USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications
Article Information
Abstract
With the deep integration of artificial intelligence (AI) and Internet of Things (IoT) technologies, the maritime transportation industry is undergoing profound changes, and the application scenarios of unmanned surface vehicles (USVs) are constantly expanding. Aiming at the security threats faced by USV application systems, this paper proposes a new threat model for ship communication protocols and service logics, and the system covers the potential adversarial entity attack paths in application program logics and communication protocols. Based on this model, the automated security inspection framework USVScout was designed and implemented. By parsing the source code of the application program, the security analysis was formalized as an attribute verification task under the standard computing model, significantly improving the systematicness and accuracy of the detection. The experimental results show that in three real Marine application scenarios, USVScout successfully identified new types of vulnerabilities that static analysis tools failed to detect, and it can achieve sub-second real-time detection of 12 types of vulnerability patterns on an ordinary laptop, verifying the significant advantages of the method in terms of security and efficiency. The threat modeling and automated detection framework proposed in this paper provides technical support for ship network attack and defense drills and lays the foundation for building an intelligent and secure maritime transportation system.
Graphical Abstract
Keywords
Data Availability Statement
Funding
Conflicts of Interest
Ethical Approval and Consent to Participate
References
- Gallego, A. J., Pertusa, A., Gil, P., & Fisher, R. B. (2019). Detection of bodies in maritime rescue operations using unmanned aerial vehicles with multispectral cameras. Journal of Field Robotics, 36(4), 782-796.
[CrossRef] [Google Scholar] - Specht, M. (2024). Methodology for performing bathymetric and photogrammetric measurements using UAV and USV vehicles in the coastal zone. Remote Sensing, 16(17), 3328.
[CrossRef] [Google Scholar] - Jung, S., Cho, H., Kim, D., Kim, K., Han, J. I., & Myung, H. (2017). Development of algal bloom removal system using unmanned aerial vehicle and surface vehicle. IEEE Access, 5, 22166-22176.
[CrossRef] [Google Scholar] - Li, W., Ge, Y., Guan, Z., & Ye, G. (2022). Synchronized motion-Based UAV–USV cooperative autonomous landing. Journal of Marine Science and Engineering, 10(9), 1214.
[CrossRef] [Google Scholar] - de Carnavalet, X. D. C., & Mannan, M. (2016, February). Killed by proxy: Analyzing client-end TLS interception software. In Network and Distributed System Security Symposium (pp. 21-24). http://dx.doi.org/10.14722/ndss.2016.23374
[Google Scholar] - Zainudin, A., Putra, M. A. P., Alief, R. N., Kim, D. S., & Lee, J. M. (2024, June). Blockchain-aided collaborative threat detection for securing digital twin-based IIoT networks. In ICC 2024-IEEE International Conference on Communications (pp. 4656-4661). IEEE.
[CrossRef] [Google Scholar] - Jia, Y., Yuan, B., Xing, L., Zhao, D., Zhang, Y., Wang, X., ... & Jin, H. (2021, November). Who's in control? on security risks of disjointed IoT device management channels. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 1289-1305).
[CrossRef] [Google Scholar] - Wang, Q., Ji, S., Tian, Y., Zhang, X., Zhao, B., Kan, Y., ... & Beyah, R. (2021). {MPInspector: A systematic and automatic approach for evaluating the security of {IoT messaging protocols. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 4205-4222).
[Google Scholar] - Wang, M., Tian, C., Zhang, N., Duan, Z., & Yao, C. (2020). Translating Xd-C programs to MSVL programs. Theoretical Computer Science, 809, 430-465.
[CrossRef] [Google Scholar] - Li, Y., & Li, L. (2012). Model checking of linear-time properties based on possibility measure. IEEE Transactions on Fuzzy systems, 21(5), 842-854.
[CrossRef] [Google Scholar] - Celik, Z. B., McDaniel, P., & Tan, G. (2018). Soteria: Automated {IoT safety and security analysis. In 2018 USENIX annual technical conference (USENIX ATC 18) (pp. 147-158).
[Google Scholar] - Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., & Gunter, C. A. (2019, November). Charting the attack surface of trigger-action IoT platforms. In Proceedings of the 2019 ACM SIGSAC conference on computer and communications security (pp. 1439-1453).
[CrossRef] [Google Scholar] - Celik, Z. B., Tan, G., & McDaniel, P. (2019). IOTGUARD: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019. The Internet Society. https://dx.doi.org/10.14722/ndss.2019.23326
[Google Scholar] - Yuan, B., Wu, Y., Yang, M., Xing, L., Wang, X., Zou, D., & Jin, H. (2022). Smartpatch: Verifying the authenticity of the trigger-event in the iot platform. IEEE Transactions on Dependable and Secure Computing, 20(2), 1656-1674.
[CrossRef] [Google Scholar] - Tam, K., & Jones, K. (2018, June). Cyber-risk assessment for autonomous ships. In 2018 international conference on cyber security and protection of digital services (cyber security) (pp. 1-8). IEEE.
[CrossRef] [Google Scholar] - Akpan, F., Bendiab, G., Shiaeles, S., Karamperidis, S., & Michaloliakos, M. (2022). Cybersecurity challenges in the maritime sector. Network, 2(1), 123-138.
[CrossRef] [Google Scholar] - Caprolu, M., Di Pietro, R., Raponi, S., Sciancalepore, S., & Tedeschi, P. (2020). Vessels cybersecurity: Issues, challenges, and the road ahead. IEEE Communications Magazine, 58(6), 90-96.
[CrossRef] [Google Scholar] - Radoš, K., Brkić, M., & Begušić, D. (2024). Recent advances on jamming and spoofing detection in GNSS. Sensors, 24(13), 4210.
[CrossRef] [Google Scholar] - Aslam, S., Michaelides, M. P., & Herodotou, H. (2020). Internet of ships: A survey on architectures, emerging applications, and challenges. IEEE Internet of Things journal, 7(10), 9714-9727.
[CrossRef] [Google Scholar] - Rath, S., Intriago, A., Sengupta, S., & Konstantinou, C. (2023, August). Lost at sea: Assessment and evaluation of rootkit attacks on shipboard microgrids. In 2023 IEEE Electric Ship Technologies Symposium (ESTS) (pp. 534-541). IEEE.
[CrossRef] [Google Scholar] - Tullsen, M., Pike, L., Collins, N., & Tomb, A. (2018, July). Formal verification of a vehicle-to-vehicle (V2V) messaging system. In International Conference on Computer Aided Verification (pp. 413-429). Cham: Springer International Publishing.
[CrossRef] [Google Scholar] - Grigoriadis, C., Papastergiou, S., Kotzanikolaou, P., Douligeris, C., Dionysiou, A., Elias, A., ... & Kamm, L. (2021, August). Integrating and validating maritime transport security services: Initial results from the cs4eu demonstrator. In Proceedings of the 2021 Thirteenth International Conference on Contemporary Computing (pp. 371-377).
[CrossRef] [Google Scholar] - Zhang, C., Cao, C., Kang, K., Guo, C., & Guo, M. (2022). Virtual global positioning system construction approach for unmanned surface vessel based on Dempster–Shafer theory and broad learning framework. The Journal of Navigation, 75(5), 1144-1166.
[CrossRef] [Google Scholar] - Sun, X., Wang, G., Fan, Y., Mu, D., & Qiu, B. (2018). An automatic navigation system for unmanned surface vehicles in realistic sea environments. Applied Sciences, 8(2), 193.
[CrossRef] [Google Scholar] - Akram, W., Yang, S., Kuang, H., He, X., Din, M. U., Dong, Y., ... & Hussain, I. (2024). Long-Range Vision-Based UAV-assisted Localization for Unmanned Surface Vehicles. arXiv preprint arXiv:2408.11429.
[Google Scholar] - Boretti, A. (2024). Unmanned surface vehicles for naval warfare and maritime security. The Journal of Defense Modeling and Simulation, 15485129241283056.
[CrossRef] [Google Scholar] - Berbecaru, D. G., & Lioy, A. (2021, September). Attack strategies and countermeasures in transport-based time synchronization solutions. In International Symposium on Intelligent and Distributed Computing (pp. 203-213). Cham: Springer International Publishing.
[CrossRef] [Google Scholar] - Hashali, S. D., Yang, S., & Xiang, X. (2024). Route planning algorithms for unmanned surface vehicles (USVs): a comprehensive analysis. Journal of Marine Science and Engineering, 12(3), 382.
[CrossRef] [Google Scholar] - He, P., Du, X., Li, Y., Guo, H., & Cui, J. (2025). An integration methodology of safety and security requirements for autonomous vehicles. Journal of Transportation Safety & Security, 17(3), 253-271.
[CrossRef] [Google Scholar] - Hofer-Schmitz, K., & Stojanović, B. (2020). Towards formal verification of IoT protocols: A Review. Computer Networks, 174, 107233.
[CrossRef] [Google Scholar] - Cai, X., Shi, K., She, K., Zhong, S., Wen, S., & Xie, Y. (2023). Communication security of autonomous ground vehicles based on networked control systems: The optimized LMI approach. Security and Safety, 2, 2023016.
[CrossRef] [Google Scholar] - Wang, H., Ren, G., Chen, J., Ding, G., & Yang, Y. (2018). Unmanned aerial vehicle-aided communications: Joint transmit power and trajectory optimization. IEEE Wireless Communications Letters, 7(4), 522-525.
[CrossRef] [Google Scholar] - Jero, S., Hoque, E., Choffnes, D., Mislove, A., & Nita-Rotaru, C. (2018, July). Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. In Proceedings of the 2018 Applied Networking Research Workshop (pp. 95-95).
[CrossRef] [Google Scholar]
Cite This Article
TY - JOUR AU - Zhou, Shihao PY - 2025 DA - 2025/09/01 TI - USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications JO - ICCK Transactions on Cybersecurity T2 - ICCK Transactions on Cybersecurity JF - ICCK Transactions on Cybersecurity VL - 1 IS - 1 SP - 17 EP - 34 DO - 10.62762/TC.2025.281528 UR - https://www.icck.org/article/abs/TC.2025.281528 KW - USVScout KW - threat modeling KW - automated security inspection KW - maritime transportation AB - With the deep integration of artificial intelligence (AI) and Internet of Things (IoT) technologies, the maritime transportation industry is undergoing profound changes, and the application scenarios of unmanned surface vehicles (USVs) are constantly expanding. Aiming at the security threats faced by USV application systems, this paper proposes a new threat model for ship communication protocols and service logics, and the system covers the potential adversarial entity attack paths in application program logics and communication protocols. Based on this model, the automated security inspection framework USVScout was designed and implemented. By parsing the source code of the application program, the security analysis was formalized as an attribute verification task under the standard computing model, significantly improving the systematicness and accuracy of the detection. The experimental results show that in three real Marine application scenarios, USVScout successfully identified new types of vulnerabilities that static analysis tools failed to detect, and it can achieve sub-second real-time detection of 12 types of vulnerability patterns on an ordinary laptop, verifying the significant advantages of the method in terms of security and efficiency. The threat modeling and automated detection framework proposed in this paper provides technical support for ship network attack and defense drills and lays the foundation for building an intelligent and secure maritime transportation system. SN - 3069-3349 PB - Institute of Central Computation and Knowledge LA - English ER -
@article{Zhou2025USVScout,
author = {Shihao Zhou},
title = {USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications},
journal = {ICCK Transactions on Cybersecurity},
year = {2025},
volume = {1},
number = {1},
pages = {17-34},
doi = {10.62762/TC.2025.281528},
url = {https://www.icck.org/article/abs/TC.2025.281528},
abstract = {With the deep integration of artificial intelligence (AI) and Internet of Things (IoT) technologies, the maritime transportation industry is undergoing profound changes, and the application scenarios of unmanned surface vehicles (USVs) are constantly expanding. Aiming at the security threats faced by USV application systems, this paper proposes a new threat model for ship communication protocols and service logics, and the system covers the potential adversarial entity attack paths in application program logics and communication protocols. Based on this model, the automated security inspection framework USVScout was designed and implemented. By parsing the source code of the application program, the security analysis was formalized as an attribute verification task under the standard computing model, significantly improving the systematicness and accuracy of the detection. The experimental results show that in three real Marine application scenarios, USVScout successfully identified new types of vulnerabilities that static analysis tools failed to detect, and it can achieve sub-second real-time detection of 12 types of vulnerability patterns on an ordinary laptop, verifying the significant advantages of the method in terms of security and efficiency. The threat modeling and automated detection framework proposed in this paper provides technical support for ship network attack and defense drills and lays the foundation for building an intelligent and secure maritime transportation system.},
keywords = {USVScout, threat modeling, automated security inspection, maritime transportation},
issn = {3069-3349},
publisher = {Institute of Central Computation and Knowledge}
}
Article Metrics
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.