Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo

Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo

[    [    [

This paper considers a resilient state estimation framework for unmanned aerial vehicles (UAVs) that integrates a Kalman filter-like state estimator and an attack detector. When an attack is detected, the state estimator uses only IMU signals as the GPS signals do not contain legitimate information. This limited sensor availability induces a sensor drift problem questioning the reliability of the sensor estimates. We propose a new resilience measure, escape time, as the safe time within which the estimation errors remain in a tolerable region with high probability. This paper analyzes the stability of the proposed resilient estimation framework and quantifies a lower bound for the escape time. Moreover, simulations of the UAV model demonstrate the performance of the proposed framework and provide analytical results.

First]Hyung-Jin Yoon, Wenbin Wan, Hunmin Kim, Naira Hovakimyan Second]Lui Sha, Third]Petros G. Voulgaris

Department of Mechanical Science and Engineering, 

Department of Computer Science, 

Department of Aerospace Engineering,
University of Illinois at Urbana-Champaign (UIUC), Urbana, IL 61801, USA. (email:
{hyoon33, wenbinw2, hunmin, nhovakim, lrs, voulgari} 

Keywords: Resilient estimation, Stochastic system, Unmanned aerial vehicle

  11footnotetext: This work has been supported by the National Science Foundation (ECCS-1739732 and CMMI-1663460).


Unmanned aerial vehicles (UAVs) have become popular as commercial, industrial and educational platforms. The mechanical simplicity and agile maneuverability appeal to many applications, such as media production, inspection, and precision agriculture. In all these applications, UAVs need reliable state estimation (e.g. position, velocity) to perform various tasks. Most state estimation techniques for UAVs use an inertial measurement unit (IMU) and a global positioning system (GPS) receiver. However, GPS is vulnerable to spoofing attacks as demonstrated in Warner and Johnston (2003). In Warner and Johnston (2003), the Vulnerability Assessment Team at Los Alamos National Laboratory demonstrated that GPS spoofing attacks can be easily implemented by civilians using GPS satellite simulator. Furthermore, increasing applications of UAVs extend the area of operation to the urban areas, where GPS signals are weak or denied due to other structures such as skyscrapers, elevated highways, and bridges.

Resilient UAV navigation requires timely attack detection and mitigation. From controls perspective, traditionally the GPS spoofing attack has been modeled as a malicious signal injection. Attack detection research against malicious signal injection has been studied extensively for the last several years. The attack detection problem was formulated as an / optimization problem in Fawzi et al. (2014); Pajic et al. (2014). In Mo et al. (2014), an active detection scheme, by adding random disturbance signal to the optimal control input, was proposed to increase the detection rate trading off for optimality. In Mo et al. (2010), the authors identify maximum deviations of the state due to the sensor attacks, while remaining stealthy due to the detection.

On the other hand, since the GPS signal injected by the attacker would cause a discrepancy in the raw antenna signal, the GPS spoofing attack can be detected by examining the raw signal received by the antenna. For example, the shape of the GPS signal strength in polar coordinates was used to detect the GPS attack in McMilin et al. (2014). In Chen et al. (2013), an array of GPS antenna was used to detect the discrepancy compared to the normal situations. The methods using the raw GPS signals in McMilin et al. (2014); Chen et al. (2013) have the potential to detect the stealthy attacks defined in Mo et al. (2010). However, the methods using the raw antenna signals usually require modifications of the hardware or the low-level computing modules.

Unbiased state estimation in adversarial environments can be challenging, because the estimator accumulates errors due to attacks. In such cases, simple state detection can be a preferred method. Incomplete list of the related results includes Mo et al. (2010); Pajic et al. (2014); Yong et al. (2015); Kim et al. (2017). In these efforts, the difference between the measured output and the predicted output has been used to detect attacks and exclude corrupted sensor measurements. The rest of the uncompromised redundant sensors are subsequently used for estimation. We depart from this approach and consider limited sensor redundancy. In particular, the UAV model becomes undetectable in GPS-denied environments. GPS denied state estimation has been studied in Fuke and Krotkov (1996); Chung et al. (2001); Bevly and Parkinson (2007), wherein the focus is on establishing the system output matrices that can be used for standard (error state) Kalman filter for dead reckoning.

Contribution. This paper proposes a resilient estimation framework for UAVs. The framework consists of an attack detection module and a state estimator that operates in two modes: (1) normal and (2) emergency. In the normal mode, all available sensor signals are used to estimate the state. In the emergency mode, only IMU signals are fed to the state estimator. The limited sensor availability leads to the sensor drift problem, and the estimates become gradually unreliable. We quantify a new resilience measure, the escape time, which is defined by the safe time within which the estimation errors remain within a tolerable region with a high probability. We analyze the stability of the proposed estimator and find a lower bound of the escape time. Simulations are conducted to show the effectiveness of the proposed framework.

The remainder of this paper is organized as follows: In Section Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo, we introduce the notation convention in our paper and the dynamic system model. In the same section, we formulate the problem. In Section Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo, we propose a resilient state estimation and detection method for GPS attack detection. Section Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo presents the stability analysis of the proposed estimator, and studies escape time to avoid instability. The significance of the escape time and the potential impact of it are described in Section Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo. In Section Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo, a numerical simulation of a UAV under GPS spoofing attack is presented.


This section discusses some preliminary notations/notions, system models, problem formulation, and attack detector.


We use the subscript of to denote the time index; denotes the n-dimensional Euclidean space; denotes the set of all real matrices; denotes the transpose of matrix ; denotes the identity matrix with an appropriate dimension; denotes the standard Euclidean norm for vector or an induced matrix norm; denotes the expectation operator; is used to denote matrix multiplication when the multiplied terms are in different lines.


We use the following linear model to consider the flight system dynamics and the attacker model:


where , , are the state, the GPS measurement, and the IMU measurement, respectively. IMU returns a noisy measurement of the state difference. The noise signals , , are assumed to be independent and identically distributed (i.i.d.) Gaussian random variables with zero means and covariances , , , respectively. The vector is the GPS spoofing attack, which is unknown to the defender. We assume that the attacker can inject any signal into .


Given the system (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo) with two sensors GPS and IMU, the defender aims to detect the GPS spoofing attack and resiliently estimate the state. Furthermore, the defender needs to analyze the reliability of the state estimates in the adversarial situation.


For linear systems in (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo) with Gaussian additive noises , , and , state estimations of the standard Kalman filter (KF) are Gaussian as well. Through this observation, the statistical test is widely used in attack detection, Teixeira et al. (2010); Mo et al. (2014); Guo et al. (2018), to distinguish whether the error is induced by statistical noises or attacks. In particular, the test has two hypothesis:


By testing (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo), we interpret the result as the following:

  1. Rejecting (accepting ): there is significant evidence that the error is not zero and the error can be due to the attack.

  2. Keeping : we do not have enough evidence to believe that there is an attack.


The proposed estimation and detection system consists of the attack detector and the state estimator. The attack detector performs a statistical hypothesis test to decide whether the GPS signal is being attacked, based on output prediction error and error-covariance estimated by the state estimator. Depending on the result of the hypothesis testing, the state estimation switches its mode between the normal mode and the emergency mode. In the normal mode, the state estimator uses both GPS and IMU to estimate the state and detect an attack. If an attack is detected, the estimator switches to emergency mode, where IMU is used to estimate the state. If the attack detector determines that the GPS signals are clean, the state estimation can return to the normal mode.

Fig. 1: A resilient state estimation framework consisting of GPS attack detection and two modes (normal and emergency) state estimation.

State estimation. The defender implements an estimator and detector to estimate the state and detect the GPS spoofing attack. The following KF-like state estimator is used to estimate the current state:


where ,

The optimal gain can be obtained by solving the following problem: which is an unconstrained convex optimization problem. By taking its derivative with respect to decision variable and setting it equal to zero, we have

and the solution is


Attack detection. We implement statistic test in (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo) using CUSUM (CUmulative SUM) algorithm, which is widely used in change detection research Page (1954); Barnard (1959); Lai (1995).

Before proposing a detection algorithm, we consider some properties of attack vector estimates. Since , given the previous state estimate by the state estimator, we estimate the attack vector by comparing the sensor output and the output prediction:

The current estimate should not be used, because it is correlated with the current output; i.e., .

Due to the Gaussian noises and injected to the linear system in (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo), the state estimates follow Gaussian distribution, since any finite linear combination of Gaussian distributions is also Gaussian. Similarly, is Gaussian as well, and thus the use of test (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo) is justified. The test compares the normalized attack vector estimate with :


where , and is the threshold found in the Chi-square table. In , denotes the degree of freedom, and denotes the statistical significance level.

The proposed CUSUM detector is characterized by the detector state :


where is the pre-determined forgetting factor. The attack detector will raise an alarm

Remark 3.1

Comparing to standard CUSUM algorithm in Page (1954), the proposed CUSUM detector has asymptotic behavior, where the impact of the attacks on the detector state decays asymptotically.


When an attack is detected, the defender switches emergency mode on. Let us denote the time when the attack is detected, which satisfies . As well as normal mode, the state estimation and attack detection continue in normal mode. However, the state estimation can only use the output measured by IMU in emergency mode. Without GPS output, IMU based estimation accumulates error and eventually diverges as we analyze in the following section.

State estimation. The state estimation algorithm (3) with is used to recursively estimate the state and the error covariance .

Attack detection. At each time , the CUSUM detector  (6) is used to update the detector state and detect the attack. The corresponding covariance can be found by . If , then it returns to the normal mode.


This section presents analysis on stability of the state estimation and estimation error escape time.


In this section, we would like to discuss stability and instability conditions of the proposed estimator. Toward this end, we show that the estimator is stable in the normal mode, and unstable in the emergency mode.

In particular, the state estimate obtained through observer (3) is unbiased. Moreover, its covariance is bounded, if is detectable, as shown in the following theorem.

Theorem 4.1

Given , we have for all . If is detectable, then is bounded.

Proof. State estimation error can be described by

Notice that , , and . Given , we have by (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo). Assume , then by (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo). By induction, we conclude that for . Therefore, .

Consider , where we emphasize the dependency of on , . With , is bounded by Corollary 5.2 in Anderson and Moore (1981), because is detectable. Since is chosen optimal, we have . This completes the proof.

If the GPS signals are not available for state estimation, the covariance of the state estimation is expected to be unstable over time under Assumption 4.1. Let us first define necessary notations: , and .

Assumption 4.1

Matrix is invertible, and the pair is not detectable.

Remark 4.1

Assumption 4.1 is satisfied with the double integrator model with IMU, which is widely used to design navigation controller for UAVs as in Kerns et al. (2014). In this case, , and , where is not asymptotically stable. Then, the pair is not detectable and it fulfills Assumption 4.1.

Theorem 4.2

Assume . Then, under Assumption 4.1, is increasing unboundedly.

Proof. We prove the statement by finding an equivalent Kalman filtering problem, and then use the existing stability result for the KF in Anderson and Moore (1981).

Given , the state estimation error update law can be obtained from (3):

The above state estimation error update is the Kalman filter solution of

where . However, the process noise and the measurement noise are coupled; i.e., . Then, the optimal gain is different from the Kalman gain used in the standard KF. To decouple the noises, it is a common practice to add zero term to the state equation above:

where , and . The gain is chosen such that the process noise and measurement noise are decoupled:

where the solution is

Now, the state estimation error update law (3) and its covariance update law (3) with are the Kalman filtering solution of

where the process noise and the measurement noise are decoupled from each other. Under Assumption 4.1, is unstable by Corollary 5.2 in Anderson and Moore (1981). This completes the proof.

Remark 4.2

Stability with GPS (Theorem 4.1) and instability without GPS (Theorems 4.2) are generalized into a system with any relative sensors. This is because output model in (Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo) can represent any relative measurement sensor model regardless of their internal error state dynamic. This is a sharp contrast to existing analytical result. For example, it is a common practice to introduce error state variables for IMU as in Bevly and Parkinson (2007). Using their specific system and output model, one can check detectability of the augmented system to guarantee stability/instability. However, it is not generalized because each system has different system/output(sensor) matrices.


This section proposes a new resilience measure, the escape time, and analyzes the escape time in the emergency mode.

It has been revealed in Theorem 4.2 that the state estimation becomes less trustful, if GPS signals are compromised for a long time. Therefore, the UAV should escape from the GPS spoofer at a certain time before the estimation becomes unreliable. Formally, we define the escape time as follows.

Definition 4.1

The escape time is the time difference between the attack time and the first time instance when the estimation error may not be in tolerable error distance with the significance , i.e.

Given the desired confidence level , the degree of freedom , we have . Since the optimal gains , , can be found in advance at , the corresponding covariance matrices can also be found by the covariance update law in (3). Algorithm 1 presents escape time calculation. Given , the state estimation errors may not remain in the tolerable region with the predetermined confidence after .

Input: , , , ;
Return: ;

2:while  do
3:   ;
4:end while
Algorithm 1 Escape time calculation

If as in Remark 4.1, then a lower bound of the escape time can also be found before actually operating the UAV as shown in Theorem 4.3. Let denote the stationary point of the covariance update (3), i.e.

where and were defined in (3) and (4) respectively. Matrices used in the theorem are defined by

Theorem 4.3

Assume and GPS spoofing attacks start after converges to . Then, a lower bound of the escape time can be found by

  • For ,

  • For ,

Proof. First, we derive an upper bound on . Assume and without loss of generality. Given , the covariance update law can be obtained from (3):


where is time-invariant because the optimal is time-invariant:

Applying basic matrix norm property to (7), we have

By recursively applying the bound above, we have


Now, we will apply the bound (8) to the test equation. For the positive definite matrices , we have

and thus the time that verifies


is a lower bound of the escape time . If , then

which proves the theorem. If , by the sum of geometric series, equation (9) becomes


By taking log on both sides, we have the desired result.


As a new resilience measure, the escape time provides a new criterion for optimal path planning with increasing uncertainties. In this section, we discuss relevant problems.

Fig. 2: Illustration of path planning problem considering the increasing uncertainties

Once an attack is detected, the UAV is expected to land on a secure position in the pre-calculated escape time if possible. The path planning problem illustrated in Figure 2 can be formulated as

where the UAV should arrive at the landing position before the escape time.

On the other hand, if a secure landing position is not available, the UAV is expected to escape from the spoofer within the escape time. If the output power of the GPS spoofing signal is time invariant, the defender is able to spot the spoofer through measurement of the GPS signal strength (e.g., signal-to-noise ratio) with corresponding state estimates. Then, the problem of interest becomes

where is the location of the spoofer, is a pre-determined distance such that the GPS spoofing signal cannot affect the UAV, and denotes the desired certainty.


We simulate scenarios, where a UAV gets a GPS spoofing attack during a flight to a target position. In the first scenario, we simulate a system without attack detector, where the UAV keeps using the normal state estimator in Section  Towards Resilient UAV: Escape Time in GPS Denied Environment with Sensor Drift\thanksreffootnoteinfo during the flight. In the second scenario, the UAV detects the attack and then switches to the emergency mode as illustrated in Figure 3.

Fig. 3: Illustration of the simulation scenario: (1) red line denotes the flight path with normal mode under GPS attack; (2) black line denotes the path with emergency mode.

We use a double integrator UAV dynamics under the GPS spoofing attack as in Kerns et al. (2014). The discrete time state vector considers planar position and velocity at time step , i.e.

where denote x, y position coordinates, and denote velocity coordinates. With sampling time at seconds, the double integrator model is discretized into the following matrices:

and outputs and measure positions from GPS and IMU, respectively, with the output matrices:

The covariance matrices of the sensing and disturbance noises are chosen as

In the scenarios, the UAV is moving toward the target position with the coordinates at by using feedback control\@footnotemark\@footnotetextWe implemented a proportional-derivative (PD) like tracking controller, which is widely used for double integrator systems. using the state estimate from the state estimator. The GPS attack happens at time step . The attack signal is .


As shown in Figure 4, the state estimation is deceived by the GPS attack. The position coordinate of the UAV actually converges toward , however, the state estimate shows it converges to the desired position at .

Fig. 4: State and estimate under the GPS attack at .

The attack detector is able to detect the attack using the normalized attack vector as shown in Figure  5. In Figure 5, there is an evident spike of the detector state, which implies there is an attack. Statistic significance of the attack is tested using the CUSUM detector described in (6) with the significance at .

Fig. 5: Attack detection: Statistics denotes defined in (6) of CUSUM detector. The threshold equals to with and .

Based on the hypothesis test result, we switch the system mode to the emergency.

Fig. 6: State and estimate with the attack mitigation.

As shown in Figure 6, the proposed method mitigates the attack. However, we also observe the drift of estimate in Figure 6. The drift motivates us to estimate the bounds of the drift.


Using the covariance estimate and test, we can calculate a confidence interval as shown in Figure 7. The error magnitudes of 10 sample trajectories are under the confidence bound as shown in Figure 7. Note that the calculation of the confidence bound is deterministic. Using Algorithm 1, we can calculate that it takes steps (escape time) to reach the error threshold . Alternatively, we can calculate a lower bound of the escape time according to Theorem 4.3. The lower bound is at steps which can be verified in Figure 7.

Fig. 7: The confidence bound with the proposed method, i. e. with , the upper bound calculated in Theorem 4.3, and 10 sample trajectories (gray colored) of .

This paper studies resilient state estimation of UAVs in GPS denied environment. The KF-like estimator has been designed and CUSUM algorithm is used to detect the attack. In the presence of the attack, GPS signals are not used to estimate the state, because they do not contain valid information. Due to the limited sensing device in the emergency mode, the estimation suffers from the sensor drift problem. We calculate a lower bound of the escape time, which is defined by the safe time such that the estimation error remains in a tolerable region with a high probability. A simulation of the UAV demonstrates the results.


  • Anderson and Moore (1981) Anderson, B. and Moore, J.B. (1981). Detectability and stabilizability of time-varying discrete-time linear systems. SIAM Journal on Control and Optimization, 19(1), 20–32.
  • Barnard (1959) Barnard, G.A. (1959). Control charts and stochastic processes. Journal of the Royal Statistical Society. Series B (Methodological), 239–271.
  • Bevly and Parkinson (2007) Bevly, D.M. and Parkinson, B. (2007). Cascaded kalman filters for accurate estimation of multiple biases, dead-reckoning navigation, and full state feedback control of ground vehicles. IEEE Transactions on Control Systems Technology, 15(2), 199–208.
  • Chen et al. (2013) Chen, Y.H., Lo, S., Akos, D.M., De Lorenzo, D.S., and Enge, P. (2013). Validation of a controlled reception pattern antenna (CRPA) receiver built from inexpensive general-purpose elements during several live-jamming test campaigns. In Proceedings of the 2013 International Technical Meeting of The Institute of Navigation, San Diego, California, 154–163.
  • Chung et al. (2001) Chung, H., Ojeda, L., and Borenstein, J. (2001). Sensor fusion for mobile robot dead-reckoning with a precision-calibrated fiber optic gyroscope. In Proceedings 2001 ICRA. IEEE International Conference on Robotics and Automation (Cat. No. 01CH37164), volume 4, 3588–3593. IEEE.
  • Fawzi et al. (2014) Fawzi, H., Tabuada, P., and Diggavi, S. (2014). Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Transactions on Automatic Control, 59(6), 1454–1467.
  • Fuke and Krotkov (1996) Fuke, Y. and Krotkov, E. (1996). Dead reckoning for a lunar rover on uneven terrain. In Proceedings of IEEE International Conference on Robotics and Automation, volume 1, 411–416. IEEE.
  • Guo et al. (2018) Guo, P., Kim, H., Virani, N., Xu, J., Zhu, M., and Liu, P. (2018). RoboADS: Anomaly detection against sensor and actuator misbehaviors in mobile robots. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 574–585. IEEE.
  • Kerns et al. (2014) Kerns, A.J., Shepard, D.P., Bhatti, J.A., and Humphreys, T.E. (2014). Unmanned aircraft capture and control via GPS spoofing. Journal of Field Robotics, 31(4), 617–636.
  • Kim et al. (2017) Kim, H., Guo, P., Zhu, M., and Liu, P. (2017). Attack-resilient estimation of switched nonlinear cyber-physical systems. In American Control Conference, 4328–4333. IEEE.
  • Lai (1995) Lai, T.L. (1995). Sequential changepoint detection in quality control and dynamical systems. Journal of the Royal Statistical Society. Series B (Methodological), 613–658.
  • McMilin et al. (2014) McMilin, E., De Lorenzo, D.S., Walter, T., Lee, T.H., and Enge, P. (2014). Single antenna gps spoof detection that is simple, static, instantaneous and backwards compatible for aerial applications. In Proceedings of the 27th international technical meeting of the satellite division of the institute of navigation (ION GNSS+ 2014), Tampa, FL, 2233–2242. Citeseer.
  • Mo et al. (2014) Mo, Y., Chabukswar, R., and Sinopoli, B. (2014). Detecting integrity attacks on SCADA systems. IEEE Transactions on Control Systems Technology, 22(4), 1396–1407.
  • Mo et al. (2010) Mo, Y., Garone, E., Casavola, A., and Sinopoli, B. (2010). False data injection attacks against state estimation in wireless sensor networks. In IEEE Conference on Decision and Control, 5967–5972.
  • Page (1954) Page, E.S. (1954). Continuous inspection schemes. Biometrika, 41(1/2), 100–115.
  • Pajic et al. (2014) Pajic, M., Weimer, J., Bezzo, N., Tabuada, P., Sokolsky, O., Lee, I., and Pappas, G.J. (2014). Robustness of attack-resilient state estimators. In ACM/IEEE International Conference on Cyber-Physical Systems, 163–174.
  • Teixeira et al. (2010) Teixeira, A., Amin, S., Sandberg, H., Johansson, K.H., and Sastry, S.S. (2010). Cyber security analysis of state estimators in electric power systems. In IEEE Conference on Decision and Control, 5991–5998.
  • Warner and Johnston (2003) Warner, J.S. and Johnston, R.G. (2003). GPS spoofing countermeasures. Homeland Security Journal, 25(2), 19–27.
  • Yong et al. (2015) Yong, S.Z., Zhu, M., and Frazzoli, E. (2015). Resilient state estimation against switching attacks on stochastic cyber-physical systems. In IEEE Conference on Decision and Control, 5162–5169.
Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
Add comment
Loading ...
This is a comment super asjknd jkasnjk adsnkj
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test description