The proposed UAV Framework utilizes a hybrid ML and DL approaches for Intrusion Detection (IoD) in UAV networks. It is designed to accommodate the structure of conventional networks where drones connect with base (drone) and ground base stations for transaction management. The framework consists of two main components: the base and ground station, both responsible for capturing and processing data. Unlike traditional networks that can rely on a centralized module, the proposed framework for drones may require separate hybrid modules for the base station and ground station. The base station module controls all drone communications and validates the selection of the drone's module. Distributed modules are employed to detect and assess the level and type of attacks. Each drone is equipped with a module that directly monitors attacks on the drone, while a second module is situated at the ground base station. These modules collaborate to validate attacks and determine which drones should be notified. All drones in the sky can communicate with the base station, a single station, or a network of stations. Streaming or batching for drone intrusion detection depends on the technology used. Batch processing is required when employing MapReduce as a significant component for decision-making, as it requires time for development. However, runtime identification can be performed using frameworks like Flink, Storm, Apache Kafka, or Spark. In this study, Apache Kafka is preferred due to its efficient handling of massive data streams, particularly during the initial stage. The study simulates real-time analysis by providing data as a stream to the modules. Figure 1 illustrates the Smart Framework Layered Architecture of Drone Attacks. The two primary components of the framework are drones and base stations.
1) Drone Layer
The drone layer comprises a camera-equipped quadcopter, the initial layer in the proposed tiered architecture for industrial drones. IoT sensor data update this layer. A camera, GPS sensor, radar, and altitude sensor are deployed as smart sensors. In the suggested architecture, this is the initial stage. This layer can sense, record, and communicate the data collected via drones to the layer above. An unmanned aircraft system (UAS) drone is applied at this layer, which oversees drone flight operations, sensor data logging, etc. The ground controller and the communication connection comprise the two components of the UAS. The disclosed design uses a DJI Phantom 3 drone with a special communication link. and remote control. The drone is equipped with sensors according to the suggested architecture.
2) Edge Processing Layer
The privacy and security layer at the second layer receives the data from IoT and drones, known as the edge processing layer for the Internet of Drones (IoD), where the data source is verified as being from approved sources. This layer corresponds to the cloud layer and is responsible for data transmission and communication. Numerous gateway device methods enable wireless communication. Information is transmitted quickly using Wi-Fi connectivity. The edge processing layer efficiently facilitates communication between devices and the cloud. This layer controls flooding, cashing, and data protection. The Azure IoT gateway is implemented for cloud connectivity in the proposed research. Figure 3 depicts the design of the IoT gateway.
3) Security and Privacy Layer
The following layer utilizes machine learning models to provide device authentication and safe access control. The main component of this IoT framework, data safety, and security, is implemented at this level. At this point, numerous threats to privacy could emerge. They are 1. Physical threat to privacy; 2. behavioral threat to privacy; and 3. location threat to privacy. Taking possession of someone's property is connected to physical privacy. The privacy of someone's possessions may be threatened if someone else is covertly keeping an eye on the drone data. An individual's location being recorded by an unauthorized person is a location privacy threat. An unauthorized party watching someone's actions and conduct is considered a threat to their privacy. Authentication procedures and schemes must be used to combat these kinds of security concerns. Unauthorized individuals make such security threats through a variety of security vulnerabilities. The most prevalent threat types include spoofing, DoS, jamming, and intrusion attacks. An algorithm that uses machine learning to detect and alert users of this kind of vulnerability is used to ensure device authentication in the proposed architecture.
4) Device Connection Layer
IoT gateways are essential for connecting to a base station's cloud-based IoT Hub. A further module for security orchestration and automation is included in this case to guarantee connectivity for only authenticated devices. The IoT Hub acts as a messaging intermediary between IoT devices and applications. The IoT hub in an IoT network enables communication between IoT devices and cloud-based platforms. It is a two-way conversation. Only authenticated devices are subject to the security mechanisms at this layer. The procedure for registering and encrypting network-connected devices is shown in Figure 4. The blockchain client receives sensor, drone, and network data, protects the data's integrity, and saves the data in a database on a cloud server. Real-time security for IoT devices is provided through primitive blockchain technology.
5) Data Processing Layer
This layer receives the data from the IoT Hub and uses it to evaluate the drone's data stream. In this case, two new modules are put into use: a data hub service that facilitates easy and convenient cloud storage and a machine intelligence component that analyses data intelligently. Following the circumstances and needs of the data, a variety of machine learning algorithms are available. This study aims to develop an intelligent machine-learning strategy for device authentication. This layer comprises an authentication system built using the clever machine learning method Naive Bayes. The IoT hub layer uses drone timestamp data for a set period to authenticate devices. The model is developed and validated using data from drone flights. The model is first trained, then testing is done to see if the model is smart enough to recognize malicious drone activity. The model will notify the system and prevent the device from connecting to the cloud if the drone information is erroneous. When a drone behaves inappropriately, it is promptly identified, and machine intelligence is used to prevent unwanted access. Several security risks accompany flight operations. The most frequent threat is a man-in-the-middle assault, which happens when a third party takes control of the drone. False information may also spread when an unauthorized individual attempts to run the drone. The Naive Bayes classifier is implemented in the proposed architecture to train a model, which is subsequently used to validate freshly generated aircraft paths. We calculated the precision, recall, and accuracy using the real-time and VIRAT2020 datasets. Recall is the percentage of inaccurate forecasts, while precision is the percentage of accurate and accurate predictions.
6) Data Storage Layer & Data Visualization Layer
The data storage centers at the data storage layer are where the outcomes of the data processing produced by the data processing layer are kept. The drone layer stores the results drones produce in a cloud-based NoSQL database. The information consists of IoT sensors, a network, and drones. Data may be easily accessed and retrieved due to the schema-less storage offered by NoSQL databases. This method allows for the storage of many data. As a self-referential database, a NoSQL database is more practical than a SQL database. These databases often use the storage structures depicted in Figure 5. The most popular structures are displayed, including documents, graphs, key-value, and columns. The layer of data visualization enables a variety of tools and services for data monitoring. This platform uses Microsoft Azure services for hub services and storage services. The findings produced by the visualization layer, which displays the forecasts made by our intelligent model about the security level of a drone, are seen through a mobile app. The Nave Bayes algorithm is used to detect drone attacks. Using the findings of stream analytics, which are kept in a storage center, figure 6 illustrates the architecture of business intelligence. Power BI, a business intelligence modeling and result visualization platform uses these findings.
B. HYBRID DRONE SECURITY
IDSs must have a deep understanding of all past attacks that have been found. Statistical methods only work effectively in a drone system open to unexpected threats. Unsupervised learning algorithms are enhanced strategies to detect attacks based on device data and generate alerts about unusual attacks. The gadget could spot irregularities and take precautions against attacks in this approach. When the defense system fails to stop an assault, the gadget raises alarms, alerting the system administrator. This provides the primary distinction between learning-based intrusion detection systems and signature-based systems. However, most attacks will only be noticed if there is previous knowledge. Additionally, data noise may affect the detection process. The effectiveness of the supervised and unsupervised tools has improved due to advancements in deep neural networks.
A. IoD WITH ML
In the domain of drone Intrusion Detection (IoD) within UAV networks, various Machine Learning (ML) methods have been explored to detect and mitigate potential attacks. This section discusses some commonly employed ML methods, including Logistic Regression (LR), Decision Trees (DT), Random Forests (RF), and Naive Bayes, for drone IoD.
Logistic Regression (LR): LR is a widely used ML algorithm for binary classification tasks. In the context of drone IoD, LR models can be trained on labeled datasets to classify network traffic as either normal or malicious. LR excels at providing interpretable results by estimating the probability of an instance belonging to a specific class based on feature weights. It can serve as a baseline method for initial drone IoD experiments.
Decision Trees (DT): By building a hierarchical structure of decision rules based on the input features, DT algorithms are tree-based machine learning techniques. DTs are simple and can capture complicated decision boundaries. In drone IoD, DTs can be trained to identify malicious or benign network traffic based on criteria such as packet headers, payload properties, or communication patterns. They are adaptable for identifying different kinds of drone assaults since they can handle both continuous and categorical data.
Random Forests (RF): Various decision trees are combined in the RF ensemble learning technique to increase prediction resilience and accuracy. RF models are particularly good at handling noisy data and high-dimensional datasets. RF can employ an ensemble of decision trees trained on various subsets of the data to categorize network traffic in the context of drone IoD. This ensemble approach improves the intrusion detection system's overall performance and robustness.
Naive Bayes: The probabilistic ML algorithm Naive Bayes is based on the Bayes theorem. It determines the likelihood that an instance belongs to a particular class under the assumption of independence between features. Large datasets can be handled by naive Bayes classifiers, which are also computationally efficient. In drone IoD, Naive Bayes models can be trained with labeled data to determine whether observed feature patterns in network traffic indicate benign or malicious activity. Despite the erroneous feature independence assumption, naive Bayes can produce surprisingly good results in practice.
BIoD WITH DL
Machine Learning (ML) techniques that use recurrent neural networks (RNNs) in the field of drone intrusion detection (IoD) within UAV networks have shown promise in identifying and thwarting possible attacks. The RNN versions of Gated Recurrent Units (GRU), Recurrent Neural Networks (RNN), Long Short-Term Memory (LSTM), and Bidirectional LSTM (biLSTM) that are frequently used for drone IoD are covered in this section.
Gated Recurrent Units (GRU): A form of RNN design known as GRU solves a few drawbacks of conventional RNNs. GRU models are better at capturing long-term dependencies in sequential data because they feature gating mechanisms that enable them to update and reset their internal states selectively. In drone IoD, GRU models can examine network traffic patterns over time while considering the previous context to categorize occurrences as legitimate or malicious. They are useful for real-time assault detection in UAV networks because they are computationally efficient and can manage temporal dynamics well.
Recurrent Neural Networks (RNN): RNNs are a subset of ML models created especially for processing sequential input by preserving hidden states that store knowledge from earlier time steps. RNNs are suitable for drone IoD because they can detect temporal dependencies in time-series data. To analyze the temporal patterns in network traffic and spot anomalies or malicious activity, RNNs can be trained using labeled datasets. Standard RNNs, however, could experience the vanishing gradient problem, which hinders their capacity to detect long-term dependencies. The nodes in Recurrent Neural Networks (RNN) connected are one of the deep learning techniques. These nodes can handle input and output individually, even though each data element is handled separately and stored in sequential order. RNNs are useful in various tasks, including video processing, time series prediction, natural language processing, and speech synthesis. Figure 2 illustrates the multi-layer perceptron design used by RNNs. Additionally, it has a looping design that acts as the primary pathway for information transfer from one level to the next. The extracted RNN loops are displayed in Figure 3 as folded RNN layers.
Long Short-Term Memory (LSTM): LSTM is an RNN variation incorporating memory cells and gating techniques to solve the vanishing gradient issue. LSTMs can effectively capture long-term dependencies in sequential data by selectively storing or forgetting information. In drone IoD, LSTM models can recognize hostile behavior and understand intricate temporal patterns in network traffic. They are very helpful when long-range dependencies are crucial for spotting complex attacks.
Bidirectional LSTM (biLSTM): A variation of LSTM that processes the input sequence forward and backward, biLSTM incorporates data from previous and upcoming time steps. Thanks to this bidirectional processing, the model may capture a more thorough grasp of the context and dependencies in the data.
It is crucial to remember that the effectiveness of these ML techniques, such as GRU, RNN, LSTM, and biLSTM, depends on several variables, including the accessibility and caliber of labeled training data, the complexity and variety of attack patterns, and the unique features of the UAV network. After careful analysis and trial, the best ML strategy for drone IoD in each situation must be determined. Additionally, combining these techniques with other ML algorithms or ensemble techniques can improve the precision and efficacy of drone intrusion detection systems in UAV networks.
C. DRONE DATA COLLECTOR
The data collectors gather the RNN-LSTM module information. This module is also in charge of splitting the data packets into their parts and extracting parameters like reception rate, source IP, transmission-to-reception ratio, transmission rate, destination IP, duration of the activity, and transmission mode. The data collector is given this responsibility since, as was already indicated, our architecture is built to work for batch and stream data modes. As a result, two collector modules are suggested in our architecture, one in each drone component and the other in the base station component, as shown in Figure 1. The collector configured that buffer data when analyzing batch data. The data collector will oversee providing the data to the RNN-LSTM module in stream form when using the data stream mode. It was the method used in this investigation. The data collector simulates real-time data processing and adjusts the data as necessary because we are replicating the drone's activities.
In contrast, the data collector in physical drones, which is not the case in this work, will oversee intercepting the data from the communication module and preparing it to meet the needs of the RNN-LSTM module. The module is furthermore in charge of sending the RNN-LSTM module's decision and the data it has gathered to the base station collector module. All the drones' data and decisions are sent to the base station data collector module. It analyses all incoming data for decision verification and sends it to the base station's central RNN-LSTM module. The decision-maker module will then get the conclusion and proceed with further processing. The hyperparameters of the proposed framework are shown in Table 3 with (Units, batch size, epochs, dropout, batch size, and optimization). We use a minimal dropout value of 15%–35% of neurons during training, with 20% serving as a decent starting point and teaching neurons how to identify attacks. A probability that is too low has little impact, and a probability that is too high prevents the network from learning enough. Moreover, epochs deploy drone assaults following the performance. Even while training accuracy improves, increase the number of epochs until the validation accuracy declines (overfitting).
D. Sensors and Transmissions
Table 2 Hyperparameters proposed framework with RNN, LSTM, and Bi LSTM.
The ZigBee wireless technology is used due to the characteristics, analogies, and capability of digital information transmission. The proposed framework utilized XBee Pro S1, which can send data over a great distance. The data is collected with the following sensors.
• Sensor GPS
• Radar Sensor
• BMP180 Pressure Sensor
Device GPS: The NEO-7N chip and an electrical circuit make up the GPS receiver known as the GY-GPS6MV2. An LED display and a battery make up its construction. The light comes on when it sends GPS data across satellites. This sensor module also has an approximate 161 dBm sensitivity. Radar Detector: This is used to monitor and recognize items far away. These sensors emit electromagnetic radiation in the direction of targets and objects. Compared to optical sensors, these sensors offer enhanced accuracy in identifying objects. Radar sensors can be replaced with accelerometers in the proposed system. Specifically, an HC-SR04 ultrasonic proximity sensor is utilized. Radar sensors are employed to calculate object patterns. The BMP180 Pressure Sensor is employed for altitude and pressure measurements, which consumes minimal battery power. It is compact and exhibits excellent precision. The pressure sensor module is factory-calibrated, ensuring superior accuracy compared to other sensor alternatives.
D. DRONE DATA CENTRALIZED RNN
On the base station, in this instance, another RNN-LSTM is deployed. Again, this module might operate on streams or batches. According to the selected mode, it receives drone traffic from the data collecting module either in streams or in batches. To determine which drone is compromised, the central RNN-LSTM will decide based on the total amount of data gathered. The decision-maker module receives the decision from the central RNN-LSTM module. Due to the traffic generated by the many drones, the centralized RNN has more training than the RNN on individual drones.