A machine learning-based system for detecting fake UAV communications and attacks in UAVCAN (UAV Controller Area Network) protocols.
This project implements a comprehensive attack detection system specifically designed for UAVCAN networks, which are widely used in unmanned aerial vehicles (UAVs/drones) for reliable communication between flight controllers, sensors, and actuators.
- 🌊 Flooding Attacks: Overwhelming the network with excessive messages
- 🎯 Fuzzing Attacks: Sending malformed or unexpected data packets
- 🔄 Replay Attacks: Retransmitting previously captured legitimate messages
- Random Forest: For flooding and fuzzing detection
- Neural Network (MLP): For replay attack detection
- Selective Model Loading: Enable/disable specific models as needed
- Cascade Detection: Sequential model execution for optimized performance
- Parallel Detection: Simultaneous model execution for comprehensive analysis
- Gradio-based GUI: User-friendly web interface
- Real-time Results: Live detection results with detailed metrics
- Performance Analytics: Confusion matrix, precision, recall, F1-score
pip install torch torchvision
pip install scikit-learn
pip install pandas numpy
pip install joblib
pip install gradioEnsure these trained model files are in your project directory:
random_forest_model.pkl(Flooding detection)random_forest_model_fuzzy.pkl(Fuzzing detection)model_27_05_replay.pth(Replay detection)scaler.pkl(Feature scaling for neural network)
from attack_detector import SelectiveAttackDetector
# Enable all models
detector = SelectiveAttackDetector(
scaler_path='scaler.pkl',
enable_models={'flooding': True, 'fuzzing': True, 'replay': True}
)
# Process UAVCAN data file
results = detector.process_file('uavcan_data.bin', method='cascade')The system expects UAVCAN data in the following format:
[Label] (timestamp) can_id [length] byte0 byte1 byte2 ...
Example:
Normal (1634567890.123) 0x123 [8] 01 02 03 04 05 06 07 08
Attack (1634567890.456) 0x456 [4] AA BB CC DD
- Model Management: Dynamic loading/unloading of detection models
- Feature Engineering: Automatic extraction of timing and payload features
Input Layer (11 features) →
Hidden Layer 1 (128 neurons) + BatchNorm + Dropout →
Hidden Layer 2 (64 neurons) + BatchNorm + Dropout →
Hidden Layer 3 (32 neurons) + BatchNorm + Dropout →
Output Layer (2 classes: Normal/Attack)
timestamp_diff: Time difference between consecutive messagescan_id: UAVCAN message identifierlength: Message payload lengthbyte_0tobyte_7: Payload bytes (zero-padded)
The system provides comprehensive performance analysis:
- Accuracy: Overall correct prediction rate
- Precision: True positive rate among positive predictions
- Recall: True positive rate among actual positives
- F1-Score: Harmonic mean of precision and recall
- Confusion Matrix: Detailed breakdown of prediction results
- Step 1: Flooding detection on all data
- Step 2: Fuzzing detection on non-flooding data
- Step 3: Replay detection on remaining data
- All models run simultaneously on the entire dataset
- Priority-based result aggregation (Flooding > Fuzzing > Replay)
enable_models = {
'flooding': True, # Enable/disable flooding detection
'fuzzing': False, # Enable/disable fuzzing detection
'replay': True # Enable/disable replay detection
}- Method:
'cascade'or'parallel' - Batch Size: Configurable for GPU memory optimization
- Precision: Timestamp precision for feature engineering
- Flight Controller Protection: Detect malicious commands
- Communication Security: Monitor inter-component communications