USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications
Research Article  ·  Published: 01 September 2025
Issue cover
ICCK Transactions on Cybersecurity
Volume 1, Issue 1, 2025: 17-34
Research Article Free to Read

USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications

1 Three Gorges Navigation Authority, Yichang, China
* Corresponding Author: Shihao Zhou, [email protected]
Volume 1, Issue 1

Article Information

Abstract

With the deep integration of artificial intelligence (AI) and Internet of Things (IoT) technologies, the maritime transportation industry is undergoing profound changes, and the application scenarios of unmanned surface vehicles (USVs) are constantly expanding. Aiming at the security threats faced by USV application systems, this paper proposes a new threat model for ship communication protocols and service logics, and the system covers the potential adversarial entity attack paths in application program logics and communication protocols. Based on this model, the automated security inspection framework USVScout was designed and implemented. By parsing the source code of the application program, the security analysis was formalized as an attribute verification task under the standard computing model, significantly improving the systematicness and accuracy of the detection. The experimental results show that in three real Marine application scenarios, USVScout successfully identified new types of vulnerabilities that static analysis tools failed to detect, and it can achieve sub-second real-time detection of 12 types of vulnerability patterns on an ordinary laptop, verifying the significant advantages of the method in terms of security and efficiency. The threat modeling and automated detection framework proposed in this paper provides technical support for ship network attack and defense drills and lays the foundation for building an intelligent and secure maritime transportation system.

Graphical Abstract

USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications

Keywords

USVScout threat modeling automated security inspection maritime transportation

Data Availability Statement

Data will be made available on request.

Funding

This work was supported without any funding.

Conflicts of Interest

Shihao Zhou is an employee of Three Gorges Navigation Authority, Yichang, China.

Ethical Approval and Consent to Participate

Not applicable.

References

  1. Gallego, A. J., Pertusa, A., Gil, P., & Fisher, R. B. (2019). Detection of bodies in maritime rescue operations using unmanned aerial vehicles with multispectral cameras. Journal of Field Robotics, 36(4), 782-796.
    [CrossRef] [Google Scholar]
  2. Specht, M. (2024). Methodology for performing bathymetric and photogrammetric measurements using UAV and USV vehicles in the coastal zone. Remote Sensing, 16(17), 3328.
    [CrossRef] [Google Scholar]
  3. Jung, S., Cho, H., Kim, D., Kim, K., Han, J. I., & Myung, H. (2017). Development of algal bloom removal system using unmanned aerial vehicle and surface vehicle. IEEE Access, 5, 22166-22176.
    [CrossRef] [Google Scholar]
  4. Li, W., Ge, Y., Guan, Z., & Ye, G. (2022). Synchronized motion-Based UAV–USV cooperative autonomous landing. Journal of Marine Science and Engineering, 10(9), 1214.
    [CrossRef] [Google Scholar]
  5. de Carnavalet, X. D. C., & Mannan, M. (2016, February). Killed by proxy: Analyzing client-end TLS interception software. In Network and Distributed System Security Symposium (pp. 21-24). http://dx.doi.org/10.14722/ndss.2016.23374
    [Google Scholar]
  6. Zainudin, A., Putra, M. A. P., Alief, R. N., Kim, D. S., & Lee, J. M. (2024, June). Blockchain-aided collaborative threat detection for securing digital twin-based IIoT networks. In ICC 2024-IEEE International Conference on Communications (pp. 4656-4661). IEEE.
    [CrossRef] [Google Scholar]
  7. Jia, Y., Yuan, B., Xing, L., Zhao, D., Zhang, Y., Wang, X., ... & Jin, H. (2021, November). Who's in control? on security risks of disjointed IoT device management channels. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 1289-1305).
    [CrossRef] [Google Scholar]
  8. Wang, Q., Ji, S., Tian, Y., Zhang, X., Zhao, B., Kan, Y., ... & Beyah, R. (2021). {MPInspector: A systematic and automatic approach for evaluating the security of {IoT messaging protocols. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 4205-4222).
    [Google Scholar]
  9. Wang, M., Tian, C., Zhang, N., Duan, Z., & Yao, C. (2020). Translating Xd-C programs to MSVL programs. Theoretical Computer Science, 809, 430-465.
    [CrossRef] [Google Scholar]
  10. Li, Y., & Li, L. (2012). Model checking of linear-time properties based on possibility measure. IEEE Transactions on Fuzzy systems, 21(5), 842-854.
    [CrossRef] [Google Scholar]
  11. Celik, Z. B., McDaniel, P., & Tan, G. (2018). Soteria: Automated {IoT safety and security analysis. In 2018 USENIX annual technical conference (USENIX ATC 18) (pp. 147-158).
    [Google Scholar]
  12. Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., & Gunter, C. A. (2019, November). Charting the attack surface of trigger-action IoT platforms. In Proceedings of the 2019 ACM SIGSAC conference on computer and communications security (pp. 1439-1453).
    [CrossRef] [Google Scholar]
  13. Celik, Z. B., Tan, G., & McDaniel, P. (2019). IOTGUARD: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019. The Internet Society. https://dx.doi.org/10.14722/ndss.2019.23326
    [Google Scholar]
  14. Yuan, B., Wu, Y., Yang, M., Xing, L., Wang, X., Zou, D., & Jin, H. (2022). Smartpatch: Verifying the authenticity of the trigger-event in the iot platform. IEEE Transactions on Dependable and Secure Computing, 20(2), 1656-1674.
    [CrossRef] [Google Scholar]
  15. Tam, K., & Jones, K. (2018, June). Cyber-risk assessment for autonomous ships. In 2018 international conference on cyber security and protection of digital services (cyber security) (pp. 1-8). IEEE.
    [CrossRef] [Google Scholar]
  16. Akpan, F., Bendiab, G., Shiaeles, S., Karamperidis, S., & Michaloliakos, M. (2022). Cybersecurity challenges in the maritime sector. Network, 2(1), 123-138.
    [CrossRef] [Google Scholar]
  17. Caprolu, M., Di Pietro, R., Raponi, S., Sciancalepore, S., & Tedeschi, P. (2020). Vessels cybersecurity: Issues, challenges, and the road ahead. IEEE Communications Magazine, 58(6), 90-96.
    [CrossRef] [Google Scholar]
  18. Radoš, K., Brkić, M., & Begušić, D. (2024). Recent advances on jamming and spoofing detection in GNSS. Sensors, 24(13), 4210.
    [CrossRef] [Google Scholar]
  19. Aslam, S., Michaelides, M. P., & Herodotou, H. (2020). Internet of ships: A survey on architectures, emerging applications, and challenges. IEEE Internet of Things journal, 7(10), 9714-9727.
    [CrossRef] [Google Scholar]
  20. Rath, S., Intriago, A., Sengupta, S., & Konstantinou, C. (2023, August). Lost at sea: Assessment and evaluation of rootkit attacks on shipboard microgrids. In 2023 IEEE Electric Ship Technologies Symposium (ESTS) (pp. 534-541). IEEE.
    [CrossRef] [Google Scholar]
  21. Tullsen, M., Pike, L., Collins, N., & Tomb, A. (2018, July). Formal verification of a vehicle-to-vehicle (V2V) messaging system. In International Conference on Computer Aided Verification (pp. 413-429). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  22. Grigoriadis, C., Papastergiou, S., Kotzanikolaou, P., Douligeris, C., Dionysiou, A., Elias, A., ... & Kamm, L. (2021, August). Integrating and validating maritime transport security services: Initial results from the cs4eu demonstrator. In Proceedings of the 2021 Thirteenth International Conference on Contemporary Computing (pp. 371-377).
    [CrossRef] [Google Scholar]
  23. Zhang, C., Cao, C., Kang, K., Guo, C., & Guo, M. (2022). Virtual global positioning system construction approach for unmanned surface vessel based on Dempster–Shafer theory and broad learning framework. The Journal of Navigation, 75(5), 1144-1166.
    [CrossRef] [Google Scholar]
  24. Sun, X., Wang, G., Fan, Y., Mu, D., & Qiu, B. (2018). An automatic navigation system for unmanned surface vehicles in realistic sea environments. Applied Sciences, 8(2), 193.
    [CrossRef] [Google Scholar]
  25. Akram, W., Yang, S., Kuang, H., He, X., Din, M. U., Dong, Y., ... & Hussain, I. (2024). Long-Range Vision-Based UAV-assisted Localization for Unmanned Surface Vehicles. arXiv preprint arXiv:2408.11429.
    [Google Scholar]
  26. Boretti, A. (2024). Unmanned surface vehicles for naval warfare and maritime security. The Journal of Defense Modeling and Simulation, 15485129241283056.
    [CrossRef] [Google Scholar]
  27. Berbecaru, D. G., & Lioy, A. (2021, September). Attack strategies and countermeasures in transport-based time synchronization solutions. In International Symposium on Intelligent and Distributed Computing (pp. 203-213). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  28. Hashali, S. D., Yang, S., & Xiang, X. (2024). Route planning algorithms for unmanned surface vehicles (USVs): a comprehensive analysis. Journal of Marine Science and Engineering, 12(3), 382.
    [CrossRef] [Google Scholar]
  29. He, P., Du, X., Li, Y., Guo, H., & Cui, J. (2025). An integration methodology of safety and security requirements for autonomous vehicles. Journal of Transportation Safety & Security, 17(3), 253-271.
    [CrossRef] [Google Scholar]
  30. Hofer-Schmitz, K., & Stojanović, B. (2020). Towards formal verification of IoT protocols: A Review. Computer Networks, 174, 107233.
    [CrossRef] [Google Scholar]
  31. Cai, X., Shi, K., She, K., Zhong, S., Wen, S., & Xie, Y. (2023). Communication security of autonomous ground vehicles based on networked control systems: The optimized LMI approach. Security and Safety, 2, 2023016.
    [CrossRef] [Google Scholar]
  32. Wang, H., Ren, G., Chen, J., Ding, G., & Yang, Y. (2018). Unmanned aerial vehicle-aided communications: Joint transmit power and trajectory optimization. IEEE Wireless Communications Letters, 7(4), 522-525.
    [CrossRef] [Google Scholar]
  33. Jero, S., Hoque, E., Choffnes, D., Mislove, A., & Nita-Rotaru, C. (2018, July). Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. In Proceedings of the 2018 Applied Networking Research Workshop (pp. 95-95).
    [CrossRef] [Google Scholar]

Cite This Article

APA Style
Zhou, S. (2025). USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications. ICCK Transactions on Cybersecurity, 1(1), 17–34. https://doi.org/10.62762/TC.2025.281528
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
TY  - JOUR
AU  - Zhou, Shihao
PY  - 2025
DA  - 2025/09/01
TI  - USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications
JO  - ICCK Transactions on Cybersecurity
T2  - ICCK Transactions on Cybersecurity
JF  - ICCK Transactions on Cybersecurity
VL  - 1
IS  - 1
SP  - 17
EP  - 34
DO  - 10.62762/TC.2025.281528
UR  - https://www.icck.org/article/abs/TC.2025.281528
KW  - USVScout
KW  - threat modeling
KW  - automated security inspection
KW  - maritime transportation
AB  - With the deep integration of artificial intelligence (AI) and Internet of Things (IoT) technologies, the maritime transportation industry is undergoing profound changes, and the application scenarios of unmanned surface vehicles (USVs) are constantly expanding. Aiming at the security threats faced by USV application systems, this paper proposes a new threat model for ship communication protocols and service logics, and the system covers the potential adversarial entity attack paths in application program logics and communication protocols. Based on this model, the automated security inspection framework USVScout was designed and implemented. By parsing the source code of the application program, the security analysis was formalized as an attribute verification task under the standard computing model, significantly improving the systematicness and accuracy of the detection. The experimental results show that in three real Marine application scenarios, USVScout successfully identified new types of vulnerabilities that static analysis tools failed to detect, and it can achieve sub-second real-time detection of 12 types of vulnerability patterns on an ordinary laptop, verifying the significant advantages of the method in terms of security and efficiency. The threat modeling and automated detection framework proposed in this paper provides technical support for ship network attack and defense drills and lays the foundation for building an intelligent and secure maritime transportation system.
SN  - 3069-3349
PB  - Institute of Central Computation and Knowledge
LA  - English
ER  - 
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
@article{Zhou2025USVScout,
  author = {Shihao Zhou},
  title = {USVScout: Detecting Security Vulnerabilities in USV-based Marine Applications},
  journal = {ICCK Transactions on Cybersecurity},
  year = {2025},
  volume = {1},
  number = {1},
  pages = {17-34},
  doi = {10.62762/TC.2025.281528},
  url = {https://www.icck.org/article/abs/TC.2025.281528},
  abstract = {With the deep integration of artificial intelligence (AI) and Internet of Things (IoT) technologies, the maritime transportation industry is undergoing profound changes, and the application scenarios of unmanned surface vehicles (USVs) are constantly expanding. Aiming at the security threats faced by USV application systems, this paper proposes a new threat model for ship communication protocols and service logics, and the system covers the potential adversarial entity attack paths in application program logics and communication protocols. Based on this model, the automated security inspection framework USVScout was designed and implemented. By parsing the source code of the application program, the security analysis was formalized as an attribute verification task under the standard computing model, significantly improving the systematicness and accuracy of the detection. The experimental results show that in three real Marine application scenarios, USVScout successfully identified new types of vulnerabilities that static analysis tools failed to detect, and it can achieve sub-second real-time detection of 12 types of vulnerability patterns on an ordinary laptop, verifying the significant advantages of the method in terms of security and efficiency. The threat modeling and automated detection framework proposed in this paper provides technical support for ship network attack and defense drills and lays the foundation for building an intelligent and secure maritime transportation system.},
  keywords = {USVScout, threat modeling, automated security inspection, maritime transportation},
  issn = {3069-3349},
  publisher = {Institute of Central Computation and Knowledge}
}

Article Metrics

Citations
Crossref
0
Scopus
0
Views
1956
PDF Downloads
309

Publisher's Note

ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and Permissions

Institute of Central Computation and Knowledge (ICCK) or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
ICCK Transactions on Cybersecurity
ICCK Transactions on Cybersecurity
ISSN: 3069-3349 (Online)
Portico
Preserved at
Portico