Catching Drones: Detecting Drones via Network Traffic Analysis



Founding Entity: Hamad Bin Khalifa University (HBKU) – Innovation Center

Amount of the Founding: $ 12,000.00

Duration of the Project: 1 year

Lead Investigator: Dr. Saif Al-Kuwari


Unmanned Aerial Vehicles (UAV), known as drones, are becoming extremely popular due to their price getting cheaper and their functionalities becoming increasingly appealing. Indeed, drones are already adopted for several tasks such as inspections, securing remote assets, and emergency situations.

Unfortunately, drones represent the classical dual-use technology that could also be adopted for malicious intents, such as facilitating physical access to unsecured systems, taking video/image pictures of restricted-access areas, or being used-as/carrying weapons against selected targets. The latter is one of the major threats, not only for people but also for critical infrastructures such as airports and industrial sites, to name a few.

Several drone countermeasures have been developed and already deployed. Some of them involve the use of jammers to prevent the remote controller of the drone by forcing it to landing, the use of other drones to chase the not-authorized one and, finally, weapons to shoot the drone down. Indeed, several start-ups have already developed different anti-drone solutions mainly based on radar detection and jamming.

Drone detection can only rely on a few effective techniques. Among the various techniques, four major strategies can be identified: (i) visual detection; (ii) audio detection; (iii) radar; and, (iv) RF detection. However, these solutions suffer from intrinsic limitations: visual detection requires many cameras and high computational capabilities, audio detection is limited by the human perception and by the level of the noise in the environment, radar-based techniques require bulky and expensive equipment, while RF detection requires special hardware.

To provide an innovative, cheap and easy-to-use technology, we propose the implementation of a drone detection technique based on traffic analysis. Our solution is the first able to detect a drone and its current state in real-time, looking only at the wireless traffic. It leverages only traffic-related information, such as the packets size, the interarrival time and, in case, the received signal power level. Thus, our solution works even if the traffic between the controller and the drone is encrypted, or other defensive measures are applied, such as dynamic changing of MAC address and disabling of SSID broadcast. In addition, our solution is extremely cheap, as it requires only a wireless probe and a laptop. Finally, our solution is effective, as it can not only identify if a drone is present, but also detect if it is flying or lying on the ground, and detect which movement it is performing (approaching or moving away).