Unveiling intrusions: explainable SVM approaches for addressing encrypted Wi-Fi traffic in UAV networks

Abstract

Unmanned aerial vehicles (UAVs), also known as drones, have become instrumental in various domains, including agriculture, geographic information systems, media, logistics, security, and defense. These UAVs often rely on wireless communication networks for data transmission, making them vulnerable to cyberattacks. To address these challenges, it is necessary to detect potential threats by analyzing the encrypted Wi-Fi traffic data generated by UAVs. This study aimed to develop a linear SVM model that is enhanced with explainable artificial intelligence (XAI) techniques and fine-tuned using Bayesian optimization for intrusion detection systems (IDSs); the model is specifically designed to identify malware threats targeting UAVs. This research utilized encrypted Wi-Fi traffic data derived from three different UAV networks, namely, Parrot Bebop 1, DBPower UDI, and DJI Spark, while considering unidirectional and bidirectional communication flow modes. SVM-based intrusion detection models have been modeled on these datasets, identified their key features using the local interpretable model-agnostic explanations (LIME) technique, and conducted a cost analysis of the proposed modeling approach. The incorporation of the LIME method enabled to highlight the features that are highly indicative of cyberattacks and provided valuable insights into the importance of each feature in the context of intrusion detection. In conclusion, this interpretable IDS model, fine-tuned with Bayesian optimization, demonstrated its superiority over the state-of-the-art methods, proving its efficacy in detecting and mitigating threats to UAVs while offering a cost-effective solution