Next Article in Journal
Energy Consumption Optimization for NOMA-Based RIS-Assisted UAV-Enabled MEC Systems
Previous Article in Journal
Real-Time Autonomous UAV Navigation with SLAM-Based Mapping and Direction-Oriented Exploration in Forest-like GNSS-Denied Scenarios
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Artificial Intelligence Methods for Unmanned Aerial Vehicles Cybersecurity: A Comprehensive Survey

Department of Computer Science and Information Technology, University of the District of Columbia, Washington, DC 20008, USA
*
Author to whom correspondence should be addressed.
Drones 2026, 10(6), 400; https://doi.org/10.3390/drones10060400
Submission received: 13 April 2026 / Revised: 19 May 2026 / Accepted: 19 May 2026 / Published: 22 May 2026
(This article belongs to the Section Artificial Intelligence in Drones (AID))

Highlights

What are the main findings?
  • Our multi-dimensional taxonomy revealed that there is a clear imbalance in the coverage of security properties by AI-based research for UAV security. Notably, a large emphasis was placed on authenticity, integrity, and availability, while privacy, robustness, and confidentiality remain largely unexplored.
  • Our survey indicates that AI method coverage is also uneven: emerging properties such as privacy and robustness are mostly addressed by advanced models based on deep learning, graph-based neural networks, and generative AI.
What are the implications of the main finding?
  • This observed imbalance of AI methods suggests that UAV security may face significant security and safety challenges in real-world deployment due to the stealthiness of attacks on robustness and privacy.
  • Next-generation UAV security frameworks need to integrate cross-layer defenses while preserving privacy and being robustness-aware and transition to emerging topics such as federated multi-task learning, standardized benchmarks, and resilient and trustworthy AI solutions.

Abstract

Unmanned aerial vehicles (UAVs) have been widely used in recent years in various applications thanks to advances in communication, Internet of Things, and electronics. Despite the advantages they offer, there have been reports of cybersecurity attacks, which represent serious threats to their operations. Classic cryptographic-based solutions and traditional intrusion detection approaches generally struggle to deal with these attacks due to their adaptive and evolving nature. In this context, artificial intelligence (AI) models emerged as potential solutions that hold great promise in addressing these types of attacks. However, most related surveys presented a fragmented picture of the state of the art, failing to cover all sub-types of AI models, and often did not follow structured taxonomies for describing the literature. In this paper, we bridge this gap by proposing a novel and comprehensive survey inspired by the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework, defining the search strategy, inclusion and exclusion criteria, selection process, and classification. We also present a cross-dimensional taxonomy that classifies UAV security research according to the type of AI model, the cyber attacks it thwarts, and the related security properties it enforces. This taxonomy does not stop at describing machine learning (ML) and deep learning (DL) approaches but also examines federated learning (FL), reinforcement learning (RL), graph neural network (GNN), and generative AI (GAI). We also classify the threat vector according to the layer in the UAV functional stack where the attack takes place. In addition, we describe the datasets, tools, and evaluation metrics that were mostly used in the literature. Our survey analyzes the common uses of each AI model type in UAV security and discusses its strengths, limitations, and deployment readiness. The outcome of our taxonomy is a quantitative and qualitative analysis providing quantifiable metrics on the covered security properties per model type. We conclude the paper by discussing the key open challenges and future directions in the field. We intend for this survey to serve as a reference for cybersecurity researchers and practitioners who tackle UAV security using AI.

1. Introduction

In recent years, UAVs [1] have continued to evolve as indispensable assets not only for the military, but across a wide range of civilian, commercial, and industrial applications. With applications [2] ranging from aerial surveillance, disaster response, and monitoring to urban mobility, logistics, and agriculture, UAVs are rapidly being integrated into multiple sectors. Increasing autonomy, communication capabilities, and deployment in crucial operations represent some of the key features of UAVs, while secure operations and reliability remain as some of the key challenges. Conversely, the widespread adoption of UAVs introduces a broad and continuously expanding attack surface [3]. Since UAVs depend on satellite-based GPS navigation, wireless communication, and frequently centralized or swarm-based communication, they are vulnerable to a variety of cyber-physical threats. Notable examples of cyber attacks, which have severe consequences for security, include distributed denial-of-service (DDoS) attacks, data injection, GPS spoofing, and manipulation of the Automatic Dependent Surveillance–Broadcast (ADS-B) [4].
Traditional cybersecurity measures, while essential, are increasingly unable to deal with the dynamic and adaptive nature of emerging threats. As a result, researchers have been employing AI models to deal with UAV threats [5], which would make them more robust and flexible. AI methods, particularly those based on machine learning and deep learning, have the ability to identify abnormalities, categorize threats, forecast hostile behavior, and even react to attacks on their own in real time. Conversely, other AI paradigms, such as RL, FL, GNN, and GAI, have also gained momentum as potential solutions to some of the emerging UAV security threats.
Several surveys have examined security, privacy, and operational challenges in UAV systems across civilian and military domains, as outlined in Table 1. However, these contributions remained fragmented because they do not cover the full spectrum of AI methods. In particular, several surveys focus only on the threats and traditional security measures, without a clear methodology and/or dedicated AI model taxonomy (AIMT), while others stop short at exploring the usage of ML and/or DL in UAV security. However, there is a pressing need to explore other sub-fields of AI where research is growing, such as FL, RL, GNN, and GAI. In addition, there is a significant lack of coverage of the tools, datasets, and metrics (TDM) used as part of the evaluation of AI models in UAV security.
Cordill et al. [6] provided a systematic analysis of UAV vulnerabilities, classifying them into hardware, software, and communication attacks while emphasizing privacy concerns including ethical UAV surveillance and compliance with frameworks such as General Data Protection Regulation (GDPR). The authors review state-of-the-art technical solutions such as lightweight encryption, blockchain-based security, and privacy-preserving machine learning, highlighting the integration of both technical and policy perspectives for holistic UAV network security. Tsao et al. [7] focused on security within flying ad-hoc networks (FANETs) and the Internet of Drones (IoD), categorizing threats based on UAV connections with ground control stations and pilot devices. The survey evaluates conventional and novel UAV routing protocols from a cybersecurity perspective and assesses defense mechanisms against key requirements such as availability, authentication, authorization, confidentiality, integrity, privacy, and non-repudiation. Similarly, Rahman et al. [8] and Al-Syouf et al. [9] provided detailed overviews of FANETs and IDS frameworks, emphasizing high-accuracy detection, feature selection methods, datasets, and performance metrics for UAV network security.
Bithas et al. [10] and Syed et al. [11] reviewed the application of ML, blockchain, and digital watermarking for UAV security. ML techniques enhance threat detection and resource management in UAV networks, while blockchain ensures decentralized trust and watermarking secures transmitted media. Sarikaya and Bahtiyar [12] extended this discussion to deep reinforcement learning (DRL), highlighting adaptive, intelligent countermeasures that complement conventional defense strategies. Wang et al. [13] focused on UAV swarm networks, discussing attacks such as DoS, man-in-the-middle (MiTM), and threats against ML models, emphasizing AI-driven and adaptive security mechanisms. Adil et al. [14] examined UAV-assisted IoT applications, categorizing primary threats, reviewing countermeasures, and identifying open research challenges in dynamic, wireless network deployments. Tlili et al. [15] complemented these surveys by presenting a taxonomy of AI-based UAV security approaches, analyzing prevention and detection techniques, and highlighting open research challenges. Yang et al. [16] further explored ML and DL methods for UAV threat mitigation, while introducing large language models (LLMs) as emerging tools for adaptive decision making.
Abro et al. [17] provided a broader overview of UAV detection, classification, and tracking technologies, identifying vulnerabilities such as control signal jamming, while highlighting relevant legislation and communication standards. Autonomous multi-UAV systems are addressed by work employing the STRIDE model to prioritize cybersecurity threats and presents security design recommendations for safe multi-UAV deployment [18]. Pandey et al. [19] surveyed UAV-assisted networks, detailing intrusion taxonomies, performance metrics, and proactive mitigation strategies integrating mmWave, NOMA, massive MIMO, cognitive radio, software-defined networks, edge/fog computing, blockchain, and ML for secure UAV communications. Similarly, UAV integration into cellular networks is reviewed by [20], highlighting UAV-mounted base stations, interference management, connectivity optimization, regulatory compliance, and cyber-physical security challenges.
Alzubaidi [21] focused on UAV malware detection using ML and DL, providing taxonomies and identifying research gaps and future directions. Mohsan et al. [22] provided a foundational survey on UAV types, swarms, classifications, charging methods, regulations, applications, operational challenges, and security concerns, providing context for the increasing deployment of UAVs across domains. The Internet of Drones (IoD) is highlighted by Ogab et al. [23], emphasizing dynamic UAV networks leveraging IoT for autonomous, collaborative tasks. Despite offering adaptability and scalability, IoD introduces unique security challenges, including resource-constrained IDS deployment, high false-positive rates, and limited adaptability to evolving attacks. Systematic reviews consolidate research on ML-based IDSs, datasets, attack classifications, and software environments, providing structured insights into current trends, limitations, and future research directions.
Berini et al. [24] presented a survey of threats, attacks, and secure methods of communication between UAVs and autonomous vehicles. The survey, however, covers various methods of securing this type of communication with very limited and superficial coverage of AI-based methods (ML, DL and GAN) and without elaborating much on the used datasets. Morshedi et al. [25] presented a survey exploring UAV threats and defense mechanisms against them. While the paper emphasized the need for cross-layer protection, it provided very shallow and limited coverage of AI methods, included with other defensive mechanisms such as crypto-based solutions. As a result, there is no taxonomy for these AI methods and no coverage of the datasets. Tarik et al. [26] provided an interesting systematic literature review of mainly ML and DL methods to secure UAV threats. The survey covers papers over the period spanning from 2013 to 2025. The authors discussed FL via a comparative analysis. However, there is no coverage of RL or GNN, while coverage of GAI is limited to a few citations. In addition, the survey lacks comparative analysis.
Table 1. Survey positioning with regards to prior surveys.
Table 1. Survey positioning with regards to prior surveys.
AuthorsYearAIMTMLDLFLRLGNNGAITDM
Cordill et al. [6]2025×××××
Tsao et al. [7]2022×××
Bithas et al. [10]2019×××××
Sarikaya and Bahtiyar [12]2024××××××
Wang et al. [13]2024×××
Adil et al. [14]2023××××××××
Tlili et al. [15]2024××××××××
Yang et al. [16]2025××××××××
Abro et al. [17]2022××××××××
Pandey et al. [19]2022×××××××
Alzubaidi [21]2025×××××
Ogab et al. [23]2023××××××
Berini et al. [24]2026××××
Morshedi et al. [25]2026×××××××
Tarik et al. [26]2026×××
Our Survey2026
In this survey, we present a thorough analysis of the ways in which artificial intelligence is being used to improve UAV system security. Our survey methodology, which is inspired by the PRISMA process, specifies the search strategy, inclusion and exclusion criteria, selection process, classification, and limitations. We also propose a novel taxonomy in which we classify and examine the artificial intelligence techniques available today, encompassing both supervised and unsupervised learning as well as cutting-edge approaches like graph neural networks, reinforcement learning, privacy-preserving federated learning, and generative AI. We also list the commonly used tools and datasets in the research intersecting AI and UAV security. By using this lens, we hope to map the field of AI-driven UAV security research, pinpoint important trends, evaluate present issues, and point out exciting new avenues for future study.
The main contributions of this survey are as follows:
  • We present a structured survey inspired by the PRISMA process, defining the search strategy, inclusion and exclusion criteria, selection process, classification, and limitations.
  • We develop a novel taxonomy to classify the AI research used for securing UAVs, which goes beyond classical machine learning and deep learning to cover emerging fields such as federated and reinforcement learning, along with GNN and generative AI.
  • We propose a refined taxonomy of UAV threats according to its layered stack.
  • We describe the tools, datasets, and evaluation metrics used as part of the AI research for securing UAV operations.
  • We highlight the key insights from our survey by discussing the statistics of coverage of security properties by AI method type versus overall.
  • We discuss open challenges and future directions in UAV security using AI.
The remainder of this paper is organized as follows, and as shown in Figure 1. Section 2 provides a background overview of UAV architecture and threat models. Section 3 explains the survey methodology. Section 4 describes the proposed taxonomy. Section 5 describes the machine learning methods, while Section 6 describes deep learning methods. Section 7 discusses the federated learning methods, Section 9 describes GNN methods, and Section 10 describes generative AI methods. Section 11 presents the tools, datasets, and evaluation metrics. Section 12 summarizes and discusses the findings. Section 13 summarizes the key insights from this survey. Section 14 discusses open challenges, while Section 15 provides an overview of future directions. Finally, Section 16 concludes the paper.

2. UAV Architecture and Threat Model

2.1. UAV Architecture

As illustrated in Figure 2, the architecture of UAV systems is made up of a number of closely related subsystems, particularly those utilized in autonomous or remotely piloted missions. In general, a UAV system consists of the following parts:
  • Airborne Unit: The physical drone platform includes flight control systems, sensors (GPS, IMU, cameras, and LiDAR), actuators, and mission-specific payloads.
  • Ground Control Station (GCS): Interfaces that allow human operators to monitor and control UAVs, send commands, and receive telemetry data.
  • Communication Links: Wireless channels (usually radio frequency) are utilized for control, telemetry, video transmission, and swarm coordination among UAVs.
  • Cloud or Edge Infrastructure: Some modern unmanned aerial vehicles use cloud-based platforms or adjacent edge servers for computing offloading, data analysis, or fleet coordination.
The UAV system layer stack is rich and diverse, covering a wide range of functions required for remote operations. Actually, there is no widely agreed upon layer stack despite strong contenders such as [27,28]. At the bottom of this system stack lies the physical layer, which collects sensor data along with other functions related to interacting with actuators and radio frequency hardware. The communication layer collects and transmits sensor data and system status updates, and provides command and control links in addition to data links. The navigation layer relies on GPS or GNSS to offer precise localization and route planning. Above this, the control layer transmits flight instructions from the ground control station (GCS) to the UAV via radio frequency (RF) channels, frequently utilizing standardized protocols like MAVLink. Finally, the application layer manages mission-specific functions such as object tracking, delivery scheduling, and environmental monitoring, depending on the UAV’s intended use case. These communication channels are vital to mission success, but they are also great targets for cyber-attacks since they are wireless and frequently unencrypted.

2.2. Threat Taxonomy in UAV Systems

UAVs face a distinct and diverse set of cyber-physical threats due to their mobility, reliance on wireless communication, and increasing autonomy. Threats range from attacks on navigation and communication systems to software vulnerabilities and physical tampering. The classification of cyber attacks highlights the most serious attacks clustered according to their respective layers. These attacks can be described as follows:
  • Physical Layer:
     
    RF jamming overwhelms any radio-based communication between the UAV and the GCS by sending a high-power noise signal on the same frequency.
     
    Sensor manipulation is achieved by tampering with the inertial and perception sensors used by UAVs to force erroneous state estimations.
     
    Actuator manipulation can be achieved via various techniques such as signal injection, interference, power disruption, and physical tampering.
     
    Side channel measures unintended hardware leakage to uncover sensitive data and/or disrupt operations [29]. This can be achieved via various methods such as monitoring the consumed power, measuring the electromagnetic signal, or even triggering an electromagnetic fault to trigger errors. Recent research [30,31,32] highlighted that such attacks can even bypass encryption and uncover confidential information through the various types of sensors that can be used by UAVs.
  • Communication Layer:
     
    DoS/DDoS attacks aim to overwhelm the UAV’s communication or computing capabilities. This could result in high latency, diminished mission performance, or even a total loss of control.
     
    MiTM attacks intercept and manipulate communication between the UAV and the GCS. This facilitates the occurrence of other attacks such as command hijacking, telemetry injection, and illegal access to control channels.
     
    Message injection leverages vulnerabilities in widely used protocols in UAV communication to inject malicious data. This includes but is not limited to ADS-B and MAVLink.
  • Navigation Layer
     
    GPS spoofing [33] entails sending deceptive signals to confuse the UAV’s navigation system, potentially resulting in route diversion or collisions.
     
    Sensor fusion attacks represent a stealthier version of sensor manipulation, as they can evade sensor fusion algorithms such as the Kalman filter.
  • Control Layer:
     
    Command injection leverages vulnerabilities in drone software or communication links in order to take partial or full control of the UAV.
     
    Command suppression happens when the attacks injects higher priority or conflicting commands, thus overriding the legitimate one sent from the GCS.
  • Application Layer:
     
    Malware represents any malicious code deployed within the UAV ecosystem to perform malicious actions, affecting mostly UAV applications such as mission planning and AI modules.
     
    Data poisoning occurs during training by injecting malicious entries to corrupt the UAV learning mechanism. It occurs during offline or federated training.
     
    Model evasion occurs during runtime inference, leveraging a lack of robustness to inject adversarial inputs and mislead the AI models.
     
    Software exploitation occurs where vulnerabilities in UAV operating systems, firmware, or onboard apps can be used to acquire persistent access, elevate privileges, or disable security features. Once compromised, attackers may maintain covert control over the UAV.
These cyber-attacks can be highly dynamic and context-dependent. As a result, intelligent and adaptive security solutions are becoming increasingly important, driving the adoption of AI-based defenses.

3. Survey Methodology

In the section, we describe our survey methodology. While our survey does not strictly follow the PRISMA [34] formal systematic review style, we adopted a systematic collection, selection, and classification process as described in the following subsections.

3.1. Data Source and Search Strategy

We collected the research papers relevant to our topic from reputable databases and publication venues including IEEE, ACM Digital Library, Scopus, SpringerLink, and Scilit. During the search process, we used several combinations of keywords including:
  • UAV cybersecurity.
  • Drone security.
  • AI methods for UAV security.
  • Machine learning for UAV security.
  • Deep learning for UAV security.
  • Federated learning for UAV security.
  • Reinforcement learning for UAV security.
  • Graph neural networks for UAV security.
  • Generative AI for UAV security.
We targeted the publications from 2020 to early 2026 to ensure consistent coverage of recent research in AI-based UAV cybersecurity.

3.2. Inclusion and Exclusion Criteria

The inclusions criteria are described as follows:
  • Papers applying AI-based approaches for UAV security, specifically based on ML, DL, FL, RL, GNN, and GAI.
  • Peer-reviewed conference and journal publications.
  • Papers that address a specific UAV cyber-attack and/or AI-based defense mechanism.
The exclusion criteria are described as follows:
  • Papers that do not use AI-based methods.
  • Papers not directly related to UAV security.
  • Papers that are not peer-reviewed and not published.

3.3. Selection Process

After the initial search, which yielded a large pool of papers, we narrowed down the selection process by filtering the papers based on the following criteria:
  • Screening the title and abstract.
  • Reviewing the whole manuscript for relevance.
  • Removing potential duplicates.
  • Discarding short and/or position papers without evaluation.

3.4. Classification

The last step of our methodology involved classification of the selected papers based on several attributes that are aligned with the proposed multi-dimensional taxonomy that is outlined in Section 4. These filters are described as follows:
  • AI method type.
  • UAV attack type.
  • UAV system layer.
  • Cybersecurity property.
The quantitative metrics used in Section 13, such as the coverage of each security property, are computed based on the number of papers covering the specific properties per AI model type divided by the total number of papers per the AI model type in question. The cross-model coverage of each security property is computed based on the number of papers covering each security property across all model types.

3.5. Limitations

Our survey is meant to provide broad coverage of AI-based UAV security, but it does not follow the formal systematic review as per PRISMA principles. Therefore, there may be some level of bias in the selection process, which prompted us to do our best to ensure diverse and representative studies, while providing extensive comparison and key insights.

4. Taxonomy of AI Methods for UAV Security

The application of AI to UAV security represents a substantial shift away from conventional, rule-based defenses and toward data-driven and adaptive procedures. Due to their mobility and need for wireless connection, UAVs are vulnerable to both physical and cyber threats. Despite their merits, traditional cybersecurity methods often miss unseen and adaptive attack patterns. AI techniques get beyond these limitations by modeling abnormalities, learning behavioral patterns, and, in some scenarios, adapting on their own to unfavorable circumstances.
This section describes the novel multi-dimensional taxonomy we developed to classify AI-based research in the context of securing UAV systems. This taxonomy relies on three main dimensions, as follows:
  • AI Model Type: This is the main dimension covering all varieties of traditional AI models, such as ML and DL, and more advanced ones such as FL, RL, GNN, and GAI.
  • Attack Type: This is the second dimension that covers the cyber attacks thwarted by the AI models in each model type. These attacks are further refined according to the functional UAV layer, i.e., physical layer, communication layer, navigation layer, control layer, and application layer.
  • Security Property: This is the final dimension, which covers the security properties enforced by the presented works in each AI model category.
Our coverage of security properties goes beyond the classical CIA triad, which represents the foundation of cybersecurity, to include other critical properties in UAV systems such as authenticity and privacy. In fact, authenticity implies verifying the identity of the source of data sent to/from UAVs, while privacy focuses on protecting against sensitive inference, which is very important in AI-based systems for UAV security. In addition, such systems can be vulnerable against adversarial inputs; thus, we consider robustness as part of the security properties due to its role in achieving resilience against such perturbations.
Figure 3 provides a qualitative view of the cross-dimensional taxonomy that we propose in this survey. This view is compiled out of the aggregate survey results that are provided in Table 2, Table 3, Table 4, Table 5, Table 6 and Table 7, which describe the covered papers in each AI method type with regards to the model being used, the attack type, the UAV system layer where the attack takes place, and the affected security properties. The matrix depicted in Figure 3 represents the most dominant security property for the corresponding cyber attacks per UAV layer, as the x-axis, and the AI method type, as the y-axis. The most dominant security property is computed based on the number of papers that covers it. In several cases, more than one property is tied for the most dominant one. It can be observed that availability is most dominant, especially in the attacks in the communication layer. In addition, authenticity and integrity are generally most dominant jointly, sometimes along with availability. In addition, robustness and privacy tend to be most dominant in the application layer regardless of the AI method type. Privacy is most dominant when FL is considered across most UAV system layers, sometimes tied with other properties such as availability, integrity, or authenticity.

5. Machine Learning Methods

Classical and supervised ML techniques [35] have long been used to protect UAV networks by identifying intrusions, spoofing, jamming, and aberrant behaviors via flight data, network traffic, or radio frequency (RF). As seen in Table 2, classical and supervised machine learning algorithms are very popular for UAV security. These algorithms, which use telemetry, network traffic, and RF characteristics, can perform real-time detection under stringent resource limitations, laying the groundwork for more advanced AI-based approaches like deep learning, reinforcement learning, and federated learning.
MAVIDS [36] is an onboard intrusion detection system that uses principal component analysis (PCA) and one-class anomaly detection to detect GPS spoofing and jamming attempts based on UAV flight logs. MAVIDS operates without labeled attack data, under severe onboard resource constraints, and achieves macro-averaged F1 scores of 90.57% and 94.3%, respectively, while retaining real-time detection capabilities even during communication disruptions. Supervised machine learning algorithms have also been used for UAV network traffic. Moustafa and Jolfaei [37] created a testbed that generated both benign and malicious UAV traffic. They trained classifiers such as decision tree, KNN, naïve Bayes, SVM, and shallow MLP. The decision tree achieved the best accuracy (99.99%), followed by KNN and MLP (99.98%). SVM reached competitive accuracy (99%) but had the largest fall-out rate (2.245%). Although rapid to train, naïve Bayes fared poorly (39.9% accuracy). These findings show that lightweight supervised machine learning models, particularly decision trees, can achieve high accuracy with low computing overhead, enabling real-time intrusion detection for UAV networks.
Shafique et al. [38] employed handcrafted GPS-derived features, such as jitter, shimmer, and frequency modulation, combined with SVM classifiers and a K-fold voting method, to discriminate authentic from counterfeit signals, obtaining 98.7% accuracy and 0.98 F1 score. Agnew et al. [39] investigated predictive modeling of network-level performance statistics, including inter-arrival time, transmission latency, and packet count, for ML-based intrusion detection in SD-UAV networks.
Table 2. Classification of ML methods.
Table 2. Classification of ML methods.
AuthorsModelAttack TypeUAV LayerSecurity Property
Whelan et al. [36]PCA + one class classifierGPS spoofing, jammingPhysical, navigationAvailability, integrity
Moustafa and Jolfaei [37]Decision tree, DNN, MLP, SVMNetworked UAV attacksCommunicationConfidentiality, integrity, availability, authenticity
Shafique et al. [38]SVM + K-foldGPS spoofingNavigationAvailability, integrity
Agnew et al. [39]Light GBMDoS (greyhole, blackhole), jammingPhysical, communicationAvailability
Wu et al. [40]FRS + SNN + RFDoS, DDoSCommunicationAvailability
Fu et al. [41]CNN-LSTMDDoS, jamming, command injection, malware, sensor manipulationAllAvailability, authenticity, integrity
Shrestha et al. [42]LR, DT, LDA, KNN, GNB, SGD, K-MDoS, botnet, unauthorized accessCommunicationAvailability, authenticity
Whelan et al. [43]PCA + one class classifierSensor manipulationPhysicalIntegrity, authenticity
Cai et al. [44]RF Fingerprinting + CNN + DNNData poisoning, model evasionApplicationAuthenticity, privacy, robustness
Mehmood et al. [45]RFDoSCommunicationAvailability
Classifiers were able to detect jamming, blackhole, and grayhole attacks even under zero-day settings by simulating normal traffic using queuing theory, enhancing training efficiency and enabling rapid anomaly identification. Lightweight high-precision models, such as fuzzy rough set (FRS)-based IDS combined with shallow neural networks (SNN) and random forest (RF) [40], maintain 99% accuracy and low false alarm rates on datasets such as CIC-DDOS2019. This offers interpretable and resource-efficient alternatives to deep learning for constrained UAV hardware.
Identification of UAV operation modes and encrypted communication analysis are examples of resource-efficient detection frameworks. In [46], a method based on packet size and inter-arrival times with re-weighted L1 norm regularization and maximum likelihood estimation achieves 85.7–95.2% detection accuracy and accurate mode identification (88.5–98.2%) within 0.15–0.35 s, making it suitable for real-time UAV identification in Wi-Fi environments. Hybrid CNN–LSTM architectures [41] used in UAV-assisted agricultural IoT networks detect aberrant behavior with 93.5% accuracy, while reinforcement learning (DDQN) optimizes UAV deployment. Similarly, Ref. [42] shows that decision trees (DT) trained on CSE-CIC IDS-2018 achieve 99.99% accuracy and zero false negatives in UAV- and satellite-based 5G networks. The authors also tested various other ML algorithms such as logistic regression (LR), linear discriminant analysis (LDA), K-nearest neighbor (KNN), Gaussian naive Bayes (GNB), stochastic gradient descent (SGD), and K-means (K-M).
A novel technique employing one-class classifiers and PCA for dimensionality reduction [43] detects GPS spoofing with F1 scores of up to 99.73% for malicious readings. RF fingerprinting paired with ML and DL algorithms [44] achieves more than 95% accuracy in UAV recognition with SNR higher than 5 dB, even with Gaussian noise. Simulated UAV IDS evaluation [45] shows that random forest classifiers reach 95–96% detection accuracy.
The key observation is that ML models represent a popular choice to tackle UAV attack detection thanks to their lightweight nature, fast training time, and low overhead. This makes them an effective choice for resource-constrained devices such as UAVs. However, their reliance on manual feature selection, difficulties with large datasets, and inability to handle evolving attacks constitute some of their main weaknesses.

6. Deep Learning Methods

DL methods [47] have become increasingly important for safeguarding UAV systems, allowing strong, real-time detection of threats. These systems use large-scale network traffic, sensor telemetry, and UAV operational data to detect intrusions, authenticate devices, and assure swarm resilience. A summary of the research work is provided in Table 3.
Table 3. Classification of DL methods.
Table 3. Classification of DL methods.
AuthorsModelAttack TypeUAV LayerSecurity Property
Tlili et al. [48]LSTMJamming, MiTM, GPS spoofing, malwareAllAvailability, integrity, confidentiality, authenticity
Mehdi et al. [49]DPNDoS, MiTMCommunicationAvailability, integrity, authenticity
Niyonsaba [50]CNN + LSTMDoS, DDoS, MiTMCommunicationAvailability, authenticity
Mughal et al. [51]LSTM + DDPGJammingPhysicalAvailability
Tang et al. [52]DNN + DQNJammingPhysicalAvailability
Haque et al. [53]PCA + DNNMiTM, command injectionCommunication, controlAuthenticity, integrity
Abu AL-Haija and Badawi [54]Deep CNNDoS, MiTM, command injectionCommunication, controlAvailability, integrity, authenticity
Ramadan et al. [55]LSTM + RNNDoS, malware, botnet, MiTMCommunication, applicationAvailability, integrity, authenticity
Mughal et al. [56]FNN, CNN, RNNMessage injection, DoSCommunicationIntegrity, availability, authenticity
Alzahrani [57]CNN, LSTM, CNN-LSTM, convLSTMDoS, MiTM, message injectionCommunicationAvailability, integrity, authenticity
Jalil Hadi [58]FFCNNDoS, message injectionCommunicationAvailability, integrity, authenticity
Miao et al. [59]CNN-biLSTMDoS, GPS spoofing, command injectionCommunication, navigation, controlAvailability, integrity, authenticity
Benjamin and Kacem [60]Transformer + LSTMDoS, DDoSCommunicationAvailability
Kacem and Tossou [61]TransformerADS-B message injectionCommunicationAuthenticity, integrity
Tlili et al. [48] presented a model based on LSTM that uses coordinated detection units across UAV platforms, integrating several IDS components to achieve 98.6% global detection accuracy while minimizing onboard computing. UAV-DiPNID [49] uses knowledge distillation via distilled pruned networks (DPN) to create compact deep networks with 99.61% detection accuracy. This reduces inference time by 80.7% and model size by 90%, allowing for real-time deployment on resource-constrained UAV platforms. Intrusion detection systems (IDS) that use DL models have demonstrated great performance across several UAV datasets. Niyonsaba et al. [50] presented a hybrid CNN–LSTM method that achieved up to 99.063% accuracy on CICIDS2017, with hybrid models excelling at real-time threat detection. UAV-assisted reconfigurable intelligent surface (RIS) networks use a hybrid method based on LSTM and deep deterministic policy gradient (DDPG) [51] to improve communication security and achieve 99.10% detection accuracy. UAVs operating as mobile relays can use cooperative jamming tactics optimized using deep neural networks (DNN) and deep Q-networks (DQN) [52] to avoid eavesdropping while responding to channel uncertainty.
Adaptive IDS architectures integrate deep learning and reinforcement learning to provide proactive threat mitigation. Zero-trust architectures (ZTA) enhance UAV security by continually authenticating network entities and merging RF signals with explainable AI algorithms like SHAP and LIME, achieving 84.59% accuracy [53]. UAV-IDS-ConvNet [54] employs deep CNNs to analyze encrypted Wi-Fi data across multiple UAV platforms, reaching 99.50% two-class accuracy with a prediction time of 2.77 ms and beating existing IDS models by 6–23%. LSTM-RNN architectures [55] provide real-time anomaly detection in FANETs. When combined with big-data stream analytics, they outperform classic systems like Snort by up to 36% in detection accuracy.
Cross-UAV feature fusion in swarm testbeds [56] reveals that integrating cyber and physical telemetry from several UAVs enhances F1 scores, reaching 96.3% when both attacked and benign UAV data are fused, demonstrating the relevance of swarm security. Extensive evaluations of deep learning architectures including CNN, LSTM, hybrid CNN-LSTM, and ConvLSTM show that ConvLSTM consistently achieves near-perfect accuracy (99.99%) in UAV network intrusion detection across multiple datasets, emphasizing the importance of modeling spatiotemporal patterns. UAV-CIDS [58], an autonomous collaborative IDS architecture, uses feedforward CNN (FFCNN) to identify zero-day and known assaults with 98.23% accuracy and real-time event response. Hybrid techniques include feature selection, modified deep CNN-BiLSTM architectures, and attention mechanisms such as in [59]. In addition, Benjamin and Kacem [60] proposed another hybrid approach based on Transformer and LSTM to detect DoS and DDoS in UAV systems. Kacem and Tossou [61] proposed a Transformer-based system to detect replay attacks targeting ADS-B systems.
DL models are characterized by high accuracy values while enabling automatic feature engineering and flexibility in handling large and complex datasets. They also excel in modeling spatiotemporal behavior, which is very important, especially in domains that have stringent real-time requirements. However, their reliance on large datasets may become a weakness if these models operate on smaller ones. Additionally, DL models generally incur high overhead and intensive energy consumption. These weaknesses, in addition to their vulnerability to adversarial attacks, constitute the main hurdles DL models face.

7. Federated Learning Methods

FL [62] has emerged as a crucial strategy for improving UAV network security, especially in situations where data privacy, distributed computation, and restricted bandwidth are issues. Unlike traditional centralized learning, FL enables UAVs to train models jointly across remote devices without sharing raw data, ensuring privacy while achieving excellent detection accuracy. A summary of research work is provided in Table 4. UAV networks can identify known and undiscovered cyber-attacks, such as blackhole, sinkhole, floods, GPS spoofing, and jamming, by combining FL with machine learning, deep learning, and advanced data augmentation techniques [63,64,65].
Table 4. Classification of FL methods.
Table 4. Classification of FL methods.
AuthorsModelAttack TypeUAV LayerSecurity Property
Zhang et al. [63]LSNetMessage injection, command injection, model poisoningCommunication, control, applicationIntegrity, authenticity, privacy, robustness
Ceviz et al. [64,66]FedAvg + CNN + DNNDoSCommunicationAvailability, privacy
He et al. [65]CGAN-LSTM + BFAJamming, DoS, MiTM, Model PoisoningCommunication, applicationAvailability, privacy, integrity, robustness
Lu ey al. [67]L-MDAESensor manipulation, DoSPhysical, communicationAvailability, integrity, authenticity, privacy
Da Silva et al. [68,69]Light GBMGPS spoofing, jammingPhysical, navigationAvailability, integrity, authenticity, privacy
Ceviz [70]Few Shot LearningDoSCommunicationAvailability, privacy
Mowala et al. [71]Custom modelJammingPhysicalAvailability, privacy
Fahim-Ul-Islam et al. [72]FedWGCAModel poisoningApplicationRobustness, privacy
Zeng [73]FL + GANJamming, message injection, DoS, GPS spoofing, model evasionAllIntegrity, authenticity, availability, privacy, robustness
Deng et al. [74]CustomDoS, command injection, message injectionCommunication, controlAvailability, integrity, authenticity, privacy
Chai et al. [75]TCN-TransformerGPS spoofing, jammingPhysical, navigationAvailability, integrity, privacy
Cui et al. [76]OPFLDos, message injection, MiTMCommunicationIntegrity, authenticity, availability, privacy
Ntizikira et al. [77]DP + CNN-LSTMDoS, DDoS, MiTM, message injection, code injectionCommunication, controlAvailability, integrity, authenticity, privacy
Several frameworks demonstrate the practical application of FL in UAV cybersecurity. Lightweight Spectrogram Network (LSNet) [63] was developed as a zero-trust federated framework for UAV authentication using a spectrogram-based model, achieving over 80% accuracy for recognized UAVs and an AUROC of 0.7 for unknown UAV kinds across five remote clients. FL-IDS [64,66] allows for collaborative intrusion detection in FANETs, identifying high-impact assaults like floods with near-ideal accuracy, even at low attacker ratios, while maintaining privacy and adaptability through weight-sharing. Advanced frameworks use generative models, like CGAN-LSTM architectures and blockchain-based federated aggregation (BFA) [65,73], to improve training data, solve class imbalance, and assure safe, decentralized model updates.
FL enables distributed anomaly detection in UAV swarms with excellent accuracy and robustness. The combination of multi-modal denoising autoencoder and federated learning (L-MDAE) [67] uses multi-modal denoising autoencoders trained with FL to detect communication anomalies, with up to 99.19% accuracy across several datasets. Hybrid FL-based IDS frameworks [68,69] combine unsupervised approaches for in-flight anomalies (e.g., GPS spoofing and jamming) with supervised learning for network assaults, resulting in high F1-scores (up to 97.9%) in resource-constrained contexts. Few-shot FL (FSFL-IDS) [70] and continuous learning frameworks (FCL-SBLS) [78] improve flexibility, enabling UAVs to retain detection performance with less computational overhead.
Mowala [71] presented an FL-based approach for on-device jamming detection based on a custom model where the training depends on both the local and global models along with client group prioritization using Dempster–Shafer theory. Fahim-Ul-Islam [72] proposed FedWGCA frameworks based on weighted gradient clipping (GC) aggregation and attention-based neural networks that reduce the impact of malicious updates while preserving accuracy, precision, and recall.
Federated GAN-augmented IDS (FGA-IDS) [73] combines synthetic data generation with FL to enhance detection reliability and reduce bandwidth utilization. Deng et al. [74] presents a custom model, FIDSUS, that optimizes feature aggregation by collaborative sensing and cross-round feature fusion, resulting in 4–34% greater accuracy compared to conventional FL approaches. Additional research demonstrates FL’s potential for UAV navigation and mission-critical operations. TCN-Transformer networks [75] and FL detect GPS spoofing and jamming with greater accuracy. Online personalized FL (OPFL) [76] adjusts models to heterogeneous UAV hardware, attaining 95.88% detection accuracy. SP-IoUAV [77] is a privacy-preserving FL architecture that uses differential privacy (DP), secure multi-party computation, and CNN-LSTM models to provide great security (99.98% accuracy) and data confidentiality in real-time threat detection.
FL models introduce a paradigm shift by focusing on networked threat detection while preserving privacy by having local nodes only share models weights without the raw data.They are being applied in scenarios involving swarm UAV security. Despite the privacy-preservation being an attractive benefit, these models generally incur high overhead and often face synchronization issues between the server and the local clients. In addition, FL models struggle when dealing with heterogeneous datasets and are also vulnerable to poisoning attacks.

8. Reinforcement Learning Methods

RL [79] has emerged as a useful paradigm for improving autonomous UAV security because it allows agents to learn optimal defensive or navigation methods through interaction with dynamic surroundings. In UAV systems, RL techniques such as deep Q-networks (DQN) and policy gradient approaches are popular since they enable UAVs to deal with threat vectors. Table 5 summarizes the research done in this area.
A lightweight DQN-based intrusion detection and prevention system (IDPS) [80] allowed UAVs to identify harmful actions and respond autonomously under onboard computational constraints. The model achieved 99.70% accuracy, with precision, recall, and F1-scores of 95%, 97%, and 96%, respectively, while using very little energy. Similarly, an AI-driven IDS optimized for UAVCAN networks [81] successfully detected developing attack patterns, considerably increasing the cybersecurity and operational resilience of UAV communication systems. Deep deterministic policy gradient (DDPG) was proposed by Tao et al. [82] to effectively identify intrusions in UAV aerial computing environments, providing advice for future security advancements in these networks. In defense and rescue scenarios, fully autonomous UAVs [83] integrated clever onboard security systems capable of discriminating between normal and faked signals, evading threats, and assuring safe return home under cyber-attack conditions. The approach is based on self-taught learning (STL) used with multiclass SVM and DQN. Federated deep learning (FDL) techniques have been combined with RL to improve UAV network security. A drone client selection algorithm [84] optimized participation in federated deep learning, resulting in FLID, a federated IDS, combining MLPs, CNNs, and LSTM-based RNNs to detect variants of DoS attacks such as flooding, blackhole, and selective forwarding in FANETs while maintaining privacy and minimizing computation. Experiments with the WSN-BFSF dataset yielded high results: 99.38% accuracy, 99% precision, 99% recall, and 99% F1-score.
Table 5. Classification of RL methods.
Table 5. Classification of RL methods.
AuthorsModelAttack TypeUAV LayerSecurity Property
Bouhamed et al. [80]DQNCommand injection, DoSCommunicationAvailability, authenticity, integrity
Sethi et al. [85]DQNDoS, MiTM, message injection, data poisoning, model evasionCommunication, applicationAvailability, integrity, authenticity, robustness
Islam et al. [81]DQNDoS, message injectionCommunicationAvailability, integrity, authenticity
Tao et al. [82]DDPGGPS spoofing, jammingPhysical, navigationAvailability, authenticity, integrity
Arthur et al. [83]STL + SVM + DQNJamming, message injectionPhysical, communicationAvailability, authenticity, integrity
Benfriha et al. [84]RL + FDLDoSCommunicationAvailability
Hickling et al. [86]DDPG + PER + APFData poisoning, model evasionApplicationRobustness
An adversarial attack detection framework [86] used explainable DRL with deep deterministic policy gradient (DDPG), prioritized experience replay (PER), and artificial potential fields (APF) to efficiently avoid obstacles and detect attacks. Experiments with basic iterative method (BIM) adversarial attacks reveal that a CNN-based detector achieves 80% accuracy, whereas an LSTM-based detector achieves 91% accuracy with faster processing, allowing for real-time adversary identification. Reinforcement learning equips UAVs with adaptive, proactive, and resilient security capabilities, allowing for autonomous threat detection, optimal navigation, and real-time reaction even in complex situations.
RL models are being applied more and more in contexts involving UAV adaptive security, autonomous threat response, and dynamic attack mitigation. Their increasing popularity is often attributed to their support of real-time decision making and their ability to handle dynamic environments. However, due to the fact that these models still need more extensive evaluation with UAV real-world scenarios, their training time is still instable. Moreover, the reward engineering, which constitutes a key pillar of RL, is quite complex, especially for UAVs. In addition, safety concerns represent another considerable obstacle that stand in the way of deployment readiness.

9. Graph Neural Network Methods

GNNs [87] are popular in modeling complex relational data in UAV networks, particularly for applications in swarm coordination, communication, and security. By representing UAVs as nodes and their interactions or communication links as edges, GNNs capture spatial, temporal, and topological dependencies that traditional machine learning models often overlook. The summary of the research works is provided Table 6.
Wang et al. [88] presented an anomaly detection model for multivariate UAV sequences that integrates GNNs with Transformers and a graph attention mechanism. Using a multi-channel Transformer for intrinsic pattern extraction, a graph attention network (GAT) for temporal-spatial dependencies, and a multi-channel fusion module using Bi-LSTM with channel attention, their proposed approach achieved accuracies of 92.83% and 96.59% on two UAV datasets while maintaining computational efficiency, outperforming existing anomaly detection methods. Swamy and Sophia [89] presented a spatial-temporal fusion GNN enhanced with the Walrus Optimizer. The purpose was to detect data poisoning attacks using visual inputs and control signals from the Udacity and custom GoPro datasets.
Table 6. Classification of GNN methods.
Table 6. Classification of GNN methods.
AuthorsModelAttack TypeUAV LayerSecurity Property
Wang et al. [88]GAT + Bi-LSTMAnomaly detectionPhysicalN/A
Swamy and Sophia [89]STFGNNet-WO + PPFLData poisoningApplicationPrivacy, robustness
El Rai and Darseesh [90]Dual-GATDoS, message injectionCommunicationAvailability, authenticity, integrity
Sun et al. [91]GAT, GCN, GCN-EWDoSCommunicationAvailability
Mustafa Abro and Abdallah [92]GATAnomaly detectionPhysicalN/A
Mughal et al. [93]ChebNetDoS, message injectionCommunicationAvailability, integrity, authenticity
Majumder et al. [94]GCNNs, GATs, GraphSAGE, GTDoS, message injectionCommunicationAvailability, integrity, authenticity
Du et al. [95]GCN + LSTMDoS, message injectionCommunicationAvailability, integrity, authenticity
By extracting spatial-temporal features through fused adjacency matrices and gated CNN outputs and using a privacy-preserving federated learning (PPFL) framework, their proposed approach reached 99.2% accuracy; 99% sensitivity, specificity, and precision; and an RMSE of 0.105, surpassing baseline methods in both robustness and predictive performance. Dual-GAT [90], a dual-branch GAT architecture for UAV intrusion detection, modeled cyber and physical telemetry data as asynchronous graphs and fused modality-specific representations at the decision level. Evaluated on a public UAV cyber-physical dataset, dual-GAT outperforms cyber-only, physical-only, and early-fusion approaches, particularly excelling in detecting message injection and DoS attacks requiring domain context. Sun et al. [91] leveraged attack graphs and real-time network measurements to model both static and dynamic network attributes, achieving high precision, recall, F1-score, and AUC, while providing insights into uncertainty, explainability, and robustness. A GAT-based approach using received signal strength indicator (RSSI) data [92] constructed a graph representing drone-to-drone communications with RSSI deviations as node features.
Mughal et al. [93] presented a model entitled Chebyshev Graph Neural Network (ChebNet) for UAV swarm security. The authors set up a hexagonal UAV swarm testbed study showing that leveraging spatial relationships alongside temporal patterns significantly improves intrusion detection performance under false data injection, evil twin, replay, and DoS attacks compared to traditional deep neural networks. Majumder et al. [94] transformed tabular UAVCAN messages into graph structures, and then employed GCNNs, GATs, GraphSAGE, and graph-based Transformers (GT) for intrusion of message injection and variants of DoS such as fuzzing and flooding. Inductive models such as GraphSAGE, GAT, and GT generalize effectively to unseen nodes and achieve high accuracy, i.e., 99.45% compared to 69.81% for baseline LSTM, consistently outperforming traditional models across complex attack scenarios. For UAV networks with sparse ECU nodes, UAV-GCN-LSTM (UGL) [95] combined GCNs for network topology modeling with LSTMs for sequential behavior, achieving 100% accuracy for flooding, 98.54% for fuzzing, and 96.35% for replay attacks, significantly outperforming baseline approaches.
Collectively, these studies underscore the strengths of GNN-based approaches in capturing complex spatiotemporal and relational patterns within UAV networks. By consistently achieving high accuracy, low false-positive rates, and robust generalization to unseen scenarios, GNNs provide a reliable, scalable, and efficient solution for UAV security, anomaly detection, and cooperative swarm operations.
GNN models are being investigated in the context of swarm UAV security and networked UAV security. These models excel in analyzing communication graph and attack propagation. They exhibit advanced anomaly detection while showing promising scalability, especially for UAV swarms. They also are capable of capturing dynamic spatiotemporal constraints, which may be deemed crucial for the performance. However, the complexity of such models is still unstable since GNNs are generally known to incur high overhead despite emerging research work introducing lightweight alternatives. This sheds some doubts on their scalability capabilities in the absence of widely adopted real-world UAV benchmarks.

10. Generative AI Methods

GAI [96] has emerged as an effective technique for improving UAV cybersecurity by tackling crucial issues such as data scarcity, class imbalance, and the necessity for realistic attack simulation. Generative adversarial networks (GANs) are increasingly being used in UAV intrusion detection systems (IDS) to generate synthetic data that mimic actual network traffic or sensor behavior. Generative AI also augments local UAV datasets, decreasing reliance on centralized data gathering and strengthening IDS resilience in dynamic or data-constrained contexts. A summary of the research is presented in Table 7.
A GAN-enhanced IDS [97] generated adversarial samples targeting the IDS’s vulnerabilities, which were then used in training to improve robustness. This method outperformed traditional intrusion detection systems in terms of detecting evasion attacks while retaining a low false-positive rate. DroneDefGANt [98] used GAN-based data creation and Transformer-based feature extraction to detect both external threats like GPS spoofing and jamming, as well as internal defects like actuator failures. Synthetic dataset evaluations reveal 97.43% for spoofing and 98.96% for jamming, indicating robustness against Gaussian noise.
Zhao et al. [99] relied on a mixture of experts (MoE)-based GAI model that included GAN, autoencoders (AE) and variational autoencoders (VAE) to guide learning and generate high-quality synthetic samples. This approach achieved 99% intrusion detection accuracy while decreasing labeled data requirements by 98%. A conditional GAN (CGAN)-based framework [100] generated stealthy adversarial perturbations that evade traditional IDSs. Detection via a conditional variational autoencoder (CVAE) negative log-likelihood achieves very high AUC, 99%, demonstrating a reliable defense against stealth attacks. Synthetic data generation with CTGAN, Gaussian copulas (GC), and VAEs [101] improved IDS performance, with CTGAN providing more realistic distributions and VAE-generated data sustaining IDS accuracy with only a 1% loss.
Generative AI has also been used in more complicated UAV security designs. Nagendra Kumar et al. [102] presented a solution to deal with message injection and MiTM by leveraging GANs for anomaly detection, zk-SNARK for privacy-preserving identity verification, and PBFT consensus for secure transactions.
Table 7. Classification of GAI methods.
Table 7. Classification of GAI methods.
AuthorsModelAttack TypeUAV LayerSecurity Property
Asif et al. [97]GANJamming, GPS spoofing, model evasionPhysical, communication, applicationAvailability, integrity, authenticity, robustness
El Alami and Rawat [98]GAN + TransformersActuator manipulation, jamming, GPS spoofingPhysical, navigationAvailability, integrity, authenticity
Zhao et al. [99]MoE-enabled GAIJamming, MiTM, message injectionPhysical, communicationAvailability, authenticity, integrity
Panda and Guo [100]CGAN + CVAEDoS, message injection, MiTM, model evasionCommunication, applicationAvailability, integrity, authenticity, robustness
Sarrikaya and Bahtiyar [101]CTGAN + GC + VAEJammingPhysicalAvailability
Nagendra Kumar et al. [102]GAN + zk-SNARK + PBFTMessage injection, MiTMCommunicationIntegrity, authenticity
Zeng and Nait-Abdesselam [103]HITL-ML + GANModel evasionApplicationRobustness
Gaber et al. [104]GAN + ML classifiersModel evasionApplicationRobustness
Their solution achieved 98.4% accuracy, 98.7% precision, 97.9% recall, 98.3% F1-score, and 98.7% AUC while maintaining low latency and reduced computation and communication overhead.
Real-time intrusion detection frameworks that combine human-in-the-loop machine learning (HITL-ML) and GANs [103] to improve adaptability to evolving threats outperform standard IDSs. Gaber [104] used GANs to create hybrid datasets of real IoFT traffic and synthetic adversarial attacks. Adversarial training was performed to protect against FGSM, BIM, and C&W attacks. Experimental evaluation tested the effectiveness of ML classifiers such as RF, DT, SVM, and LR, revealing that RF achieves up to 96.5% accuracy, demonstrating strong performance on both real and synthetic data.
GAI models are being applied in the context of data augmentation and generation of both synthetic and adversarial data for UAV use cases. They can also be used for automated threat detection in UAVs. Thanks to GAI models’ capabilities in data augmentation, they can be used to bridge the gap of missing UAV benchmarks, especially those focusing on robustness evaluation and security testing. Some of the most common weaknesses include the risk of being misused for hostile purposes, the hallucination potential of GAI models, the high overhead, and the limited UAV validation.

11. Tools, Datasets, and Metrics

There has been considerable variation in experimental design, datasets, and evaluation metrics across the surveyed literature on UAV and cybersecurity covering machine ML, DL, FL, RL, GNN and GAI. Table 8 summarizes the most commonly used datasets for each type of AI model along with the performance metrics and accuracy range.
Table 8. Used datasets of AI methods.
Table 8. Used datasets of AI methods.
AI ModelsCommon DatasetsCommon MetricsAccuracy Range
MLCIC IDS-2018 [105], CIC-DDOS2019 [106], UAV-IDS2020 [107], KDD-CUP99 [108], customAccuracy, F1, precision, recall, AUC-ROC, latency, throughput, training time39.9–99.99%
DLUAV-IDS2020 [107], KDD Cup-99 [108], CIC-IDS2017 [109], UAVCAN [110], NSL-KDD [111], WSN-DS [112], UNSW-NB15 [113], ToN_IoT [114], customAccuracy, F1, precision, recall, AUC-ROC, latency, FPR, FNR, RMSE,  R 2 68.6–99.61%
FLCIC-IDS2017 [109], WSN-DS [112], DroneRF [115], ALFA [116], TLM [117], N-BaIoT [118], customAccuracy, F1, precision, recall, AUC-ROC, MSE64–99.98%
RLCIC-IDS2017 [109], UAV-IDS2020 [107], NSL-KDD [111], WSN-BFSF [119], customAccuracy, precision, recall, F1, FPR, AUC-ROC85.27–99.70%
GNNCIC-IDS2017 [109], UAVCAN [110], customAccuracy, F1, precision, recall, FPR, detection rate, RMSE92.83–99.45%
GAICICIDS2018 [105], CIC-IDS2017 [109], UNSW-NB15 [113], Alfa [116], UAV Cyber Attack [120], ECU-IoFT [121],Accuracy (clean vs. adversarial), FPR, MSE, R 2 , NLL, Mahalanobis distance, likelihood regret24.4–99%
One key observation is that there are two main types of datasets used across all model types: generic cyber security and specialized UAV captures. While the former leverages the similarities between classic cyber attacks in networked environments due to the lack of specialized datasets that capture a wide variety of attacks, the latter are results of custom simulations using captures from specific UAV makers or UAV communication protocols such as MAVLink or ADS-B. ML approaches mostly relied on classic networked datasets such as CIC-IDS2018 and KDD-CUP99, while also using custom datasets generated from simulations. The most collected performance metrics by ML approaches include the accuracy, F1 score, precision, and recall, which are common in AI-based threat detection. Other metrics have been also used, such as AUC-ROC, latency, throughput, and training time, which are used to assess the deployment readiness of these approaches. It is worth noting that the accuracy fluctuates quite a lot, ranging from 39.9% to 99.99%, with the low values being generally associated with baselines used for comparison.
Similarly, DL models rely heavily on high-dimensional traffic datasets such as CIC-IDS2017, CIC-IDS2018, CIC-DDOS2019, and proprietary ones such as UAVCAN, UAV-IDS2020, or custom simulations, which provide richer temporal and semantic data. DL models used several performance metrics in common with ML such as accuracy, F1 score, precision, recall, AUC-ROC, and latency, while considering other ones such as FPR, FNR, root mean square error (RMSE), and R 2 . The accuracy of the surveyed approaches ranged from 68.6% to 99.61%, which may be due to limited dataset size and the limitations of baselines. FL models used some common datasets with DL models such as CID-IDS2017 and WSN-IDS, while experimenting with other drone-oriented ones such as DroneRF and Alfa, in addition to custom simulations. Accuracy ranged from 64% to 99.98%, which is generally due to several factors, such as the coordination difficulty in federated environments, in addition to challenges in handling heterogeneous data and vulnerability to poisoning attacks.
RL models generally leveraged networked datasets, such as CIC-IDS2017 and WSN-BFSF, UAV-specific datasets such as UAVIDS2020, and custom datasets obtained from simulations. The performance metrics included accuracy, F1 score, precision, recall, FPR, and AUC-ROC. The accuracy results were quite encouraging, but at the same time, real-world-oriented datasets are still missing; thus, it is a bit early to assess this high accuracy. GNN models used more UAV-specific datasets, such as UAVCAN, while using networked datasets and custom datasets at a lesser rate. The performance metrics included the accuracy, F1 score, precision, recall, FPR, RMSE, and attack detection rate. Accuracy results were quite high, ranging from 92.83% to 99.45%, but again these models are in the early adoption stage and need to be tested with real-world scenarios. GAI models leveraged networked datasets such as CIC-IDS2017 an UNSW-NB15, and UAV-oriented ones such as the UAV Cyber Attack dataset and Alfa dataset. However, in many cases, adversarial and/or synthetic samples were injected to complement them. As far as the metrics, accuracy comes in two flavors, clean versus adversarial, and FPR, MSE, and R 2 were also used. Some other statistical metrics such as NLL (negative log-likelihood), Mahalanobis distance, and likelihood regret were also used to detect outliers.
There are three categories of tools used in UAV security: network simulators, navigation simulators, and attack generators. For network simulators, prominent tools include Omnet++ and NS3, which are widely used for simulating network communication, including some networked-based attacks. Tools such as ArduSIM can also be used in conjunction with them to connect with drone navigation simulators. Tools such as Gazebo and AirSim are widely used in navigation simulations, as they allow researchers to simulate 3D physics with great fidelity, which allows testing navigation-based attacks such as GPS spoofing. Other tools that may be used in this context include MATLAB, Simulink, and Pixhwak. Finally, for attack generation, there are a variety of available tools, starting with Aircrack-NG, which is used for launching network-based attacks, and software-defined radio (SDR) tools, such as GNU Radio and HackRF, which can generate physical or communication-based attacks. Tool such as DroneSploit and Nmap are popular for discovering vulnerabilities in networked-based UAVs and are used mostly in conjunction with Kali Linux or Parrot OS.
Evaluation criteria differ greatly among systems, although accuracy, F1-score, precision, recall, false-positive rate (FPR), and false-negative rate (FNR) remain the most used benchmarks. Classical ML systems report good performance. Deep learning models typically outperform ML in terms of accuracy, with certain hybrid systems (e.g., CNN-LSTM or distilled models like UAV-DiPNID) reaching up to 99.61% accuracy while drastically lowering model size. GNN and Transformer-based models frequently stress enhanced categorization of complex, multi-stage, or hybrid attacks, although their metrics differ greatly because of conflicting job descriptions. Reinforcement learning methods primarily measure reward convergence, attack mitigation success rates, or decision performance under adversarial manipulation, rather than traditional measures such as accuracy or F1, making direct comparisons to supervised learning models problematic. Overall, while high accuracy figures are routinely claimed, often exceeding 95–99%, the absence of uniform evaluation settings and agreed benchmarks restricts the legitimacy and reproducibility of many stated metrics.

12. Comparative Analysis

In this section, we provide an in-depth analysis of the various AI models by comparing their common uses, strengths, limitations, and deployment readiness. The outcome of this comparison is depicted in Table 9.
ML models are generally used for cyber-attack and intrusion detection in addition to traffic classification. They are characterized by their low overhead and fast training time, making them appropriate for resource-constrained devices such as UAVs. However, they do suffer from limited feature learning, since this generally requires manual feature selection and expert knowledge of the feature space. ML models also generally struggle with large and complex datasets and do not deal well with evolving and/or unseen attacks.
DL models are also used for cyber-attack and intrusion detection, but they are also used for UAV behavior modeling and UAV cyber-attack classification. The surveyed models in this category are highly accurate and are characterized by automatic feature extraction and the ability to handle large and complex datasets. DL models also excel in spatiotemporal analysis, which can be crucial for detecting advanced attacks in domains such as finance and transportation. The weaknesses of these models include their reliance on large datasets, otherwise risking performance loss. The high overhead constitutes another major setback, in addition to having high energy requirements and being vulnerable to adversarial attacks. Therefore, the deployment readiness of DL models is moderate, with better suitability for ground station and edge devices than UAVs.
FL models are used for distributed intrusion and attack detection in addition to being popular in privacy-preserving UAV security and swarm UAV security. These models are popular thanks to limited data sharing while only sharing model weights, in addition to supporting collaborative learning in swarm UAV settings. Despite these advantages, these models generally exhibit high overhead, face difficulties ensuring synchronization, and face serious risks from adversarial attacks and when heterogeneous data are used. The deployment readiness of FL models is moderate, despite initial promising results for swarm UAVs, due to the communication and coordination constraints.
RL models are used for adaptive defense, dynamic attack mitigation, and autonomous threat response. Motivations for its rising popularity include its suitability for dynamic environments, support for real-time decision making, and effectiveness for autonomous response in UAVs. However, due to its relatively recent emergence, its training is still unstable; in addition, its reliance on the concept of rewards can be quite complex. There are also some concerns about its safety, especially when it comes to rogue UAVs engaging in adversarial manipulation of RL policies or interfering with the communication and control systems of legitimate drones, which may cause violations of the safety constraints. As a result, RL models’ deployment readiness is low to moderate as it is in the early experimental stage and the safety concerns need to be addressed.
GNN models are used for UAV swarm security, networked intrusion detection, communication graph analysis, and attack propagation analysis. This was motivated by their ability to model the complex and dynamic relations in large UAV swarms, their ability to detect complex and advanced attacks, and their excellent ability in dynamic spatiotemporal modeling. Their weaknesses include the unstable complexity, since GNNs are inherently computationally intensive by nature despite the emergence of more lightweight variants recently that optimize the runtime cost and message passing. Therefore, GNN models’ deployment readiness is low since the developments in this field are still emerging with limited adoption.
GAI is generally used for attack detection, generation of both synthetic and adversarial samples, and automated threat analysis. GAI emerged thanks to its ability to perform data augmentation, which is of great benefit when data are scarce or missing. GAI models support robustness benchmarking, which tests the capability of the AI models to deal with adversarial attacks in addition to its role in supporting UAV security testing. Some concerns, however, exist, especially the risk of being misused for malicious purposes, in addition to the possibility of hallucination in such models. These models also lack extensive UAV validation and incur generally high overhead. Therefore, GAI deployment readiness is low due to the fact that development in the field is still in early exploration, and it lacks real-world UAV security support.
Another interesting observation is that despite the rising importance of side-channel attacks on UAVs, we could not find any research work that matches our search criteria. All the works we found [122,123,124,125] were excluded because they did not fall within the 2020–2026 considered time period and because they were not UAV-specific side-channel attacks but rather general IoT. This indicates that investigating AI-related schemes to detect and thwart this type of attack would be a promising research area.
Despite major gains, the literature still has severe methodological limitations that are summarized as follows:
  • Cross-dataset evaluation: Almost every work presents findings from a single dataset or simulation environment, raising worries about overfitting and domain specificity. Few studies examined their models across heterogeneous UAV traffic datasets or test applicability to unknown environments—a critical prerequisite for real-world UAV deployments in which operational conditions vary greatly.
  • Explainability: While some research uses attention processes or feature selection strategies, very few studies provide interpretable explanations for why a model flags specific telemetry patterns or communication anomalies. This disparity is especially concerning for safety-critical systems such as UAVs, where trust and openness are required.
  • Adversarial perturbations: With regard to denoising autoencoders, and robustness to faked signals, most studies do not systematically assess resilience to adaptive attacks, data poisoning, physical-layer manipulations, or packet-loss situations. RL studies frequently examine robustness through simulation; however, these scenarios seldom mimic the complexities of real wireless environments. Similarly, DL techniques generally presuppose clean, completely labeled datasets, which are rarely found in practice.
  • Reproducibility: Most research lacks publicly available code, relies on proprietary UAV datasets, or leaves out critical information regarding pre-processing, feature extraction, or hyperparameter tweaking. RL-based works rely on proprietary simulation setups, whereas many Transformer/GNN-driven frameworks require domain-specific graph structures or non-standardized multi-view input formats. Even when datasets are made public, preparation procedures vary so greatly that identical models may give different findings across different studies. These constraints highlight the urgent need for consistent datasets, uniform evaluation methodologies, explainable intrusion detection algorithms, and robustness tests that are representative of real-world UAV communication scenarios. Without these enhancements, claimed performance measurements, no matter how good, will be difficult to compare, confirm, or trust in mission-critical UAV security deployments.

13. Key Insights

In this section, we summarize the key insights that can be taken from this paper. First, we investigate the mapping between each AI model and every considered security property along with the number of covered papers. In Table 10, we provide these statistics. We refer to security properties as follows: confidentiality (C), integrity (I), availability (Av), authenticity (Au), privacy (P), robustness (R). The first remark is that there are more papers focusing on classical AI models such as ML, DL, and FL, when compared to newer and emerging ones such as RL, GNN, and GAI. In addition, we noticed that availability maintained the highest consistent coverage, which can be explained by the high risk of access to key UAV services such as connectivity or localization. Confidentiality was only lightly covered by ML and DL, which can be explained by the non-secret nature of UAV systems that often broadcast their location or control messages. The predominance of availability across the various models is likely motivated by the prevalence of DoS, DDoS, and other communication-based attacks. The presence of several security properties such as authenticity and integrity also warrants cross-layer validation. Privacy is predominant mostly in FL models across all UAV layers, which is due to the fact that these models share model updates instead of raw data, making privacy preservation a native architectural property rather than an auxiliary security objective. We also noticed that robustness is somewhat underexplored, predominant only in the application layer, which may be due to the lack of standardized UAV-specific cybersecurity benchmarks and also due to the high computational costs involved in the training and evaluation.
Detailed coverage of security properties per AI method is provided in Figure 4, which shows this coverage in a bar chart clustered by each considered AI method. ML methods focus on availability, with 80% of the papers, followed by integrity at 50%, and then authenticity at 40% and confidentiality at 10%. It is noticed that privacy and robustness are not covered at all, which can be understandable since these security properties are emerging ones that cannot be handled by traditional ML models. Statistics for DL methods is quite similar, with availability covered at 85%, authenticity at 78%, integrity at 71%, and availability at 7%. This can be completely understood since both fall under the traditional AI models.
Figure 4. Security properties coverage per AI model plot.
Figure 4. Security properties coverage per AI model plot.
Drones 10 00400 g004
FL methods covered privacy at 100%, which can be understood since it is the purpose it was designed for. Availability was at 73%, integrity at 60%, authenticity at 46%, and robustness at 20%. The other key difference, when compared with ML and DL, is the coverage of robustness, which is explained by the hybrid nature of some research work conducted in this area that combines FL and GAN. For the remaining advanced AI models, including RL, GNN, and GAI, it is noticed that they have a common focus on integrity, availability, and authenticity, with similar ratios, in addition to robustness at a slightly lower rate. RL methods covered availability at 85%, integrity and authenticity at 71% each, and robustness at 28%. GNN has similar statistics, covering integrity and authenticity at 50%, availability at 62%, and both privacy and robustness at 12% each. GAI exhibited equal coverage for integrity, availability, and authenticity at 62% each, in addition to robustness at 50%. It is noticed that robustness coverage increased in the emerging AI methods due to the fact that these models appeared in part as a response to the need for these models to address privacy and robustness.
Figure 5 shows the overall coverage of security properties across all AI methods. It is noticed that authenticity, availability, and authenticity are starting to become saturated, with coverage ranging from 58% to 75%. On the other hand, there is a noticeable gap in the coverage of other security properties, including confidentiality with 3%, privacy with 25%, and robustness with 15%. It can be understood that achieving confidentiality using an AI method may not be a main concern for researchers considering the secrecy of messages is generally not required. Thus, there are not many prospects for research in that context. However, research work focusing on achieving privacy and robustness would be considered a very hot and promising research area thanks to emerging models in RL, GNN, and GAI, and also due to the importance of these security properties in AI-enabled security for UAV applications nowadays.
Figure 5. Overall security properties coverage plot.
Figure 5. Overall security properties coverage plot.
Drones 10 00400 g005
Another key finding is that dataset heterogeneity, various evaluation protocols, and wide use of custom/private datasets make cross-model performance comparison challenging. This fragmented dataset coverage hinders fair benchmarking and limits reproducibility. In addition, high accuracy does not always infer deployment readiness since other factors are as important and have to be taken into consideration, such as overhead, energy requirements, and real-world testing. For instance, DL and FL models exhibit high accuracy values, but at the same time, they incur high overhead and energy needs, which affects their suitability for deployment.

14. Open Challenges

Despite significant progress in classical machine learning, deep learning, generative AI, GNNs, reinforcement learning, and, most notably, multitask learning (MTL), a number of persistent challenges continue to impede the deployment of reliable and generalizable intrusion detection and drone security systems. These challenges are discussed as follows:
  • Data scarcity is one of the most fundamental constraints in all techniques. Many UAV-specific datasets, such as GPS spoofing logs, UAVCAN traffic, aerial computing telemetry, or custom RF fingerprints, are extremely small, confidential, or gathered under limited circumstances. Classical machine learning techniques, such as MAVIDS, rely purely on telemetry, whereas many DL- and RL-based algorithms require vast amounts of different training data to avoid overfitting. Even multitask learning frameworks, which normally benefit from shared supervision across tasks, are constrained by the amount and diversity of UAV attack datasets, particularly for hybrid, multi-stage, and zero-day threats. Generative AI has showed promise for developing synthetic attack data, but there are still concerns about distribution fidelity, temporal consistency, and the risk of increasing dataset biases.
  • Real-time constraints present significant deployment issues. UAV platforms have limited onboard computing, memory, and energy resources, but must detect and respond to assaults with millisecond latency. Although many works, such as distributed IDS designs (e.g., E-DIDS), lightweight fuzzy rough set systems, and pruned deep networks (UAV-DiPNID), significantly reduce inference time, more complex methods, such as GNNs, RL agents, and multi-view MTL architectures, continue to struggle to meet hard real-time deadlines in flight. Reinforcement learning and MTL models are more adaptable, but their inference pipelines might be computationally demanding without additional optimization, model reduction, or hardware acceleration.
  • Explainability remains weak across nearly all surveyed methodologies. Classical machine learning techniques (e.g., PCA-based anomaly detection, decision trees, and SVMs) allow for partial interpretation, but most deep models including CNN-LSTMs, Transformers, GNNs, multi-view architectures, and RL policies operate as black boxes. Only a few efforts explicitly incorporate explainability, such as the explainable DRL adversarial detection framework that employs APF and PER. However, the bulk of cutting-edge systems cannot provide practical explanations for why an assault was identified, what variables influenced the conclusion, or how the UAV should change its behavior. This gap is significant in safety-critical aviation contexts where human operators require transparency and verified logic.
  • Regarding cross-layer security, most surveyed approaches suffer from isolated attack surface coverage by focusing on attacks that take place in a particular layer of the UAV system stack. This, in turn, may affect their effectiveness against sophisticated multi-stage attacks targeting interconnected UAV components.
  • Adversarial robustness is another significant outstanding topic. Deep-learning-based IDS models, such as CNNs, LSTMs, Transformers, and GNNs, are especially susceptible to evasion attacks, perturbation-based spoofing, and idea drift. While a few studies have examined adversarial settings (e.g., DRL agents tested against adversarial perturbations, denoising-autoencoder-enhanced IDSs), the majority of studies continue to assume clean or stationary data distributions. UAV networks are dynamic and vulnerable to hostile actors capable of jamming, replaying, model poisoning, and RF fingerprint obfuscation. Without thorough robustness studies, IDS performance on static datasets may not be consistent with real-world resilience.
  • The absence of set benchmarks greatly hinders the comparability and repeatability of investigations. The datasets used in UAV intrusion detection research are inconsistent: NSL-KDD, UNSW-NB15, AWID, WSN-BFSF, KDD-CUP99, CSE-CIC IDS2018, CIC-DDoS2019, UAVCAN logs, RF fingerprint datasets, simulated traffic, and custom flight logs. Many UAV-focused datasets are private, corporate, or simulator-generated, making it impossible to replicate results. Metrics such as accuracy, F1, recall, fall-out rate, latency, energy consumption, and robustness margins vary greatly, making cross-paper comparisons useless. Multitask learning systems complicate evaluation by introducing many objectives (e.g., anomaly detection, device identification, attack classification) with no consistent reporting requirements.

15. Future Directions

Future directions of UAV security research include the following topics:
  • Federated MTL: Due to the heterogeneous and distributed nature of UAV systems, federated MTL is a promising solution that leverages shared representation with different task-specific heads. This can deal with intermittent client participation, which is common in UAV swarms, and non-IID data distribution while performing all tasks jointly, thus making models less complex and potentially more efficient. Challenges in implementing such solutions include dealing with data poisoning, integration with differential privacy standards, and handling communication constraints.
  • Digital Twins: These can be very beneficial in replicating UAV systems, thus aiding in simulating attacks and validating defense mechanisms. The benefits include bundling the cyber, physical, and AI dimensions together, facilitating real-time communication between the UAV and its twin, with the possibility of being integrated with the RL paradigm. Challenges include dealing with the tradeoff between the fidelity and computational cost of such solution, and the ability to accurately model the noise.
  • Benchmark Creation: Most existing datasets are fragmented and non-reproducible, making the creation of open and curated benchmarks a pressing need. Key requirements for such benchmarks include the need to cover attacks from various layers, use of multi-modal data, and inclusion of realistic UAV protocols such as ADS-B and MAVLink. Challenges include dealing with distributed and federated environments, in addition to including and dealing with adversarial attacks.
  • Trustworthy AI for UAV Security: The issue with current black-box AI models is that they lack trust in dealing with safety-critical use cases. Research directions include leveraging explainable AI in making attack detection decisions. Another interesting research direction is predicting attacks with high confidence even in the presence of adversarial attacks. In addition, with the rise of popular risk frameworks, such as NIST AI Risk Management Frameworks, it is necessary to seamlessly align trustworthy AI solutions for UAV security with them. A key challenge is balancing robustness, explainability, and real-time constraints.

16. Conclusions

UAV ecosystems have been on the rise in recent years, being involved in many domains and promoting novel services that promote better quality of life and more sophisticated applications. However, due to the rise and widespread nature of cyber attacks, there have been several approaches to detecting and thwarting these attacks, ranging from classic cryptographic solutions to traditional intrusion-based detection. These traditional solutions have been facing challenges in dealing with the sophistication of attacks, thus prompting the need for AI-based solutions. On the other hand, most existing surveys present a fragmented view focusing on one type of AI model while neglecting others, often without following robust methodologies or adopting clear taxonomies.
In this paper, we close this gap by presenting a comprehensive survey of AI methods used in UAV security. Our surveys follows several pillars of PRIMSA methodology by specifying the search strategy, inclusion and exclusion criteria, selection process, classification, and limitations. We also present a cross-layered taxonomy based on the AI method type, the attack type, the affected UAV layer, and the affected security property. This covers not only ML and DL but also FL, RL, GNN, and GAI.
We complement our survey with an extensive coverage of the datasets, tools, and evaluation metrics used in UAV security research, in addition to performing an in-depth comparative analysis covering the key findings of our classification. The outcome of our survey is presented through a quantitative and qualitative view, obtained by clearly defined metrics, of the covered security properties per AI model and per layer attack. In addition, we discuss and compare the common uses of each model type, its strengths, weaknesses, and deployment readiness. We also describe the open challenges remaining to be solved and the future research directions we think are of high relevance to the research community. This work is intended as a reference to be used by UAV security researchers and practitioners who are interested in developing AI-based models to solve the latest UAV security problems.

Author Contributions

Methodology, T.K.; investigation, T.K. and K.B.; writing—original draft preparation of Section 2, Section 4, Section 5, Section 6, Section 7, Section 8 and Section 9, Section 11, and Section 12, K.B.; writing—review and editing of all sections, T.K.; visualization, T.K.; supervision, T.K. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Fahlstrom, P.G.; Gleason, T.J.; Sadraey, M.H. Introduction to UAV Systems; John Wiley & Sons: Hoboken, NJ, USA, 2022. [Google Scholar]
  2. Fan, B.; Li, Y.; Zhang, R.; Fu, Q. Review on the technological development and application of UAV systems. Chin. J. Electron. 2020, 29, 199–207. [Google Scholar] [CrossRef]
  3. Zhi, Y.; Fu, Z.; Sun, X.; Yu, J. Security and privacy issues of UAV: A survey. Mob. Netw. Appl. 2020, 25, 95–101. [Google Scholar] [CrossRef]
  4. Kacem, T.; Barreto, A.; Wijesekera, D.; Costa, P. ADS-Bsec: A novel framework to secure ADS-B. Ict Express 2017, 3, 160–163. [Google Scholar] [CrossRef]
  5. Sarkar, N.I.; Gul, S. Artificial intelligence-based autonomous UAV networks: A survey. Drones 2023, 7, 322. [Google Scholar] [CrossRef]
  6. Cordill, B.; Fang, D.; Xu, S. A Comprehensive Survey of Security and Privacy in UAV Systems. IEEE Access 2025, 13, 117843–117866. [Google Scholar] [CrossRef]
  7. Tsao, K.-Y.; Girdler, T.; Vassilakis, V.G. A Survey of Cyber Security Threats and Solutions for UAV Communications and Flying Ad-Hoc Networks. Ad Hoc Netw. 2022, 133, 102894. [Google Scholar] [CrossRef]
  8. Rahman, K.; Aziz, M.A.; Kashif, A.U.; Cheema, T.A. Detection of Security Attacks Using Intrusion Detection System for UAV Networks: A Survey. In Big Data Analytics and Computational Intelligence for Cybersecurity; Ouaissa, M., Boulouard, Z., Ouaissa, M., Khan, I.U., Kaosar, M., Eds.; Springer International Publishing: Cham, Switzerland, 2022; pp. 109–123. [Google Scholar] [CrossRef]
  9. AL-Syouf, R.A.; Bani-Hani, R.M.; AL-Jarrah, O.Y. Machine Learning Approaches to Intrusion Detection in Unmanned Aerial Vehicles (UAVs). Neural Comput. Appl. 2024, 36, 18009–18041. [Google Scholar] [CrossRef]
  10. Bithas, P.S.; Michailidis, E.T.; Nomikos, N.; Vouyioukas, D.; Kanatas, A.G. A Survey on Machine-Learning Techniques for UAV-Based Communications. Sensors 2019, 19, 5170. [Google Scholar] [CrossRef] [PubMed]
  11. Syed, F.; Gupta, S.K.; Hamood Alsamhi, S.; Rashid, M.; Liu, X. A survey on recent optimal techniques for securing unmanned aerial vehicles applications. Trans. Emerg. Telecommun. Technol. 2021, 32, e4133. [Google Scholar] [CrossRef]
  12. Sarıkaya, B.S.; Bahtiyar, Ş. A Survey on Security of UAV and Deep Reinforcement Learning. Ad Hoc Netw. 2024, 164, 103642. [Google Scholar] [CrossRef]
  13. Wang, X.; Zhao, Z.; Yi, L.; Ning, Z.; Guo, L.; Yu, F.R.; Guo, S. A Survey on Security of UAV Swarm Networks: Attacks and Countermeasures. ACM Comput. Surv. 2024, 57, 74. [Google Scholar] [CrossRef]
  14. Adil, M.; Jan, M.A.; Liu, Y.; Abulkasim, H.; Farouk, A.; Song, H. A Systematic Survey: Security Threats to UAV-Aided IoT Applications, Taxonomy, Current Challenges and Requirements with Future Research Directions. IEEE Trans. Intell. Transp. Syst. 2023, 24, 1437–1455. [Google Scholar] [CrossRef]
  15. Tlili, F.; Ayed, S.; Fourati, L.C. Advancing UAV security with artificial intelligence: A comprehensive survey of techniques and future directions. Internet Things 2024, 27, 101281. [Google Scholar] [CrossRef]
  16. Yang, Z.; Zhang, Y.; Zeng, J.; Yang, Y.; Jia, Y.; Song, H.; Lv, T.; Sun, Q.; An, J. AI-Driven Safety and Security for UAVs: From Machine Learning to Large Language Models. Drones 2025, 9, 392. [Google Scholar] [CrossRef]
  17. Abro, G.E.M.; Zulkifli, S.A.B.M.; Masood, R.J.; Asirvadam, V.S.; Laouiti, A. Comprehensive Review of UAV Detection, Security, and Communication Advancements to Prevent Threats. Drones 2022, 6, 284. [Google Scholar] [CrossRef]
  18. Jacobsen, R.H.; Marandi, A. Security Threats Analysis of the Unmanned Aerial Vehicle System. In IEEE Military Communications Conference (MILCOM); IEEE: New York, NY, USA, 2021; pp. 316–322. [Google Scholar] [CrossRef]
  19. Pandey, G.K.; Gurjar, D.S.; Nguyen, H.H.; Yadav, S. Security Threats and Mitigation Techniques in UAV Communications: A Comprehensive Survey. IEEE Access 2022, 10, 112858–112897. [Google Scholar] [CrossRef]
  20. Fotouhi, A.; Qiang, H.; Ding, M.; Hassan, M.; Giordano, L.G.; Garcia-Rodriguez, A.; Yuan, J. Survey on UAV Cellular Communications: Practical Aspects, Standardization Advancements, Regulation, and Security Challenges. IEEE Commun. Surv. Tutor. 2019, 21, 3417–3442. [Google Scholar] [CrossRef]
  21. Alzubaidi, A.A. Systematic Literature Review for Detecting Intrusions in Unmanned Aerial Vehicles Using Machine and Deep Learning. IEEE Access 2025, 13, 58576–58599. [Google Scholar] [CrossRef]
  22. Mohsan, S.A.H.; Othman, N.Q.H.; Li, Y.; Alsharif, M.H.; Khan, M.A. Unmanned Aerial Vehicles (UAVs): Practical Aspects, Applications, Open Challenges, Security Issues, and Future Trends. Intell. Serv. Robot. 2023, 16, 109–137. [Google Scholar] [CrossRef]
  23. Ogab, M.; Zaidi, S.; Bourouis, A.; Calafate, C.T. Machine Learning-Based Intrusion Detection Systems for the Internet of Drones: A Systematic Literature Review. IEEE Access 2025, 13, 96681–96714. [Google Scholar] [CrossRef]
  24. Berini, A.D.E.; Jamil, N.; Benrazek, A.E.; Nordin, R.; Ibrahim, A.M.; Awad, A.I.; Shariq, M.; Lakas, A.; Ferrag, M.A. Secure UAV-AV communications architecture in non-terrestrial networks: A review. Veh. Commun. 2026, 59, 101023. [Google Scholar]
  25. Morshedi, R.; Mojtaba Matinkhah, S. Cybersecurity Challenges and Solutions in Unmanned Aerial Vehicles (UAVs). J. Field Robot. 2026, 43, 314–329. [Google Scholar] [CrossRef]
  26. Tariq, U.; Ahanger, T.A.; Ihsan, M. Systematic review of machine and deep learning models for unmanned aerial vehicles cyber threat defense. Discov. Artif. Intell. 2026, 6, 216. [Google Scholar] [CrossRef]
  27. Sharifi, I.; Ghazanfari, M.; Taye, A.; Wei, P.; Ahmed, M.; Kim, H.T.; Ghasemi, M.; Gupta, V.; Dahle, N.W.; Canady, R.; et al. A Survey of Security Challenges and Solutions for UAS Traffic Management (UTM) and small Unmanned Aerial Systems (sUAS). In Proceedings of the AIAA SCITECH 2026 Forum, Orlando, FL, USA, 12–16 January 2026. AIAA 2026-2892. [Google Scholar]
  28. Umrani, M.I.; Butler, B.; O’Driscoll, A.; Davy, S. Toward Secure Complex UAV Cyber-Physical Systems: A Unified Threat Taxonomy and Cross-Layer Survey of Cybersecurity Challenges. Internet Things 2026, 37, 101902. [Google Scholar] [CrossRef]
  29. Kumar, G.H.; Chattaraj, D.; Saini, D.K.J.B.; Kulkarni, N.; Tadkal, S.; Ranjima, P. SCAM-QUAVs: Side Channel Attacks Mitigation and Countermeasures of Quantum-Safe UAVs. In 2025 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT); IEEE: New York, NY, USA, 2025; pp. 1–6. [Google Scholar]
  30. Long, Y.; Jiang, Q.; Yan, C.; Alam, T.; Ji, X.; Xu, W.; Fu, K. EM Eye: Characterizing Electromagnetic Side-Channel Eavesdropping on Embedded Cameras. 2024. Available online: https://www.ndss-symposium.org/ndss-paper/em-eye-characterizing-electromagnetic-side-channel-eavesdropping-on-embedded-cameras/ (accessed on 5 May 2026).
  31. Ni, T.; Zhang, X.; Zhao, Q. Recovering fingerprints from in-display fingerprint sensors via electromagnetic side channel. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security; Association for Computing Machinery: New York, NY, USA, 2023; pp. 253–267. [Google Scholar]
  32. Li, W.; Wang, J.; Zhang, G.; Yang, Y.; Spolaor, R.; Cheng, X.; Hu, P. EMIRIS: Eavesdropping on Iris Information via Electromagnetic Side Channel. NDSS. 2025. Available online: https://www.ndss-symposium.org/ndss-paper/emiris-eavesdropping-on-iris-information-via-electromagnetic-side-channel/ (accessed on 5 May 2026).
  33. Chamola, V.; Kotesh, P.; Agarwal, A.; Naren; Gupta, N.; Guizani, M. A Comprehensive Review of Unmanned Aerial Vehicle Attacks and Neutralization Techniques. Ad Hoc Netw. 2021, 111, 102324. [Google Scholar] [CrossRef]
  34. Sarkis-Onofre, R.; Catalá-López, F.; Aromataris, E.; Lockwood, C. How to properly use the PRISMA Statement. Syst. Rev. 2021, 10, 117. [Google Scholar] [CrossRef]
  35. Zhou, Z.-H. Machine Learning; Springer Nature: Singapore, 2021. [Google Scholar]
  36. Whelan, J.; Almehmadi, A.; El-Khatib, K. Artificial Intelligence for Intrusion Detection Systems in Unmanned Aerial Vehicles. Comput. Electr. Eng. 2022, 99, 107784. [Google Scholar] [CrossRef]
  37. Moustafa, N.; Jolfaei, A. Autonomous Detection of Malicious Events Using Machine Learning Models in Drone Networks. In DroneCom ’20: Proceedings of the 2nd ACM MobiCom Workshop on Drone Assisted Wireless Communications for 5G and Beyond; Association for Computing Machinery: New York, NY, USA, 2020; pp. 61–66. [Google Scholar] [CrossRef]
  38. Shafique, A.; Mehmood, A.; Elhadef, M. Detecting Signal Spoofing Attack in UAVs Using Machine Learning Models. IEEE Access 2021, 9, 93803–93815. [Google Scholar] [CrossRef]
  39. Agnew, D.; Aguila, A.D.; Mcnair, J. Enhanced Network Metric Prediction for Machine Learning-Based Cyber Security of a Software-Defined UAV Relay Network. IEEE Access 2024, 12, 54202–54219. [Google Scholar] [CrossRef]
  40. Wu, Y.; Yang, L.; Zhang, L.; Nie, L.; Zheng, L. Intrusion Detection for Unmanned Aerial Vehicles Security: A Tiny Machine Learning Model. IEEE Internet Things J. 2024, 11, 20970–20982. [Google Scholar] [CrossRef]
  41. Fu, R.; Ren, X.; Li, Y.; Wu, Y.; Sun, H.; Al-Absi, M.A. Machine-Learning-Based UAV-Assisted Agricultural Information Security Architecture and Intrusion Detection. IEEE Internet Things J. 2023, 10, 18589–18598. [Google Scholar] [CrossRef]
  42. Shrestha, R.; Omidkar, A.; Roudi, S.A.; Abbas, R.; Kim, S. Machine-Learning-Enabled Intrusion Detection System for Cellular Connected UAV Networks. Electronics 2021, 10, 1549. [Google Scholar] [CrossRef]
  43. Whelan, J.; Sangarapillai, T.; Minawi, O.; Almehmadi, A.; El-Khatib, K. Novelty-Based Intrusion Detection of Sensor Attacks on Unmanned Aerial Vehicles. In Q2SWinet ’20: Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks; Association for Computing Machinery: New York, NY, USA, 2020; pp. 23–28. [Google Scholar] [CrossRef]
  44. Cai, Z.; Liu, Z.; Kou, L. Reliable UAV Monitoring System Using Deep Learning Approaches. IEEE Trans. Reliab. 2022, 71, 973–983. [Google Scholar] [CrossRef]
  45. Mehmood, R.T.; Ahmed, G.; Siddiqui, S. Simulating ML-Based Intrusion Detection System for Unmanned Aerial Vehicles (UAVs) Using COOJA Simulator. In 2022 16th International Conference on Open Source Systems and Technologies (ICOSST); IEEE: New York, NY, USA, 2022; pp. 1–10. [Google Scholar] [CrossRef]
  46. Alipour-Fanid, A.; Dabaghchian, M.; Wang, N.; Wang, P.; Zhao, L.; Zeng, K. Machine Learning-Based Delay-Aware UAV Detection and Operation Mode Identification Over Encrypted Wi-Fi Traffic. IEEE Trans. Inf. Forensics Secur. 2020, 15, 2346–2360. [Google Scholar] [CrossRef]
  47. LeCun, Y.; Bengio, Y.; Hinton, G. Deep learning. Nature 2015, 521, 436–444. [Google Scholar] [CrossRef]
  48. Tlili, F.; Ayed, S.; Chaari Fourati, L. Exhaustive Distributed Intrusion Detection System for UAVs Attacks Detection and Security Enforcement (E-DIDS). Comput. Secur. 2024, 142, 103878. [Google Scholar] [CrossRef]
  49. Medhi, J.; Liu, R.; Wang, Q.; Chen, X. A Lightweight and Efficient Intrusion Detection System (IDS) for Unmanned Aerial Vehicles. Neural Comput. Appl. 2025, 37, 15819–15836. [Google Scholar] [CrossRef]
  50. Niyonsaba, S.; Konate, K.; Soidridine, M.M. Deep learning based intrusion detection for cybersecurity in unmanned aerial vehicles network. In 2024 International Conference on Electrical, Computer and Energy Technologies (ICECET); IEEE: New York, NY, USA, 2024; pp. 1–6. [Google Scholar]
  51. Mughal, U.A.; Alkhrijah, Y.; Almadhor, A.; Yuen, C. Deep Learning for Secure UAV-Assisted RIS Communication Networks. IEEE Internet Things Mag. 2024, 7, 38–44. [Google Scholar] [CrossRef]
  52. Tang, X.; Liu, N.; Zhang, R.; Han, Z. Deep Learning-Assisted Secure UAV-Relaying Networks with Channel Uncertainties. IEEE Trans. Veh. Technol. 2022, 71, 5048–5059. [Google Scholar] [CrossRef]
  53. Haque, E.; Hasan, K.; Ahmed, I.; Alam, M.S.; Islam, T. Enhancing UAV Security Through Zero Trust Architecture: An Advanced Deep Learning and Explainable AI Analysis. arXiv 2024. [Google Scholar] [CrossRef]
  54. Abu Al-Haija, Q.; Al Badawi, A. High-Performance Intrusion Detection System for Networked UAVs via Deep Learning. Neural Comput. Appl. 2022, 34, 10885–10900. [Google Scholar] [CrossRef]
  55. Ramadan, R.A.; Emara, A.H.; Al-Sarem, M.; Elhamahmy, M. Internet of drones intrusion detection using deep learning. Electronics 2021, 10, 2633. [Google Scholar] [CrossRef]
  56. Mughal, U.A.; Hassler, S.C.; Ismail, M. Machine Learning-Based Intrusion Detection for Swarm of Unmanned Aerial Vehicles. In 2023 IEEE Conference on Communications and Network Security (CNS); IEEE: New York, NY, USA, 2023; pp. 1–9. [Google Scholar] [CrossRef]
  57. Alzahrani, A. Novel Approach for Intrusion Detection Attacks on Small Drones Using ConvLSTM Model. IEEE Access 2024, 12, 149238–149253. [Google Scholar] [CrossRef]
  58. Jalil Hadi, H.; Cao, Y.; Li, S.; Hu, Y.; Wang, J.; Wang, S. Real-Time Collaborative Intrusion Detection System in UAV Networks Using Deep Learning. IEEE Internet Things J. 2024, 11, 33371–33391. [Google Scholar] [CrossRef]
  59. Miao, S.; Pan, Q.; Zheng, D. Unmanned aerial vehicle intrusion detection: Deep-meta-heuristic system. Veh. Commun. 2024, 46, 100726. [Google Scholar] [CrossRef]
  60. Benjamin, K.; Kacem, T. UAV DoS Attack Detection using a Hybrid Transformer-LSTM Approach. In 2025 International Wireless Communications and Mobile Computing (IWCMC); IEEE: New York, NY, USA, 2025; pp. 1702–1708. [Google Scholar]
  61. Kacem, T.; Tossou, S. ADS-B replay attack detection using transformers. In 2024 International Wireless Communications and Mobile Computing (IWCMC); IEEE: New York, NY, USA, 2024; pp. 144–149. [Google Scholar]
  62. Kairouz, P.; McMahan, H.B. Advances and open problems in federated learning. Found. Trends Mach. Learn. 2021, 14, 1–210. [Google Scholar] [CrossRef]
  63. Zhang, H.; Zhou, F.; Wang, W.; Wu, Q.; Yuen, C. A Federated Learning-Based Lightweight Network with Zero Trust for UAV Authentication. IEEE Trans. Inf. Forensics Secur. 2025, 20, 7424–7437. [Google Scholar] [CrossRef]
  64. Ceviz, O.; Sadioglu, P.; Sen, S.; Vassilakis, V.G. A Novel Federated Learning-Based IDS for Enhancing UAVs Privacy and Security. Internet Things 2025, 31, 101592. [Google Scholar] [CrossRef]
  65. He, X.; Chen, Q.; Tang, L.; Wang, W.; Liu, T. CGAN-Based Collaborative Intrusion Detection for UAV Networks: A Blockchain-Empowered Distributed Federated Learning Approach. IEEE Internet Things J. 2023, 10, 120–132. [Google Scholar] [CrossRef]
  66. Ceviz, O.; Sadioğlu, P.; Sen, S.; Vassilakis, V. A Novel Federated Learning-Based IDS for Enhancing UAVs Privacy and Security. arXiv 2023. [Google Scholar] [CrossRef]
  67. Lu, Y.; Yang, T.; Zhao, C.; Chen, W.; Zeng, R. A Swarm Anomaly Detection Model for IoT UAVs Based on a Multi-Modal Denoising Autoencoder and Federated Learning. Comput. Ind. Eng. 2024, 196, 110454. [Google Scholar] [CrossRef]
  68. da Silva, L.; Ferrao, I.; Dezan, C.; Espes, D.; Castelo Branco, K. Anomaly-Based Intrusion Detection System for In-Flight and Network Security in UAV Swarm. In 2023 International Conference on Unmanned Aircraft Systems (ICUAS); IEEE: New York, NY, USA, 2023; pp. 812–819. [Google Scholar] [CrossRef]
  69. da Silva, L.M.; Ferrão, I.G.; Diniz, B.A.; Carciofi, T.P.; Ziliol, V.D.; Dezan, C.; Espes, D.; Branco, K.R.L.J.C. Collaborative Intrusion Detection System for Network and Flight Security in Unmanned Aerial Vehicles Group. In 2025 International Conference on Unmanned Aircraft Systems (ICUAS); IEEE: New York, NY, USA, 2025; pp. 1027–1034. [Google Scholar]
  70. Ceviz, O.; Sen, S.; Sadioglu, P. Distributed Intrusion Detection in Dynamic Networks of UAVs Using Few-Shot Federated Learning. In Security and Privacy in Communication Networks; Alrabaee, S., Choo, K.-K.R., Damiani, E., Deng, R.H., Eds.; Springer Nature: Cham, Switzerland, 2026; pp. 131–153. [Google Scholar] [CrossRef]
  71. Mowla, N.I.; Tran, N.H.; Doh, I.; Chae, K. Federated Learning-Based Cognitive Detection of Jamming Attack in Flying Ad-Hoc Network. IEEE Access 2020, 8, 4338–4350. [Google Scholar] [CrossRef]
  72. Fahim-Ul-Islam, M.; Chakrabarty, A.; Hakimi, H.S.; Maidin, S.S. FedWGCA: A Federated Learning Based AAV Intrusion Detection with Gradient Clipping and Attention-Based Neural Networks. IEEE Open J. Comput. Soc. 2025, 6, 1799–1809. [Google Scholar] [CrossRef]
  73. Zeng, Q.; Olatunde-Salawu, S.; Nait-Abdesselam, F. FGA-IDS: A Federated Learning and GAN-Augmented Intrusion Detection System for UAV Networks. In 2024 IEEE 10th International Conference on Collaboration and Internet Computing (CIC); IEEE: New York, NY, USA, 2024; pp. 50–59. [Google Scholar] [CrossRef]
  74. Deng, J.; Wang, W.; Wang, L.; Bashir, A.K.; Gadekallu, T.R.; Feng, H.; Lv, M.; Fang, K. FIDSUS: Federated intrusion detection for securing UAV swarms in smart aerial computing. IEEE Internet Things J. 2025, 12, 11312–11328. [Google Scholar] [CrossRef]
  75. Chai, Y.; Liu, M.; Li, M. Navigation spoofing and jamming signals identification of UAV based on federated learning. IEEE Internet Things J. 2025, 12, 44177–44188. [Google Scholar]
  76. Cui, X.; Wu, J.; Fan, X.; Yu, Q.; Wang, T.; Li, G.; Luo, C. Online personalized federated learning methods for intrusion detection in dynamic UAV networks. In International Conference on Wireless Artificial Intelligent Computing Systems and Applications; Springer Nature: Singapore, 2025; pp. 394–405. [Google Scholar]
  77. Ntizikira, E.; Lei, W.; Alblehai, F.; Saleem, K.; Lodhi, M.A. Secure and Privacy-Preserving Intrusion Detection and Prevention in the Internet of Unmanned Aerial Vehicles. Sensors 2023, 23, 8077. [Google Scholar] [CrossRef]
  78. He, X.; Chen, Q.; Tang, L.; Wang, W.; Liu, T.; Li, L.; Liu, Q.; Luo, J. Federated continuous learning based on stacked broad learning system assisted by digital twin networks: An incremental learning approach for intrusion detection in UAV networks. IEEE Internet Things J. 2023, 10, 19825–19838. [Google Scholar] [CrossRef]
  79. Kaelbling, L.P.; Littman, M.L.; Moore, A.W. Reinforcement learning: A survey. J. Artif. Intell. Res. 1996, 4, 237–285. [Google Scholar] [CrossRef]
  80. Bouhamed, O.; Bouachir, O.; Aloqaily, M.; Al Ridhawi, I. Lightweight ids for uav networks: A periodic deep reinforcement learning-based approach. In 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM); IEEE: New York, NY, USA, 2021; pp. 1032–1037. [Google Scholar]
  81. Islam, M.R.; Yusupov, K.; Muminov, I.; Sahlabadi, M.; Yim, K. Cybersecurity in UAVs: An Intrusion Detection System Using UAVCAN and Deep Reinforcement Learning. In Advances on Broad-Band Wireless Computing, Communication and Applications; Barolli, L., Ed.; Springer Nature: Cham, Switzerland, 2025; pp. 123–131. [Google Scholar]
  82. Tao, J.; Han, T.; Li, R. Deep-Reinforcement-Learning-Based Intrusion Detection in Aerial Computing Networks. IEEE Netw. 2021, 35, 66–72. [Google Scholar] [CrossRef]
  83. Arthur, M.P. Detecting Signal Spoofing and Jamming Attacks in UAV Networks Using a Lightweight IDS. In 2019 International Conference on Computer, Information and Telecommunication Systems (CITS); IEEE: New York, NY, USA, 2019; pp. 1–5. [Google Scholar] [CrossRef]
  84. Benfriha, S.; Labraoui, N.; Bany Salameh, H.A.; Bensaid, R. Reinforcement Learning-Based Drone-Client Selection for Efficient Federated Learning-Based Intrusion Detection in FANETs. Clust. Comput. 2025, 28, 549. [Google Scholar] [CrossRef]
  85. Sethi, K.; Sai Rupesh, E.; Kumar, R.; Bera, P.; Venu Madhav, Y. A Context-Aware Robust Intrusion Detection System: A Reinforcement Learning-Based Approach. Int. J. Inf. Secur. 2020, 19, 657–678. [Google Scholar] [CrossRef]
  86. Hickling, T.; Aouf, N.; Spencer, P. Robust Adversarial Attacks Detection Based on Explainable Deep Reinforcement Learning for UAV Guidance and Planning. IEEE Trans. Intell. Veh. 2023, 8, 4381–4394. [Google Scholar] [CrossRef]
  87. Zhou, J.; Cui, G.; Hu, S.; Zhang, Z.; Yang, C.; Liu, Z.; Wang, L.; Li, C.; Sun, M. Graph neural networks: A review of methods and applications. AI Open 2020, 1, 57–81. [Google Scholar] [CrossRef]
  88. Wang, G.; Ai, J.; Mo, L.; Yi, X.; Wu, P.; Wu, X.; Kong, L. Anomaly Detection for Data from Unmanned Systems via Improved Graph Neural Networks with Attention Mechanism. Drones 2023, 7, 326. [Google Scholar] [CrossRef]
  89. Swamy, K.K.; Sophia, S. Detecting Poisoning Attacks in UAVs via Spatio-Temporal Graph Neural Network and Walrus Optimizer. In 2025 5th International Conference on Soft Computing for Security Applications (ICSCSA); IEEE: New York, NY, USA, 2025; pp. 2004–2011. [Google Scholar] [CrossRef]
  90. El Rai, M.C.; Darseesh, M. Dual-Branch Graph Attention Network for Cyber-Physical Intrusion Detection System for Unmanned Aerial Vehicles. In 2025 International Conference on Communication, Computing, Networking, and Control in Cyber-Physical Systems (CCNCPS); IEEE: New York, NY, USA, 2025; pp. 381–384. [Google Scholar] [CrossRef]
  91. Sun, Z.; Teixeira, A.M.H.; Toor, S. GNN-IDS: Graph Neural Network Based Intrusion Detection System. In ARES ’24: Proceedings of the 19th International Conference on Availability, Reliability and Security; Association for Computing Machinery: New York, NY, USA, 2024; pp. 1–12. [Google Scholar] [CrossRef]
  92. Mustafa Abro, G.E.; Abdallah, A.M. Graph Attention Networks For Anomalous Drone Detection: RSSI-Based Approach with Real-World Validation. Expert Syst. Appl. 2025, 273, 126913. [Google Scholar] [CrossRef]
  93. Mughal, U.A.; Atat, R.; Ismail, M. Graph Neural Network-Based Intrusion Detection System for a Swarm of UAVs. In MILCOM 2024—2024 IEEE Military Communications Conference (MILCOM); IEEE: New York, NY, USA, 2024; pp. 578–583. [Google Scholar] [CrossRef]
  94. Majumder, R.; Comert, G.; Werth, D.; Gale, A.; Chowdhury, M.; Salek, M.S. Graph-Powered Defense: Controller Area Network Intrusion Detection for Unmanned Aerial Vehicles. arXiv 2025. [Google Scholar] [CrossRef]
  95. Du, Y.; Li, Y.; Cheng, P.; Han, Z.; Wang, Y. UGL: A Comprehensive Hybrid Model Integrating GCN and LSTM for Enhanced Intrusion Detection in UAV Controller Area Networks. Comput. Netw. 2025, 262, 111157. [Google Scholar] [CrossRef]
  96. Feuerriegel, S.; Hartmann, J.; Janiesch, C.; Zschech, P. Generative AI. Bus. Inf. Syst. Eng. 2024, 66, 111–126. [Google Scholar] [CrossRef]
  97. Asif, M.; Rahman, M.A.; Akkaya, K.; Shahriar, H.; Cuzzocrea, A. Adversarial Data-Augmented Resilient Intrusion Detection System for Unmanned Aerial Vehicles. In 2023 IEEE International Conference on Big Data (BigData); IEEE: New York, NY, USA, 2023; pp. 5428–5437. [Google Scholar] [CrossRef]
  98. El Alami, H.; Rawat, D.B. DroneDefGANt: A Generative AI-Based Approach for Detecting UAS Attacks and Faults. In ICC 2024—IEEE International Conference on Communications; IEEE: New York, NY, USA, 2024; pp. 1933–1938. [Google Scholar] [CrossRef]
  99. Zhao, C.; Du, H.; Niyato, D.; Kang, J.; Xiong, Z.; Kim, D.I.; Shen, X.; Letaief, K.B. Enhancing Physical Layer Communication Security Through Generative AI with Mixture of Experts. IEEE Wirel. Commun. 2025, 32, 176–184. [Google Scholar] [CrossRef]
  100. Panda, D.K.; Guo, W. Generative Adversarial Evasion and Out-of-Distribution Detection for UAV Cyber-Attacks. arXiv 2025. [Google Scholar] [CrossRef]
  101. Sarikaya, B.S.; Bahtiyar, Ş. Generative Adversarial Networks for Synthetic Jamming Attacks on UAVs. In 2024 9th International Conference on Computer Science and Engineering (UBMK); IEEE: New York, NY, USA, 2024; pp. 760–765. [Google Scholar] [CrossRef]
  102. Nagendra Kumar, D.; Sundarakantham, K.D.; Dharani, J.; Singh, K. Generative AI Based Blockchain Framework for Secure and Private Communication in Internet of Drones Systems. SSRN 2025. [Google Scholar] [CrossRef]
  103. Zeng, Q.; Nait-Abdesselam, F. Leveraging Human-In-The-Loop Machine Learning and GAN-Synthesized Data for Intrusion Detection in Unmanned Aerial Vehicle Networks. In ICC 2024—IEEE International Conference on Communications; IEEE: New York, NY, USA, 2024; pp. 1557–1562. [Google Scholar] [CrossRef]
  104. Gaber, T.; Ali, T.; Nicho, M.; Torky, M. Robust attacks detection model for internet of flying things based on generative adversarial network (gan) and adversarial training. IEEE Internet Things J. 2025, 12, 23961–23974. [Google Scholar] [CrossRef]
  105. Mohamed, A. CSE-CIC-IDS2018. Mendeley Data, V1. 2024. Available online: https://data.mendeley.com/datasets/29hdbdzx2r/1 (accessed on 5 May 2026).
  106. Talukder, M.A.; Uddin, M.A. CIC-DDoS2019 Dataset. Mendeley Data, V1. 2023. Available online: https://data.mendeley.com/datasets/ssnc74xm6r/1 (accessed on 5 May 2026).
  107. Unmanned Aerial Vehicle (UAV) Intrusion Detection [Dataset]. UCI Machine Learning Repository. 2020. Available online: https://archive.ics.uci.edu/dataset/564/unmanned+aerial+vehicle+uav+intrusion+detection (accessed on 5 May 2026).
  108. Stolfo, S.; Fan, W.; Lee, W.; Prodromidis, A.; Chan, P. KDD Cup 1999 Data [Dataset]. 1999. Available online: https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (accessed on 5 May 2026).
  109. Panigrahi, R. CICIDS2017. IEEE Dataport. 2025. Available online: https://ieee-dataport.org/documents/cicids2017 (accessed on 5 May 2026).
  110. Borenstein, P. UAVCAN: Uncomplicated Application-Level Vehicular Computing and Networking. Available online: https://uavcan.org/ (accessed on 5 May 2026).
  111. Mohi-ud-din, G. NSL-KDD. IEEE Dataport. 2018. Available online: https://ieee-dataport.org/documents/nsl-kdd (accessed on 5 May 2026).
  112. Almomani, I.; Al-Kasasbeh, B.; Al-Akhras, M. WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks. J. Sens. 2016, 2016, 4731953. [Google Scholar] [CrossRef]
  113. Moustafa, N. UNSW_NB15 Dataset. IEEE Dataport. 2019. Available online: https://ieee-dataport.org/documents/unswnb15-dataset (accessed on 5 May 2026).
  114. Moustafa, N. ToN_IoT Datasets. IEEE Dataport. 2019. Available online: https://ieee-dataport.org/documents/toniot-datasets (accessed on 5 May 2026).
  115. Allahham, M.S.; Al-Sa’d, M.F.; Al-Ali, A.; Mohamed, A.; Khattab, T.; Erbad, A. DroneRF dataset: A dataset of drones for RF-based detection, classification and identification. Data Brief. 2019, 26, 104313. [Google Scholar] [CrossRef]
  116. Keipour, A.; Mousaei, M.; Scherer, S. ALFA: A Dataset for UAV Fault and Anomaly Detection. Int. J. Robot. Res. 2021, 40, 515–520. [Google Scholar] [CrossRef]
  117. Yang, T.; Lu, Y.; Deng, H.; Chen, J.; Tang, X. Acquisition and Processing of UAV Fault Data Based on Time Line Modeling Method. Appl. Sci. 2023, 13, 4301. [Google Scholar] [CrossRef]
  118. Meidan, Y.; Bohadana, M.; Mathov, Y.; Mirsky, Y.; Breitenbacher, D.; Shabtai, A.; Elovici, Y. N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders. IEEE Pervasive Comput. 2018, 17, 12–22. [Google Scholar] [CrossRef]
  119. Dener, M.; Okur, C.; Al, S.; Orman, A. WSN-BFSF: A New Data Set for Attacks Detection in Wireless Sensor Networks. IEEE Internet Things J. 2024, 11, 2109–2125. [Google Scholar] [CrossRef]
  120. Whelan, J.; Sangarapillai, T.; Minawi, O.; Almehmadi, A.; El-Khatib, K. UAV Attack Dataset. IEEE Dataport. 2020. Available online: https://ieee-dataport.org/open-access/uav-attack-dataset (accessed on 5 May 2026).
  121. Ahmed, M.; Cox, D.; Simpson, B.; Aloufi, A. ECU-IoFT: A Dataset for Analysing Cyber-Attacks on Internet of Flying Things. Appl. Sci. 2022, 12, 1990. [Google Scholar] [CrossRef]
  122. Das, D.; Golder, A.; Danial, J.; Ghosh, S.; Raychowdhury, A.; Sen, S. X-DeepSCA: Cross-device deep learning side channel attack. In DAC ’19: Proceedings of the 56th Annual Design Automation Conference 2019; Association for Computing Machinery: New York, NY, USA, 2019; pp. 1–6. [Google Scholar]
  123. Cagli, E.; Dumas, C.; Prouff, E. Convolutional neural networks with data augmentation against jitter-based countermeasures: Profiling attacks without pre-processing. In International Conference on Cryptographic Hardware and Embedded Systems; Springer International Publishing: Cham, Switzerland, 2017; pp. 45–68. [Google Scholar]
  124. Hettwer, B.; Fennes, D.; Leger, S.; Richter-Brockmann, J.; Gehrer, S.; Güneysu, T. Deep learning multi-channel fusion attack against side-channel protected hardware. In 2020 57th ACM/IEEE Design Automation Conference (DAC); IEEE: New York, NY, USA, 2020; pp. 1–6. [Google Scholar]
  125. Cao, P.; Zhang, H.; Gu, D.; Lu, Y.; Yuan, Y. AL-PA: Cross-device profiled side-channel attack using adversarial learning. In DAC ’22: 59th ACM/IEEE Design Automation Conference; Association for Computing Machinery: New York, NY, USA, 2022; pp. 691–696. [Google Scholar]
Figure 1. Paper outline.
Figure 1. Paper outline.
Drones 10 00400 g001
Figure 2. UAV architecture.
Figure 2. UAV architecture.
Drones 10 00400 g002
Figure 3. Qualitative view of the proposed cross-dimensional taxonomy of AI-based UAV cybersecurity. Each cell indicates the dominant security property addressed by studies at the intersection of a given AI method and layer-based attack type. The mapping is derived from the aggregated survey results in Table 2, Table 3, Table 4, Table 5, Table 6 and Table 7. Detailed quantitative distributions are provided in Table 8 and Figure 4 and Figure 5.
Figure 3. Qualitative view of the proposed cross-dimensional taxonomy of AI-based UAV cybersecurity. Each cell indicates the dominant security property addressed by studies at the intersection of a given AI method and layer-based attack type. The mapping is derived from the aggregated survey results in Table 2, Table 3, Table 4, Table 5, Table 6 and Table 7. Detailed quantitative distributions are provided in Table 8 and Figure 4 and Figure 5.
Drones 10 00400 g003
Table 9. Comparative analysis of ai methods.
Table 9. Comparative analysis of ai methods.
ModelsCommon UsesStrengthsLimitationsDeployment Readiness
MLAttack detection, intrusion detection, traffic classificationLow overhead, fast training, suitable for resource-constrained environmentsLimited feature learning, struggles with large datasets, no support for evolving attacksHigh: thanks to its high efficiency and fast inference, but may struggle with unseen attacks
DLAttack detection, intrusion detection, behavior modeling, attack classificationAutomatic feature extraction, high accuracy, suitable for large datasets, supports spatiotemporal analysisHigh overhead, needs large datasets, vulnerable to adversarial attacks, energy intensiveModerate: effective for ground station or edge but challenging for UAVs
FLDistributed intrusion detection, privacy-preserving UAV security, swarm UAV learningLimited data sharing, supports collaborative learningHigh overhead, synchronization complexity, poisoning attacks challenge, heterogeneous data challengeModerate: promising for UAV swarm but limited by communication and coordination constraints
RLAdaptive defense, autonomous threat response, dynamic attack mitigationSuitable for dynamic environments, supports real-time decisions, effective for autonomous responseTraining instability, reward engineering complexity, safety concernsLow/Moderate: still in experimental stage with real-world scenarios in safety critical UAV missions
GNNUAV swarm security, networked intrusion detection, communication graph analysis, attack propagation analysisScalable with large swarms, advanced anomaly detection, dynamic spatiotemporal modelingUnstable complexity, scalability concerns, still emergingLow: early stage with limited adoption
GAIAttack detection, generation of synthetic and adversarial data, automated threat analysisSupports data augmentation, supports robustness benchmarking, supports UAV security testingMisuse risk, hallucination risk, limited UAV validation, high overheadLow: early exploration with limited real-world UAV security support
Table 10. Statistic of security properties coverage per AI methods.
Table 10. Statistic of security properties coverage per AI methods.
AI ModelC (%)I (%)Av (%)Au (%)P (%)R (%)# Papers
ML105080400010
DL77185780014
FL06073461002015
RL07185710287
GNN050625012128
GAI06262620508
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kacem, T.; Benjamin, K. Artificial Intelligence Methods for Unmanned Aerial Vehicles Cybersecurity: A Comprehensive Survey. Drones 2026, 10, 400. https://doi.org/10.3390/drones10060400

AMA Style

Kacem T, Benjamin K. Artificial Intelligence Methods for Unmanned Aerial Vehicles Cybersecurity: A Comprehensive Survey. Drones. 2026; 10(6):400. https://doi.org/10.3390/drones10060400

Chicago/Turabian Style

Kacem, Thabet, and Kensley Benjamin. 2026. "Artificial Intelligence Methods for Unmanned Aerial Vehicles Cybersecurity: A Comprehensive Survey" Drones 10, no. 6: 400. https://doi.org/10.3390/drones10060400

APA Style

Kacem, T., & Benjamin, K. (2026). Artificial Intelligence Methods for Unmanned Aerial Vehicles Cybersecurity: A Comprehensive Survey. Drones, 10(6), 400. https://doi.org/10.3390/drones10060400

Article Metrics

Back to TopTop