pith. sign in

arxiv: 2604.17572 · v1 · submitted 2026-04-19 · 📡 eess.SY · cs.SY

An Innovation-Based Approach to Detect Stealthy Disturbance Attacks in Maritime Monitoring

Gabriele Oliva , Bianca Mazz\`a , Roberto Setola This is my paper

Pith reviewed 2026-05-10 05:25 UTC · model grok-4.3

classification 📡 eess.SY cs.SY
keywords Kalman filter innovationsstealthy attacksmaritime navigationanomaly detectioncyber-physical securityFIR disturbancesstatistical tests
0
0 comments X

The pith

The Statistical Detection Suite detects stealthy finite-impulse-response disturbances in maritime navigation by jointly testing four properties of whitened Kalman filter innovations.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Maritime navigation depends on Kalman filters that fuse data from GNSS, radar, inertial sensors, and AIS. This paper introduces the Statistical Detection Suite (SDS) as a lightweight monitoring layer that operates on the innovations of these filters. The SDS applies four checks in combination: bias, covariance consistency through the normalized innovation squared, Gaussianity, and temporal independence via portmanteau statistics. It also shows how an attacker can craft stealthy finite-impulse-response Gaussian disturbances using optimization to avoid detection by standard methods. Evaluations in maritime scenarios indicate that the SDS can identify correlated spoofing attacks that bypass traditional chi-square checks.

Core claim

The paper claims that jointly evaluating bias, normalized innovation squared covariance consistency, Gaussianity, and portmanteau temporal independence on the whitened innovations allows detection of stealthy FIR Gaussian disturbances that evade classical chi-square checks on the innovations.

What carries the argument

The Statistical Detection Suite (SDS) consisting of four complementary statistical checks on whitened Kalman filter innovations.

If this is right

  • An optimization problem can be formulated to design stealthy FIR disturbances that balance evasion of detection with impact on the vessel trajectory.
  • The SDS exposes such attacks in maritime navigation scenarios where classical methods do not.
  • Innovation-based monitoring can be integrated into estimation frameworks to improve resilience to cyber-physical threats.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar suites of innovation checks could be developed for Kalman filter applications in other fields like autonomous driving.
  • Adjusting the thresholds of the four tests might further reduce false alarms in noisy maritime conditions.
  • The modeling of adversary disturbances suggests that multi-statistic approaches are necessary for robust anomaly detection in estimators.

Load-bearing premise

That the four statistical checks will detect the stealthy FIR disturbances reliably while keeping false alarm rates low under realistic maritime sensor noise and system dynamics.

What would settle it

A maritime navigation simulation or experiment in which optimized stealthy FIR disturbances are applied to the sensors and the SDS performance is measured against traditional methods for detection rate and false positives.

Figures

Figures reproduced from arXiv: 2604.17572 by Bianca Mazz\`a, Gabriele Oliva, Roberto Setola.

Figure 1
Figure 1. Figure 1: Per-test p-values for the nominal case, Attack A and Attack B, evaluated at t = 150s (i.e., at the end of the injection horizon). (bias, NIS, Gaussianity, whiteness). Attack A is character￾ized by near-zero NIS and whiteness p-values, confirming that temporal coloring is what betrays this spoof despite its mean being near zero and its marginal shape not being strongly non-Gaussian. In contrast, Attack B ke… view at source ↗
Figure 2
Figure 2. Figure 2: Displacement ∥∆p[k]∥2 over time relative to nom￾inal. Dashed: Attack A; dotted: Attack B. demonstrates the opposite compromise. Here the deviation from nominal is smaller, yet statistically much harder to distinguish: the per-test p-values remain comfortably within the acceptance region. This attack therefore passes undetected while still biasing the trajectory in a subtle but noticeable way. Together, the… view at source ↗
read the original abstract

Modern maritime navigation and control systems rely on digital sensing, estimation, and communication pipelines that fuse GNSS, radar, inertial, and AIS data through approaches such as Kalman-filter-based estimators. While these technologies are essential for safety and efficiency, their growing interconnection also exposes vessels to faults and cyber-physical anomalies. This paper introduces a Statistical Detection Suite (SDS) to detect malicious stealthy disturbances. Specifically, the SDS operates directly on the innovations of Kalman filters, providing a lightweight yet statistically grounded layer of anomaly monitoring within maritime estimation frameworks. The SDS jointly evaluates whitened innovations through four complementary checks: (i) bias, (ii) covariance consistency via the normalized innovation squared (NIS), (iii) Gaussianity, and (iv) temporal independence via portmanteau statistics. The analysis further examines how an adversary can craft stealthy finite-impulse-response (FIR) Gaussian disturbances that can evade classical chi-square checks, formulating an optimization-based design that balances stealth and trajectory impact. An evaluation in maritime navigation scenarios illustrates how the SDS exposes colored spoofing attacks that bypass traditional methods, highlighting the role of innovation-based monitoring in strengthening maritime resilience against cyber-physical threats.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper proposes a Statistical Detection Suite (SDS) that monitors the innovations of a Kalman filter in maritime navigation systems (GNSS/AIS fusion) using four joint statistical checks on whitened innovations: bias, normalized innovation squared (NIS) covariance consistency, Gaussianity, and portmanteau test for temporal independence. It formulates an optimization problem for an adversary to design stealthy finite-impulse-response (FIR) Gaussian disturbances that evade the classical chi-square test on NIS, and presents an evaluation in selected maritime scenarios claiming that the SDS detects such colored spoofing attacks that bypass traditional single-test methods.

Significance. If the joint tests prove reliable with controlled false alarms, the work offers a lightweight, statistically grounded monitoring layer that addresses gaps in single-statistic detectors for cyber-physical security in safety-critical maritime systems. The optimization-based adversary model is a constructive contribution for analyzing stealthy attack design.

major comments (3)
  1. [Evaluation section] Evaluation section (as described in the abstract): the manuscript illustrates detection of optimized FIR attacks in selected maritime scenarios but supplies no quantitative results such as detection rates, false-positive rates, ROC analysis, or power curves for the joint SDS. This leaves the central claim that SDS 'exposes colored spoofing attacks that bypass traditional methods' without measurable support.
  2. [Analysis of adversary and SDS checks] The joint SDS claim depends on the four tests (bias, NIS, Gaussianity, portmanteau) maintaining low false-alarm rates under realistic conditions. No derivation, bound, or empirical study is provided for the joint false-alarm probability when the nominal Kalman filter encounters colored sensor noise, wave-induced disturbances, or small model mismatches typical of GNSS/AIS fusion; such mismatches violate the whiteness/Gaussianity assumptions required by all four tests.
  3. [Adversary model section] Adversary design (optimization formulation): while the paper shows an FIR attack can be crafted to evade the classical NIS chi-square test, it is unclear whether the resulting disturbances were evaluated against the full joint SDS (all four checks) or only against the single NIS statistic, weakening the demonstration that SDS reliably catches optimized stealthy attacks.
minor comments (2)
  1. [Abstract] The abstract states that the SDS 'jointly evaluates whitened innovations' but does not specify the whitening procedure or filter used to obtain them; this should be clarified for reproducibility.
  2. [SDS description] Notation for the four tests (e.g., exact definitions of the portmanteau statistic and Gaussianity test) could be made more explicit with equations or pseudocode to aid implementation.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed comments. We address each major comment below and will revise the manuscript to incorporate the suggested improvements.

read point-by-point responses

  1. Referee: [Evaluation section] Evaluation section (as described in the abstract): the manuscript illustrates detection of optimized FIR attacks in selected maritime scenarios but supplies no quantitative results such as detection rates, false-positive rates, ROC analysis, or power curves for the joint SDS. This leaves the central claim that SDS 'exposes colored spoofing attacks that bypass traditional methods' without measurable support.

    Authors: We agree that the evaluation would benefit from explicit quantitative metrics. The current manuscript uses selected maritime scenarios to illustrate the detection concept qualitatively. In the revised version we will add detection rates, false-positive rates (under nominal conditions), ROC curves, and power analysis for the joint SDS versus the single NIS test, thereby providing measurable support for the central claim. revision: yes

  2. Referee: [Analysis of adversary and SDS checks] The joint SDS claim depends on the four tests (bias, NIS, Gaussianity, portmanteau) maintaining low false-alarm rates under realistic conditions. No derivation, bound, or empirical study is provided for the joint false-alarm probability when the nominal Kalman filter encounters colored sensor noise, wave-induced disturbances, or small model mismatches typical of GNSS/AIS fusion; such mismatches violate the whiteness/Gaussianity assumptions required by all four tests.

    Authors: The SDS is derived under the standard assumption that the Kalman filter is correctly tuned, yielding white Gaussian innovations in the nominal case. We acknowledge that real-world mismatches can affect the joint false-alarm rate. In the revision we will add Monte-Carlo simulation results that quantify the joint false-alarm probability under representative maritime disturbances (colored sensor noise and small model mismatches), showing that the rate remains acceptably low when the individual tests are calibrated at conventional significance levels. revision: yes

  3. Referee: [Adversary model section] Adversary design (optimization formulation): while the paper shows an FIR attack can be crafted to evade the classical NIS chi-square test, it is unclear whether the resulting disturbances were evaluated against the full joint SDS (all four checks) or only against the single NIS statistic, weakening the demonstration that SDS reliably catches optimized stealthy attacks.

    Authors: The optimized FIR disturbances were evaluated against the complete SDS. The optimization is formulated to evade only the NIS chi-square test; the subsequent evaluation demonstrates that the bias, Gaussianity, and portmanteau tests detect the residual temporal correlation and non-Gaussianity introduced by the FIR filter. We will revise the manuscript to state this evaluation procedure explicitly and to report per-test detection outcomes for the optimized attacks. revision: yes

Circularity Check

0 steps flagged

No significant circularity in SDS derivation or adversary optimization

full rationale

The paper's central chain applies four standard, externally defined statistical tests (bias, NIS covariance, Gaussianity, portmanteau) to Kalman-filter innovations and formulates the stealthy FIR adversary explicitly as an optimization problem that trades off evasion of the classical chi-square test against trajectory effect; neither step reduces by construction to a fitted parameter renamed as prediction, a self-citation load-bearing uniqueness claim, or an ansatz smuggled from prior work. The maritime evaluation is presented as illustration of the joint checks rather than a statistical reduction to the paper's own inputs. The derivation therefore remains self-contained against established Kalman filtering and hypothesis-testing results.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review provides no explicit free parameters, new axioms, or invented entities. The approach rests on standard Kalman filter innovation properties (whitening, Gaussianity) that are treated as background knowledge.

pith-pipeline@v0.9.0 · 5506 in / 1166 out tokens · 50156 ms · 2026-05-10T05:25:33.357502+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

39 extracted references · 39 canonical work pages · 1 internal anchor

  1. [1]

    IFAC-PapersOnLine , volume=

    Simultaneously identifying the system dynamics and fault isolation for air data sensor failures: a convex approach , author=. IFAC-PapersOnLine , volume=. 2024 , publisher=

    work page 2024

  2. [2]

    Adam: A Method for Stochastic Optimization

    A method for stochastic optimization , author=. arXiv preprint arXiv:1412.6980 , year=

    work page internal anchor Pith review Pith/arXiv arXiv

  3. [3]

    2025 European Control Conference (ECC) , pages=

    Continuous-Time System Identification and OCV Reconstruction of Li-ion Batteries via Regularized Least Squares , author=. 2025 European Control Conference (ECC) , pages=. 2025 , organization=

    work page 2025

  4. [4]

    Annals of Mathematical Statistics , volume =

    Harold Hotelling , title =. Annals of Mathematical Statistics , volume =

    work page

  5. [5]

    Estimation with Applications to Tracking and Navigation , author=

    work page

  6. [6]

    Design and Analysis of Modern Tracking Systems , author=

    work page

  7. [7]

    IEEE Transactions on Aerospace and Electronic Systems , year=

    Estimating Optimal Tracking Filter Performance for Manned Maneuvering Targets , author=. IEEE Transactions on Aerospace and Electronic Systems , year=

    work page

  8. [8]

    Handbook of Marine Craft Hydrodynamics and Motion Control , author=

    work page

  9. [9]

    Control Engineering Practice , volume =

    Learning robust residuals for attack diagnosis of advanced driver assist systems , author =. Control Engineering Practice , volume =. 2025 , doi =

    work page 2025

  10. [10]

    WIREs Maritime Anomaly Detection: A Review , volume =

    Maritime anomaly detection: A review , author =. WIREs Maritime Anomaly Detection: A Review , volume =. 2018 , doi =

    work page 2018

  11. [11]

    Understanding GPS/GNSS: Principles and Applications , author=

    work page

  12. [12]

    Psychometrika , volume=

    The approximation of one matrix by another of lower rank , author=. Psychometrika , volume=. 1936 , publisher=

    work page 1936

  13. [13]

    J. R. M. Hosking , title =. Journal of the American Statistical Association , volume =. 1980 , doi =

    work page 1980

  14. [14]

    Bierman , title =

    Gerald J. Bierman , title =

    work page

  15. [15]

    Mardia and John T

    Kantilal V. Mardia and John T. Kent and John M. Bibby , title =

    work page

  16. [16]

    Jarque and Anil K

    Carlos M. Jarque and Anil K. Bera , title =. Economics Letters , volume =

    work page

  17. [17]

    Signal Processing , pages=

    Indirect Kalman filtering for robust GNSS spoofing detection in signal quality monitoring , author=. Signal Processing , pages=. 2026 , number=

    work page 2026

  18. [18]

    Mardia , title =

    Kantilal V. Mardia , title =. Biometrika , volume =

    work page

  19. [19]

    Loughin , title =

    Thomas M. Loughin , title =. Computational Statistics & Data Analysis , volume =

    work page

  20. [20]

    Journal of the American Statistical Association , volume =

    Xiaofeng Shao , title =. Journal of the American Statistical Association , volume =

    work page

  21. [21]

    S. N. Lahiri , title =

    work page

  22. [22]

    R. A. Fisher , title =

    work page

  23. [23]

    L. H. C. Tippett , title =

    work page

  24. [24]

    Proceedings of the 38th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2025) , pages=

    Kalman Filter Integrity Monitoring Over Finite Time-Intervals , author=. Proceedings of the 38th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2025) , pages=

    work page 2025

  25. [25]

    George E. P. Box and Greta M. Ljung , title =. Biometrika , volume =

    work page

  26. [26]

    Review, algorithm, and simulation experiments , author=

    Kalman filter estimation and prediction of daily stream flows: I. Review, algorithm, and simulation experiments , author=. Journal of the American Water Resources Association , volume=

    work page

  27. [27]

    Journal of Engineering Mechanics , volume=

    A modified whiteness test for damage detection using Kalman filter innovations , author=. Journal of Engineering Mechanics , volume=. 2011 , publisher=

    work page 2011

  28. [28]

    IEEE Transactions on Control of Network Systems , volume=

    Optimal linear cyber-attack on remote state estimation , author=. IEEE Transactions on Control of Network Systems , volume=

    work page

  29. [29]

    Maritime Cyber Attack Database (MCAD) , year =

    work page

  30. [30]

    Guide to Ship Cybersecurity , year =

    work page

  31. [31]

    Automatica , volume=

    Worst-case stealthy innovation-based linear attack on remote state estimation , author=. Automatica , volume=

    work page

  32. [32]

    IEEE Transactions on Control of Network Systems , volume=

    Estimating the impact of cyber-attack strategies for stochastic control systems , author=. IEEE Transactions on Control of Network Systems , volume=

    work page

  33. [33]

    IEEE Transactions on Automatic Control , volume=

    On Kalman filtering with compromised sensors: Attack stealthiness and performance bounds , author=. IEEE Transactions on Automatic Control , volume=

    work page

  34. [34]

    Proceedings of the 2017 American Control Conference (ACC) , pages=

    Tuning windowed chi-squared detectors for sensor attacks , author=. Proceedings of the 2017 American Control Conference (ACC) , pages=. 20178 , organization=

    work page 2017

  35. [35]

    IEEE Transactions on Aerospace and Electronic Systems , volume=

    Bayesian filtering for dynamic anomaly detection and tracking , author=. IEEE Transactions on Aerospace and Electronic Systems , volume=

    work page

  36. [36]

    IEEE Transactions on Aerospace and Electronic Systems , volume=

    Recurrent encoder--decoder networks for vessel trajectory prediction with uncertainty estimation , author=. IEEE Transactions on Aerospace and Electronic Systems , volume=

    work page

  37. [37]

    Journal of the Franklin Institute , volume=

    A Bayesian and Markov chain approach to short-term and long-term personal watercraft trajectory forecasting , author=. Journal of the Franklin Institute , volume=. 2025 , publisher=

    work page 2025

  38. [38]

    Automatica , volume=

    Worst-case stealthy innovation-based linear attack on remote state estimation , author=. Automatica , volume=. 2018 , publisher=

    work page 2018

  39. [39]

    IEEE Transactions on Automatic Control , volume=

    Optimal deception attacks against remote state estimation: An information-based approach , author=. IEEE Transactions on Automatic Control , volume=. 2022 , publisher=

    work page 2022