A Cooperative Network Management Architecture for Manned–Unmanned Aircraft Teaming Using Network Drones

Abstract

Conventional direct communication in Manned–Unmanned Teaming (MUM-T) suffers from fundamental scalability and security limitations. As the number of Unmanned Aerial Vehicles (UAVs) increases, the communication burden on the manned aircraft (MA) grows significantly, while security threats originating from UAVs may directly propagate to the MA. To address these challenges, this paper proposes a hierarchical communication architecture that introduces dedicated Network Drones (NDs) as intermediate communication mediators and trust boundaries between the MA and multiple UAV swarms. In the proposed design, the MA interacts exclusively with NDs, while UAV swarms communicate through ND-mediated links, effectively bounding the number of MA-facing connections and enabling scalable communication. Building on this structured communication model, a message-level Zero-Trust framework is enforced at the MA–ND interface. Each message is evaluated using a multi-dimensional risk model that incorporates authentication consistency, behavioral consistency, content validity, and contextual information, enabling early detection and containment of compromised UAV behavior. Furthermore, the architecture incorporates backup planning mechanisms, including dynamic reassociation and hot-standby operation, to ensure robust communication under ND failure conditions. Experimental results demonstrate that the proposed approach reduces MA-facing communication overhead, stabilizes end-to-end latency, and improves detection performance in terms of false positives and false negatives, while maintaining system robustness under failure scenarios.

1. Introduction

Recent advances in Unmanned Aerial Vehicle (UAV) technologies have enabled the deployment of cooperative UAV swarms for a wide range of missions, including reconnaissance, surveillance, and distributed sensing. Compared with a single platform, UAV swarms provide improved spatial coverage, redundancy, and mission resilience [1,2]. However, as mission scale and complexity increase, efficient coordination and reliable communication become critical challenges, particularly in Manned–Unmanned Teaming (MUM-T) operations where a Manned Aircraft (MA) supervises multiple UAV swarms in dynamic and contested environments [3,4].

Traditional MUM-T architectures rely on direct communication between the MA and individual UAVs [5]. While feasible for small-scale deployments, this approach does not scale well as the number of UAVs increases. As illustrated in Figure 1, modern tactical scenarios involve multiple heterogeneous UAV swarms operating concurrently. In such environments, the MA must maintain long-range communication with a large number of UAVs, resulting in excessive communication overhead, increased latency, and unstable traffic behavior [6,7]. This scalability limitation degrades control performance and situational awareness, especially when UAVs operate across distributed mission areas [8]. Furthermore, maintaining continuous long-range communication links increases operational risk, as the MA must remain exposed while communicating with all UAVs [9].

In addition to scalability challenges, security is a major concern in MUM-T systems [10]. UAVs often operate in untrusted or hostile environments, making them vulnerable to cyber attacks or physical compromise [11]. Under direct communication architectures, compromised UAVs can directly transmit malicious or abnormal data to the MA, potentially affecting mission-critical decision-making [12]. Therefore, there is a need for a communication architecture that not only scales efficiently but also provides a controlled boundary for secure interaction between the MA and UAV swarms.

To address these challenges, this paper proposes a hierarchical communication architecture in which dedicated NDs act as intermediate communication mediators and trust boundaries between the MA and UAV swarms. In the proposed architecture, UAVs are organized into swarms, and each swarm communicates with the MA through an associated ND. The MA interacts only with NDs, thereby reducing the number of direct communication links and bounding the communication burden at the MA.

A key design feature is the separation of communication domains. The ND–UAV interface supports efficient swarm-level communication, while the MA–ND interface serves as a security-critical boundary. By structuring communication through a bounded number of ND-mediated links, the proposed architecture stabilizes MA-facing traffic and enables predictable system behavior under increasing scale.

Building on this communication structure, a message-level Zero-Trust model is applied at the MA–ND interface. Instead of trusting ND-forwarded messages, the MA evaluates each message using a multi-dimensional risk model that incorporates authentication consistency, behavioral consistency, content validity, and contextual information. This approach enables early detection and containment of anomalous UAV behavior before it propagates to the MA.

To further enhance system robustness, the architecture incorporates backup planning mechanisms. UAVs maintain candidate ND sets for dynamic reassociation, and backup NDs can provide hot-standby operation to minimize service disruption. In scenarios where ND availability is limited, the system supports degraded operation with constrained communication policies, ensuring continued operation under failure conditions.

The main contributions of this paper are summarized as follows:

• Hierarchical ND-mediated Communication Architecture: We propose a scalable communication structure in which NDs act as intermediate communication mediators, reducing MA-facing communication complexity and enabling efficient management of multiple UAV swarms.
• Interface-separated Communication Model: We design a communication model that separates performance-oriented ND–UAV interaction from security-critical MA–ND interaction, enabling stable and bounded communication behavior at the MA interface.
• Message-level Zero-Trust Framework: We develop a risk-based Zero-Trust model applied at the MA–ND interface, enabling reliable anomaly detection with low false positive and false negative rates.
• Resilient Operation under ND Failure: We incorporate backup planning mechanisms, including reassociation and hot-standby operation, to maintain communication continuity and system robustness under ND failure scenarios.

The remainder of this paper is organized as follows. Section 2 reviews related work. Section 3 presents the proposed system design. Section 4 evaluates performance in terms of latency, detection accuracy, and robustness. Section 5 concludes the paper.

2. Related Work

2.1. Evolution of Communication Architectures in UAV Swarm Networks

Efficient communication remains a fundamental challenge in UAV swarm operations, particularly as mission scale and system complexity increase [13]. Early research primarily relied on centralized architectures in which a Ground Control Station (GCS) or a primary aerial platform maintained direct communication links with all UAVs [14]. While these approaches simplify global coordination and command consistency, they suffer from scalability limitations due to the communication bottleneck at the central node [15]. As the number of UAVs increases, these architectures experience increased latency, reduced reliability, and heightened vulnerability to single points of failure.

To address these limitations, decentralized and Mobile Ad-hoc Network (MANET)-based approaches have been widely studied, enabling peer-to-peer communication among UAVs without fixed infrastructure [16]. These distributed architectures improve robustness and allow self-healing in the presence of node failures [17]. However, fully decentralized systems often suffer from excessive contention, redundant transmissions, and increased coordination overhead in shared wireless environments [18]. In addition, the lack of a clear communication hierarchy can lead to unstable system behavior, particularly in large-scale swarm deployments [19,20].

Hierarchical communication architectures have emerged as a promising approach to balance centralized control and decentralized flexibility [21]. In such architectures, selected UAVs act as cluster heads to relay information between local groups and higher-level controllers [22]. Prior work has shown that hierarchical structures can reduce communication overhead and improve bandwidth efficiency [23]. However, existing approaches typically assign dual roles to cluster-head UAVs, requiring them to simultaneously perform mission tasks and communication management. This coupling introduces additional processing overhead and limits adaptability in dynamic operational environments [23].

Moreover, most existing studies primarily focus on communication efficiency, with limited consideration of how communication structure affects higher-layer system properties such as control stability and security enforcement.

In contrast, our work introduces dedicated Network Drones (NDs) that act as intermediate communication mediators between UAV swarms and the MA. Unlike conventional cluster-head approaches, NDs are decoupled from mission execution and focus solely on communication management. This design enables a clear separation between swarm-level interaction and MA-facing communication, allowing the system to structure communication through a bounded number of ND-mediated links. As a result, the proposed architecture improves scalability while providing a stable and controlled interface for higher-layer system functions.

2.2. Security and Resilience in MUM-T Systems

Security has become a critical concern in MUM-T operations due to the exposure of UAVs to adversarial environments [24]. Traditional security approaches often rely on perimeter-based defenses, where entities are trusted after initial authentication [25]. However, this “verify-once, trust-always” model is inadequate in dynamic and adversarial environments, where UAVs may be compromised through cyber attacks, signal manipulation, or physical capture [26,27].

To enhance security, prior research has explored intrusion detection systems (IDS) tailored for UAV networks, leveraging machine learning or statistical anomaly detection techniques [28]. While these methods can identify abnormal behavior, they often suffer from high false positive rates in dynamic environments due to the inherent variability of UAV communication patterns [29]. In addition, the computational overhead of continuous monitoring can impose significant constraints on resource-limited platforms [30]. Furthermore, many IDS-based approaches focus primarily on detection, with limited mechanisms for immediate containment, allowing potential threats to propagate toward the command-and-control (C&C) infrastructure before mitigation [31].

Other studies have investigated resilient communication mechanisms to maintain connectivity under failures or degraded conditions [32]. Techniques such as multi-path routing and adaptive frequency control improve communication reliability in contested environments [33]. However, these approaches generally assume cooperative behavior among nodes and do not explicitly address the risk of lateral threat propagation from compromised UAVs to the MA [34,35].

In contrast, this paper integrates a Zero-Trust security model directly into the communication architecture. The proposed design applies message-level Zero-Trust verification at the MA–ND interface, where communication is structurally bounded and security impact is critical. Each message is evaluated based on a multi-dimensional risk model, enabling early detection and containment of anomalous behavior before it reaches the MA.

In addition, the proposed architecture incorporates resilience mechanisms through backup planning, including dynamic reassociation and hot-standby operation. These mechanisms ensure continued communication under ND failure conditions and provide robustness beyond traditional communication-centric approaches.

Overall, existing work addresses communication efficiency, security, and resilience largely in isolation. In contrast, the proposed architecture jointly addresses these challenges through ND-mediated communication, interface separation, message-level Zero-Trust enforcement, and failure-aware operation.

3. System Design

This section presents the design of the proposed hierarchical communication architecture for MUM-T environments. The design aims to improve scalability and security by introducing NDs as intermediate communication entities between the MA and UAV swarms. First, we provide an overview of the system architecture and its key components. Then, we describe the hierarchical communication structure that reduces the MA-facing communication burden and separates communication domains. Next, we present the communication model that differentiates interaction patterns based on interface roles and operational contexts. The Zero-Trust model applied at the MA–ND interface and the backup planning mechanism for robustness are described in the subsequent sections. These design elements collectively establish the foundation for the performance and security evaluations presented in Section 4.

3.1. System Overview

This paper considers a MUM-T scenario in which an MA interacts with multiple UAV swarms. In conventional direct communication architectures, the MA establishes independent communication links with individual UAVs. As the number of UAVs increases, this approach leads to scalability limitations due to increased communication overhead and monitoring complexity. In addition, direct exposure to UAV-originated traffic increases the attack surface of the MA.

To address these challenges, we propose a hierarchical communication architecture based on NDs. In the proposed system, UAVs are grouped into swarms, and each swarm communicates with the MA through an associated ND. The MA does not directly communicate with individual UAVs; instead, it interacts only with NDs, which act as intermediate communication managers.

Figure 2 illustrates the overall architecture. The system consists of three layers: the MA layer, the ND layer, and the UAV layer. The MA layer is responsible for mission-level command and policy enforcement, and includes a Zero-Trust verifier that evaluates incoming messages. The ND layer acts as an intermediate communication layer that connects UAV swarms to the MA. The UAV layer consists of distributed platforms that generate telemetry data, status information, and mission reports.

Communication is organized into uplink and downlink directions. Uplink traffic, including telemetry and mission reports, is transmitted from UAVs to the MA through NDs. Downlink traffic, including commands and policies, is delivered from the MA to UAV swarms via NDs. This hierarchical structure reduces the number of direct interactions between the MA and UAVs and limits the exposure of the MA to unverified UAV traffic.

A key feature of the proposed architecture is the separation of communication domains. The ND–UAV interface supports efficient swarm-level communication, while the MA–ND interface is treated as a security-critical boundary. At this boundary, stricter verification policies are applied before messages can influence the MA.

Within the ND layer, three functional roles are conceptually defined. First, the transmission control function regulates communication flow between the ND and connected entities, supporting stable operation under varying network conditions. Second, the Zero-Trust gateway function extracts relevant evidence from incoming messages and enables risk-based decision-making at the system boundary. Third, the backup planning function maintains reassociation and standby strategies to support system robustness.

3.2. Hierarchical Communication Architecture

The proposed system adopts a three-layer hierarchical structure consisting of the MA layer, the ND layer, and the UAV layer. Each layer performs a distinct role in communication and system operation.

In conventional direct communication architectures, the MA maintains direct links with all UAVs, which can be expressed as

$${\mathcal{L}}_{direct}=\{(u_i,MA)\mid u_i\in \mathcal{U}\},$$

where the number of MA-facing links is $|{\mathcal{L}}_{direct}|=N$.

In contrast, the proposed architecture introduces NDs as intermediate communication nodes, and the MA communicates only with the ND set:

$${\mathcal{L}}_{ND}=\{(d_j,MA)\mid d_j\in \mathcal{D}\},$$

where the number of MA-facing links is $|{\mathcal{L}}_{ND}|=M$. Since typically $M\ll N$, the communication burden at the MA is significantly reduced and becomes independent of the number of UAVs.

The ND layer enables structured communication by mediating interactions between the MA and UAV swarms. Rather than applying a uniform communication strategy across all links, the system separates communication roles based on interface characteristics. The MA–ND interface is treated as a controlled boundary where stricter policies are enforced, while the ND–UAV interface supports flexible and performance-oriented communication within each swarm.

Through this separation, the ND serves as a logical boundary that organizes communication flows without requiring the MA to directly manage individual UAV connections. This design limits the exposure of the MA to UAV-originated traffic while maintaining efficient swarm-level communication.

3.3. ND-Mediated Communication Model

Building on the link-level structure defined in the hierarchical architecture, this subsection models the communication cost of direct and ND-mediated communication.

In the proposed architecture, communication is organized through ND-mediated interactions between the MA and UAV swarms. Instead of using a single uniform communication mechanism, the system differentiates communication behavior according to the role of each interface and the operational context.

At the ND–UAV interface, communication is designed to support efficient swarm-level operation. UAVs transmit telemetry data, status information, and mission reports to their associated ND using lightweight and flexible communication schemes. At the MA–ND interface, communication is treated as a controlled and security-critical process. Since this interface directly affects the MA, stricter communication handling and verification policies are applied before messages are accepted.

Let $\mathcal{U}=\{u_1,u_2,\dots ,u_N\}$ denote the set of UAVs and $\mathcal{D}=\{d_1,d_2,\dots ,d_M\}$ denote the set of NDs. In the direct communication model, the total communication cost can be expressed as

$$C_{direct}={\displaystyle \sum _{i=1}^N}c(u_i,MA),$$

where $c(u_i,MA)$ represents the communication cost between UAV $u_i$ and the MA. Here, $c\left(·\right)$ denotes a link-level communication cost, which can represent latency, transmission distance, or bandwidth consumption depending on the evaluation objective.

In the proposed ND-mediated model, the total communication cost is given by

$$C_{ND}={\displaystyle \sum _{j=1}^M}c(d_j,MA)+{\displaystyle \sum _{i=1}^N}c(u_i,d\left(u_i\right)),$$

where $d\left(u_i\right)$ denotes the ND associated with UAV $u_i$. The MA-facing communication cost is therefore

$$C_{ND}^{MA}={\displaystyle \sum _{j=1}^M}c(d_j,MA).$$

Since $M\ll N$, the MA-facing communication burden is bounded by the number of NDs rather than the number of UAVs, enabling scalable operation.

The ND plays a key role in enabling this differentiation by acting as an intermediate communication mediator. Rather than simply increasing the number of relay nodes, the ND separates performance-oriented swarm communication from security-critical MA interaction. This structure allows the system to adapt communication behavior according to mission requirements, network conditions, and security considerations.

Through this approach, the proposed communication model provides flexibility in handling heterogeneous communication requirements while maintaining a clear separation between the ND–UAV and MA–ND interfaces. This design supports efficient swarm operation while enabling controlled interaction with the MA, forming the basis for the Zero-Trust model described in the following section.

While the proposed architecture structurally bounds MA-facing communication by the number of NDs, it does not eliminate fundamental network constraints such as link capacity, bandwidth limitations, and queueing effects. In particular, burst traffic or uneven load distribution across NDs may lead to congestion at the MA–ND interface. Therefore, practical deployment of the proposed architecture may require additional mechanisms such as scheduling, rate control, or QoS-aware resource allocation to ensure reliable operation under dynamic conditions.

3.4. Message-Level Zero-Trust Model

In the proposed architecture, a message-level Zero-Trust model is applied at the MA–ND interface to prevent unverified or potentially malicious messages from influencing the MA. The MA does not implicitly trust messages forwarded by NDs. Instead, each incoming message is evaluated individually based on its authentication state, behavioral consistency, message validity, and operational context.

Let m denote a message received at the MA from an ND. The risk score of m is defined as a weighted sum of feature functions:

$$R\left(m\right)={\displaystyle \sum _{k=1}^K}{w}_k{f}_k\left(m\right),$$

where $f_k\left(m\right)$ is the k-th feature function and $w_k$ is the corresponding weight. Each feature function is normalized to the range $[0,1]$, where a higher value indicates a higher risk. The weights satisfy

$${\displaystyle \sum _{k=1}^K}{w}_k=1.$$

In this work, the feature set is defined as follows:

• Authentication Consistency ($f_1$): evaluates whether the message is consistent with the expected authentication state of the sender.
• Behavioral Consistency ($f_2$): measures deviation from normal communication behavior, such as abnormal message frequency or timing.
• Content Validity ($f_3$): checks whether the message format and content are consistent with expected mission semantics.
• Contextual Consistency ($f_4$): evaluates whether the message is consistent with the current mission context and system state.

Each feature function is implemented as a normalized score derived from observable traffic attributes. For example, authentication consistency is computed based on the validity and continuity of authentication tokens, while behavioral consistency reflects deviations from baseline communication patterns such as message frequency and timing. Content validity evaluates structural correctness and semantic plausibility of messages, and contextual consistency measures alignment with the current mission state.

The weights are selected based on the relative importance of each feature in distinguishing anomalous behavior. In this work, weights are empirically assigned based on preliminary analysis of normal and anomalous traffic patterns, and can be further optimized depending on mission requirements.

The decision threshold $\theta$ is determined through empirical tuning to balance false positive and false negative rates. Specifically, $\theta$ is selected based on the operating point that minimizes detection error on baseline normal and anomalous traffic traces, as evaluated in the experimental analysis.

The message decision is determined as follows:

$$\mathrm{Decision}\left(m\right)=\left\{\begin{array}{cc}\mathrm{Accept},\hfill & \mathrm{if}R\left(m\right)<\theta ,\hfill \\ \mathrm{Reject},\hfill & \mathrm{if}R\left(m\right)\ge \theta .\hfill \end{array}\right.$$

The threshold $\theta$ further controls the trade-off between false positives and false negatives. A lower threshold increases detection sensitivity but may reject benign messages, while a higher threshold reduces false positives but may allow anomalous messages to pass. Therefore, the threshold can be selected by minimizing the weighted detection cost:

$${\theta }^{*}=arg\underset{\theta }{min}\left(\alpha ·FP\left(\theta \right)+\beta ·FN\left(\theta \right)\right),$$

where $FP\left(\theta \right)$ and $FN\left(\theta \right)$ denote the false-positive and false-negative rates under threshold $\theta$, respectively.

This formulation enables reproducible and interpretable risk-based decision-making within the Zero-Trust framework.

By applying this message-level Zero-Trust model at the MA–ND interface, the system enforces strict verification before messages can influence MA-side decision-making. This mechanism directly supports the FP/FN evaluation presented in Section 4.

3.5. Robustness and Failure Handling

While the introduction of NDs improves communication efficiency and enables localized security enforcement, it also introduces a potential single point of failure at the swarm level. In the current architecture, each UAV swarm is associated with a primary ND, and failure of this ND may disrupt connectivity between the swarm and the MA if no mitigation mechanism is in place. To address this limitation, the proposed architecture incorporates multiple complementary failure-handling strategies, including dynamic reassociation, hot-standby redundancy, and fallback communication modes.

First, the system supports dynamic reassociation to alternative NDs. Let $\mathcal{N}$ denote the set of available NDs. Each UAV maintains a candidate set ${\mathcal{N}}_u\subseteq \mathcal{N}$ based on link quality, availability, and communication conditions. Upon detecting a failure of its associated ND, a UAV autonomously re-establishes connectivity by selecting an alternative ND from ${\mathcal{N}}_u$. This distributed reassociation mechanism enables recovery without requiring centralized coordination from the MA, thereby improving scalability and responsiveness in dynamic environments.

Second, the architecture supports a hot-standby redundancy mechanism for rapid failure recovery. In this approach, backup NDs operate in parallel with primary NDs and continuously monitor their operational status. Upon failure detection, a standby ND immediately takes over communication responsibilities without requiring full reassociation procedures from UAVs. To enable this fast takeover, standby NDs maintain partial synchronization of communication state and control context with the primary ND. This significantly reduces recovery time compared with reassociation-based approaches, at the cost of additional monitoring and synchronization overhead.

Finally, in scenarios where ND availability is severely limited or multiple failures occur, UAVs can temporarily switch to a fallback communication mode. In this mode, UAVs directly communicate with the MA under constrained reporting policies, such as reduced transmission frequency or prioritized message filtering, in order to prevent excessive communication load at the MA. These mechanisms collectively provide a multi-layered resilience framework that balances recovery speed, communication overhead, and system complexity. By supporting both reactive (reassociation) and proactive (hot-standby) strategies, the proposed architecture ensures robust and continuous operation even under adverse conditions, while preserving the scalability and security benefits of ND-mediated communication.

To summarize the proposed communication, Zero-Trust verification, and backup planning mechanisms, the overall system operation is described in Algorithm 1.

Algorithm 1 Integrated ND-mediated Communication, Zero-Trust Verification, and Multi-layer Failure Handling

Require:  UAV set $\mathcal{U}$, ND set $\mathcal{D}$, threshold $\theta$, quality threshold $\tau$ Ensure:  Message decision and communication continuity 1: Initialize primary ND $d\left(u_i\right)$ and standby ND $d_s\left(u_i\right)$ for each UAV 2: while system is operational do 3:       for each $u_i\in \mathcal{U}$ do 4:             Generate message $m_i$ 5:             Transmit $m_i$ to primary ND $d\left(u_i\right)$ according to communication policy 6:       end for 7:       for each $d_j\in \mathcal{D}$ do 8:             Forward received messages to the MA 9:             Monitor ND health status 10:     end for 11:     for each message m received at the MA do 12:           Compute risk score $R\left(m\right)$ 13:           if $R\left(m\right)<\theta$ then 14:                Accept m 15:           else 16:                Reject m 17:           end if 18:     end for 19:     if failure of primary ND $d\left(u_i\right)$ is detected then 20:           if standby ND $d_s\left(u_i\right)$ is available then 21:                Activate hot-standby takeover 22:                Assign $d\left(u_i\right)\leftarrow d_s\left(u_i\right)$ 23:           else 24:                Select $d^{*}=arg{max}_{d\in \mathcal{D}}Q(u_i,d)$ 25:                if $Q(u_i,d^{*})\ge \tau$ then 26:                    Reassociate $u_i$ to $d^{*}$ 27:                else 28:                    Enter fallback mode (direct MA communication with rate limiting) 29:                end if 30:           end if 31:     end if 32: end while

4. Evaluation

This section evaluates the effectiveness of the proposed ND-assisted MUM-T architecture through a series of controlled experiments. The evaluation focuses on three key aspects derived from the system design: (i) communication performance in terms of bounded and stable end-to-end latency, (ii) security effectiveness enabled by ND-mediated Zero-Trust enforcement, and (iii) system robustness under ND failure scenarios.

We first describe the implementation details and experimental environment. We then analyze end-to-end latency under different communication architectures, followed by an evaluation of detection accuracy using false positive (FP) and false negative (FN) metrics. Finally, we assess system robustness by examining the impact of ND failures and recovery mechanisms.

4.1. Implementation and Experimental Setup

All experiments are conducted in a controlled emulation environment to ensure reproducibility and fair comparison across different communication architectures. The proposed system is implemented using application-level processes that emulate the behavior of the MA, NDs, and UAVs. Each entity exchanges control messages and telemetry reports at the application layer, enabling precise measurement of latency, traffic characteristics, and security decision behavior.

The experimental topology consists of a single MA, up to four NDs (m), and up to ten UAVs (n) organized into multiple swarms. Figure 3 illustrates the corresponding network topology. The MA maintains long-range communication links only with the NDs, and each ND serves as an intermediate communication mediator and a Zero-Trust enforcement point at the MA–ND interface.

The experiments are conducted using Mininet-WiFi, which emulates realistic packet-level behavior using Linux network stacks [36]. Separate wireless links are configured for MA–UAV, MA–ND, and ND–UAV communication segments.

To reflect realistic operational conditions, direct MA–UAV links are configured with higher delay and packet loss to represent long-range communication, while MA–ND and ND–UAV links exhibit lower delay and error rates due to shorter distances.

All nodes generate periodic control traffic. UAVs transmit telemetry either directly to the MA (flat architecture) or through assigned NDs (hierarchical architecture). In the proposed system, communication is structured through ND mediation, and all MA-facing interactions are processed according to the unified procedure described in Algorithm 1. We evaluate four communication configurations: (i) Direct MA–UAV communication, (ii) relay-based communication, (iii) ND-mediated communication without Zero-Trust, and (iv) ND-mediated communication with Zero-Trust.

These configurations allow us to isolate the impact of hierarchical communication and security enforcement.

The evaluation considers three key dimensions:

(1) End-to-End Latency: Measured from UAV message generation to MA reception, including transmission and processing delays.

(2) Detection Accuracy (FP/FN): Measured under injected anomalous traffic patterns.

(3) ND Failure and Recovery: Measured in terms of connectivity, recovery time, and latency under failure conditions.

All results are averaged over multiple runs.

4.2. End-to-End Latency Evaluation

This subsection evaluates the end-to-end (E2E) latency characteristics of the proposed architecture under different communication configurations, with a focus on scalability and structural efficiency. In particular, we analyze how latency evolves as the number of UAVs increases and how the introduction of NDs affects both communication delay and stability.

To model realistic communication conditions, we define latency components based on link characteristics observed in MUM-T environments, as summarized in

Table 1. Latency configuration parameters.

Parameter	Average (ms)	Variation (ms)
MA–UAV Direct Communication	21.8	±2.5
MA–ND Relay Communication	14.6	±1.8
ND–UAV Direct Communication	6.4	±0.9
ND–UAV Local Communication	3.6	±0.6
Zero-Trust Processing Overhead	2.4	±0.4

. The parameters capture the distinction between long-range MA–UAV communication, medium-range MA–ND links, and short-range ND–UAV interactions, as well as the additional processing delay introduced by Zero-Trust enforcement.

Figure 4 presents the latency breakdown for telemetry and command delivery. In the Direct-MA configuration, E2E latency increases rapidly as the number of UAVs grows, primarily due to long-range link congestion and the accumulation of independent communication flows at the MA. While relay-based communication partially alleviates this effect by shortening transmission distance, it still suffers from increasing coordination overhead as the system scales.

In contrast, the ND-mediated architecture exhibits significantly improved stability. By restricting MA-facing communication to a bounded number of ND links, the proposed design effectively decouples latency growth from the number of UAVs. As a result, both telemetry and command latency remain relatively stable even under large-scale swarm conditions.

The impact of Zero-Trust enforcement is also evaluated. Although additional verification steps introduce processing overhead, the increase remains marginal compared with the total E2E latency. This indicates that the proposed message-level Zero-Trust mechanism achieves enhanced security without significantly compromising system responsiveness.

Figure 5 further illustrates the total control cycle time. The Direct-MA architecture shows a steep increase as UAV count grows, whereas the ND-assisted approach maintains a much slower growth rate. This confirms that the proposed architecture not only reduces latency but also provides predictable and scalable performance.

Overall, these results demonstrate that the ND-assisted communication structure effectively bounds latency growth and ensures stable operation in large-scale MUM-T scenarios.

4.3. Detection Accuracy Evaluation

This subsection analyzes the detection performance of the proposed message-level Zero-Trust mechanism using false positive (FP) and false negative (FN) metrics. The goal is to assess both the sensitivity to anomalous behavior and the robustness against false alarms under varying system conditions.

To simulate realistic threat scenarios, we inject anomalous traffic patterns including abnormal packet generation rates, irregular timing sequences, and inconsistent behavioral signatures. These anomalies represent common attack vectors such as data exfiltration, command-and-control signaling, and compromised UAV behavior.

Figure 6 shows the variation of false negative rate (FNR) and false positive rate (FPR) across different decision thresholds. The proposed approach consistently achieves lower FNR compared with baseline methods, indicating a strong ability to detect malicious activity. At the same time, it maintains significantly reduced FPR, demonstrating effective filtering of benign traffic.

Figure 7 evaluates scalability by analyzing detection performance as the number of UAVs increases. Baseline approaches exhibit noticeable degradation, with both FNR and FPR increasing due to the growing complexity and variability of traffic patterns.

In contrast, the proposed method maintains stable detection performance across different scales. This robustness is achieved through two key factors: (i) structured communication enforced by ND mediation, which stabilizes traffic characteristics at the MA interface, and (ii) the multi-dimensional risk evaluation model that captures both temporal and behavioral features.

These results confirm that the proposed Zero-Trust framework not only improves detection accuracy but also ensures consistent performance under large-scale system conditions, directly supporting the design principles introduced in Section 3.4.

4.4. ND Failure Recovery Analysis

This subsection evaluates the robustness of the proposed architecture under ND failure scenarios, focusing on system resilience and recovery capability. Since each UAV swarm relies on an associated ND for communication and security enforcement, ND failure can significantly impact system performance if not properly mitigated.

We consider three representative strategies: (i) single ND without redundancy, (ii) dynamic reassociation to an alternative ND, and (iii) hot-standby backup with immediate takeover capability.

Table 2. Performance Comparison under ND Failure Scenarios.

Scenario	#UAVs	#NDs	Backup	Recovery Time	Connectivity	PDR	Latency	Overhead
Single ND	10	1	No	–	0.20	0.35	–	5.0
Reassociation	10	2	No	1.55	0.86	0.88	46.0	45.0
Hot-standby	10	2	Yes	0.55	0.95	0.94	39.5	60.0

summarizes the performance comparison in terms of connectivity, packet delivery ratio (PDR), recovery time, latency, and control overhead.

The results show that without redundancy, ND failure leads to severe degradation in connectivity and PDR, effectively disrupting system operation. Dynamic reassociation significantly improves connectivity by enabling UAVs to reconnect to alternative NDs; however, this approach introduces recovery delay and increased control overhead.

The hot-standby strategy provides the most robust performance, achieving near-continuous connectivity and the fastest recovery time. This improvement comes at the cost of higher resource overhead due to the maintenance of backup nodes and monitoring mechanisms.

These results highlight that the proposed architecture supports flexible resilience strategies, allowing system designers to balance performance, recovery speed, and resource utilization depending on mission requirements.

The results confirm that the ND-assisted architecture demonstrates strong robustness against node failures, ensuring reliable operation even under adverse conditions.

5. Conclusions

This paper addressed the fundamental scalability and security challenges in MUM-T communication architectures, where direct interaction between the MA and a large number of UAVs leads to excessive communication overhead, unstable system behavior, and increased vulnerability to security threats.

To overcome these limitations, we proposed a hierarchical communication architecture based on NDs, which act as intermediate communication mediators and trust boundaries between the MA and UAV swarms. By structuring communication through ND-mediated interactions, the proposed design reduces MA-facing communication complexity and enables scalable operation independent of the number of UAVs.

Building on this architecture, we introduced a message-level Zero-Trust model at the MA–ND interface. By evaluating each message using a multi-dimensional risk model, the system enables reliable detection and containment of anomalous UAV behavior before it can impact the MA. In addition, we incorporated backup planning mechanisms, including dynamic reassociation and hot-standby operation, to ensure robust communication under ND failure conditions.

Experimental results demonstrate that the proposed architecture significantly improves communication scalability by bounding MA-facing interactions, stabilizes end-to-end latency under increasing system scale, and enhances detection performance in terms of false positives and false negatives. Furthermore, the system maintains high communication reliability under ND failure scenarios, confirming the effectiveness of the proposed resilience mechanisms.

Overall, this work provides a unified framework that jointly addresses communication scalability, security enforcement, and system robustness in MUM-T environments. As future work, we plan to extend the proposed architecture to more dynamic and heterogeneous operational scenarios, including adaptive ND deployment strategies and integration with learning-based risk modeling techniques for enhanced situational awareness.