Automated Vulnerability Discovery and Crash Investigation System Guided by Unmanned Aerial Vehicle Control Model


Sponsoring Agency
National Security Research Institute


We plan to work on the two-year collaborative research to develop the unmanned aerial vehicle (UAV) accident investigation and vulnerability discovery system by using crowdsourcing data, control models, and program analysis. There have been several existing techniques for UAV accident investigation and vulnerability discovery. RVFuzzer [1] introduces the fuzzing technique guided by the control states of UAVs as feedback. On the other hand, MAYDAY [2] introduces the automated UAV accident investigation and vulnerability discovery framework. However, both previous works have limitations. RVFuzzer still has limitations due to the large fuzzing input space. On the other hand, Mayday can discover vulnerabilities only after a UAV accident happen. To solve the aforementioned limitations, we plan to research the framework that discovers and analyzes vulnerabilities before accidents happen. Specifically, we have observed that PX4 [3], one of the most widely used open-source UAV autopilot programs, automatically collects the UAV users' flight logs from around the world. If we can selectively fuzz UAV systems using the accident-triggering input data chosen from such crowdsourcing data, we can significantly improve the efficiency of fuzzing that RVFuzzer proposed. Furthermore, we can identify the vulnerable control code locations by mapping the simulated UAV control program (whose control logic is identical to that of the physical UAVs) into the UAV control model.

Research Area