Cyber-Based Detection and Mitigation of Unauthorized Drones in India: A Case Study on Wi-Fi Vulnerabilities and Counter-Drone Mechanisms

Cyber-Based Detection and Mitigation of Unauthorized Drones in India: A Case Study on Wi-Fi Vulnerabilities and Counter-Drone Mechanisms | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Cyber-Based Detection and Mitigation of Unauthorized Drones in India: A Case Study on Wi-Fi Vulnerabilities and Counter-Drone Mechanisms G. Soniya Priyatharsini, R Jagadesh, Sundus Zehra, R M Saritha, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8313379/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Commercial and defense adoption of Unmanned Aerial Vehicles (UAVs) has improved operational capability while introducing security and privacy challenges. Unauthorized drone activity across India’s borders and urban airspace poses threats to safety and national security. This paper presents a cybersecurity-driven approach that leverages IEEE 802.11 (Wi- Fi) vulnerabilities for detection and non-destructive neutralization of unauthorized drones. By combining passive packet sniff- ing, multi-feature fingerprinting, and targeted deauthentication- based link disruption, the proposed method aims for low- cost, precise counter-drone measures suitable for local law enforcement and infrastructure operators. Key limitations, legal considerations, and multisensor validation are discussed. Drone detection cybersecurity Wi-Fi IEEE 802.11 packet sniffing deauthentication unauthorized drones counter-UAS Figures Figure 1 Figure 2 Highlights 1. Low-cost Wi-Fi method to detect unauthorized drones. 2. Passive multi-feature fingerprinting for accurate drone ID. 3. Targeted deauthentication to safely trigger vendor fail-safes. 4. Multi-sensor validation with legal and safety safeguards. I. INTRODUCTION Unmanned Aerial Vehicles (UAVs), or drones, are being utilized for a range of applications, such as surveillance, logistics, agriculture, photography, disaster response, and entertainment. The ability to collect high-resolution information, navigate remote locations, and fly autonomously has made drones an essential asset in many industries. However, along with rapid adoption and utilization come significant risks to security and privacy. Bad actors can use drones for illegal or illegal (or quasi-authorized) surveillance, smuggling of contraband, espionage, and delivery of dangerous payload. [1] Conventional counter-UAV solutions such as radar and RF jammers are capable of detecting and countering drones for military or high-security operations, but are far too expensive for small organizations, local authorities, or private individuals. Additionally, jammers and kinetic efforts may unintentionally disrupt legitimate communication systems or could induce safety concerns in urban or populated areas. In India, this problem is particularly acute due to the vast number of borders the country has, along with crowded urban sites and a growing market for civilian drones. The Border Security Forces (BSF) have reported a surge in unauthorized drone use, particularly in the Punjabi, Rajasthan, and Jammu areas, where drones are frequently used to smuggle arms and/or narcotics. These challenges highlight an urgency to develop low-cost, versatile, and non-destructive counter-drone solutions. [2] Utilizing existing wireless communication systems, particularly Wi-Fi systems, can present solutions for the counter-drone challenges. Ex- plotting vulnerabilities in standard communication protocols allows for the detection, tracking and safe neutralization of the drone without deploying expensive defense-grade systems. Cyber-based solutions serve as a bridge between defense- grade systems and security in civilian life, allowing drone management to be possible for a larger pool of users. II. PROBLEM IDENTIFICATION AND BACKGROUND Over the past few years, unauthorized drone activity has risen sharply in India, which is indicative of accessibility to drone technology and the changing tactics of bad actors. The Border Security Force (BSF) has recorded hundreds of cross- border drone incursions, mainly from Pakistan, where drones have been used to smuggle arms, explosives, and narcotics. Drone activities were concentrated in Punjab, Rajasthan, and Jammu Kashmir, where the soft terrain and proximity to the international border make detection and interception complex. Even outside the borders, singular recon of unauthorized drone activity near various airports, power stations, and defense installations pose emerging safety and security threats. [3] The majority of consumer and entry-level commercial drones utilize either Wi-Fi or radio frequency (RF) communication protocols, specifically the 2.4 GHz and 5 GHz bands of the IEEE 802.11 standard. These protocols were designed for convenience and inexpensive ease of connectivity, but do not incorporate strong encryption or authentication features, leaving them vulnerable to cyber risk. An attacker—or de- fender—can leverage cyber vulnerabilities to capture drone communication links for analysis or disruption. For example, Wi-Fi packet sniffing, MAC address monitoring, or deauthentication attacks can be used to discover drone presence or disrupt the control system. Traditional counter-UAS systems, such as radar detection, GPS spoofing, RF jamming, and laser- based interception are all effective in military application but also have serious drawbacks. Most of these systems are expensive to acquire and implement, heavily regulated in domestic environments, can cause collateral interference, and can physically damage property or people in populated areas of operation. Moreover, radar systems often have difficulty distinguishing small drones from birds or other objects, thus limiting detection accuracy in urban or suburban areas. Consequently, there is a significant requirement for cost-effective, software-based, and non-destructive counter-drone systems that could be used by local authorities, critical infrastructure operators, and the private sector. A Wi-Fi detection and mitigation system represents an optimal solution for effectiveness with cost considerations. [4] Using tools and frameworks already present in the cybersecurity domain and based on wireless network analysis protocols, such a detection and mitigation system can identify unauthorized drones by their anomaly-based packet transmission patterns, device signatures, and signal strength. The system can then mitigate the drone’s communication link and effect deauthentication or disassociation frames, forcing it to reach a fail-safe mode such as simple hovering, landing, or returning to its home point. Additionally, this cyber approach aligns well with India’s push for digital defense innovation and cost-effective security technologies. In practice, it further connects the proactive response capabilities of aerial threats in airspace areas where traditional counter-drone systems. This is especially useful near civilian populations, airports, or urban environments. Ultimately, Wi-Fi detection and mitigation systems will enable democratization of drone defense and maintaining peace to hold security responsibility for all elements of society—not just defending forces—facing potential threats from drone systems. III. SURVEY OF RELEVANT VULNERABILITIES AND ATTACK VECTORS The research focuses on the risks associated with vulnerabilities of the Wi-Fi (IEEE 802.11) protocol currently utilized in communications between consumer and semi-professional drones and their remote controller. [5,6]Drone uses either standard Wi-Fi access points or ad-hoc peer-to-peer connectivity to transmit its telemetry, control commands, and live video feeds. This architecture is advantageous for user connectivity outcome and reducing hardware but ultimately yields different cyber security vulnerabilities due to the limited encryption, authentication, and packet management in consumer-grade implementations. One major risk involves the deauthentication process of the 802.11 protocol. Deauthentication attacks leverage a function of Wi-Fi networks where either a user or an access point can terminate a client’s session by sending the ”deauth” management frame. These frames are not encrypted or authenticated on most consumer drones, which allows an attacker to easily spoof the deauth frame to sever the link between the drone and the drone controller. When a drone loses connectivity with the controller, because of a deauth attack, it will automatically revert to its configured fail-safe mode of operation, such as hovering in place, landing, or returning to home, as predefined by its manufacturer. Due to this, deauthentication serves as a non-destructive and non-physical counter measure, allowing defenders to mitigate a threatening drone without damaging the drone itself. An important element of the proposed solution is Wi-Fi packet sniffing. Wi-Fi packet sniffing is the act of passively monitoring and capturing wireless traffic in the 2.4 GHz or 5 GHz bands.[7] This method analyzes beacon frames, probe requests, and data packets to discover unique communication signatures associated with drones. Some common signatures of drone communication might be specific prefixes of MAC addresses, SSID patterns of the drone network, or even distinctive intervals of frame transmissions. When performing packet sniffing, the system separates legitimate wireless based devices from drones, even in real time. The Wi-Fi sniffing affects detection in that the method offers early detection and surveillance, without the need to initiate any systems (i.e., active scanning, initiating a drone network, etc.). To use detection safely and unnoticed in busy populated areas, passive interaction is preferred. An even more advanced attack vector that could be effective is MAC spoofing, as well as signal hijacking. In a Wi-Fi communication environment, many drones do not sufficiently encode or have mutual authentication between the drone and controller. Because of this, an attacker could become one of the two communicating devices by performing MAC spoofing (by simply copying the MAC address and communication parameters to appear legitimate). After an attacker has taken over a session, injection or change of control signals can result in temporary command exploitation or loss of command controls altogether. Although it requires a more detailed understanding of the protocols and its timing needs to be precise, this shows an example of how insecure Wi-Fi communications can be harnessed to take partial or full control of a drone.[8] A system utilizing the above-mentioned systemic vulnerabilities could detect, classify, and neutralize unauthorized drones in a cost-effective fashion from a cybersecurity perspective. Unlike radar or RF jamming systems, this methodology does not require specialized hardware, nor broad interference over multiple frequencies. This example relies on the existing Wi-Fi interfaces and software-defined products to achieve precision, deliberate, and non-destructive countermeasures. Once a drone has been identified, the system can trigger an automated deauthentication sequence that will interrupt the communication channel and cause the drone to execute its fail-safe command, such as hovering or landing IV. ATTACK METHODOLOGY AND SYSTEM EXPLOITATION A. Passive Detection and Signal Analysis The existing system utilizes a passive Wi-Fi monitoring technique that enables continuous observation of wireless communications in the 2.4 GHz and 5 GHz frequency bands, these frequency bands being the most popular use for drone operations.[9] This method provides real-time observation while eliminating any active signal transmissions, increasing chances that the system is not detected during data collection on powered aerial devices. In addition, the system is designed to capture wireless frames which have been transmitted in the environment and used for identifying and analyzing interactions as it pertains to consumer drones even in crowded or complicated wireless environments. Upon capturing the raw wireless data, the system performs packet filtering based on known manufacturer signatures. Along with basic filtering the system is performing a deeper frame level examination of the wifi communication. [10]It looks at management and data frames of different types such as beacon frames, probe requests/responses, and data frames, to determine if the patterns of communication are related to drone-controller communication. For example, beacon frames tell us about the presence of networks, the channels they are using, as well as the device identifiers. Probe frames help identify devices that are looking to connect to something, and data frames are capable of showing what may be viewed as periods in packet exchange patterns and transfer rates that can be associated with continuous control signals from a drone- controller. This multi-layered analysis provides the system the capability to determine whether the communication is coming from a drone or a typical Wi-Fi device using multiple parameters, including signal strength (RSSI), frame frequency, packet size, and time of transfer. This multi-layered analysis provides effective drone identification and classification with proximity to people/structure). Only after a defined threat criterion is met and then only with required legal or operational authorization is there escalation to active mitigation. Active mitigation is limited to narrowly targeted link disruption aimed at the identified device’s associated network session in order to trigger vendor-defined failsafe behavior (i.e. hover, auto-land or return to home) rather than damage to the drone, payload or interference to weave spectrum, to include non-targeted users. [11–13] Active actions will be human-in-the-loop controlled with abort options, follow strict temporal and geographic containment (e.g. directional antennas and minimum duration), and automatic rollback if detected collateral effects on legitimate communications are detected out the need for any prior physical contact or interference with the signal. Once a drone has been positively identified, trajectory, changes in signal strength levels, and changes in flight behavior can be tracked to help backtrack range, altitude or type of flight path. B. Multi-Sensor Validation and Threat Assessment Once the passive monitoring subsystem classifies a nearby wireless device as a probable drone based on a multi-feature fingerprint approach (e.g. OUI/SSID patterns, beacon/probe behaviors, RSSI trends, packet cadence), an assessment phase follows to cross-validate that detection based on independent sources of sensors (e.g. visual/EO confirmation, RF direction finding, or GNSS anomalies) and contextual policy checks (e.g. airspace restrictions, registered operator presence or proximity to people/structure). [14–16] Only after a defined threat criterion is met and then only with required legal or operational authorization is there escalation to active mitigation. Active mitigation is limited to narrowly targeted link disruption aimed at the identified device’s associated network session in order to trigger vendor-defined failsafe behavior (i.e. hover, auto-land or return to home) rather than damage to the drone, payload or interference to weave spectrum, to include non-targeted users. [17]Active actions will be human-in-the-loop controlled with abort options, follow strict temporal and geographic containment (e.g. directional antennas and minimum duration), and automatic rollback if detected collateral effects on legitimate communications are detected. V. CASE REFERENCES: DRONE INCIDENTS IN INDIA Source Year Vector / Note The Hindu 2024 Drone seizures at Punjab border (smuggling) Punjab News Express 2025 Encrypted payload drop (Amritsar) Times of India 2025 Operation Sindoor: swarm interdiction Express 2025 Smuggling attempt interdicted TABLE I: Selected case references (2024–2025) The above table explains the [18–25] case references in the year 2024 to 2025. These case references explain the different incidents in various places in india. VI. EXPLOITATION MECHANISMS AND SYSTEM VULNERABILITIES The Wi-Fi-based deauthenticaton attack leverages a basic vulnerability found in many consumer implementations of IEEE 802.11: management frames (including deauthentication and disassociation frames) are normally not authenticated and not encrypted and can be constructed by any radio that is using the same channel. Using this vulnerability at the MAC layer, an adversary or an authorized defender injects constructed disconnection frames that will be accepted as legitimate by the drone or the controller, thus compromising the control / telemetry link without ever having to touch the airframe at all. Many drones do not provide mutual authentication or session integrity, thus enabling the attack by simply taking advantage of the lack of sufficient cryptographic mechanisms and session binding at the link layer. [26] As a practical matter, the drone firmware, when it detects a loss of control link, will call its vendor defined failsafe - usually to hover in place, return to home, or land itself automatically - that will provide a non-destructive method of neutralization. An important point to note is that the actual outcome will depend on manufacturer implementation and configuration different models react differently to link loss). For any active use of link disruption, legal authority, strict safety protocols, confirmation from multiple sensors to avoid false positives, and reduction of collateral consequences to nearby legitimate Wi-Fi users will all need to be considered. DIMENSION DESCRIPTION Financial Lower cost vs. radar/jamming; accessible to municipal bodies Technical Uses commodity Wi-Fi hardware and open-source tools; scalable Socio security Non-destructive neutralization preserves public safety and trust. TABLE II: Impact dimensions of Wi-Fi based counter-drone framework VII. ANALYSIS AND DISCUSSION Our current approach to cybersecurity centers on selective detection and non-destructive neutralization of drones that are not approved. We focus on actions at the packet-level, rather than generating wide spectrum interference across all frequencies. Our approach is to specifically identify unauthorized drones by passive sniffing and reviewing live 802.11 traffic to uncover and identify unique information about specific drones (focusing on OUI, beacon/probe rolls, SSID patterns, telemetry timing, packet shape, etc.), rather than indiscriminately jamming frequencies (often causing interference to nearby emergency, legitimate, or wi-fi users). [27] Once a device is identified as a probable drone and cross-validated with supporting sensors (camera, RF location/denial or GNSS anomalies), the platform sends narrowly targeted link-disruption actions that simply spoof that drone's management-layer session (for example, crafting a rogue deauth to its MAC/BSSID). Since the intervention targeted a single session, and used vendor-defined failsafe behavior, the platform was neutralized by causing it to hover, auto-land, or return-to-home; without damaging the airframe and without saturating the RF environment. This specificity significantly limited collateral interference and allowed for operation in densely populated urban areas as well as in the periphery of airports, at private facilities, or at critical-infrastructure sites where other service functions (safety and continuity) were important. [28] The operationally designed approach is to integrate into a layered counter-UAS architecture: passive Wi-Fi monitoring for early detection; EO/IR or PTZ cameras for visual confirmation; RF location finding; and evidence logging with synchronized PCAPs, video frames and GNSS traces for forensic and legal workflows. This system is designed to operate with human-in-the-loop controls and strict policy gates—i.e., automatic mitigation will be enabled only when the action occurs in a pre-authorized setting and only with high levels of confidence. [29–30] The system should be used with documented legal authority, standard operating procedures, and privacy protections. Limitations include non-WiFi links (proprietary FHSS, LTE, satellite) and robust MFP protection (802.11w/PMF) limits capabilities. Attackers could migrate to these links and procedures as mitigation techniques improve VIII. CONCLUSION In India, there is a growing trend of unauthorized drone usage that raises security, safety and privacy issues throughout border areas, urban areas, and critical infrastructure locations. Smuggling of drugs, illegal filming, and ever-present risk to airspace safety are often associated with drone activity, which has revealed the inadequacies of the traditional counter-drone measures such as radar, RF jamming, or kinetic interception to effectively address these issues. These traditional counter-drone systems are generally very expensive, require a great deal of infrastructure to support their implementation and are typically not accessible to local authorities or private entities. In this situation, cyber countermeasures that rely on vulnerabilities in Wi-Fi technology offer a low-cost, lightweight portable, and easily scalable alternative. In particular, the method of exploiting consumers' drone communications protocols using vulnerabilities in the authentication of management frames in the 802.11 standard to allow detection, identification, and selective behavior disruption of unauthorized UAVs without any malicious physical damage to any unexplained small patterns in the airspace or wireless data traffic is explored. The suggested architecture provides an initial defense mechanism specifically suited for usage by municipalities local governments, public safety, and private drone users. By discerning and monitoring network-layer activity and employing temporary link-disruption methods that include drone-neutralization options, the users are able to actively monitor and use techniques to successfully detect and respond to certain UAV activity, ultimately forcing the UAV into a fail-safe position, such as hovering or landing safely. The overarching strategy is affordability, fast deployment, and safe operation: coordinating a differential response to armed UAVs readily protects urban airspace and secure areas without expensive military-grade technological systems and without reliance on police investigative footings or legal action in urban areas. Declarations Ethics approval and consent to participate : - Ethical standards are followed while conducting the current research and writing the manuscript. Consent to publication : - Consent was obtained from all individual participants included in the study. Competing interests : - The authors declare no competing interests. FUNDING Open access funding provided by Manipal Academy of Higher Education, Manipal, Dubai. This research did not receive any funding, and all authors played an equal role in the completion of this work. Author Contribution Authors have contributed to this manuscript. G. Soniya Priyatharsini- designed the study and developed the methodology. Jagadesh R and Sundus Zehra - performed data collection and analysis. Maheswari.A and R M Saritha - prepared the figures and tables. Renjith Radhakrishnan - wrote the main manuscript draft. Acknowledgement This is no conflict of interest among authors pertaining to this publication. All relevant details have been disclosed, and no personal relationships or affiliations have influenced the interpretations of this work. Data Availability Data supporting the output of the current study will be provided to the journal by corresponding author upon request. References Punjab News Express, “BSF recovers pistol, drugs dropped by Pak drones in Amritsar,” 2025. The Times of India, “70 Pakistan drones destroyed in Gujarat, Rajasthan during Operation Sindoor,” 2025. Economic Times, “BSF, Amritsar Police foil cross-border smuggling bid using drones,” 2025. New Indian Express, “BSF intercepts 13 drones in a week, 181 drones seized in 2024,” 2024. S. S. Prabhune and A. Jaiswal, “Unmanned Aerial Systems and Counter- Unmanned Aerial Systems: Challenges and Opportunities for India,” Air Power Journal , 2024. G. Pandey, “Military Advancement of Chinese Unmanned Aerial Ve- hicles: Security Implications for India,” Research Review International Journal of Multidisciplinary , 2024. D. P. Srirangam, K. Hemalatha, A. Vajravelu, and N. Ashok Kumar, “Safety and Security Issues in Employing Drones,” in Wireless Networks for Security Applications , Springer, 2023. S. Raut and K. Kotecha, “Cybersecurity Framework for UAV Commu- nication: Vulnerability Analysis and Threat Mitigation,” IEEE Access , 2023. P. Rao, “Drone Surveillance and Border Security: Emerging Trends in India,” Journal of Defence Studies , 2022. Bhardwaj, “Integrating AI for Drone Threat Detection: Challenges and Future Prospects,” Defence Science Journal , 2024. R. Mishra and S. Kumar, “Counter-UAV Technologies and Their Mil- itary Applications,” IEEE Transactions on Aerospace and Electronic Systems , 2023. K. Mehta, “Cross-Border Drone Threats: Policy and Strategic Implica- tions for India,” ORF Issue Brief , 2025. L. Sharma and R. Tiwari, “RF and Radar-Based Drone Detection Systems,” International Journal of Electronics and Communications , 2022. V. Kapoor, “Counter-Drone Operations in Urban Environments: Lessons for Indian Security Forces,” Centre for Land Warfare Studies (CLAWS) Journal , 2023. P. Joshi and A. Nair, “Machine Learning Models for Drone Anomaly Detection,” IEEE Sensors Journal , 2021. N. Reddy and M. Singh, “Drone Swarm Attacks and Defence Mecha- nisms: A Survey,” Defence Technology , 2023. T. Verma, “AI-Enabled Counter-Unmanned Aerial Systems for Border Management,” Journal of Intelligent Robotic Systems , 2024. R. Singh, “India’s Counter-Drone Policy: Framework, Implementation, and Challenges,” National Security Review , 2025. George, S. P., Muniappan, S., Neelarappu, T., Krishnan, J. R., & Megaraj, M. (2024, November). System architecture for an explicit and data-driven customer sentiment tracker. In AIP Conference Proceedings (Vol. 3192, No. 1, p. 020077). AIP Publishing LLC. Patel and D. Gupta, “Jamming and Spoofing Mitigation Techniques for UAVs,” IEEE Communications Surveys Tutorials , 2022. S. Kumar and P. Bose, “Cyber Threats to UAV Networks: Detection and Response Strategies,” Computer Networks , 2023. S. Nanda, “Role of Drones in Modern Warfare: A Strategic Perspective,” Institute for Defence Studies and Analyses (IDSA) Monograph , 2023. BBC News, “India deploys new anti-drone system along western bor- der,” 2025. Reuters, “Pakistan-based smugglers use drones for narcotics delivery across Indian border,” 2024. Hindustan Times, “BSF enhances radar coverage to detect cross-border drones,” 2025. CNN, “Global surge in anti-drone technologies as border threats esca- late,” 2024. LiveMint, “DRDO develops indigenous anti-drone system for Indian armed forces,” 2025. Defence Research and Development Organization (DRDO), “Counter- Drone Systems: Capabilities and Deployment,” DRDO Annual Report, 2024. Ministry of Defence, Government of India, “Unmanned Aerial Vehicle Operations and Regulatory Framework,” 2023. S. Biswas, “Drone Incursions and India’s Border Management Re- sponse,” South Asia Security Journal , 2025. Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8313379","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":566473418,"identity":"098d0a19-b470-4814-9db1-b23af738a6d9","order_by":0,"name":"G. Soniya Priyatharsini","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABQElEQVRIiWNgGAWjYJCCAwhmBTODAZgBJPmAlARhLWeQtLDh0YIAjG0wLQy4tci39x48zFPDYNfP3vv4xcd51onbGbgTPxcU3JFnY2A+eJsHU4vBmXMJh3mOMSTP7DluZjlzW7qxZQPvZukZBs8M2xjYkq2xaZHIMTjMw8aQbHAjjc2Yd9thOYMDvBukeQwOM7Yx8JhJY9EiPwOk5R9Dsj1Iy985h3mAWjb/Bmqxb2Pg/4ZNC8MNoBbeNgY7A4k05seMDWBbtoFsSQTawoZNi8GZMwYH5/ZJJEicOcbG2HMM6Jdm3m3WPAbPktuY2Ywt52ALsR7jD2++2djzt7cxf/hRAwwx9t7Nt3n+3LHtZ29+eOMNFocBARMPg0RiAzAiILHADCYPwBhYAeMPBgZ7kNoPSIIHcKsfBaNgFIyCkQYAnmRjYXcww0wAAAAASUVORK5CYII=","orcid":"","institution":"Manipal Academy of Higher Education, Dubai","correspondingAuthor":true,"prefix":"","firstName":"G.","middleName":"Soniya","lastName":"Priyatharsini","suffix":""},{"id":566473422,"identity":"50a4cc54-7f20-49fb-973b-ad94a8abe4e8","order_by":1,"name":"R Jagadesh","email":"","orcid":"","institution":"SRM Institute of Science and Technology","correspondingAuthor":false,"prefix":"","firstName":"R","middleName":"","lastName":"Jagadesh","suffix":""},{"id":566473423,"identity":"f09ffbe6-a5a5-4136-9c53-ad84ce45eaa2","order_by":2,"name":"Sundus Zehra","email":"","orcid":"","institution":"Manipal Academy of Higher Education, Dubai","correspondingAuthor":false,"prefix":"","firstName":"Sundus","middleName":"","lastName":"Zehra","suffix":""},{"id":566473424,"identity":"776872c9-1c8e-4ab3-ad72-85d70ab80c66","order_by":3,"name":"R M Saritha","email":"","orcid":"","institution":"S.A Engineering College","correspondingAuthor":false,"prefix":"","firstName":"R","middleName":"M","lastName":"Saritha","suffix":""},{"id":566473426,"identity":"ac956681-e589-4b6c-9ebb-77d50e8621ab","order_by":4,"name":"Renjith Radhakrishnan","email":"","orcid":"","institution":"Tamara","correspondingAuthor":false,"prefix":"","firstName":"Renjith","middleName":"","lastName":"Radhakrishnan","suffix":""}],"badges":[],"createdAt":"2025-12-09 05:38:23","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-8313379/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8313379/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":99224233,"identity":"61d9738a-214d-4824-9401-5d2f82fef818","added_by":"auto","created_at":"2025-12-30 10:05:06","extension":"docx","order_by":0,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":62784,"visible":true,"origin":"","legend":"","description":"","filename":"CyberBasedDetectiononDrones.docx","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/951a75e5a6abe1f11f64ec5e.docx"},{"id":99224235,"identity":"a2821b2a-0baa-49cc-9311-93790d93044b","added_by":"auto","created_at":"2025-12-30 10:05:06","extension":"json","order_by":1,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":6219,"visible":true,"origin":"","legend":"","description":"","filename":"410da6a5de9746acab8fbf12961fee0c.json","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/a65ea6d1b5393074a0fe9d92.json"},{"id":99320490,"identity":"e5bae944-72b7-426a-94dd-3611755337bd","added_by":"auto","created_at":"2025-12-31 16:38:40","extension":"xml","order_by":2,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":49967,"visible":true,"origin":"","legend":"","description":"","filename":"410da6a5de9746acab8fbf12961fee0c1enriched.xml","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/594126d4e3a1c7f6a4794cd8.xml"},{"id":99224237,"identity":"6d2c0c78-b9c4-4dde-a8ea-8e2b3ed21997","added_by":"auto","created_at":"2025-12-30 10:05:06","extension":"jpeg","order_by":4,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":136303,"visible":true,"origin":"","legend":"","description":"","filename":"floatimage1.jpeg","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/063729836e28ec9c343e4889.jpeg"},{"id":99317568,"identity":"8267c03c-2ce4-4742-8d4a-5eedb695a40f","added_by":"auto","created_at":"2025-12-31 16:30:24","extension":"png","order_by":5,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":45324,"visible":true,"origin":"","legend":"","description":"","filename":"Onlinefloatimage1.png","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/dac7d968357cd7e02ba73270.png"},{"id":99318777,"identity":"469546b9-169c-40e1-9e72-37c92fefc2b9","added_by":"auto","created_at":"2025-12-31 16:34:41","extension":"xml","order_by":6,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":48563,"visible":true,"origin":"","legend":"","description":"","filename":"410da6a5de9746acab8fbf12961fee0c1structuring.xml","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/ae385fcdf2e051d4330c5eec.xml"},{"id":99224239,"identity":"72786b44-05ec-47f1-a118-55d069cd3a3a","added_by":"auto","created_at":"2025-12-30 10:05:06","extension":"html","order_by":7,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":55627,"visible":true,"origin":"","legend":"","description":"","filename":"earlyproof.html","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/fe014e1d4bc511b7a9862df8.html"},{"id":99224232,"identity":"525ce8ba-cd0f-42a7-86f4-5556b61b9316","added_by":"auto","created_at":"2025-12-30 10:05:06","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":39652,"visible":true,"origin":"","legend":"\u003cp\u003eFrequency of Wi-Fi drone vulnerabilities.\u003c/p\u003e","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/5235e7420840da6da988d9b4.png"},{"id":99318710,"identity":"ec2ab694-5c4b-47cb-aa05-c94dc3ed3f99","added_by":"auto","created_at":"2025-12-31 16:34:01","extension":"png","order_by":2,"title":"Figure 2","display":"","copyAsset":false,"role":"figure","size":167553,"visible":true,"origin":"","legend":"\u003cp\u003eSystem architecture integrating Wi-Fi, EO, and RF module\u003c/p\u003e","description":"","filename":"2.png","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/76865abc65f67c2e7bc00394.png"},{"id":103405507,"identity":"83a0812a-a2fa-4be9-9768-d2121d2b9b93","added_by":"auto","created_at":"2026-02-25 09:58:24","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":700731,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8313379/v1/59dd12e3-8fd4-4ba3-b652-88622ba95f53.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Cyber-Based Detection and Mitigation of Unauthorized Drones in India: A Case Study on Wi-Fi Vulnerabilities and Counter-Drone Mechanisms","fulltext":[{"header":"Highlights","content":"\u003cp\u003e1. Low-cost Wi-Fi method to detect unauthorized drones.\u003c/p\u003e\u003cp\u003e2. Passive multi-feature fingerprinting for accurate drone ID.\u003c/p\u003e\u003cp\u003e3. Targeted deauthentication to safely trigger vendor fail-safes.\u003c/p\u003e\u003cp\u003e4. Multi-sensor validation with legal and safety safeguards.\u003c/p\u003e"},{"header":"I. INTRODUCTION","content":"\u003cp\u003eUnmanned Aerial Vehicles (UAVs), or drones, are being utilized for a range of applications, such as surveillance, logistics, agriculture, photography, disaster response, and entertainment. The ability to collect high-resolution information, navigate remote locations, and fly autonomously has made drones an essential asset in many industries. However, along with rapid adoption and utilization come significant risks to security and privacy. Bad actors can use drones for illegal or illegal (or quasi-authorized) surveillance, smuggling of contraband, espionage, and delivery of dangerous payload. [1] Conventional counter-UAV solutions such as radar and RF jammers are capable of detecting and countering drones for military or high-security operations, but are far too expensive for small organizations, local authorities, or private individuals.\u003c/p\u003e\u003cp\u003eAdditionally, jammers and kinetic efforts may unintentionally disrupt legitimate communication systems or could induce safety concerns in urban or populated areas. In India, this problem is particularly acute due to the vast number of borders the country has, along with crowded urban sites and a growing market for civilian drones. The Border Security Forces (BSF) have reported a surge in unauthorized drone use, particularly in the Punjabi, Rajasthan, and Jammu areas, where drones are frequently used to smuggle arms and/or narcotics. These challenges highlight an urgency to develop low-cost, versatile, and non-destructive counter-drone solutions. [2] Utilizing existing wireless communication systems, particularly Wi-Fi systems, can present solutions for the counter-drone challenges. Ex- plotting vulnerabilities in standard communication protocols allows for the detection, tracking and safe neutralization of the drone without deploying expensive defense-grade systems. Cyber-based solutions serve as a bridge between defense- grade systems and security in civilian life, allowing drone management to be possible for a larger pool of users.\u003c/p\u003e"},{"header":"II. PROBLEM IDENTIFICATION AND BACKGROUND","content":"\u003cp\u003eOver the past few years, unauthorized drone activity has risen sharply in India, which is indicative of accessibility to drone technology and the changing tactics of bad actors. The Border Security Force (BSF) has recorded hundreds of cross- border drone incursions, mainly from Pakistan, where drones have been used to smuggle arms, explosives, and narcotics. Drone activities were concentrated in Punjab, Rajasthan, and Jammu Kashmir, where the soft terrain and proximity to the international border make detection and interception complex. Even outside the borders, singular recon of unauthorized drone activity near various airports, power stations, and defense installations pose emerging safety and security threats.\u003c/p\u003e \u003cp\u003e[3] The majority of consumer and entry-level commercial drones utilize either Wi-Fi or radio frequency (RF) communication protocols, specifically the 2.4 GHz and 5 GHz bands of the IEEE 802.11 standard. These protocols were designed for convenience and inexpensive ease of connectivity, but do not incorporate strong encryption or authentication features, leaving them vulnerable to cyber risk. An attacker\u0026mdash;or de- fender\u0026mdash;can leverage cyber vulnerabilities to capture drone communication links for analysis or disruption. For example, Wi-Fi packet sniffing, MAC address monitoring, or deauthentication attacks can be used to discover drone presence or disrupt the control system. Traditional counter-UAS systems, such as radar detection, GPS spoofing, RF jamming, and laser- based interception are all effective in military application but also have serious drawbacks.\u003c/p\u003e \u003cp\u003eMost of these systems are expensive to acquire and implement, heavily regulated in domestic environments, can cause collateral interference, and can physically damage property or people in populated areas of operation. Moreover, radar systems often have difficulty distinguishing small drones from birds or other objects, thus limiting detection accuracy in urban or suburban areas. Consequently, there is a significant requirement for cost-effective, software-based, and non-destructive counter-drone systems that could be used by local authorities, critical infrastructure operators, and the private sector. A Wi-Fi detection and mitigation system represents an optimal solution for effectiveness with cost considerations. [4] Using tools and frameworks already present in the cybersecurity domain and based on wireless network analysis protocols, such a detection and mitigation system can identify unauthorized drones by their anomaly-based packet transmission patterns, device signatures, and signal strength. The system can then mitigate the drone\u0026rsquo;s communication link and effect deauthentication or disassociation frames, forcing it to reach a fail-safe mode such as simple hovering, landing, or returning to its home point. Additionally, this cyber approach aligns well with India\u0026rsquo;s push for digital defense innovation and cost-effective security technologies.\u003c/p\u003e \u003cp\u003eIn practice, it further connects the proactive response capabilities of aerial threats in airspace areas where traditional counter-drone systems. This is especially useful near civilian populations, airports, or urban environments. Ultimately, Wi-Fi detection and mitigation systems will enable democratization of drone defense and maintaining peace to hold security responsibility for all elements of society\u0026mdash;not just defending forces\u0026mdash;facing potential threats from drone systems.\u003c/p\u003e"},{"header":"III. SURVEY OF RELEVANT VULNERABILITIES AND ATTACK VECTORS","content":"\u003cp\u003eThe research focuses on the risks associated with vulnerabilities of the Wi-Fi (IEEE 802.11) protocol currently utilized in communications between consumer and semi-professional drones and their remote controller. [5,6]Drone uses either standard Wi-Fi access points or ad-hoc peer-to-peer connectivity to transmit its telemetry, control commands, and live video feeds. This architecture is advantageous for user connectivity outcome and reducing hardware but ultimately yields different cyber security vulnerabilities due to the limited encryption, authentication, and packet management in consumer-grade implementations.\u003c/p\u003e \u003cp\u003eOne major risk involves the deauthentication process of the 802.11 protocol. Deauthentication attacks leverage a function of Wi-Fi networks where either a user or an access point can terminate a client’s session by sending the ”deauth” management frame. These frames are not encrypted or authenticated on most consumer drones, which allows an attacker to easily spoof the deauth frame to sever the link between the drone and the drone controller. When a drone loses connectivity with the controller, because of a deauth attack, it will automatically revert to its configured fail-safe mode of operation, such as hovering in place, landing, or returning to home, as predefined by its manufacturer. Due to this, deauthentication serves as a non-destructive and non-physical counter measure, allowing defenders to mitigate a threatening drone without damaging the drone itself.\u003c/p\u003e \u003cp\u003eAn important element of the proposed solution is Wi-Fi packet sniffing. Wi-Fi packet sniffing is the act of passively monitoring and capturing wireless traffic in the 2.4 GHz or 5 GHz bands.[7] This method analyzes beacon frames, probe requests, and data packets to discover unique communication signatures associated with drones. Some common signatures of drone communication might be specific prefixes of MAC addresses, SSID patterns of the drone network, or even distinctive intervals of frame transmissions. When performing packet sniffing, the system separates legitimate wireless based devices from drones, even in real time.\u003c/p\u003e \u003cp\u003eThe Wi-Fi sniffing affects detection in that the method offers early detection and surveillance, without the need to initiate any systems (i.e., active scanning, initiating a drone network, etc.). To use detection safely and unnoticed in busy populated areas, passive interaction is preferred. An even more advanced attack vector that could be effective is MAC spoofing, as well as signal hijacking. In a Wi-Fi communication environment, many drones do not sufficiently encode or have mutual authentication between the drone and controller. Because of this, an attacker could become one of the two communicating devices by performing MAC spoofing (by simply copying the MAC address and communication parameters to appear legitimate). After an attacker has taken over a session, injection or change of control signals can result in temporary command exploitation or loss of command controls altogether. Although it requires a more detailed understanding of the protocols and its timing needs to be precise, this shows an example of how insecure Wi-Fi communications can be harnessed to take partial or full control of a drone.[8] A system utilizing the above-mentioned systemic vulnerabilities could detect, classify, and neutralize unauthorized drones in a cost-effective fashion from a cybersecurity perspective. Unlike radar or RF jamming systems, this methodology does not require specialized hardware, nor broad interference over multiple frequencies. This example relies on the existing Wi-Fi interfaces and software-defined products to achieve precision, deliberate, and non-destructive countermeasures. Once a drone has been identified, the system can trigger an automated deauthentication sequence that will interrupt the communication channel and cause the drone to execute its fail-safe command, such as hovering or landing\u003c/p\u003e"},{"header":"IV. ATTACK METHODOLOGY AND SYSTEM EXPLOITATION","content":"\u003cp\u003e \u003cb\u003eA. Passive Detection and Signal Analysis\u003c/b\u003e \u003c/p\u003e\u003cp\u003eThe existing system utilizes a passive Wi-Fi monitoring technique that enables continuous observation of wireless communications in the 2.4 GHz and 5 GHz frequency bands, these frequency bands being the most popular use for drone operations.[9] This method provides real-time observation while eliminating any active signal transmissions, increasing chances that the system is not detected during data collection on powered aerial devices. In addition, the system is designed to capture wireless frames which have been transmitted in the environment and used for identifying and analyzing interactions as it pertains to consumer drones even in crowded or complicated wireless environments. Upon capturing the raw wireless data, the system performs packet filtering based on known manufacturer signatures.\u003c/p\u003e\u003cp\u003eAlong with basic filtering the system is performing a deeper frame level examination of the wifi communication. [10]It looks at management and data frames of different types such as beacon frames, probe requests/responses, and data frames, to determine if the patterns of communication are related to drone-controller communication. For example, beacon frames tell us about the presence of networks, the channels they are using, as well as the device identifiers. Probe frames help identify devices that are looking to connect to something, and data frames are capable of showing what may be viewed as periods in packet exchange patterns and transfer rates that can be associated with continuous control signals from a drone- controller. This multi-layered analysis provides the system the capability to determine whether the communication is coming from a drone or a typical Wi-Fi device using multiple parameters, including signal strength (RSSI), frame frequency, packet size, and time of transfer. This multi-layered analysis provides effective drone identification and classification with proximity to people/structure). Only after a defined threat criterion is met and then only with required legal or operational authorization is there escalation to active mitigation. Active mitigation is limited to narrowly targeted link disruption aimed at the identified device’s associated network session in order to trigger vendor-defined failsafe behavior (i.e. hover, auto-land or return to home) rather than damage to the drone, payload or interference to weave spectrum, to include non-targeted users.\u003c/p\u003e\u003cp\u003e[11–13] Active actions will be human-in-the-loop controlled with abort options, follow strict temporal and geographic containment (e.g. directional antennas and minimum duration), and automatic rollback if detected collateral effects on legitimate communications are detected out the need for any prior physical contact or interference with the signal. Once a drone has been positively identified, trajectory, changes in signal strength levels, and changes in flight behavior can be tracked to help backtrack range, altitude or type of flight path.\u003c/p\u003e\u003cp\u003e \u003cb\u003eB. Multi-Sensor Validation and Threat Assessment\u003c/b\u003e \u003c/p\u003e\u003cp\u003eOnce the passive monitoring subsystem classifies a nearby wireless device as a probable drone based on a multi-feature fingerprint approach (e.g. OUI/SSID patterns, beacon/probe behaviors, RSSI trends, packet cadence), an assessment phase follows to cross-validate that detection based on independent sources of sensors (e.g. visual/EO confirmation, RF direction finding, or GNSS anomalies) and contextual policy checks (e.g. airspace restrictions, registered operator presence or proximity to people/structure). [14–16] Only after a defined threat criterion is met and then only with required legal or operational authorization is there escalation to active mitigation.\u003c/p\u003e\u003cp\u003eActive mitigation is limited to narrowly targeted link disruption aimed at the identified device’s associated network session in order to trigger vendor-defined failsafe behavior (i.e. hover, auto-land or return to home) rather than damage to the drone, payload or interference to weave spectrum, to include non-targeted users. [17]Active actions will be human-in-the-loop controlled with abort options, follow strict temporal and geographic containment (e.g. directional antennas and minimum duration), and automatic rollback if detected collateral effects on legitimate communications are detected.\u003c/p\u003e"},{"header":"V. CASE REFERENCES: DRONE INCIDENTS IN INDIA ","content":"\u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Taba\" border=\"1\"\u003e \u003ccolgroup cols=\"3\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSource\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eYear\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eVector / Note\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eThe Hindu\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2024\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eDrone seizures at Punjab border (smuggling)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003ePunjab News Express\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2025\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eEncrypted payload drop (Amritsar)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eTimes of India\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2025\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eOperation Sindoor: swarm interdiction\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eExpress\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2025\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSmuggling attempt interdicted\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003ctfoot\u003e \u003ctr\u003e\u003ctd colspan=\"3\"\u003eTABLE I: Selected case references (2024\u0026ndash;2025)\u003c/td\u003e\u003c/tr\u003e \u003c/tfoot\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003eThe above table explains the [18\u0026ndash;25] case references in the year 2024 to 2025. These case references explain the different incidents in various places in india.\u003c/p\u003e"},{"header":"VI. EXPLOITATION MECHANISMS AND SYSTEM VULNERABILITIES","content":"\u003cp\u003eThe Wi-Fi-based deauthenticaton attack leverages a basic vulnerability found in many consumer implementations of IEEE 802.11: management frames (including deauthentication and disassociation frames) are normally not authenticated and not encrypted and can be constructed by any radio that is using the same channel. Using this vulnerability at the MAC layer, an adversary or an authorized defender injects constructed disconnection frames that will be accepted as legitimate by the drone or the controller, thus compromising the control / telemetry link without ever having to touch the airframe at all. Many drones do not provide mutual authentication or session integrity, thus enabling the attack by simply taking advantage of the lack of sufficient cryptographic mechanisms and session binding at the link layer.\u003c/p\u003e \u003cp\u003e[26] As a practical matter, the drone firmware, when it detects a loss of control link, will call its vendor defined failsafe - usually to hover in place, return to home, or land itself automatically - that will provide a non-destructive method of neutralization. An important point to note is that the actual outcome will depend on manufacturer implementation and configuration different models react differently to link loss). For any active use of link disruption, legal authority, strict safety protocols, confirmation from multiple sensors to avoid false positives, and reduction of collateral consequences to nearby legitimate Wi-Fi users will all need to be considered.\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabb\" border=\"1\"\u003e \u003ccolgroup cols=\"2\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eDIMENSION\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDESCRIPTION\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eFinancial\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eLower cost vs. radar/jamming; accessible to municipal bodies\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eTechnical\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eUses commodity Wi-Fi hardware and open-source tools; scalable\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSocio security\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eNon-destructive neutralization preserves public safety and trust.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cdiv class=\"BlockQuote\"\u003e \u003cp\u003eTABLE II: Impact dimensions of Wi-Fi based counter-drone framework\u003c/p\u003e \u003c/div\u003e \u003c/p\u003e"},{"header":"VII. ANALYSIS AND DISCUSSION ","content":"\u003cp\u003eOur current approach to cybersecurity centers on selective detection and non-destructive neutralization of drones that are not approved. We focus on actions at the packet-level, rather than generating wide spectrum interference across all frequencies. Our approach is to specifically identify unauthorized drones by passive sniffing and reviewing live 802.11 traffic to uncover and identify unique information about specific drones (focusing on OUI, beacon/probe rolls, SSID patterns, telemetry timing, packet shape, etc.), rather than indiscriminately jamming frequencies (often causing interference to nearby emergency, legitimate, or wi-fi users).\u003c/p\u003e \u003cp\u003e[27] Once a device is identified as a probable drone and cross-validated with supporting sensors (camera, RF location/denial or GNSS anomalies), the platform sends narrowly targeted link-disruption actions that simply spoof that drone's management-layer session (for example, crafting a rogue deauth to its MAC/BSSID). Since the intervention targeted a single session, and used vendor-defined failsafe behavior, the platform was neutralized by causing it to hover, auto-land, or return-to-home; without damaging the airframe and without saturating the RF environment. This specificity significantly limited collateral interference and allowed for operation in densely populated urban areas as well as in the periphery of airports, at private facilities, or at critical-infrastructure sites where other service functions (safety and continuity) were important. [28] The operationally designed approach is to integrate into a layered counter-UAS architecture: passive Wi-Fi monitoring for early detection; EO/IR or PTZ cameras for visual confirmation; RF location finding; and evidence logging with synchronized PCAPs, video frames and GNSS traces for forensic and legal workflows.\u003c/p\u003e \u003cp\u003eThis system is designed to operate with human-in-the-loop controls and strict policy gates—i.e., automatic mitigation will be enabled only when the action occurs in a pre-authorized setting and only with high levels of confidence. [29–30] The system should be used with documented legal authority, standard operating procedures, and privacy protections. Limitations include non-WiFi links (proprietary FHSS, LTE, satellite) and robust MFP protection (802.11w/PMF) limits capabilities. Attackers could migrate to these links and procedures as mitigation techniques improve\u003c/p\u003e "},{"header":"VIII. CONCLUSION","content":"\u003cp\u003eIn India, there is a growing trend of unauthorized drone usage that raises security, safety and privacy issues throughout border areas, urban areas, and critical infrastructure locations. Smuggling of drugs, illegal filming, and ever-present risk to airspace safety are often associated with drone activity, which has revealed the inadequacies of the traditional counter-drone measures such as radar, RF jamming, or kinetic interception to effectively address these issues. These traditional counter-drone systems are generally very expensive, require a great deal of infrastructure to support their implementation and are typically not accessible to local authorities or private entities.\u003c/p\u003e\u003cp\u003eIn this situation, cyber countermeasures that rely on vulnerabilities in Wi-Fi technology offer a low-cost, lightweight portable, and easily scalable alternative. In particular, the method of exploiting consumers' drone communications protocols using vulnerabilities in the authentication of management frames in the 802.11 standard to allow detection, identification, and selective behavior disruption of unauthorized UAVs without any malicious physical damage to any unexplained small patterns in the airspace or wireless data traffic is explored. The suggested architecture provides an initial defense mechanism specifically suited for usage by municipalities local governments, public safety, and private drone users. By discerning and monitoring network-layer activity and employing temporary link-disruption methods that include drone-neutralization options, the users are able to actively monitor and use techniques to successfully detect and respond to certain UAV activity, ultimately forcing the UAV into a fail-safe position, such as hovering or landing safely. The overarching strategy is affordability, fast deployment, and safe operation: coordinating a differential response to armed UAVs readily protects urban airspace and secure areas without expensive military-grade technological systems and without reliance on police investigative footings or legal action in urban areas.\u003c/p\u003e"},{"header":"Declarations","content":"\u003cp\u003e \u003cstrong\u003e \u003cb\u003eEthics approval and consent to participate\u003c/b\u003e:\u003c/strong\u003e \u003cp\u003e- Ethical standards are followed while conducting the current research and writing the manuscript.\u003c/p\u003e \u003c/p\u003e \u003cp\u003e \u003cstrong\u003e \u003cb\u003eConsent to publication\u003c/b\u003e:\u003c/strong\u003e \u003cp\u003e- Consent was obtained from all individual participants included in the study.\u003c/p\u003e \u003c/p\u003e \u003cp\u003e \u003cstrong\u003e \u003cb\u003eCompeting interests\u003c/b\u003e:\u003c/strong\u003e \u003cp\u003e- The authors declare no competing interests.\u003c/p\u003e \u003c/p\u003e\u003ch2\u003eFUNDING\u003c/h2\u003e \u003cp\u003eOpen access funding provided by Manipal Academy of Higher Education, Manipal, Dubai. This research did not receive any funding, and all authors played an equal role in the completion of this work.\u003c/p\u003e\u003ch2\u003eAuthor Contribution\u003c/h2\u003e\u003cp\u003eAuthors have contributed to this manuscript. G. Soniya Priyatharsini- designed the study and developed the methodology. Jagadesh R and Sundus Zehra - performed data collection and analysis. Maheswari.A and R M Saritha - prepared the figures and tables. Renjith Radhakrishnan - wrote the main manuscript draft.\u003c/p\u003e\u003ch2\u003eAcknowledgement\u003c/h2\u003e\u003cp\u003eThis is no conflict of interest among authors pertaining to this publication. All relevant details have been disclosed, and no personal relationships or affiliations have influenced the interpretations of this work.\u003c/p\u003e\u003ch2\u003eData Availability\u003c/h2\u003e\u003cp\u003eData supporting the output of the current study will be provided to the journal by corresponding author upon request.\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\n\u003cli\u003ePunjab News Express, \u0026ldquo;BSF recovers pistol, drugs dropped by Pak drones in Amritsar,\u0026rdquo; 2025.\u003c/li\u003e\n\u003cli\u003eThe Times of India, \u0026ldquo;70 Pakistan drones destroyed in Gujarat, Rajasthan during Operation Sindoor,\u0026rdquo; 2025.\u003c/li\u003e\n\u003cli\u003eEconomic Times, \u0026ldquo;BSF, Amritsar Police foil cross-border smuggling bid using drones,\u0026rdquo; 2025.\u003c/li\u003e\n\u003cli\u003eNew Indian Express, \u0026ldquo;BSF intercepts 13 drones in a week, 181 drones seized in 2024,\u0026rdquo; 2024.\u003c/li\u003e\n\u003cli\u003eS. S. Prabhune and A. Jaiswal, \u0026ldquo;Unmanned Aerial Systems and Counter- Unmanned Aerial Systems: Challenges and Opportunities for India,\u0026rdquo; \u003cem\u003eAir Power Journal\u003c/em\u003e, 2024.\u003c/li\u003e\n\u003cli\u003eG. Pandey, \u0026ldquo;Military Advancement of Chinese Unmanned Aerial Ve- hicles: Security Implications for India,\u0026rdquo; \u003cem\u003eResearch Review International Journal of Multidisciplinary\u003c/em\u003e, 2024.\u003c/li\u003e\n\u003cli\u003eD. P. Srirangam, K. Hemalatha, A. Vajravelu, and N. Ashok Kumar, \u0026ldquo;Safety and Security Issues in Employing Drones,\u0026rdquo; in \u003cem\u003eWireless Networks for Security Applications\u003c/em\u003e, Springer, 2023.\u003c/li\u003e\n\u003cli\u003eS. Raut and K. Kotecha, \u0026ldquo;Cybersecurity Framework for UAV Commu- nication: Vulnerability Analysis and Threat Mitigation,\u0026rdquo; \u003cem\u003eIEEE Access\u003c/em\u003e, 2023.\u003c/li\u003e\n\u003cli\u003eP. Rao, \u0026ldquo;Drone Surveillance and Border Security: Emerging Trends in India,\u0026rdquo; \u003cem\u003eJournal of Defence Studies\u003c/em\u003e, 2022.\u003c/li\u003e\n\u003cli\u003eBhardwaj, \u0026ldquo;Integrating AI for Drone Threat Detection: Challenges and Future Prospects,\u0026rdquo; \u003cem\u003eDefence Science Journal\u003c/em\u003e, 2024.\u003c/li\u003e\n\u003cli\u003eR. Mishra and S. Kumar, \u0026ldquo;Counter-UAV Technologies and Their Mil- itary Applications,\u0026rdquo; \u003cem\u003eIEEE Transactions on Aerospace and Electronic Systems\u003c/em\u003e, 2023.\u003c/li\u003e\n\u003cli\u003eK. Mehta, \u0026ldquo;Cross-Border Drone Threats: Policy and Strategic Implica- tions for India,\u0026rdquo; \u003cem\u003eORF Issue Brief\u003c/em\u003e, 2025.\u003c/li\u003e\n\u003cli\u003eL. Sharma and R. Tiwari, \u0026ldquo;RF and Radar-Based Drone Detection Systems,\u0026rdquo; \u003cem\u003eInternational Journal of Electronics and Communications\u003c/em\u003e, 2022.\u003c/li\u003e\n\u003cli\u003eV. Kapoor, \u0026ldquo;Counter-Drone Operations in Urban Environments: Lessons for Indian Security Forces,\u0026rdquo; \u003cem\u003eCentre for Land Warfare Studies (CLAWS) Journal\u003c/em\u003e, 2023.\u003c/li\u003e\n\u003cli\u003eP. Joshi and A. Nair, \u0026ldquo;Machine Learning Models for Drone Anomaly Detection,\u0026rdquo; \u003cem\u003eIEEE Sensors Journal\u003c/em\u003e, 2021.\u003c/li\u003e\n\u003cli\u003eN. Reddy and M. Singh, \u0026ldquo;Drone Swarm Attacks and Defence Mecha- nisms: A Survey,\u0026rdquo; \u003cem\u003eDefence Technology\u003c/em\u003e, 2023.\u003c/li\u003e\n\u003cli\u003eT. Verma, \u0026ldquo;AI-Enabled Counter-Unmanned Aerial Systems for Border Management,\u0026rdquo; \u003cem\u003eJournal of Intelligent Robotic Systems\u003c/em\u003e, 2024.\u003c/li\u003e\n\u003cli\u003eR. Singh, \u0026ldquo;India\u0026rsquo;s Counter-Drone Policy: Framework, Implementation, and Challenges,\u0026rdquo; \u003cem\u003eNational Security Review\u003c/em\u003e, 2025.\u003c/li\u003e\n\u003cli\u003eGeorge, S. P., Muniappan, S., Neelarappu, T., Krishnan, J. R., \u0026amp; Megaraj, M. (2024, November). System architecture for an explicit and data-driven customer sentiment tracker. In \u003cem\u003eAIP Conference Proceedings\u003c/em\u003e (Vol. 3192, No. 1, p. 020077). AIP Publishing LLC.\u003c/li\u003e\n\u003cli\u003ePatel and D. Gupta, \u0026ldquo;Jamming and Spoofing Mitigation Techniques for UAVs,\u0026rdquo; \u003cem\u003eIEEE Communications Surveys Tutorials\u003c/em\u003e, 2022.\u003c/li\u003e\n\u003cli\u003eS. Kumar and P. Bose, \u0026ldquo;Cyber Threats to UAV Networks: Detection and Response Strategies,\u0026rdquo; \u003cem\u003eComputer Networks\u003c/em\u003e, 2023.\u003c/li\u003e\n\u003cli\u003eS. Nanda, \u0026ldquo;Role of Drones in Modern Warfare: A Strategic Perspective,\u0026rdquo; \u003cem\u003eInstitute for Defence Studies and Analyses (IDSA) Monograph\u003c/em\u003e, 2023.\u003c/li\u003e\n\u003cli\u003eBBC News, \u0026ldquo;India deploys new anti-drone system along western bor- der,\u0026rdquo; 2025.\u003c/li\u003e\n\u003cli\u003eReuters, \u0026ldquo;Pakistan-based smugglers use drones for narcotics delivery across Indian border,\u0026rdquo; 2024.\u003c/li\u003e\n\u003cli\u003eHindustan Times, \u0026ldquo;BSF enhances radar coverage to detect cross-border drones,\u0026rdquo; 2025.\u003c/li\u003e\n\u003cli\u003eCNN, \u0026ldquo;Global surge in anti-drone technologies as border threats esca- late,\u0026rdquo; 2024.\u003c/li\u003e\n\u003cli\u003eLiveMint, \u0026ldquo;DRDO develops indigenous anti-drone system for Indian armed forces,\u0026rdquo; 2025.\u003c/li\u003e\n\u003cli\u003eDefence Research and Development Organization (DRDO), \u0026ldquo;Counter- Drone Systems: Capabilities and Deployment,\u0026rdquo; DRDO Annual Report, 2024.\u003c/li\u003e\n\u003cli\u003eMinistry of Defence, Government of India, \u0026ldquo;Unmanned Aerial Vehicle Operations and Regulatory Framework,\u0026rdquo; 2023.\u003c/li\u003e\n\u003cli\u003eS. Biswas, \u0026ldquo;Drone Incursions and India\u0026rsquo;s Border Management Re- sponse,\u0026rdquo; \u003cem\u003eSouth Asia Security Journal\u003c/em\u003e, 2025.\u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Drone detection, cybersecurity, Wi-Fi, IEEE 802.11, packet sniffing, deauthentication, unauthorized drones, counter-UAS","lastPublishedDoi":"10.21203/rs.3.rs-8313379/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8313379/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eCommercial and defense adoption of Unmanned Aerial Vehicles (UAVs) has improved operational capability while introducing security and privacy challenges. Unauthorized drone activity across India\u0026rsquo;s borders and urban airspace poses threats to safety and national security. This paper presents a cybersecurity-driven approach that leverages IEEE 802.11 (Wi- Fi) vulnerabilities for detection and non-destructive neutralization of unauthorized drones. By combining passive packet sniff- ing, multi-feature fingerprinting, and targeted deauthentication- based link disruption, the proposed method aims for low- cost, precise counter-drone measures suitable for local law enforcement and infrastructure operators. Key limitations, legal considerations, and multisensor validation are discussed.\u003c/p\u003e","manuscriptTitle":"Cyber-Based Detection and Mitigation of Unauthorized Drones in India: A Case Study on Wi-Fi Vulnerabilities and Counter-Drone Mechanisms","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-12-30 10:05:01","doi":"10.21203/rs.3.rs-8313379/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"0ea1a151-a04a-466e-8fab-272b2b9eba6d","owner":[],"postedDate":"December 30th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2026-02-25T09:57:10+00:00","versionOfRecord":[],"versionCreatedAt":"2025-12-30 10:05:01","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8313379","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8313379","identity":"rs-8313379","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}