Deep learning models in urban air mobility (UAM) autonomous landing systems face emerging security threats from Trojan (backdoor) attacks, yet no systematic assessment framework exists for this safety-critical domain. Method: We propose the first backdoor threat evaluation framework tailored to UAM, built upon the DroNet architecture and validated on a custom real-world flight dataset with stealthy trigger injection. We systematically assess the vulnerability of CNN-based landing navigation models under backdoor perturbations. Results: Experimental evaluation shows that the compromised model maintains 96.4% accuracy on clean inputs but suffers a severe drop to 73.3% when triggers are activated—critically degrading attitude estimation and obstacle-avoidance decision-making. This work provides the first empirical evidence of high susceptibility of UAM perception modules to data-poisoning-based backdoor attacks, establishing both theoretical foundations and a benchmark methodology for robustness verification and defense design in aviation-grade AI systems.

This study investigates the vulnerabilities of autonomous navigation and landing systems in Urban Air Mobility (UAM) vehicles. Specifically, it focuses on Trojan attacks that target deep learning models, such as Convolutional Neural Networks (CNNs). Trojan attacks work by embedding covert triggers within a model's training data. These triggers cause specific failures under certain conditions, while the model continues to perform normally in other situations. We assessed the vulnerability of Urban Autonomous Aerial Vehicles (UAAVs) using the DroNet framework. Our experiments showed a significant drop in accuracy, from 96.4% on clean data to 73.3% on data triggered by Trojan attacks. To conduct this study, we collected a custom dataset and trained models to simulate real-world conditions. We also developed an evaluation framework designed to identify Trojan-infected models. This work demonstrates the potential security risks posed by Trojan attacks and lays the groundwork for future research on enhancing the resilience of UAM systems.