security in wireless communication networks have become a major research problem. The increasingly severe hostile environments with advanced jamming threats has prompted the corresponding advancement in jamming detection and mitigation techniques. This dissertation has analyzed the jamming-vulnerabilities of the leading multi-carrier communication systems of the modern world. We have designed some novel jamming attacks and the corresponding countermeasures. The performance of these novel more-effective techniques are compared with their less-effective conventional counterparts. The information of the channel between the legitimate transmitter-receiver pair and between the jammer and the target play critical roles in ensuring the effectiveness of these smart jamming attacks. Although current literature is rich with different channel estimation techniques between the legitimate pair, it does not have much to offer in the area of channel estimation from jammer’s perspective. In this dissertation, we have proposed novel channel estimation techniques from jammer’s perspective.

Jamming

Anti-jamming

OFDM

OFDMA

SC-FDMA

MISO

Pilot-spoofing

Channel estimation

Multi-carrier Systems

Physical Layer Security

Testování zranitelností v průmyslových sítích / Vulnerabilities assessment for industrial protocols

Zahradník, Jiří

January 2020

Thesis deals with testing of selected vulnerabilities from the IEC 61850 standard and following design of mitigation measures for selected vulnerabilities. Author simulated vulnerabilities of the GOOSE protocol, NTP attack and attack ona MMS client. Those attacks were GOOSE stNum, GOOSE semantic, GOOSE test bit,GOOSE replay, GOOSE flood, NTP spoofing and MMS password capture. Attacks on protocols GOOSE and MMS were successful, attack on NTP was only partially successful since the device confirmed receiving spoofed time, however it did not change it’s inner clock. Author then designed possible mitigation measures. Tool for automatic testing of selected vulnerabilities, parser for the GOOSE protocol and lightweight multiplatform parser for configuration files were created as well.The outcome of this thesis allows the implementation of lager scale tool for penetration testing of industrial networks as well as it allows implementation of discussed mitigation measures.

Non-Parallel Voice Conversion / Non-Parallel Voice Conversion

Brukner, Jan

January 2020

Cílem konverze hlasu (voice conversion, VC) je převést hlas zdrojového řečníka na hlas cílového řečníka. Technika je populární je u vtipných internetových videí, ale má také řadu seriózních využití, jako je dabování audiovizuálního materiálu a anonymizace hlasu (například pro ochranu svědků). Vzhledem k tomu, že může sloužit pro spoofing systémů identifikace hlasu, je také důležitým nástrojem pro vývoj detektorů spoofingu a protiopatření.    Modely VC byly dříve trénovány převážně na paralelních (tj. dva řečníci čtou stejný text) a na vysoce kvalitních audio materiálech. Cílem této práce bylo prozkoumat vývoj VC na neparalelních datech a na signálech nízké kvality, zejména z veřejně dostupné databáze VoxCeleb. Práce vychází z moderní architektury AutoVC definované Qianem et al. Je založena na neurálních autoenkodérech, jejichž cílem je oddělit informace o obsahu a řečníkovi do samostatných nízkodimenzionýálních vektorových reprezentací (embeddingů). Cílová řeč se potom získá nahrazením embeddingu zdrojového řečníka embeddingem cílového řečníka. Qianova architektura byla vylepšena pro zpracování audio nízké kvality experimentováním s různými embeddingy řečníků (d-vektory vs. x-vektory), zavedením klasifikátoru řečníka z obsahových embeddingů v adversariálním schématu trénování neuronových sítí a laděním velikosti obsahového embeddingu tak, že jsme definovali informační bottle-neck v příslušné neuronové síti. Definovali jsme také další adversariální architekturu, která porovnává původní obsahové embeddingy s embeddingy získanými ze zkonvertované řeči. Výsledky experimentů prokazují, že neparalelní VC na nekvalitních datech je skutečně možná. Výsledná audia nebyla tak kvalitní případě hi fi vstupů, ale výsledky ověření řečníků po spoofingu výsledným systémem jasně ukázaly posun hlasových charakteristik směrem k cílovým řečníkům.

Systém pro testování odolnosti komunikační jednotky LAN dálkového sběru dat / System for testing the robustness of communication unit LAN of remote data acquisition

Mlýnek, Petr

January 2008

Remote data collection systems are widely used. One of the area is also data collection in energetics, where the energy consumption can be collected daily and presented to users on-line. The advantage of the remote data collection is possibility of frequent readings without a physical presence at the electrometers. The data transmission over the Internet can be subject of various attacks, which is the disadvantage. The understanding of attack method is the most important thing. The protection against the hackers is not complicated, but requires lot of attention. This master's thesis is focused on testing security of the communication unit LAN of remote data acquisition against attacks from the Internet. The next aim of this thesis is to describe algorithm of particular attack, needed recourses for their realization and method of their measurement and evaluation. Communication unit and component composition for attacks simulation is described in the first part of this thesis. The next part is focused on scanning for hosts and ports. The main part of this thesis is focused on the denial of service attacks and man in the middle attacks. In the end of my thesis is described selection of cryptographic system for remote data acquisition and is showed possibility of authentication mirroring. Problems of physical security are described too. The result of this thesis is script implementing all attacks, which are described.

Liveness Detection on Fingers Using Vein Pattern / Liveness Detection on Fingers Using Vein Pattern

Dohnálek, Tomáš

January 2015

Tato práce se zabývá rozšířením snímače otisků prstů Touchless Biometric Systems 3D-Enroll o jednotku detekce živosti prstu na základě žil. Bylo navrhnuto a zkonstruováno hardwarové řešení s využitím infračervených diod. Navržené softwarové řešení pracuje ve dvou různých režimech: detekce živosti na základě texturních příznaků a verifikace uživatelů na základě porovnávání žilních vzorů. Datový soubor obsahující přes 1100 snímků jak živých prstů tak jejich falsifikátů vznikl jako součást této práce a výkonnost obou zmíněných režimů byla vyhodnocena na tomto datovém souboru. Na závěr byly navrhnuty materiály vhodné k výrobě falsifikátů otisků prstů umožňující oklamání detekce živosti pomocí žilních vzorů.

Analýza a demonstrace vybraných L2 útoků / An Analysis of Selected Layer 2 Network Attacks

Lomnický, Marek

January 2009

This MSc Thesis focuses on principles, practical performability and security against four attacks used in contemporary local-area networks: CAM Table Overflow capable of capturing traffic in switched networks, ARP Man-in-the-Middle, whose target is to redirect or modify traffic and against two variants of VLAN Hopping attack allowing a hacker to send and capture data from VLANs he has no access to.

ARTIFICIAL INTELLIGENCE-BASED GPS SPOOFING DETECTION AND IMPLEMENTATION WITH APPLICATIONS TO UNMANNED AERIAL VEHICLES

Mohammad Nayfeh (15379369)

30 April 2023

<p>In this work, machine learning (ML) modeling is proposed for the detection and classification of global positioning system (GPS) spoofing in unmanned aerial vehicles (UAVs). Three testing scenarios are implemented in an outdoor yet controlled setup to investigate static and dynamic attacks. In these scenarios, authentic sets of GPS signal features are collected, followed by other sets obtained while the UAV is under spoofing attacks launched with a software-defined radio (SDR) transceiver module. All sets are standardized, analyzed for correlation, and reduced according to feature importance prior to their exploitation in training, validating, and testing different multiclass ML classifiers. Two schemes for the dataset are proposed, location-dependent and location-independent datasets. The location-dependent dataset keeps the location specific features which are latitude, longitude, and altitude. On the other hand, the location-independent dataset excludes these features. The resulting performance evaluation of these classifiers shows a detection rate (DR), misdetection rate (MDR), and false alarm rate (FAR) better than 92%, 13%, and 4%, respectively, together with a sub-millisecond detection time. Hence, the proposed modeling facilitates accurate real-time GPS spoofing detection and classification for UAV applications.</p> <p><br></p> <p>Then, a three-class ML model is implemented on a UAV with a Raspberry Pi processor for classifying the two GPS spoofing attacks (i.e., static, dynamic) in real-time. First, several models are developed and tested utilizing the prepared dataset. Models evaluation is carried out using the DR, F-score, FAR, and MDR, which all showed an acceptable performance. Then, the optimum model is loaded to the onboard processor and tested for real-time detection and classification. Location-dependent applications, such as fixed-route public transportation, are expected to benefit from the methodology presented herein as the longitude, latitude, and altitude features are characterized in the implemented model.</p>

Global Positioning System

Machine Learning

Software-Defined Radio

Spoofing attacks

Unmanned Aerial Vehicle

Federated Learning with FEDn for Financial Market Surveillance

Voltaire Edoh, Isak

January 2022

Machine Learning (ML) is the current trend that most industries opt for to improve their business and operations. ML has also been adopted in the financial markets, where well-funded financial institutions employ the latest ML algorithms to gain an advantage on the market. The darker side of ML is the potential emergence of complex algorithmic trading schemes that are abusive and manipulative. Because of this, it is inevitable that ML will be applied to financial market surveillance in order to detect these abusive and manipulative trading strategies. Ideally, an accurate ML detection model would be developed with data from many financial institutions or trading venues. However, such ML models require vast quantities of data, which poses a problem in market surveillance where data is sensitive or limited. Data sharing between companies or countries is typically accompanied by legal and privacy concerns. By training ML models on distributed datasets, Federated Learning (FL) overcomes these issues by eliminating the need to centralise sensitive data. This thesis aimed to address these ML related issues in market surveillance by implementing and evaluating a FL model. FL enables a group of independent data-holding clients with the same intention to build a shared ML model collaboratively without compromising private data. In this work, a ML model is initially deployed in a centralised data setting and trained to detect the manipulative trading scheme known as spoofing. The LSTM-Autoencoder was the model chosen method for this task. The same model is also implemented in a federated setting but with decentralised data, using the FL framework FEDn. Another FL framework, Flower, is also employed to evaluate the performance of FEDn. Experiments were conducted comparing the FL models to the conventional centralised learning model, as well as comparing the two frameworks to each other. The results showed that under certain circumstances, the FL models performed better than the centralised model in detecting spoofing. FEDn was equivalent to Flower in terms of detection performance. In addition, the results indicated that Flower was marginally faster than FEDn. It is assumed that variations in the experimental setup and stochasticity account for the performance disparity.

machine learning

federated learning

privacy

market surveillance

financial markets

fraud detection

spoofing

market abuse

market manipulation

LSTM

FEDn

Information Systems