ViTGuard: Attention-aware Detection against Adversarial Examples for Vision Transformer

The use of transformers for vision tasks has challenged the traditional dominant role of convolutional neural networks (CNN) in computer vision (CV). For image classification tasks, Vision Transformer (ViT) effectively establishes spatial relationships between patches within images, directing attention to important areas for accurate predictions. However, similar to CNNs, ViTs are vulnerable to adversarial attacks, which mislead the image classifier into making incorrect decisions on images with carefully designed perturbations. Moreover, adversarial patch attacks, which introduce arbitrary perturbations within a small area, pose a more serious threat to ViTs. Even worse, traditional detection methods, originally designed for CNN models, are impractical or suffer significant performance degradation when applied to ViTs, and they generally overlook patch attacks. In this paper, we propose ViTGuard as a general detection method for defending ViT models against adversarial attacks, including typical attacks where perturbations spread over the entire input and patch attacks. ViTGuard uses a Masked Autoencoder (MAE) model to recover randomly masked patches from the unmasked regions, providing a flexible image reconstruction strategy. Then, threshold-based detectors leverage distinctive ViT features, including attention maps and classification (CLS) token representations, to distinguish between normal and adversarial samples. The MAE model does not involve any adversarial samples during training, ensuring the effectiveness of our detectors against unseen attacks. ViTGuard is compared with seven existing detection methods under nine attacks across three datasets. The evaluation results show the superiority of ViTGuard over existing detectors. Finally, considering the potential detection evasion, we further demonstrate ViTGuard's robustness against adaptive attacks for evasion.

Partner in Crime: Boosting Targeted Poisoning Attacks against Federated Learning

Federated Learning (FL) exposes vulnerabilities to targeted poisoning attacks that aim to cause misclassification specifically from the source class to the target class. However, using well-established defense frameworks, the poisoning impact of these attacks can be greatly mitigated. We introduce a generalized pre-training stage approach to Boost Targeted Poisoning Attacks against FL, called BoTPA. Its design rationale is to leverage the model update contributions of all data points, including ones outside of the source and target classes, to construct an Amplifier set, in which we falsify the data labels before the FL training process, as a means to boost attacks. We comprehensively evaluate the effectiveness and compatibility of BoTPA on various targeted poisoning attacks. Under data poisoning attacks, our evaluations reveal that BoTPA can achieve a median Relative Increase in Attack Success Rate (RI-ASR) between 15.3% and 36.9% across all possible source-target class combinations, with varying percentages of malicious clients, compared to its baseline. In the context of model poisoning, BoTPA attains RI-ASRs ranging from 13.3% to 94.7% in the presence of the Krum and Multi-Krum defenses, from 2.6% to 49.2% under the Median defense, and from 2.9% to 63.5% under the Flame defense.

iDROP: Robust Localization for Indoor Navigation of Drones with Optimized Beacon Placement

Drones in many applications need the ability to fly fully or partially autonomously to accomplish their mission. To allow these fully/partially autonomous flights, first, the drone needs to be able to locate itself constantly. Then the navigation command signal would be generated and passed on to the controller unit of the drone. In this paper, we propose a localization scheme for drones called iDROP (Robust Localization for Indoor Navigation of Drones with Optimized Beacon Placement) that is specifically devised for GPS-denied environments (e.g., indoor spaces). Instead of GPS signals, iDROP relies on speaker-generated ultrasonic acoustic signals to enable a drone to estimate its location. In general, localization error is due to two factors: the ranging error and the error induced by relative geometry between the transmitters and the receiver. iDROP mitigates these two types of errors and provides a high-precision three-dimensional localization scheme for drones. iDROP employs a waveform that is robust against multi-path fading. Moreover, by placing beacons in optimal locations, it reduces the localization error induced by the relative geometry between the transmitters and the receiver.

OPTILOD: Optimal Beacon Placement for High-Accuracy Indoor Localization of Drones

For many applications, drones are required to operate entirely or partially autonomously. To fly completely or partially on their own, drones need access to location services to get navigation commands. While using the Global Positioning System (GPS) is an obvious choice, GPS is not always available, can be spoofed or jammed, and is highly error-prone for indoor and underground environments. The ranging method using beacons is one of the popular methods for localization, specially for indoor environments. In general, localization error in this class is due to two factors: the ranging error and the error induced by the relative geometry between the beacons and the target object to localize. This paper proposes OPTILOD (Optimal Beacon Placement for High-Accuracy Indoor Localization of Drones), an optimization algorithm for the optimal placement of beacons deployed in three-dimensional indoor environments. OPTILOD leverages advances in Evolutionary Algorithms to compute the minimum number of beacons and their optimal placement to minimize the localization error. These problems belong to the Mixed Integer Programming (MIP) class and are both considered NP-Hard. Despite that, OPTILOD can provide multiple optimal beacon configurations that minimize the localization error and the number of deployed beacons concurrently and time efficiently.

PILOT: High-Precision Indoor Localization for Autonomous Drones

In many scenarios, unmanned aerial vehicles (UAVs), aka drones, need to have the capability of autonomous flying to carry out their mission successfully. In order to allow these autonomous flights, drones need to know their location constantly. Then, based on the current position and the final destination, navigation commands will be generated and drones will be guided to their destination. Localization can be easily carried out in outdoor environments using GPS signals and drone inertial measurement units (IMUs). However, such an approach is not feasible in indoor environments or GPS-denied areas. In this paper, we propose a localization scheme for drones called PILOT (High-Precision Indoor Localization for Autonomous Drones) that is specifically designed for indoor environments. PILOT relies on ultrasonic acoustic signals to estimate the target drone's location. In order to have a precise final estimation of the drone's location, PILOT deploys a three-stage localization scheme. The first two stages provide robustness against the multi-path fading effect of indoor environments and mitigate the ranging error. Then, in the third stage, PILOT deploys a simple yet effective technique to reduce the localization error induced by the relative geometry between transmitters and receivers and significantly reduces the height estimation error. The performance of PILOT was assessed under different scenarios and the results indicate that PILOT achieves centimeter-level accuracy for three-dimensional localization of drones.

RAIL: Robust Acoustic Indoor Localization for Drones

Navigating in environments where the GPS signal is unavailable, weak, purposefully blocked, or spoofed has become crucial for a wide range of applications. A prime example is autonomous navigation for drones in indoor environments: to fly fully or partially autonomously, drones demand accurate and frequent updates of their locations. This paper proposes a Robust Acoustic Indoor Localization (RAIL) scheme for drones designed explicitly for GPS-denied environments. Instead of depending on GPS, RAIL leverages ultrasonic acoustic signals to achieve precise localization using a novel hybrid Frequency Hopping Code Division Multiple Access (FH-CDMA) technique. Contrary to previous approaches, RAIL is able to both overcome the multi-path fading effect and provide precise signal separation in the receiver. Comprehensive simulations and experiments using a prototype implementation demonstrate that RAIL provides high-accuracy three-dimensional localization with an average error of less than $1.5$~cm.

Securing your Airspace: Detection of Drones Trespassing Protected Areas

There has been a rapid growth in the deployment of Unmanned Aerial Vehicles (UAVs) in various applications ranging from vital safety-of-life such as surveillance and reconnaissance at nuclear power plants to entertainment and hobby applications. While popular, drones can pose serious security threats that can be unintentional or intentional. Thus, there is an urgent need for real-time accurate detection and classification of drones. In this article, we perform a survey of drone detection approaches presenting their advantages and limitations. We analyze detection techniques that employ radars, acoustic and optical sensors, and emitted radio frequency (RF) signals. We compare their performance, accuracy, and cost, concluding that combining multiple sensing modalities might be the path forward.