Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: filter-out known spoofed data #34

Closed
wants to merge 1 commit into from
Closed

feat: filter-out known spoofed data #34

wants to merge 1 commit into from

Conversation

matejglejtek
Copy link
Contributor

@matejglejtek matejglejtek commented May 6, 2024
edited
Loading

Detect data from RemoteIDSpoofer using analysis of single message container.

Spoofer description.

Check if messages contain spoofed data by checking known traits of spoofed data, like mac address, timestamps, message contents. Save resulting MessageContainerAuthenticityStatus to MessageContainer.

Basic block is the abstract SpooferDetector class that has method calculateSpoofedProbability. Each subclass of SpooferDetector check one part of the MessageContainer, e.g. mac address, timestamp or message of certain type. Method returns probability of data being spoofed between 0 and 1:

  • 0 -> real, 0.5 -> cannot decide, 1 -> spoofed

Detectors can return various values of probability. E.g spoofed data always have 0 as first char of mac addr, but real data also can have 0 at start, so if it is zero I used probability of 0.75 that data are spoofed.

The MessageContainerAuthenticator class contains array of these detectors. When container is updated, the authenticator checks it by running all the detectors and counting the score. Then MessageContainerAuthenticityStatus is worked out from the score:

  • < max/2 - untrusted; (max/2, max/4*3) - suspicious; > max/4*3 - counterfeit

If detector cannot decide, it returs 0.5 so half of score means nothing could be decided. If score is bigger than half, at least one detector detected suspicious data so i used this as threshold for suspicious status. For counterfeit status I used threshold of more than 3/4 of score.

Used in dronetag/drone-scanner#78.

DT-3038

@matejglejtek matejglejtek force-pushed the feat/DT-3038-filter-spoofed-data branch 2 times, most recently from b42c1ed to 9f4700f Compare May 9, 2024 09:50
@matejglejtek
feat: implement filtering messages
471f34f 
check if messages contain known data

DT-3038
@matejglejtek matejglejtek force-pushed the feat/DT-3038-filter-spoofed-data branch from 9f4700f to 471f34f Compare May 9, 2024 10:17
@matejglejtek matejglejtek marked this pull request as ready for review May 9, 2024 10:37
albertmoravec
albertmoravec approved these changes May 9, 2024
View reviewed changes
Copy link
Contributor

@albertmoravec albertmoravec left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very clean 👍

I really appreciate that we are only making a suggestion on authenticity of the data received and do not take any destructive action. I think it is the best way forward.

@matejglejtek matejglejtek mentioned this pull request May 9, 2024
Merged
marianhlavac
marianhlavac requested changes May 12, 2024
View reviewed changes
Copy link
Member

@marianhlavac marianhlavac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The end result is great and the architecture seems well thought out.

I'm very sorry for coming with this in such late phase, but I feel that this should be a feature exclusive to Drone Scanner and we should prefer keeping all of the code in Drone Scanner only. But feel free to open a discussion if you disagree.

It will also be necessary to later work with buffer of stored messages, so please let's move this functionality into Drone Scanner and continue the code review there.

@matejglejtek
Copy link
Contributor Author

It will also be necessary to later work with buffer of stored messages, so please let's move this functionality into Drone Scanner and continue the code review there.

Ok, I moved the functionality to DroneScanner, dronetag/drone-scanner#78, I am closing this PR.

@marianhlavac marianhlavac deleted the feat/DT-3038-filter-spoofed-data branch May 21, 2024 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marianhlavac marianhlavac marianhlavac requested changes

@albertmoravec albertmoravec albertmoravec approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matejglejtek @marianhlavac @albertmoravec