Cybersecurity of Unmanned Aerial Vehicles from a Control Systems Perspective: A Review

Abstract

Unmanned aerial vehicles (UAVs) are widely utilized for environmental monitoring, precision agriculture, infrastructure inspection, and various defense missions, including reconnaissance and surveillance. Their cybersecurity is essential because any compromise of communication, navigation, or control systems can cause mission failure and introduce significant safety and security risks. Therefore, this paper examines the existing literature on UAV cybersecurity and highlights that most previous surveys focus on listing different types of attacks or communication weaknesses, rather than evaluating the problem from a control systems perspective. Considering control systems is important because the safety and performance of a UAV depend on how cyberattacks affect its sensing, decision-making, and actuation loops; modeling these attacks and their impact on system behavior provides a clearer foundation for designing secure, resilient, and stable control strategies. Based on a comprehensive review of the literature, it presents a mathematical framework for characterizing common cyberattacks on UAV communication and sensing layers, including time-delay switch, false data injection, denial of service, and replay attacks. To demonstrate the impacts of these attacks on UAV control systems, a simulation of a two-UAV leader-follower multi-agent system is conducted in MATLAB. Defense algorithms from the existing literature are then organized into a hierarchical framework of prevention, detection, and mitigation, with detection and mitigation further categorized into model-based, learning-based, and hybrid approaches that combine both. The paper concludes by summarizing key findings and highlighting challenges with current defense strategies, including those insufficiently addressed in existing research.

1. Introduction

In recent years, Unmanned Aerial Vehicles (UAVs) have seen a surge in popularity because of their versatility and many advantages over traditional aircraft. Such advantages include low maintenance cost and reduction in the size and load requirements of the aircraft. In safety critical applications such as warfare, firefighting, and power line inspection, a UAV is favorable because it eliminates the risk of harm to the operator [1,2,3,4,5]. Other well-known applications in which UAVs excel include agriculture, delivery services, and photography [6,7]. UAVs have also been shown to be useful in providing temporary wireless communication networks through Flying Ad Hoc Networks (FANETs) to rescue operations and victims of natural disasters after their existing network infrastructure has been destroyed [8].

UAV control is classified into two main categories: centralized and decentralized. In centralized control, a UAV’s flight control and motion planning is computed remotely, whether autonomously or through a human operator. In decentralized control, the UAV is more independent in that it is able to interpret its environment and make motion planning decisions with its own computational resources or by cooperating with other nearby UAVs [9,10]. The disadvantage of centralized control is that strong, uninterrupted wireless communication between the Ground Control Station (GCS) and UAV is far more significant than in a decentralized control scheme. Typical wireless communication protocols for UAVs include Wi-Fi, Bluetooth, ZigBee, and LTE, which are vulnerable to attacks without proper countermeasures [11,12]. On the other hand, common sensing equipment aboard a UAV includes inertial measurement units (IMU), GPS, LiDAR, and optical and thermal cameras [13]. These instruments are integral to the UAV’s control system and, therefore, are potential cyberattack targets.

From a control system perspective, a cyberattack on a UAV has two potential targets: the communication network layer and the sensing layer. In a centralized UAV control scheme, both elements are crucial, while in decentralized control, the role of communication between the GCS and UAV is less significant. However, in both control schemes, the sensing of its environment is necessary for the control system to operate safely. Common threats that would compromise a UAV’s control system include Time Delay Switch, False Data Injection, Denial of Service, and Replay attacks. A TDS attack occurs when an attacker injects time-varying delays into transmitted data or feedback loops, possibly compromising stability [14,15,16]. A FDI attack occurs when an attacker feeds faulty data to a UAV’s communication and sensing layers to cause instability in the control system [17,18]. A DoS attack is when a hacker overwhelms the UAV’s communication channels or sensing layer with fraudulent traffic to exhaust its computational resources, and therefore, disrupts communication and/or the control system [19]. A Replay attack is when an attacker intercepts communication between a UAV and GCS and replays it at some later time to negatively influence UAV control [20]. The attacks mentioned above are significant threats to UAV control; therefore, robust defense strategies are required.

The hierarchical structure of UAV cyberattack defense algorithms consists of prevention, detection, and mitigation. Prevention algorithms aim to secure wireless communication and sensing layers through sophisticated encryption and authentication methods [21,22]. An exceptionally effective communication security countermeasure applicable to groups of UAVs such as FANETs is Blockchain, which is highly dependent on encryption strategies [23]. The issue with these defense methods is that they are not always robust and are almost always limited by the power and computational resources available on board the aircraft [22,24,25]. The goal of a detection algorithm is to recognize suspicious wireless communication activity or sensor data and then deploy mitigation techniques and/or alert the GCS that an attack may be present. Detection algorithms are commonly based on the implementation of complex algorithms, statistical analysis, and artificial intelligence to detect suspicious wireless communication activity [26,27,28,29,30]. Mitigation algorithms consist of designing resilient UAV controllers to attenuate undesirable control system behavior during an attack [1,31]. Researchers have effectively used model-based algorithms such as state observers or estimators and learning-based algorithms such as neural networks (NN) and machine learning (ML) to develop resilient controllers [32,33]. Further research in this field is motivated by the need to overcome computational resource limitations and develop robust, secure networks and control systems for UAVs.

Existing survey papers on UAV cybersecurity primarily focus on detailing attacks and their defense mechanisms from a communications perspective, rather than from a control-theoretic perspective. These works often overlook the direct threats that cyberattacks pose to the controller itself, as well as how robust control algorithms can mitigate such threats. The algorithms investigated are primarily categorized as prevention and detection methods, while mitigation strategies are largely neglected. For example, in [6], UAV cybersecurity was discussed from a communication network perspective, only mentioning prevention and detection techniques such as cryptography and intrusion detection schemes, while neglecting mitigation. In [23], the survey focused on securing wireless UAV communication through machine learning and encryption techniques such as blockchain and watermarking. In [34], UAV cybersecurity was surveyed by classifying threats and their respective defenses into software, machine learning, and network categories. In [24], attacks and defenses were organized similar to [34], but included payload attacks as a fourth category. In [22], attacks were categorized from the perspective of UAV system architecture, placing them into eight categories: spoofing, replay, jamming, DoS, eavesdropping, side channel, manipulation, and system intrusion. The weaknesses of existing countermeasures and new security threats were also discussed. In [30], cyberattack defenses were classified into three categories: prevention, detection, and resilience based on reputation and trust. Resiliency was defined as the system’s capacity to supply services consistently during an attack, bug, or system failure. The discussion of resiliency strategies was limited to network security attacks and neglected control algorithms. In [35], a survey was conducted on the physical layer security of UAVs in which prevention and detection methods were detailed extensively. Mathematical modeling of secrecy performance metric was included but FDI, TDS, DoS, and replay attacks were not mentioned explicitly.

This survey follows a structured but narrative-driven literature review methodology inspired by established systematic review practices (e.g., PRISMA), with the goal of achieving broad coverage rather than exhaustive enumeration. Relevant studies were identified primarily through iterative searches on Google Scholar using combinations of keywords related to UAVs, cybersecurity, networked control systems, and specific attack and defense mechanisms (e.g., false data injection, denial-of-service, replay attacks, resilient control, and secure estimation). Additional papers were identified through backward and forward citation tracking of key survey and foundational works, as well as targeted searches to fill gaps in specific prevention, detection, and mitigation categories. Studies were included based on relevance to UAV or closely related cyber-physical systems and their explicit connection to control, communication, or sensing security, while purely theoretical works without system-level implications were generally excluded.

Beyond categorizing existing prevention, detection, and mitigation techniques, the control-theoretic framing adopted in this paper provides several new insights that are largely absent from prior UAV cybersecurity surveys. First, by modeling cyberattacks as structured perturbations to signals, dynamics, and communication channels, diverse attacks such as TDS, FDI, DoS, and replay can be analyzed within a unified mathematical framework, enabling direct comparison of their effects on stability, tracking performance, and robustness margins. Second, this perspective highlights fundamental trade-offs between security mechanisms and closed-loop control performance, revealing how delays, packet losses, and corrupted measurements propagate through feedback loops rather than remaining confined to the communication layer. Finally, the control-oriented analysis exposes open problems that are obscured in communication-centric surveys, including the co-design of lightweight security mechanisms with control laws, resilience guarantees for multi-agent coordination under attack, and stability-preserving integration of learning-based defenses in safety-critical UAV systems.

In summary, existing surveys on UAV cybersecurity largely emphasize communication-centered attack classifications and corresponding prevention or detection techniques, while giving limited attention to how cyberattacks directly disrupt guidance, estimation, and control loops. The proposed paper contributes by addressing this gap through a control-theoretic perspective that explicitly analyzes how attacks influence system dynamics and how resilient control algorithms can mitigate their effects. Unlike prior work, which rarely examines mitigation beyond communication safeguards, this paper systematically integrates attack modeling, control-level vulnerabilities, and control-oriented defense strategies to provide a more comprehensive foundation for secure and resilient UAV operation.

The outline of this paper is as follows. Section 2 introduces a generalized attack model based on the existing literature to build a framework for describing cyberattacks on UAVs. Section 3 examines the effects of attacks through a review of existing literature and a simulation of a leader-follower multi-agent UAV network conducted in MATLAB. Section 4, Section 5 and Section 6 investigate the existing literature on prevention, detection, and mitigation algorithms, respectively. Please note that some referenced papers are not specifically targeted towards UAVs, but their methods are generally applicable to any networked control system (NCS). Finally, Section 7 summarizes our findings, and Section 8 concludes the paper.

2. Generalized Attack Model

A general mathematical formulation of cyberattacks offers a clearer understanding of their impact on UAV control systems. Such frameworks are commonly used in studies that propose model-based detection and mitigation algorithms. The generalized attack model adopted in this section is built upon well-established NCS formulations used to study cyber-physical attacks in industrial and cyber-physical systems. The framework presented in this paper is primarily based on [1,15,18,31,36,37,38], in which the dynamics of a UAV under cyberattack are described as follows. A general model representing the dynamics of UAV agent i is modeled as

$$\left\{\begin{array}{c}{\dot{x}}_i\left(t\right)=F_i(x_i\left(t\right),u_i\left(t\right),t),\hfill \\ y_i\left(t\right)=G_i\left(x_i\left(t\right)\right),\hfill \end{array}\right.$$

(1)

where $x_i\left(t\right)\in {\mathbb{R}}^n$ is the state vector with n state variables, $u_i\left(t\right)\in {\mathbb{R}}^p$ is the control input with p inputs, and $y_i\left(t\right)\in {\mathbb{R}}^q$ is the output with q outputs, and $F_i:{\mathbb{R}}^n\times {\mathbb{R}}^p\times [0,\infty )\to {\mathbb{R}}^n$ may describe linear or nonlinear dynamics while $G_i:{\mathbb{R}}^n\to {\mathbb{R}}^q$ models the output. The control input is modeled by

$$u_i\left(t\right)=H_i(r_i\left(t\right),z_i\left(t\right),t),$$

(2)

where $H_i:{\mathbb{R}}^q\times {\mathbb{R}}^q\times [0,\infty )\to {\mathbb{R}}^p$ denotes the $i^{th}$ agent’s controller behavior and $r_i\left(t\right)\in {\mathbb{R}}^q$ is the reference signal. In the absence of cyberattack, $z_i\left(t\right)\in {\mathbb{R}}^q$ represents the plant output signal perceived by the controller after wireless communication delays and noise, which is defined as

$$z_i\left(t\right)=C_i(y_i\left(t\right),t)$$

(3)

where $C_i:{\mathbb{R}}^q\times [0,\infty )\to {\mathbb{R}}^q$ models the communication channels. Under cyberattack, the model parameters become

$$\begin{array}{c}\hfill \begin{array}{c}\hfill ({\tilde{F}}_i,{\tilde{G}}_i,{\tilde{H}}_i,{\tilde{C}}_i,{\tilde{x}}_i,{\tilde{u}}_i,{\tilde{z}}_i,{\tilde{r}}_i,\tilde{t})={\pi }_i(F_i,G_i,H_i,C_i,x_i,u_i,z_i,r_i,t),\end{array}\end{array}$$

(4)

where a tilde denotes a parameter corrupted by a cyberattack, the effects of which are modeled by the attack function ${\pi }_i$. This is illustrated more clearly in Figure 1, which shows a general communication architecture for a multi-agent system (MAS) of UAVs under cyberattack. In the following sections, a signal such as $u_i\left(t\right)$, $r_i\left(t\right)$, or $z_i\left(t\right)$ will be represented by general signal, ${\gamma }_i\left(t\right)$, where the corrupted signal is denoted by ${\tilde{\gamma }}_i\left(t\right)={\pi }_i\left({\gamma }_i\left(t\right)\right)$. The nature of the attack function ${\pi }_i$ depends on the type of attack. The following subsections define time-delay switch, denial of service, false data injection, and replay attacks within the aforementioned mathematical framework.

Figure 1. A General Communication Architecture for a Multi-Agent System of UAVs.

2.1. Time-Delay Switch Attack

A UAV control system relies on accurate and timely sensor and reference data to generate appropriate control inputs. While wireless communication channels or sensors can naturally introduce some delay in the control loop, a cyberattacker can intentionally cause unsafe delays through a Time-Delay Switch (TDS) attack by manipulating or delaying data packets. Such delays may degrade control performance, reduce efficiency, or even cause system instability [14,37,39]. The generic control system signal corrupted by a TDS attack is modeled as

$${\pi }_i^{TDS}({\gamma }_i\left(t\right),{\tau }_i\left(t\right))\triangleq {\gamma }_i(t-{\tau }_i\left(t\right)),$$

(5)

where ${\tau }_i\left(t\right)\in {\mathbb{R}}_{>0}$ denotes an unknown, random, and time-varying delay introduced by a TDS attacker. Physically, this model states that the control loop’s perceived states lag behind the true, uncorrupted signal by a delay, ${\tau }_i\left(t\right)$. If TDS attack can also be injected to control or reference signals causing instability and unsafe behavior for UAVs. More information on TDS attacks can be found in the following references [15,16,37,38,40].

2.2. Denial of Service Attack

A Denial of Service (DoS) attack occurs when an adversary completely overwhelms a UAV’s communication or sensing layers with illegitimate traffic, thereby obstructing the transmission of valid data. This scenario can be regarded as the limiting case of a TDS attack, in which the time delay ${\tau }_i\to \infty$, preventing the control system from receiving timely ${\gamma }_i$ updates. It is important to note that the complete denial of new information packets does not happen instantaneously; rather, ${\tau }_i\left(t\right)$ increases gradually until ${\gamma }_i\left(t\right)$ is held constant via a zero-order hold. Mathematically, the attack function for a DoS attack can be represented as follows

$${\pi }_i({\gamma }_i\left(t\right),{\tau }_i\left(t\right),{\delta }_i\left(t\right))\triangleq \left\{\begin{array}{cc}{\gamma }_i\left(t-{\tau }_i\left(t\right)\right),\hfill & {\delta }_i\left(t\right)=1,\hfill \\ {\gamma }_i\left(t_k\right),\hfill & {\delta }_i\left(t\right)=0,\hfill \end{array}\right.$$

(6)

where

$$t_k=sup\{s\le t\mid {\delta }_i\left(s\right)=1\}.$$

Here, ${\delta }_i\left(t\right)\in \{0,1\}$ is the communication availability indicator, with ${\delta }_i\left(t\right)=1$ indicating that communication is available but delayed, and ${\delta }_i\left(t\right)=0$ indicating that a DoS attack has caused complete communication loss at time $t_k$. This implies that, during a DoS attack, the control loop receives no new information about the system states, potentially leading to instability.

2.3. False Data Injection Attack

The goal of a False Data Injection (FDI) attack is to mislead the UAV’s feedback control system by substituting its current measured states with false data. A more sophisticated FDI attacker may leverage knowledge of the UAV’s control system to perform a more effective attack [31]. A FDI attack can be represented by

$${\pi }_i({\gamma }_i\left(t\right),{\alpha }_i\left(t\right))\triangleq {\gamma }_i\left(t\right)+{\alpha }_i\left(t\right),$$

(7)

where ${\alpha }_i\left(t\right)\in \mathbb{R}$ represents a bounded, unknown, continuous time-varying FDI attack. In most FDI attacks, access to communication channels is required. One type of FDI attack where this is not applicable is a GPS spoofing attack. Since civilian GPS signals are not encrypted, an adversary can easily transmit a GPS signal stronger than the true signal to mislead the UAV [41].

2.4. Replay Attack

A replay attack on a UAV control system occurs when an adversary records a legitimate signal, ${\gamma }_i\left(t\right)$, during normal operation and later replays this previously recorded signal to the system, with the goal of degrading performance or inducing instability [20]. The received signal under a replay attack is modeled as

$${\pi }_i({\gamma }_i\left(t\right),{ϵ}_i)\triangleq {ϵ}_i{\gamma }_i\left(t\right)+(1-{ϵ}_i){\gamma }_i(t-{\theta }_i),$$

(8)

where ${ϵ}_i\in \{0,1\}$ is a binary indicator of attack presence, defined as

$${ϵ}_i=\left\{\begin{array}{cc}1,\hfill & \mathrm{if}\mathrm{no}\mathrm{replay}\mathrm{attack}\mathrm{is}\mathrm{present},\hfill \\ 0,\hfill & \mathrm{if}\mathrm{a}\mathrm{replay}\mathrm{attack}\mathrm{is}\mathrm{active}.\hfill \end{array}\right.$$

(9)

When ${ϵ}_i=0$, the signal ${\gamma }_i(t-{\theta }_i)$ corresponds to a previously recorded measurement, and ${\theta }_i\in {\mathbb{R}}_{>0}$ denotes the replay delay between the time the signal was recorded and the time it is re-injected into the system.

3. Effects of Attacks

3.1. Existing Literature

Numerous studies proposing novel prevention, detection, and mitigation algorithms present simulations in which their proposed algorithms are subjected to cyberattacks. These studies frequently include comparisons with existing algorithms also designed to defend against such threats. However, they often omit baseline simulations that illustrate the effects of cyberattacks on control systems without countermeasures. The studies highlighted below address this gap by demonstrating the impact of cyberattacks on basic control systems. In [15], the effects of a TDS attack on a two-UAV leader-follower formation were investigated. The RMSE tracking errors of a traditional dynamic inversion controller were 1.81, 0.18, and 4.24 for the pitch, yaw, and roll rates, respectively. For the novel controller proposed in the paper, the RMSE values were decreased to 1.78, and 0.16, 3.86 respectively. In [42], a FDI attack was simulated on five UAVs operating under a formation control scheme. The simulation showed that injecting false data into the sensing layers of the UAV multi-agent network led to inaccurate control execution, resulting in significant increases in the position and velocity state residuals of the UAVs under attack. Similarly, in [43], a simulation performed on a formation of five UAVs showed that FDI attacks negatively influence the overall state of health of the formation as attack time increases. In [44], a replay attack was simulated on a Linear Quadratic Gaussian (LQG) controller where the attack caused a 91% performance degrade with respect to the optimal LQG cost. In [45], it was shown that a DoS attack on a formation of six UAVs can degrade stability and negatively influence trajectory. Recent work in autonomous driving has demonstrated highly stealthy physical attacks on vision systems—for example, Omni-Angle Assault demonstrates robust multi-angle physical illumination attacks on face recognition, and FIGhost and ITPatch demonstrate fluorescent-ink triggered backdoor/patch attacks against traffic-sign recognition—underscoring that physical-world sensing attacks are a realistic threat to UAV perception as well [46,47,48].

3.2. Attack Simulations

The following simulation is intended as a simple illustrative example to motivate the control-theoretic impact of cyberattacks on UAVs. Consider a multi-agent network of UAVs composed of one leader and one follower node, which communicate through a time-invariant, connected, directed graph. The x-direction dynamics for the leader node of this system are described by

$$\left\{\begin{array}{c}{\dot{x}}_1=v_1,\hfill \\ {\dot{v}}_1=-{\alpha }_{v_1}(v_1-v_{ref}),\hfill \end{array}\right.$$

(10)

where $v_{ref}\in \mathbb{R}$ is the velocity commanded for node 1 to follow and ${\alpha }_{v_1}\in {\mathbb{R}}_{>0}$ is a design parameter. Similarly, the x-direction dynamics for the follower node are designed as

$$\left\{\begin{array}{c}{\dot{x}}_2=v_2\hfill \\ {\dot{v}}_2=-{\alpha }_{x_2}(d_{desired}-(x_1-x_2))-{\alpha }_{v_2}(v_2-v_1),\hfill \end{array}\right.$$

(11)

where $d_{desired}\in \mathbb{R}$ is the desired distance that node 2 must maintain between itself and node 1 and ${\alpha }_{x_2}\in {\mathbb{R}}_{>0}$ and ${\alpha }_{v_2}\in {\mathbb{R}}_{>0}$ are design parameters. The dynamics for the y- and z-directions are analogous. However, for the sake of simplicity, we will only consider the x-direction dynamics.

In the following simulation, each attack occured at $t=5$ s and lasted until the end of the simulation at $t=10$ s. Initial conditions were arbitrarily chosen as $x_1\left(0\right)=5$, $v_1\left(0\right)=2$, $x_2\left(0\right)=0$, $v_1\left(0\right)=0$. The design parameters ${\alpha }_{v_1}$, ${\alpha }_{x_1}$, and ${\alpha }_{v_2}$ were chosen as 2, 4, and 3, respectively. In each attack, only the output sent by node 1 to the node 2 becomes corrupted (i.e., $v_{12}\left(t\right)\to {\tilde{v}}_{12}\left(t\right)$).

The TDS attack was simulated by sending the last known $v_{12}$ value for ${\tau }_{12}\left(t\right)=2$ s and then allowing the signal to resume with a time delay. Similarly, for the DoS attack, when the attack begins, $v_{12}$ is held constant for the duration of the attack. A FDI attack was simulated by superimposing a random time-varying signal, ${\alpha }_{12}\left(t\right)\in [0,10]$ onto $v_{12}$. The signal was randomly generated such that it exhibited a normal distribution with a non-zero median value because if a FDI signal has a median value of zero, it is essentially Gaussian noise and would have far less of an impact on UAV trajectory. A Replay attack was simulated by capturing the time history of $v_{12}$ from $t=0$ to $t=5$ s and replaying that data once the attack began. The simulation results are presented in Figure 2 and Figure 3, which illustrate that each cyberattack led to a loss of coordination between the nodes, causing collisions and preventing node 2 from maintaining its desired velocity and spacing. Table 1 summarizes the corresponding increase in root-mean-square error (RMSE) for each attacked case relative to the unattacked baseline. From a control-theoretic perspective, these results illustrate that different attack classes induce qualitatively distinct closed-loop behaviors, with delay-based attacks primarily degrading stability margins, while FDI and replay attacks bias state estimates and corrupt feedback signals. Such distinctions are critical for designing targeted detection and mitigation strategies, as robustness to one class of attack does not necessarily imply resilience to others.

Figure 2. Unattacked and Attacked Leader and Follower Velocity vs. Time.

Figure 3. Unattacked and Attacked Distance Between Leader and Follower vs. Time.

Table 1. Root Mean Square Error (RMSE) for each Response.

Response	Unattacked	FDI	TDS	DoS	Replay
RMSE	2.5341	3.0315	5.2976	4.1480	4.2752

4. Prevention Algorithms

The goal of a prevention algorithm is to prevent an adversary from gaining access to the communication and sensing layers of a UAV. The prevention algorithms discussed in this paper include encryption, blockchain, authentication, channel hopping/allocation, and redundancy. It should be noted that, although prevention algorithms are effective in enhancing the security of communication and sensing layers, some of these algorithms may introduce delays or noise that can impair the stability of the control loop.

4.1. Encryption

Encryption is the process of scrambling data using a complex cipher prior to transmission [49]. At the receiver node, a key is required to decrypt the information. The two primary types of encryption methods are symmetric and asymmetric [50]. Symmetric encryption uses a private key shared between two nodes in a network to encrypt and decrypt data. In [51,52,53], symmetric encryption schemes are successful in securing UAV communication. Alternatively, asymmetric encryption uses a public key for encryption and a private key for decryption, which is generally more secure but less efficient.

The most significant challenge with cryptographic techniques is that they are computationally intensive, introduce communication latencies, and can be limited by the computational resources aboard the UAV [24]. This may not be a significant constraint for a NCS such as a chemical processing plant. For example, in [54], a Paillier cryptographic scheme is used to secure Lyapunov-based model predictive control of a chemical process, where the sampling rate is low enough to absorb the latencies introduced by encryption and decryption. However, UAVs require low-latency wireless communication, which has motivated recent research in developing lightweight encryption techniques. For example, in [52,53], lightweight and energy-efficient private key encryption algorithms for UAVs are presented. Similarly, in [55], communication latencies introduced by encryption algorithms are compensated for by modeling delays in the control design of a general NCS. In [56], Quantum Key Distribution (QKD) is shown to be a strong secure communication encryption strategy in a NCS in which the latencies introduced into the system are handled by a Kalman filter. Although QKD is currently mostly experimental, it shows promise for securing NCS communication in the near future. For more papers on lightweight encryption algorithms for UAVs, see [57,58,59]. Similar computational constraints have been extensively studied in related domains such as Internet of Things (IoT), mobile devices, and edge computing, where secure communication must be achieved under strict energy, latency, and processing limitations [60]. These fields have motivated the development of lightweight cryptographic primitives, hardware-assisted security, and computation offloading strategies, which are directly applicable to resource-constrained UAV platforms. Adapting such secure and efficient computing techniques to UAV networks strengthens the case for lightweight encryption schemes that preserve control performance while maintaining security guarantees.

4.2. Blockchain

One of the most effective prevention algorithms available is blockchain. Blockchain is a decentralized digital ledger system that records and stores information in an expanding list of records linked together by cryptography [23,61]. In a blockchain, each record contains a cryptographic hash of the previous block, a timestamp, and the transmitted data. Each node possesses a copy of the history of records, and adding new information requires the consensus of all nodes. If an adversary wanted to alter the information in the blockchain, 51% of the nodes within the blockchain would have to modify their records for the blockchain to reach consensus. Blockchain offers strong security for UAV control by using a decentralized, immutable, and tamper-resistant ledger, eliminating the vulnerability of a single point of failure inherent in centralized systems. Consequently, it has been useful in securing multi-agent systems such as UAV swarms performing disaster recovery in [62]. For example, in [63], the communication channels of a UAV swarm tasked with crowd monitoring are successfully secured using blockchain. Similarly, in [64], the authors propose blockchain as a reliable and secure communication system capable of controlling UAVs operating in both a formation and a leader-follower control scheme. However, a significant limitation of blockchain is its high computational overhead, which introduces latency into communication channels [25]. Notably, the computational efficiency of these blockchain-based communication schemes depends on factors such as network size and complexity, interaction frequency between nodes, and the volume of transmitted data. Similar challenges have been identified in blockchain-enabled IoT and edge computing systems, where limited computation and strict latency requirements have driven research toward lightweight consensus mechanisms, hierarchical blockchains, and edge-assisted validation [65]. These approaches reduce on-board computational burden by delegating intensive processing to edge nodes or selectively limiting participation in consensus, while preserving security properties. Incorporating such secure and efficient computing concepts into UAV blockchain architectures further supports the feasibility of blockchain-based prevention methods in resource-constrained aerial networks. Despite these limitations, blockchain remains attractive for multi-agent UAV systems due to its ability to provide distributed trust, secure coordination, and resilient consensus without relying on centralized control. In UAV swarms, blockchain can enhance cooperation by ensuring the integrity of task assignments, shared state information, and inter-agent communication, which is critical in military applications. However, practical deployment in real-time UAV applications often requires lightweight consensus mechanisms or hybrid architectures to balance security with latency and resource constraints.

4.3. Authentication

Authentication is the verification of the identity of a device or user with a password before allowing access to a wireless network [66]. Authentication ensures that only trusted entities communicate with UAVs or the GCS, which helps prevent adversaries from impersonating legitimate nodes. While authentication can prevent an adversary from injecting false data or replaying data, it is ineffective against DoS, TDS, and GPS spoofing attacks.

4.4. Channel Hopping

Channel hopping is another prevention algorithm in which wireless communication frequently switches between different frequency channels [67]. A channel hopping scheme is robust unless the attacker understands the pattern of frequency hopping. In [68], an effective channel hopping scheme is devised where frequency selection is governed by chaotic mapping. Chaotic mapping refers to a deterministic mathematical process that generates complex, pseudo-random sequences highly sensitive to initial conditions. This sensitivity ensures unpredictability in the frequency hopping pattern, making it difficult for adversaries to predict or jam the communication channels. In [69], a prevention algorithm is introduced that combines encryption and channel hopping techniques to address the issue of computational resource restrictions in UAVs. An algorithm was designed in which the UAV and GCS communicate through a primary unencrypted channel, but, in the event of a cyberattack, communication switches to a secondary, redundant encrypted channel.

4.5. Adaptive Channel Allocation

Another method similar to channel hopping is adaptive channel allocation (ACA). Unlike channel hopping, which continuously switches channels based on a chaotic algorithm, ACA responds to real-time factors such as resource constraints or a cyberattack [70]. For example, in [71], wireless resources for a generalized NCS are allocated based on a deep reinforcement learning algorithm.

4.6. Redundancy

Redundancy is a prevention technique in which redundant sensors or communication channels are integrated into the UAV-GCS communication and sensing architecture [72]. For example, in [73], a UAV platform is designed with three redundant sensors and four redundant communication channels that are used in the event of a DoS attack. In [74], redundant sensors are simulated in a NCS under FDI attack. While redundant sensors may be feasible for most NCSs, a UAV may not be able to accept additional sensors due to weight constraints.

5. Detection Algorithms

The purpose of a detection algorithm is to identify suspicious communication and sensing through analysis of signals perceived by the UAV. The detection algorithms discussed in this section are organized into model-based, learning-based, and hybrid approaches that combine both model-based and learning-based elements. For a comprehensive list of the cyberattack detection-focused papers discussed in the following section, please refer to Table 2.

Table 2. UAV Cyberattack Detection Algorithms.

	Algorithm Type	TDS	FDI	Dos	Replay
Detection	Model-based	[15,39,75,76]	[77,78,79]	[80,81]	[82]
	Learning-based	[83]	[84]	[84,85]
	Hybrid-based		[86,87,88]

5.1. Model-Based Detection

A model-based detection algorithm relies on the mathematical model that describes the kinematics of the UAV to detect suspicious sensing or communication data. Examples of this method include state observers and filtering. A state observer is a mathematical algorithm that uses past inputs and output measurements to estimate the present states of a dynamic system that may not be directly measurable [89]. Since an observer predicts how a system’s states should behave, it can detect cyberattacks by comparing the estimated states against the sensors’ measured states. Examples of state observers include Unknown Input Observers (UIO), Kalman filters, sliding-mode observers, and Luenberger observers. These methods are limited in that attacks that fall outside the predefined residual threshold may go undetected, and selecting an optimal threshold value can be challenging. In this section, model-based detection algorithms are organized by the cyberattacks they are designed to identify.

5.1.1. TDS Attacks

Since the mathematical model that describes the dynamics of the UAV is known, its expected behavior can be predicted and used to identify time delays in the system. For example, in [15], a state observer is used to detect TDS attacks in NCSs by comparing the estimated states with the actual measurements. Another paper incorporating state estimation techniques to detect TDS attacks is [39], in which TDS attacks in a power grid are detected by comparing estimated delays against a threshold. Similarly, in [76], an adaptive observer is used to estimate the states of a NCS and detect TDS attacks based on these measurements. In addition to state estimation algorithms, other model-based algorithms, such as reference governors, are also effective. A reference governor is a model-based algorithm designed to filter or adjust a control system’s reference signal to ensure that system constraints such as actuator limits are not violated. Since the expected behavior of the reference governor is known, abnormal behavior can be an indicator of a TDS attack. For example, in [75], a reference governor based on the dynamic model of a UAV is used to detect TDS attacks. When communication delays increase due to a TDS attack, the governor limits or rejects reference updates more frequently than expected, revealing abnormal timing behavior in the networked control system.

5.1.2. FDI Attacks

Model-based algorithms, such as state estimators and observers, can also be used to detect FDI attacks. A key challenge in this context is distinguishing false data from normal system disturbances, such as sensor noise. To address this, ref. [77] proposes the use of an unknown input observer for UAVs, which is capable of detecting FDI attacks while accounting for convergence conditions in trajectory and state tracking error. Similarly, in [78], the authors approach this challenge by implementing a Kalman filter that is capable of detecting GPS spoofing attacks in UAVs while filtering out 99.73% of false positives. The proposed algorithm monitors the residual, the difference between the GPS signal measured by sensors and the signal estimated by the filter, and alerts the GCS when it exceeds a certain threshold. Residual monitoring is also employed in [79], where a sliding-mode observer is used to detect FDI attacks in electrical power grids by analyzing the system’s residuals.

5.1.3. DoS Attacks

One example of model-based detection of DoS attacks is [80], in which an adaptive observer detects DoS attacks in a cooperative adaptive cruise control system for an autonomous vehicle. Similarly, in [81], the residuals of a Kalman filter are monitored to detect DoS attacks in generalized NCSs.

5.1.4. Replay Attacks

In [82], a Kalman filter is used to successfully detect replay attacks in UAV control systems.

5.2. Learning-Based Detection

Machine learning is a branch of artificial intelligence in which algorithms are trained on data to eventually make autonomous decisions [90]. During the training phase, ML algorithms are presented with numerous datasets containing known cyberattacks. If the algorithm is told where the attacks occur, then it will eventually recognize the attacks independently. A major advantage of many ML algorithms is that the learning agent does not require explicit knowledge of the UAV’s dynamic model, instead learning directly from data. As with prevention algorithms such as encryption, a significant concern when developing detection algorithms is the computational resources on board the UAV, which is especially true for ML-based detection algorithms [91]. Another challenge is that training and collecting sufficient real-world data may be difficult or time-consuming.

In [83], a long short-term memory (LSTM) neural network is used to detect TDS attacks on a power plant control system. Similarly, ref. [84] applied logistic regression and a random forest ML algorithms to detect GPS spoofing in UAVs, achieving 98.58% accuracy. In the context of DoS attacks, ref. [85] introduced an experience-based deep learning algorithm which recognizes UAV communication behavior that is indicative of a DoS attack. Similarly, in [84], the authors propose a logistic regression and random forest ML algorithm to detect DoS attacks in UAVs.

5.3. Hybrid-Based Detection

A cyberattack detection algorithm may incorporate both model-based and learning-based elements. For example, an algorithm would qualify as hybrid if it incorporates a model-based method such as an observer that provides state estimates to a learning-based method such as a Neural Network.

An example of a hybrid detection algorithm is shown in [86], where an adaptive Kalman filter is paired with a convolutional neural network to detect FDI attacks in a power grid NCS. Similarly, in [88], model-based state estimation methods are combined with a LSTM-based deep learning model to detect FDI attacks in the NCS of a power grid. In [87], the estimated states of a NCS model are analyzed to detect FDI attacks, while a Reinforcement Learning (RL) agent adaptively updates detection parameters such as the residual threshold and observation window length. Although computational efficiency is a concern in hybrid-based detection methods, optimization algorithms combined with hybrid deep learning frameworks (e.g., Bi-GRU enhanced by metaheuristic algorithms [92]) have been applied in other domains to improve computational efficiency. Similar strategies could be explored for UAV cyberattack detection.

6. Mitigation Algorithms

Resilient mitigation algorithms are capable of diminishing the effects of a cyberattack. Common approaches to achieving this goal include model-based, learning-based, and hybrid approaches that combine both. For a comprehensive list of the cyberattack mitigation-focused papers discussed in the following section, please refer to Table 3.

Table 3. UAV Cyberattack Mitigation Algorithms.

	Algorithm Type	TDS	FDI	Dos	Replay
Mitigation	Model-based	[15,75]	[33,93,94]	[95,96,97]	[98,99]
	Learning-based	[83]	[100]	[101]	[102]
	Hybrid-based	[15,103]	[18,33,88]	[104]	[105,106]

6.1. Model-Based Mitigation

Model-based mitigation is similar to model-based prevention in that it relies on the mathematical model that describes the kinematics of the UAV to develop a robust controller. These controllers typically have flexible dynamic models and control laws or use observers and filters to estimate system states once an attack is detected [93].

6.1.1. TDS Attacks

One model-based mitigation algorithm suited for TDS attacks is a reference governor. A Reference Governor is an auxiliary control scheme in which model-based predictions regulate the applied reference signal, ensuring that all constraints of the system are satisfied without altering the design of the main controller [107]. In [75], a reference governor is used to mitigate TDS attacks., a reference governor uses delay estimates of a UAV’s dynamic model to update its reference signal, thus maintaining stability in the presence of a TDS attack.

6.1.2. FDI Attacks

Researchers often employ robust control techniques to mitigate FDI attacks. For example, in [93], a Lyapunov-based Sliding Mode Controller for electrical power grids is proposed that is shown to be resilient to FDI attacks. Similarly, in [94], a disturbance observer for UAVs is proposed to mitigate the effects of a FDI attack and ensure stability.

6.1.3. DoS Attacks

Robust control tecniques can also carry over to mitigate DoS attacks. For example, in [95], a Lyapunov-based event-triggered adaptive output feedback control scheme for UAVs is introduced that effectively alleviates DoS attacks. In [96], the interactions between a UAV agent and an attacker are modeled using a game-theoretic approach and optimal adaptive communication protocol strategies are achieved. Another example is [97], in which an Autoregressive Integrated Moving Average model and a disturbance observer are designed to mitigate DoS attacks in a MAS.

6.1.4. Replay Attacks

In [98], Lyapunov theory and linear matrix inequalities are used to design a state feedback control scheme for general cyber-physical systems to guarantee stability in the event of a replay attack. In [99], a distributed model predictive control scheme for a MAS is introduced to predict the agent’s states in the event of a replay attack.

6.2. Learning-Based Mitigation

Similar to how a ML algorithm can be trained to detect a cyberattack, it can also learn to mitigate its effects. In model-free, learning-based mitigation, the agent does not require knowledge of the system’s dynamic model. Instead, the agent is trained through repeated interaction with a simulated environment. To train a ML algorithm to mitigate an attack, simulations of the attack are carried out in which a reward is given for successfully mitigating some aspect of the attack and a penalty is given otherwise.

6.2.1. TDS Attacks

A ML agent can be trained to estimate delays in a NCS. For example, in [83], a LSTM neural network is used to estimate delays in a TDS attack on a power plant control system and modify data accordingly to ensure stability.

6.2.2. FDI Attacks

ML agents can also mitigate FDI attacks in NCSs. For example, in [100], a secure control scheme is formulated as a Markov Decision Process, which is solved by proposing a soft actor-critic deep RL algorithm. Stability of the proposed control scheme in the presence of a FDI attack is verified through simulation on a satellite and robot arm control system.

6.2.3. DoS Attacks

In the event of a DoS attack, communication between UAVs in a MAS can be dynamically rerouted. For example, in [101], communication delays between unattacked nodes are minimized through this dynamic communication routing scheme. In this case, the RL agent continuously observes the state of the network, is rewarded for maintaining reliable communication through routing adjustments, and is penalized for failure.

6.2.4. Replay Attacks

In [102], a RL agent optimizes UAV control actions during a replay attack through optimization learning.

6.3. Hybrid Hybrid-Based Mitigation

6.3.1. TDS Attacks

One example of a hybrid algorithm for mitigating TDS attacks is shown in [15], in which a Lyapunov-based controller and a neural network-based observer mitigate TDS attacks. The effectiveness of the controller is demonstrated on a leader-follower formation of UAVs. Another example is [103], in which a model-based adaptive control law is paired with a RL algorithm trained to update control gains under a TDS attack. Convergence and asymptotic stability are shown through simulation on a mass-spring-damper system under TDS attack.

6.3.2. FDI Attacks

Some examples of hybrid-based mitigation of FDI attacks are as follows. In [18], a Lyapunov-based control strategy is introduced for generalized NCSs that uses a model-based observer to estimate system states and a feed-forward neural network to mitigate FDI attacks. Similarly, in [33], an adaptive observer based on an extended Kalman filter and a neural network are used to estimate the states of an unmanned helicopter under a FDI attack. The proposed control strategy maintains trajectory tracking by modifying the control law to compensate for the detected FDI attack. Additionally, in [88], a model-based weighted least squares method is paired with a LSTN deep learning neural network to estimate the states of an electrical power grid corrupted by a FDI attack with a 91.74% success rate.

6.3.3. DoS Attacks

One example of hybrid-based mitigation of DoS attacks is in [104], in which a control scheme is introduced with a resilient control law achieved through RL policy iteration. The proposed strategy is shown to be effective through the simulation of a DoS attack on an inverted pendulum on a cart.

6.3.4. Replay Attacks

In [105], safe and efficient UAV navigation in the presence of a replay attack is ensured by a hybrid Hybrid-based mitigation algorithm. The proposed algorithm uses Lyapunov-based control methods, an observer to estimate system states, and a deep RL policy trained to generate an optimal tracking signal capable of minimizing the impact of the attack. In [106], a model-based UAV swarm control strategy is paired with a multi-task RL algorithm to develop resilient navigation and communication strategies under replay attack.

7. Summary of Findings

Based on the literature reviewed, a hierarchical classification of UAV cyberattack defense algorithms was developed, organizing them into the categories of prevention, detection, and mitigation. Robust prevention algorithms can defend against a broad range of attacks, but they are often computationally intensive and introduce latencies into a control system. In this paper, detection and mitigation algorithms were classified as model-based, learning-based, or hybrid between the two. Model-based algorithms are typically more computationally efficient; however, their effectiveness is limited by the difficulty in obtaining an accurate model describing the dynamics of the system. This challenging task becomes increasingly more difficult with increasing levels of system complexity. Learning-based algorithms are favorable because they can operate without knowledge of the system’s model but require large, representative datasets for training.

While the surveyed works differ in their assumptions and evaluation setups, several recurring trends can be observed. Many approaches assume accurate system models and full or partial state measurements, which may not hold under sensor degradation or adversarial interference. In addition, a large portion of the literature validates proposed methods primarily through simulation, with fewer studies considering HiL, ViL, or real-world experiments. These assumptions and evaluation choices significantly influence the reported resilience and highlight the need for future work that systematically examines NCS cybersecurity methods under more realistic conditions.

There is sufficient literature for the prevention, detection and mitigation of TDS, FDI, DoS, and replay attacks in control systems for power grids, chemical processing plants, and general applications; however, papers specifically discussing UAVs are less abundant. In the literature for the detection and mitigation of cyberattacks on UAV control systems, TDS and replay attacks are much less documented than FDI and DoS. Additionally, there are few papers addressing coordination attacks, where an adversary targets multiple UAVs within a MAS.

Various prevention, detection, and mitigation algorithms in the literature have often been tested in purely simulated environments, Hardware in the Loop (HiL), Vehicle in the Loop (ViL), or real-world experiments. Each of these methods has its advantages and disadvantages in terms of cost, feasibility, legal constraints, and legitimacy of the results. Testing a proposed algorithm’s response to an attack purely through simulation is quick, safe, and inexpensive. The drawbacks are that in a simulated environment, the full physics of the simulation may be inaccurately represented. HiL combines simulated environments with real-life hardware such as sensors, actuators, and controllers. This method remains cost-effective while obtaining a higher degree of accuracy as the complex dynamics of the hardware does not need to be modeled explicitly. ViL is when vehicle control systems such as autonomous driving are tested in real life but with some sensor data simulated. For example, the autonomous capabilities of a UAV can be tested in which its sensors are perceiving simulated pedestrians to eliminate the risk of harm to humans. Real-world testing can be expensive and may even be limited by legal constraints. For example, performing GPS spoofing or a DoS attack is illegal in the United States, even if it is for academic research [108]. The simulation type carried out for each prevention, detection, and mitigation algorithm referenced in this paper is summarized in Table 4, Table 5 and Table 6.

Table 4. Summary of Prevention Techniques.

Algorithm Type	References		Findings
	Simulation	HiL
Encryption	[52,53,54,56,57,58,59]		well-established field of study and considered robust but increases latencies, computational load, and energy requirements
Blockchain	[63,64]		has great potential for FANETs, considered extremely robust, increases latencies, computational load, and energy requirements
Authentication	[66]		prevents replay attacks and some forms of FDI, may not prevent DoS and TDS attacks
Channel Hopping	[68,69]		makes DoS and TDS attack more difficult, may not prevent FDI or replay attacks
ACA	[70,71]		makes DoS and TDS attack more difficult, may not prevent FDI or replay attacks
Redundancy	[73,74]		strong prevention if backup channels are secure. Redundant sensors may increase weight and cost of a UAV

Table 5. Summary of Detection Techniques.

Algorithm Type	References		Findings
	Simulation	HiL
Model-based	[15]		observer-based TDS attack detection in NCSs
		[75]	reference governor detects TDS attacks in UAVs
	[39]		estimated states of a power grid are used to detect TDS attacks
	[76]		adaptive observer used to detect TDS attacks in NCSs
	[77]		UIO detects FDI attacks in UAVs
	[78]		Kalman filter detects FDI attacks in UAVs
	[79]		sliding-mode observer detects FDI attacks in power grids
	[80]		adaptive observer detects DoS attacks in autonomous vehicles
	[81]		Kalman filter detects DoS attacks in NCSs
	[82]		Kalman filter detects replay attacks in UAVs
Learning-based	[83]		LSTM NN detects TDS attacks in power plants
	[84]		random forest ML detects GPS spoofing and DoS in UAVs
	[85]		deep learning detects DoS attacks in UAVs
Hybrid-based	[86]		Kalman filter and CNN detect FDI attacks in power grids
	[88]		state estimation and LSTM detect FDI attacks in power grids
	[87]		state estimation and RL detect FDI attacks in NCSs

Table 6. Summary of Mitigation Techniques.

Algorithm Type	References		Findings
	Simulation	HiL
Model-based		[75]	reference governor updates reference signal of UAV under TDS attack
	[93]		sliding-mode controller mitigates FDI attacks in power grids
	[94]		disturbance observer mitigates FDI attacks in UAVs
	[95]		event-triggered controller mitigates DoS attacks in UAVs
	[96]		game-theoretic protocol mitigates DoS attacks in UAVs
	[97]		disturbance observer mitigates DoS attacks in UAVs
	[98]		Lyapunov-based controller mitigates replay attacks in NCSs
	[99]		distributed MPC mitigates replay attacks in MAS
Learning-based	[83]		LSTM NN mitigates TDS attacks in power plants
	[100]		RL agent mitigates FDI attacks in satellite and robot arm
	[101]		RL agent mitigates DoS attacks in UAVs
	[102]		RL agent mitigates replay attacks in UAVs
Hybrid-based	[15]		Lyapunov-based controller and NN-based observer mitigate TDS attacks in UAV formations
	[18]	[18]	Lyapunov-based controller and NN mitigate FDI attacks in NCSs
	[33]		Kalman filter and NN mitigate FDI attacks in UAVs
	[88]		weighted least squares and LSTM estimate states under FDI attack
	[103]		adaptive control law and RL mitigate TDS attacks
	[104]		RL agent updates control law under DoS attack
	[105]		Lyapunov controller, observer, and RL mitigate replay attacks in UAVs
	[106]		model-based swarm control and RL mitigate replay attacks

8. Conclusions

This literature review has provided an overview of the existing research on cyberattacks in UAVs. Cyberattacks discussed in this paper included time-delay switch, false data injection, denial of service, and replay attacks. Defense strategies against these threats were organized into a hierarchy consisting of prevention, detection, and mitigation. Within the detection and mitigation categories, algorithms were further classified based on whether they were model-based, learning-based, or hybrid approaches that combined both. Significant challenges with these defense methods include constraints on computational resources and wireless communication latencies. In the existing literature, most of the novel defense algorithms introduced are tested in purely simulated environments, as opposed to HiL, ViL, and real-world simulation. Although simulated environments are cost-effective and simple to produce, researchers would benefit from the higher degree of accuracy achieved by testing in HiL, ViL, and real-world environments. Future work should focus on developing robust, adaptive, and comprehensive defense strategies and building realistic simulation environments for testing and validation.