LLM-LCSA: LLM for Collaborative Control and Decision Optimization in UAV Cluster Security

Highlights

What are the main findings?

• The proposed LLM-LCSA architecture improves threat detection accuracy by an average of 7.92% and reduces total system response time by 44.52% compared to traditional methods.
• A Mixture of Experts (MoEs) mechanism incorporating a dynamic threat–expert association matrix enables adaptive and real-time identification of complex threats.

What is the implication of the main finding?

• The cloud–edge–end hierarchical framework provides a scalable and efficient architecture for secure, intelligent collaboration in large-scale UAV swarms.
• The resource-aware multi-objective decision model ensures reliable performance under stringent resource constraints, enhancing practicality for real-world deployments.

Abstract

With the development of unmanned aerial vehicle (UAV) technology, multimachine collaborative operations have become the core model for increasing mission effectiveness. However, large-scale UAV clusters face challenges such as dynamic security threats, heterogeneous data fusion difficulties, and resource-constrained decision-making delays. Traditional single-machine intelligent architectures have limitations when addressing new threats, such as insufficient real-time response capabilities. To address these issues, this paper presnts an LLM-layered collaborative security architecture (LLM-LCSA) for multimachine collaborative security. This architecture optimizes the spatiotemporal fusion efficiency of multisource asynchronous data through cloud–edge–end collaborative deployment, combining an end lightweight LLM, an edge medium LLM, and a cloud-based foundation LLM. Additionally, a Mixture of Experts (MoEs) intelligent algorithm that dynamically activates the most relevant expert models by leveraging a threat–expert association matrix is introduced, thereby increasing the accuracy of complex threat identification and dynamic adaptability. Moreover, a resource-aware multi-objective optimization model is constructed to generate optimal decisions under resource constraints. Simulation results indicate that compared with traditional methods, LLM-LCSA achieves an average 7.92% improvement in the threat detection accuracy, reduces the system’s total response time by 44.52%, and enables resource scheduling during off-peak periods. This architecture provides an efficient, intelligent, and scalable solution for secure collaboration among UAV swarms. Future research should further explore its application potential in 6G network integration and large-scale swarm environments.

1. Introduction

1.1. Motivation

With the large-scale application of unmanned aerial vehicle (UAV) technology in critical areas such as disaster response [1], agricultural plant protection [2], power inspection [3], and logistics and distribution [4], multi-UAV coordination has become a core approach for increasing mission effectiveness. With the gradual improvement in network communication technology, the number of UAVs that can be covered by a UAV cluster is also gradually increasing. Compared with UAV clusters with a small number of UAVs, large-scale UAV clusters can carry more payloads, significantly increasing the applicability of UAV clusters.

However, while clustering increases scalability, it also introduces systemic challenges such as dynamic security threat generalization, low cross-platform collaboration efficiency, and delayed decision-making because of resource constraints [5]. Traditional single-machine intelligent architectures face limitations when encountering new threats, such as GPS spoofing [6], collaborative network attacks [7], and sensor interference combinations, as well as difficulties in multisource data fusion, insufficient real-time response capabilities [8], and slow dynamic threat defense, all of which severely restrict the safety and reliability of UAV clusters in complex scenarios. When a UAV cluster experiences a cyberattack, the coordinated flight of the entire system is disrupted, which severely affects safety. Recently, numerous scholars have begun investigating how to ensure the safe and coordinated flight of swarmed aircraft under cyberattack conditions.

1.2. State of the Art

The cooperative control of UAV clusters can be divided into centralized control, decentralized control, and distributed control strategies [9]. Centralized control strategies can achieve global optimal control, but problems such as high communication load and poor formation robustness limit the scalability of drone swarms. Distributed control strategies require only local information exchange to coordinate swarms, reducing communication bandwidth requirements while maintaining high fault tolerance and swarm scalability. Decentralized control strategies do not require central controllers and can achieve only local optimization; however, such strategies have advantages such as modularity and swarm scalability. In addition to the general architecture, scholars have explored cluster security.

Raja et al. proposed a novel multilayer blockchain-assisted 6G Internet of Drones (MLB-IoD) ecosystem that enhances system resilience against attacks while providing efficient path planning through security controls and compliance mechanisms [10]. Karmakar et al. designed a blockchain-based distributed authentication mechanism for drone clusters [11]. Blockchain facilitates the storage of drone authentication information in immutable storage, while associated smart contracts provide a convenient access control model. Jangsher et al. proposed an efficient group secret key (GSK) protocol for secure communication in distributed drone clusters [12]. The proposed protocol uses network coding to generate cooperative information transmitted over the channel, which is independent of the generated keys. This provided a solution to ensure secure authentication for drone clusters. Viana et al. proposed a deep learning architecture for identifying attack behaviors in UAV communications in a 5G environment. This architecture can accurately identify attack behaviors under line-of-sight (LoS) and non-line-of-sight (NLoS) conditions, as well as random combinations of the two conditions, thereby increasing the security and reliability of UAV clusters in interference and complex communication scenarios [13]. Lopez et al. proposed a wireless mesh network security architecture for UAV cluster communications, comprehensively analyzed security vulnerabilities and threats from the physical layer to the application layer, and proposed corresponding defense strategies [14].

Because traditional UAV safety control systems typically rely on preset rules and algorithms, these methods face challenges in dynamic environments and have poor safety decision-making adaptability and coordination efficiency because of the difficulty of identifying complex and changing threats [15,16]. The introduction of large language models (LLMs) into UAV cluster safety compensates for the shortcomings of traditional methods in terms of adaptability to dynamic environments [17], coordinated and intelligent decision-making [18], resource utilization and allocation resources [19], and system robustness. Figure 1 shows a UAV cluster in an intelligent control collaboration scenario. Layered assistance from end-, edge-, and cloud-based LLMs increases the autonomous perception, understanding, and decision-making capabilities of the swarm, enabling it to better adapt to diverse application scenarios.

Figure 1. Intelligent collaboration of UAV clusters.

1.3. Comparison of Related Work

Existing studies have proven the feasibility of practical application. Aikins et al. presented a case study demonstrating LLM support for up to 1000 drones operating in coordination, showcasing the potential capabilities of LLMs in handling large-scale cluster tasks [20]. Li et al. proposed optimizing UAV deployment and power control through LLMs to improve the anti-jamming capabilities of clusters in emergency communication scenarios and ensure the stability and security of communication links [21]. Han et al. proposed CoLLM, a distributed LLM collaborative reasoning framework designed for ground-centerless scenarios, to avoid the leakage of intelligent decisions when a single machine is compromised [22]. Zhu et al. proposed a Transformer-based UAV trajectory planning algorithm to quickly generate optimal trajectories, reduce data transmission and processing delays, and decrease the risk of data tampering or obsolescence, providing an efficient solution for secure data collection by UAV clusters in complex environments [23]. Yang et al. comprehensively analyzed the application of LLMs in UAV security and reported that LLMs can effectively improve the threat detection and response capabilities of UAV clusters in complex environments through multimodal data fusion and real-time decision-making capabilities, significantly increasing the security of clusters [17]. Emami et al. proposed an In-Context Learning (ICL) data collection scheduling system based on LLMs, which demonstrates outstanding performance in testing against jailbreak attacks, thereby ensuring communication security [24].

In addition, some scholars have combined LLMs with other technologies to achieve more efficient and secure UAV cluster collaboration control. Golan et al. embedded LLMs into a blockchain to enable online identification of new and complex threats in UAV communications without retraining [25]. On the basis of the contextual understanding capabilities of LLMs, they performed semantic-level anomaly detection on tamper-proof UAV traffic data stored on the blockchain, significantly reducing the number of false positives and false negatives. Piggott et al. proposed an adversarial chatbot based on LLMs that understands network protocols and launches man-in-the-middle attacks against communications between UAVs and ground control stations (GCSs), automatically generating simulated network packets [26]. This approach can be further explored to enhance the resilience of UAV clusters against attacks. Sezgin et al. also significantly improved the security decision-making capabilities of UAV clusters in complex environments by combining LLMs with RAG technology [27]. Javaid et al. analyzed the security application scenarios of LLMs in UAV clusters; clarified their core role in threat detection, command verification, and emergency response; and proposed an LLM-driven spectrum sensing and sharing mechanism that can identify interference sources in real time and dynamically switch channels to prevent cluster communications from being suppressed or deceived [18]. Zhou et al. combined large language models with Q-learning to effectively address safety issues in UAV cluster decision-making, scheduling, and optimization within unknown environments [28].

Table 1 summarizes research methodologies for UAV swarm security. However, current LLM architectures for UAV swarm security still face numerous challenges in multi-aircraft cooperative safety scenarios, as summarized in Table 2. Therefore, there remains a lack of an adaptive, resource-aware collaborative security framework capable of handling multisource data, dynamic threat situations, and resource-constrained environments within large-scale UAV swarms. Existing solutions often focus on isolated aspects such as authentication, intrusion detection, or trajectory planning, failing to integrate them into a unified, layered decision-making system spanning cloud, edge, and terminal devices.

Table 1. Categorized summary of research methods in UAV cluster security.

Field	Technical Category	Ref.	Year	Technical Approach	Key Innovation / Strength
Traditional Method	Cryptography	[29]	2022	Lightweight challenge–response authentication using elliptic curve cryptography.	Suitable for SDN-based UAVs with low computational overhead.
		[12]	2023	Proposed an efficient GSK protocol denoted as the sequential secret group key algorithm for distributed UAV communications.	Provided a reliable GSK generation process and offered a trade-off between transmission overhead and reliability.
	Multilayer model	[30]	2023	Consensus control of large-scale UAV clusters based on a multilayer graph network model.	Improves scalability and robustness of large-scale cluster network topologies.
		[10]	2025	Proposed an innovative multilayer blockchain-assisted 6G drone internet (MLB-IoD) ecosystem.	Offered high security against attacks based on authentication and encryption.
	Blockchain	[11]	2024	Designed a blockchain-based distributed identity verification mechanism for UAV clusters.	Enhanced the network performance of drone swarms and ensured the reliability of communications.
	Threat Identification	[14]	2021	Proposed a wireless mesh network security architecture and analyze security vulnerabilities and threats from the physical layer to the application layer.	Provides comprehensive security protection for UAV cluster communications.
		[31]	2024	Established a UAV cluster intrusion detection system using time probability automata (TPA).	Adapts to evolving attack patterns and identifies zero-day attacks.
		[13]	2024	Developed a deep learning architecture for identifying attack behaviors in UAV communications in a 5G environment.	Accurate identification under both LoS and NLoS conditions.
LLM	Decision Optimization	[23]	2023	Transformer-based UAV trajectory planning algorithm.	Minimizes AoI, reduces latency, and lowers data tampering risk.
		[21]	2024	Optimized UAV deployment and power control through LLMs.	Enhances anti-jamming capability in emergency communication scenarios.
	Reasoning Enhancement	[26]	2023	Proposed an attack bot based on LLMs. It can simulate attacks that hijack communication sessions between GCS and UAV clusters.	Provided a better understanding of UAV threats and offered a convenient approach to enhancing the anti-attack capabilities of UAV clusters.
		[25]	2024	Utilized the contextual understanding capabilities of LLMs to perform semantic-level anomaly detection on UAV traffic data on the blockchain.	Enables online identification of novel threats without retraining.
		[22]	2025	Proposed CoLLM, a distributed LLM collaborative reasoning framework for scenarios without a ground truth center.	Avoids single-point failure and prevents leakage of all intelligence.
	Comprehensive Analysis	[17]	2025	Comprehensive analysis of LLM applications in UAV security.	Highlights LLMs’ capabilities in multimodal data fusion and real-time decision-making.
Proposed Method	LLM-Layered Collaborative Security Architecture	Ours	2025	LLM-LCSA: A cloud–edge–end hierarchical architecture with MoEs-based smart agents and resource-aware optimization.	Integrates multi-level LLM collaboration, dynamic expert activation, and constrained decision-making for efficient and secure swarm operations.

Table 2. Summary of existing challenges in UAV cluster security.

Problem Domain	Specific Challenges	Existing Deficiencies
Specialized Design and Collaborative Mechanisms	Specialized design for UAV cluster security requirements Real-time status sharing, heterogeneous data fusion, and collaborative decision-making among multiple UAVs	Existing large language models focus on general natural language processing tasks Existing systems emphasize single-agent intelligence and lack efficient multi-agent collaboration mechanisms
Dynamic Threat Response and Knowledge Utilization	Identifying complex and dynamic threats Dynamically integrating domain expert knowledge into the decision-making process in real-time	Systems have limited identification capabilities Lack mechanisms for the real-time, dynamic integration of expert knowledge
Decision Optimization under Resource Constraints	Achieving resource-aware intelligent decision-making in resource-constrained environments Balancing decision timeliness and accuracy with communication resource consumption	Difficulty in effectively balancing decision quality and multidimensional resource consumption Challenges in operating under limited resource conditions

To address these challenges, an LLM architecture that is more suitable for UAV cluster scenarios is needed to identify threats and make decisions during multimachine collaborative operations. Considering edge collaboration applications is an important development trend in future 6G communications. This trend has been implemented in many scenarios, such as vehicle-to-everything (V2X), industrial control, and command cities, but practical applications with UAVs are lacking.

Therefore, this paper presents a security-oriented multimachine collaborative LLM-layered collaborative security architecture (LCSA). This architecture leverages a distributed data storage framework and resource-aware intelligent decision-making algorithms. In the LLM-LCSA framework, the MoEs mechanism is embedded within edge servers, a threat–expert dynamic correlation matrix is used, and an optimization model that considers expert recommendation costs and multidimensional resource consumption is constructed. Additionally, we incorporate slack variables to manage resource conflicts, design a multidimensional confidence evaluation mechanism, and implement a feedback adjustment module to achieve resource-aware intelligent decision-making.

1.

We propose LLM-LCSA for secure multi-UAV collaboration. Through a cloud–edge–terminal collaborative computing architecture, LLM-LCSA integrates distributed data storage, sliding window aggregation, and data validity scoring mechanisms to achieve multilevel model collaborative inference. In comprehensive performance evaluations, all the components achieved excellent ratings.

2.

An intelligent agent algorithm based on the MoEs was designed, implemented, and embedded within edge servers. Through the designed threat–expert dynamic correlation matrix and expert weight dynamic adjustment mechanism, the accuracy of the system in identifying complex dynamic threats and its dynamic adaptability significantly increased. Simulation experiments demonstrate that compared with traditional methods, the average recognition accuracy for multiple threat types increased by 7.92%.

3.

A multi-objective optimization model under resource constraints was constructed to achieve resource-aware intelligent decision-making. This model comprehensively considers expert recommendation costs and multidimensional resource consumption constraints and develops an optimization solution strategy that incorporates slack variables. The simulation results demonstrate that compared with traditional methods, the system reduces the total response time by 44.52%, significantly improving resource utilization.

We compared LLM-LCSA with relevant research, as shown in Table 3. This paper features three key innovations and addresses the current challenges mentioned.

Table 3. Comparison of different methods and their features.

Methods	Ref.	Year	Dynamic Adaptability	Features
				HDF	MTD	DO	RO	RL	RM	ED
Traditional Method	[32]	2022	Medium		✓	✓			✓	✓
	[33]	2023	Low	✓	✓	✓		✓
	[34]	2023	Medium	✓	✓					✓
	[35]	2023	Low		✓				✓	✓
	[36]	2024	Low			✓	✓	✓		✓
LLM	[25]	2024	High		✓	✓
	[22]	2025	High			✓	✓		✓	✓
	[37]	2025	High	✓		✓		✓	✓
	[38]	2025	Low	✓	✓					✓
	[39]	2025	Medium	✓	✓	✓
	[27]	2025	High	✓		✓			✓	✓
Proposed Method	Ours	2025	High	✓	✓	✓	✓	✓	✓	✓

Note: HDF: heterogeneous data fusion; MTD: multi-threat detection; DO: decision optimization; RO: resource optimization; RL: reduce latency; RM: rating mechanism; ED: easy to deploy.

• We propose a hierarchical collaborative security architecture that addresses the inefficiency of traditional simple-layered deployment models in processing multisource asynchronous spatiotemporal data fusion. This significantly enhances data processing efficiency, with simulation results validating the architecture’s effectiveness.
• We resolve the accuracy and adaptability limitations of traditional hybrid expert models when handling novel complex threats by introducing an online adaptive matrix. This enables real-time expert activation and continuous self-evolution.
• We design a resource-aware multi-objective optimization model to resolve the challenge of balancing decision quality with multidimensional resource consumption in resource-constrained edge environments. By incorporating slack variables and a multidimensional confidence mechanism, we ensure the system’s reliable performance and deployment capability under resource-limited conditions.

The remainder of this paper is organized as follows: In Section 2, the overall design of LLM-LCSA, a hierarchical collaborative security architecture, is introduced. In Section 3, the theoretical foundation, system modeling, and a hierarchical collaborative threat detection algorithm are designed. With the proposed system, a resource-aware intelligent decision optimization algorithm is proposed in Section 4. In Section 5, the simulation results are discussed, revealing the effectiveness of the proposed architecture and algorithms. The conclusions of the paper and directions for future research are presented in Section 6.

2. System Architecture Design

To mitigate the latency bottlenecks and static threat response deficiencies of centralized LLM deployment, this paper presents a hierarchical collaborative architecture, LLM-LCSA. Through the collaboration of a cloud–edge–end hierarchical model and an embedded intelligent agent decision-making mechanism, this architecture achieves efficient multimachine collaboration in security-critical scenarios. As shown in Figure 2, lightweight models are deployed on end devices, medium models are deployed on the edge server, and large models are deployed in the cloud. This architecture enables data acquisition, real-time processing, long-term forecasting, and safety mode analysis.

Figure 2. Architecture of LLM-LCSA.

2.1. Cooperative Deployment of Layered Models

The basis of LLM-LCSA lies in the collaborative deployment of hierarchical models to fully exploit the advantages of different computing resources, enabling efficient data processing and decision support. The small-scale model deployed on the end device is responsible for real-time data collection and preliminary anomaly detection and is capable of quickly responding to changes in local sensor data, generating anomaly detection scores $\varphi$, and sending them to the edge device. The medium model deployed on the edge devices combines anomaly detection scores from multiple UAVs and short-term historical data features S to perform more accurate binary anomaly detection and calculate performance indicator vectors M. The large model deployed in the cloud focuses on long-term sequence prediction and large-scale security pattern analysis, generating long-term sequence prediction results T and large-scale security analysis results K. LLM-LCSA is also responsible for offline training and fine-tuning of the model, and it sends the updated model parameters to the edge and end devices.

Through this hierarchical model collaboration deployment, LLM-LCSA can fully exploit the real-time capabilities of the end, the computing power of the edge, and the global analysis capabilities of the cloud to optimize the entire process from data collection to decision support. The lightweight model on the end side can quickly respond to local data changes, the medium model on the edge side can process local data and make preliminary decisions, and the large model in the cloud can provide a global perspective and in-depth analysis. The three models collaborate to ensure the efficient coordination and intelligent decision-making of UAV clusters in complex environments.

2.2. Distributed Data Storage Architecture

To effectively process the massive, high-speed, heterogeneous data streams generated by UAV clusters, LLM-LCSA was designed with an innovative, distributed data storage architecture. Short-term and long-term history databases are used to store recent data fragments and global trend and pattern data, respectively.

The short-term history database is deployed on edge servers and stores data from the past few minutes to several tens of minutes, including statistical features such as anomaly frequency, mean, and variance. These data provide real-time contextual information for medium models at the edge, enabling rapid anomaly detection and decision support. The long-term history database is deployed in the cloud, storing data spanning hours, days, or even longer periods, including periodic trends and statistical analyses of historical anomaly patterns. These data provide a global perspective for large-scale models in the cloud, enabling long-term sequence prediction and large-scale security pattern analysis.

To better handle multisource asynchronous data, LLM-LCSA uses time window sliding aggregation and data validity scoring mechanisms at the edge layer. Time window sliding aggregation uses an exponentially weighted moving average method to assign higher weights to recent data, ensuring data timeliness. Data validity scoring is used to evaluate the recency of the data from each data source via a timeliness function. When a data source is temporarily unavailable, historical data prediction is performed in the edge layer to fill in the gaps, or a downgrade strategy is employed to ensure the completeness and reliability of the data. In addition, data fusion quality metrics are defined for the system. When the data fusion quality metrics fall below predefined thresholds, additional data requests are performed or the decision confidence threshold is increased to further optimize the data processing workflow.

This distributed data storage architecture not only addresses the problem of synchronizing and integrating multisource asynchronous data but also exploits the real-time data advantages of the end and edge, alleviating the bottlenecks of traditional centralized data processing models in UAV cluster scenarios and providing a solid data foundation for the safe coordination of UAV clusters.

2.3. Embedded Intelligent Agent Algorithm

Another core component of LLM-LCSA is the intelligent decision-making algorithm embedded within the edge server. This agent algorithm is based on the MoEs mechanism; integrates task decomposition, distribution, and decision fusion functions; and introduces domain expert knowledge. This algorithm can intelligently invoke the most relevant expert knowledge for decision-making on the basis of real-time threat situations.

The main modules of the agent algorithm include data aggregation, weight allocation and control, expert reasoning, decision fusion, feedback and iterative adjustment, and collaborative enhancement modules. The data aggregation module fuses data from different levels through mechanisms such as time stamp alignment and time window sliding aggregation to generate a unified feature vector. The weight allocation and control module dynamically adjusts the weights of each expert on the basis of the input features to ensure that the most relevant expert opinions are emphasized in different threat scenarios. The expert reasoning module allows each expert to output a recommended decision vector on the basis of their domain expertise, supporting the dynamic expansion and updating of the expert system. The decision fusion module optimizes decision vectors by defining cost functions and resource consumption models to ensure that task requirements are met while optimizing resource utilization efficiency. The feedback and iterative adjustment module uses a multidimensional confidence assessment mechanism to evaluate decision quality in real time and makes adaptive adjustments on the basis of feedback to ensure system robustness and adaptability. The collaborative enhancement module further supports hierarchical management and conflict negotiation for large-scale clusters, increasing the overall collaborative efficiency of the system.

Through embedded intelligent agent algorithms, LLM-LCSA not only achieves efficient multimachine coordination and intelligent decision-making but also dynamically adjusts decision-making strategies on the basis of real-time threat situations, significantly improving the ability of the system to respond to complex and new threats and providing powerful intelligent support for the safe coordination of UAV clusters.

2.4. Performance Evaluation

We evaluated the overall performance of LLM-LCSA through a comprehensive set of metrics covering the threat detection accuracy, response latency, resource utilization, and system scalability. It establishes differentiated evaluation metrics tailored to the core functions of each component. All heterogeneous metrics undergo standardization and are weighted and aggregated based on their relative importance to the system’s overall performance. The results are normalized into a composite score ranging from 0 to 1, enabling consistent cross-component comparisons. The detailed experimental setup, evaluation criteria, and comparative results are presented in Section 5. As shown in Figure 3, all the metrics exceed 0.82, indicating excellent performance. LLM inference quality is its strongest aspect, with no obvious performance shortcomings, although resource efficiency could still be improved.

Figure 3. Comprehensive performance dashboard of LLM-LCSA.

LLM-LCSA effectively addresses the shortcomings of existing UAV systems in areas such as multi-aircraft collaboration mechanisms, data processing and storage, dynamic threat response, resource-constrained decision optimization, and system scalability and adaptability. LLM-LCSA provides an efficient, intelligent, and scalable system solution for the safe and coordinated operation of UAV swarms.

3. System Model and Analysis

The LLM-LCSA approach studied in this paper is aimed at a cluster system composed of N UAVs that perform cooperative tasks in complex environments with potential dynamic security threats. The primary elements of the system model are defined in Appendix A Table A1:

3.1. System Models

3.1.1. Network Topography

The cluster uses a distributed communication topology. Local information is exchanged between UAV nodes via wireless links. Let $G=\left(V, E\right)$ be the communication graph, where $V=\{{\mathrm{UAV}}_1, {\mathrm{UAV}}_2, \dots , {\mathrm{UAV}}_N\}$ is the node set and E is the edge set, indicating that direct communication is possible between nodes. The normalized communication distance parameter is represented as $d_{comm}(0<d_{comm}<=1)$, and there is an edge $(i, j)\in E$ between nodes only when their Euclidean distance is $(i, j)\le d_{comm}$. Edge servers are deployed at specific locations or by some UAVs and are responsible for data aggregation and processing in local areas. The cloud provides global computing and storage support.

3.1.2. Threat Model

The system faces M possible threat types $T_{threat}=\{T_1, T_2, \dots , T_M\}$. Threats may occur independently or in combination and are dynamic and covert in nature. The scope of threat impact can be a single machine, a local cluster, or global.

3.1.3. Data Processing Flow

End: Each UAV is equipped with a lightweight LLM, which is responsible for real-time collection, preprocessing, and preliminary anomaly detection of local sensor data, generating preliminary anomaly scores $\varphi \left(t\right)\in \mathbb{R}$.

Edge: Medium LLMs and intelligent agents are implemented on edge servers. Edge servers receive $\varphi \left(t\right)$ and local data sent by UAVs within their jurisdiction, combine them with recent statistical features $S\left(t\right)\in {\mathbb{R}}_s^d$ stored in a short-term historical database, perform threat classification and local situational awareness, and generate performance metric vectors $M\left(t\right)\in {\mathbb{R}}^4$ and preliminary decision recommendations.

Cloud: A large-scale LLM is implemented in the cloud. Aggregated information is received from all edge nodes and global trend and pattern data stored in the long-term historical database $L\left(t\right)$. Long-term prediction $T\left(t\right)\in {\mathbb{R}}^m$ and large-scale security pattern analysis are performed to obtain security labels $K\left(t\right)\in \mathbb{N}$. Offline model training, fine-tuning, and parameter deployment are all performed in the cloud.

3.1.4. Resource Constraints

The system involves eight types of key resources, and the system-available resource vector is represented as $R={[R_1, R_2, \dots , R_8]}^{\top }$. $R_1$ to $R_8$ represent the computing resources, communication bandwidth, data storage, model storage, power consumption limits, RAM capacity, connection quality requirements, and sensor resources, respectively.

Under the constraints of resource availability, the system needs to generate the optimal collaborative decision vector $x={[x_1, x_2, \dots , x_n]}^{\top }$ corresponding to different control parameters. The implementation of each decision component $x_j$ generates resource consumption $r_{kj}\left(x_j\right)$, which represents the demand for the k-th resource when decision $x_j$ is implemented as follows:

$$c_k\left(x\right)=\sum _{j=1}^n{r}_{kj}\left(x_j\right), k=1, 2, \dots , 8,$$

(1)

This balances safety, task performance, resource efficiency, real-time performance, robustness, and adaptability.

End constraints: The end available resource vector is represented as

$$R^{\mathrm{end}}={[R_1^{\mathrm{end}}, R_2^{\mathrm{end}}, \dots , R_k^{\mathrm{end}}]}^{\top }, c_k^{\mathrm{end}}\left(x\right)\le R_k^{\mathrm{end}}.$$

(2)

Edge-side constraints: The edge server needs to serve $N^{\mathrm{serve}}$ UAVs, with the following constraints:

$$\sum _{i=1}^{N^{\mathrm{serve}}}{c}_k^{\mathrm{edge},i}\left(x_i\right)\le R_k^{\mathrm{edge}}.$$

(3)

Expert system MoEs constraint:

$$\sum _{j=1}^{N_{\mathrm{expert}}}{w}_j\left(t\right)·c_k^{\mathrm{expert},\mathrm{j}}\le R_k^{\mathrm{edge}}·{\alpha }_{\mathrm{MoE}},$$

(4)

where ${\alpha }_{\mathrm{MoE}}\in (0, 1)$ represents the proportion of computing resources that can be used by the expert system.

Global resource balancing constraint:

$$\sum _{l\in \{\mathrm{end},\mathrm{edge},\mathrm{cloud}\}}{c}_k^l\left(x\right)\le R_k^{\mathrm{total}}.$$

(5)

Load balancing constraint:

$${\mathrm{LI}}_k={\displaystyle \frac{{max}_i{c}_k\left(x\right)-{min}_i{c}_k\left(x\right)}{{\overline{c}}_k\left(x\right)}}\le {\mathrm{LI}}_{\mathrm{threshold}}.$$

(6)

Time coupling constraint: The time-related nature of resource consumption is considered as follows:

$$\sum _{\tau =t}^{t+\mathsf{\Delta }T}{c}_k\left(x\left(\tau \right)\right)\le R_k·\mathsf{\Delta }T·{\varphi }_k,$$

(7)

where ${\varphi }_k\le 1$ represents the upper limit of resource utilization.

3.2. Feature Vectors and Data Freshness

To ensure data timeliness, an agent uses the most recent data within a specific time window when aggregating data from various sources. Let $v\left(t\right)$ be the aggregated feature vector at time t, which consists of the following components:

$$v\left(t\right)={\left[\begin{array}{cccccc}\varphi \left(t\right), & M\left(t\right), & S\left(t\right), & L\left(t\right), & T\left(t\right), & K\left(t\right)\end{array}\right]}^{\top },$$

(8)

where $\varphi \left(t\right)\in \mathbb{R}$ represents the end anomaly detection score, $M\left(t\right)\in {\mathbb{R}}^4$ represents the edge model performance vector, $S\left(t\right)\in {\mathbb{R}}_s^d$ represents short-term historical features, $L\left(t\right)\in {\mathbb{R}}_l^d$ represents long-term historical features, $T\left(t\right)\in {\mathbb{R}}^m$ represents cloud-based time series prediction, and $K\left(t\right)\in \mathbb{N}$ represents safety analysis labels.

The validity score of data u at time t is calculated as follows:

$$f_{\mathrm{fresh}}(u, t)=exp\left(-\lambda ·{\displaystyle \frac{t-t_u}{T_{\mathrm{half}}}}\right),$$

(9)

where $\lambda$ represents the control decay rate and $T_{\mathrm{half}}$ denotes the half-life of the data.

For short-term time series data $S\left(t\right)$, the exponential weighted moving average method is used as follows:

$$S_{\mathrm{agg}}\left(t\right)=\sum _{k=0}^{W-1}{\alpha }^k·S(t-k\mathsf{\Delta }t), \alpha \in (0, 1),$$

(10)

where W represents the sliding window size, which is adjusted adaptively by the data sampling rate, and $\phi$ denotes the data retention ratio:

$$W\left(t\right)=⌈{\displaystyle \frac{log(1-\phi )}{log\alpha }}⌉.$$

(11)

3.3. Threat–Expert Association Matrix

The threat type space $\mathcal{T}=\{1, \dots , M\}$, the set of experts $\mathcal{E}=\{1, \dots , N_{\mathrm{expert}}\}$, and the association matrix $R\in {\mathbb{R}}^{M\times N_{\mathrm{expert}}}$ satisfy the following:

$$R_{ij}=P\left(\mathrm{Expert}j\mathrm{activated}\right|\mathrm{Threat}\mathrm{type}i\mathrm{appeared}),$$

(12)

where M represents the number of possible threat types, $N_{\mathrm{expert}}$ denotes the number of experts, and $R_{ij}$ represents the degree of association between threat type i and expert j.

Extracting the threat features $v\left(t\right)$ yields the following:

$$h_{\mathrm{threat}}\left(t\right)=\sigma \left(W_{\mathrm{ext}}·v\left(t\right)+b_{\mathrm{ext}}\right),$$

(13)

where $\sigma (·)$ represents the ReLU activation function, $W_{\mathrm{ext}}\in {\mathbb{R}}^{M\times dim\left(v\right)}$ denotes the weight matrix, and $b_{\mathrm{ext}}$ represents the bias vector used for decision boundary adjustment.

The importance weights $w_i$ of each expert are calculated through the control module as follows:

$$w_i={\displaystyle \frac{exp\left(G_i\left(v\right)\right)}{{\sum }_{j=1}^{N_{\mathrm{expert}}}exp\left(G_j\left(v\right)\right)}},$$

(14)

where $G_i\left(v\right)$ represents the basic relevance score of expert i, indicating the degree of matching between input feature v and expert i.

On the basis of the threat-based expert weight adjustment, the threat probability is multiplied by the correlation matrix to correct the control module output:

$${\tilde{G}}_i\left(v\right)=G_i\left(v\right)+\beta ·\sum _{j=1}^M{p}_j^{\mathrm{threat}}·R_{ji},$$

(15)

where $p_j^{\mathrm{threat}}={\mathrm{softmax}}_j\left(W_{\mathrm{th}}{h}_{\mathrm{threat}}\right)$ represents the probability of each threat type, $W_{\mathrm{th}}$ denotes the threat space transformation matrix, and $\beta \in [0, 1]$ represents the parameter regulating the intensity of threat perception. When $\beta =0$, only basic gate control is used; when $\beta =1$, the system relies entirely on threat perception. $R_{ji}$ denotes the correlation matrix, which represents the correlation between threat type j and expert i.

The final expert weight is calculated as follows:

$$w_i\left(t\right)={\displaystyle \frac{exp\left({\tilde{G}}_i\left(v\right)\right)}{{\sum }_{j=1}^{N_{\mathrm{expert}}}exp\left({\tilde{G}}_j\left(v\right)\right)}}.$$

(16)

On the basis of decision effect feedback, the association matrix is regularly updated as follows:

$$R_{ji}^{\mathrm{new}}=R_{ji}^{\mathrm{old}}+\eta ·f_{\mathrm{score}}·p_j^{\mathrm{threat}}·w_i.$$

(17)

where $\eta$ represents the learning rate and $f_{\mathrm{score}}$ denotes the quantitative score of decision effectiveness.

3.4. Expert Reasoning Module

The decision variable is a decision vector $x={[x_1, x_2, \dots , x_n]}^{\top }$, where each component corresponds to a different control parameter (such as the evacuation intensity $x_1$, link switching $x_2$, or anti-interference $x_3$). Each expert $x_i$ outputs their recommended decision vector $d_i=[d_{i1}, d_{i2}, \dots , d_{in}]$ on the basis of the input v. Experts can provide nonzero recommendation values for one or more decision components on the basis of their domain expertise.

The capability assessment function for newly added experts is defined as follows:

$$C_i^{\mathrm{expert}}={\displaystyle \frac{1}{|D_{\mathrm{test}}|}}\sum _{v\in D_{\mathrm{test}}}{f}_{\mathrm{score}}(d_i, d_{\mathrm{reference}}, v),$$

(18)

where $D_{\mathrm{test}}$ represents the test scenario set, $d_{\mathrm{reference}}$ denotes the reference decision vector, which represents the ideal decision recognized by the system in a given input feature scenario, and $f_{\mathrm{score}}$ represents the similarity score between the expert recommendation and the reference decision. When a new expert registers, the system uses a conservative strategy to gradually increase the expert’s influence as follows:

$$w_{i,\mathrm{new}}^{\left(t\right)}=min\left(\gamma ·w_{i,\mathrm{new}}^{(t-1)}, w_{i,max}\right),$$

(19)

where $\gamma >1$ represents the growth factor and $w_{i,max}$ denotes the upper limit of the expert weight, which gradually increases with the ability assessment score.

Among experts with similar functions, the resource allocation is dynamically adjusted on the basis of historical performance as follows:

$$r_i={\displaystyle \frac{exp(\lambda ·f_i^{\mathrm{perf}})}{{\sum }_{j\in \mathrm{same}\mathrm{group}}exp(\lambda ·f_i^{\mathrm{Perf}})}},$$

(20)

where $r_i$ represents the proportion of computing resources obtained by expert i, $f_i^{\mathrm{Perf}}$ denotes their historical performance metric, and $\lambda$ controls the intensity of competition.

Algorithm 1 demonstrates a hierarchical collaborative threat detection algorithm that achieves three-tiered collaborative detection at the end (real-time), edge (aggregation), and cloud (global) levels. At the end layer, a lightweight LLM generates anomaly scores $\varphi$ in real time. At the edge layer, a medium LLM aggregates short-term historical data and performs anomaly classification. At the cloud layer, a large-scale temporal LLM analyzes long-term patterns and generates security labels. Time window sliding aggregation and data freshness decay functions ensure the real-time validity of the data.

Algorithm 1: Layered collaborative threat detection algorithm.

Input: Real-time sensor data stream from UAV clusters $\left\{S_i\left(t\right)\right\}$ Output: Threat probability $P_{\mathrm{threat}}$, threat type $T_{\mathrm{type}}$ 1: Initialization: 2:    $\mathrm{End}\leftarrow \text{Lightweight-Model}$ 3:    $\mathrm{Edge}\leftarrow \text{Medium-model}$ 4:    $\mathrm{Cloud}\leftarrow \text{Foundation\_Model\_T}, \text{Foundation\_Model\_K}$ 5:    $S_{\mathrm{DB}}\leftarrow \mathrm{Connect}\mathrm{to}\text{short-term}\mathrm{historical}\mathrm{database}$ 6:    $L_{\mathrm{DB}}\leftarrow \mathrm{Connect}\mathrm{to}\text{long-term}\mathrm{historical}\mathrm{database}$ 7:    $\alpha \leftarrow 0.85, \lambda \leftarrow 0.3, T_{\mathrm{half}}\leftarrow 10$, ${\tau }_{\mathrm{cloud}}\leftarrow 0.7$ 8:    $W\leftarrow \mathrm{Initial}\mathrm{time}\mathrm{window}\mathrm{size}$ 9: for each ${\mathrm{UAV}}_i$ in Cluster do 10:     ${\varphi }_i\left(t\right)\leftarrow \mathrm{EndModel}.\mathrm{infer}\left(S_i\left(t\right)\right)$ 11:     Send $({\mathrm{UAVID}}_i, {\varphi }_i\left(t\right), \mathrm{timestamp})$ to edge servers 12: end for 13: Receive ${\varphi }_i\left(t\right)$ from all UAVs 14: $S_{\mathrm{agg}}\left(t\right)\leftarrow 0$ 15: Calculate $S_{\mathrm{agg}}\left(t\right)$ for $0\le n\le W-1$ according to Equation (3) 16: Calculate $\mathrm{freshness}\left[u\right]$ for each data source u according to Equation (2) 17: Build $\mathbf{v}\left(t\right)$ according to Equation (1) 18: $[P_{\mathrm{threat}}, T_{\mathrm{type}}]\leftarrow \mathrm{EdgeModel}.\mathrm{predict}\left(\mathbf{v}\left(t\right)\right)$ 19: if  $P_{\mathrm{threat}}>{\tau }_{\mathrm{cloud}}$  then 20:     $T_{\mathrm{pred}}\leftarrow \text{CloudModel\_T.predict}(L_{\mathrm{DB}}.\mathrm{query}(\text{last\_24h}))$ 21:     $K_{\mathrm{label}}\leftarrow \text{CloudModel\_K.analyze}(T_{\mathrm{pred}}, \mathbf{v}\left(t\right))$ 22:     $L_{\mathrm{DB}}.\mathrm{update}\left(K_{\mathrm{label}}\right)$ 23:     if $K_{\mathrm{label}}==\mathrm{MALICIOUS}$ then 24:         $P_{\mathrm{threat}}\leftarrow min(1.0, P_{\mathrm{threat}}\times 1.2)$ 25:     end if 26: end if 27: Return  $P_{\mathrm{threat}},$$T_{\mathrm{type}}$

3.5. Complexity Analysis

N represents the number of UAVs in the UAV cluster, and the complexity of end processing is expressed as follows: $O(N·d)$; data reception $O\left(N\right)$; time window sliding aggregation $O(W·d)$; data freshness calculation $O\left(n\right)$; feature vector construction $O\left(d\right)$; edge-side medium model inference O($d^2$); and cloud-side large-scale model processing $O(d^3+H)$ (time-series prediction: $O\left(d^3\right)$, large-scale model security analysis: $O\left(d^3\right)$, and database update: $O\left(\log H\right))$.

When ${\sum }_i{P}_i^{\mathrm{threat}}\le {\tau }_{\mathrm{cloud}}$ and no cloud processing is triggered, $T(n, d, W)=O(n·d+W·d+d^2+n)=O\left(\max (n·d, W·d, d^2)\right)$; when ${\sum }_i{P}_i^{\mathrm{threat}}>{\tau }_{\mathrm{cloud}}$ and cloud processing is triggered, T$(n, d, W, H)=O(n·d+W·d+d^2+d^3+H)$.

4. Intelligent Decision Optimization

The threat detection algorithm described in Section 3 provides essential input for subsequent decision-making phases. However, generating optimal response strategies requires consideration of the stringent resource constraints inherent to both the end and edge computing environments of the UAV. We model the decision optimization problem as a constrained cost minimization problem and establish a closed-loop optimization cycle. Specifically, the situational awareness feature vectors $v\left(t\right)$ generated by each layer of the LLM serve as the unified input for subsequent optimization. Not only do they dynamically adjust the expert weights through the threat–expert matrix, but they also serve as key parameters injected into the resource-aware multi-objective optimization model to generate the optimal decision $x^{\ast }$. The execution effectiveness of the decision is monitored in real time and quantified as a feedback signal. These signals are used to update the expert system and for targeted fine-tuning of the LLM, thereby forming a complete closed loop of “perception–decision–feedback–learning” that drives the system’s continuous evolution.

4.1. Resource-Constrained Decision Optimization

The cost function of expert i is defined as follows:

$$L_i(x, d_i)=\sum _{j=1}^n{\alpha }_{ij}·{(x_j-d_{ij})}^2,$$

(21)

where $x={[x_1, x_2, \dots , x_n]}^{\top }$ represents the decision vector, $d_i$ denotes the weighted deviation from its recommendation, $d_{ij}$ is the recommendation value of expert i for decision component j, and ${\alpha }_{ij}$ represents the sensitivity weight of expert i to decision component j (unrelated components ${\alpha }_{ij}=0$).

The system-available resource vector is defined as $R=[R_1, R_2, \dots , R_K]$, where $R_K$ represents the available amount of the k-th resource, and the resource constraint function is constructed as follows:

$$g_k\left(x\right)=c_k\left(x\right)-R_k\le 0,k=1, 2, \dots , K.$$

(22)

The overall cost function is constructed as follows:

$$f\left(x\right)=f_{\mathrm{expert}}\left(x\right)+f_{\mathrm{resource}}\left(x\right)=\sum _{i=1}^N{w}_i·L_i(x, d_i)+{\lambda }_r\sum _{k=1}^K{\displaystyle \frac{c_k\left(x\right)}{R_k}}.$$

(23)

where ${\lambda }_r$ represents the weighting factor for resource efficiency, which can be dynamically adjusted according to the current load of the system.

The resource efficiency targets are incorporated into optimization problems and converted to a multi-objective optimization function as follows:

$$\underset{x\in \mathcal{X}}{min}\left[\sum _{i=1}^N{w}_i·L_i(x, d_i)+{\lambda }_r\sum _{k=1}^K{\displaystyle \frac{c_k\left(x\right)}{R_k}}\right].$$

(24)

When resource constraints conflict, the slack variables ${ϵ}_k$ are introduced as follows:

$$x^{\ast }=\underset{x,ϵ}{argmin}\left[f\left(x\right)+{\lambda }_{ϵ}\sum _{k=1}^K{ϵ}_k\right],\mathrm{s}.\mathrm{t}.c_k\left(x\right)\le R_k+{ϵ}_k.$$

(25)

The KKT conditions yield a closed-form solution:

$$x_j={\displaystyle \frac{{\sum }_{i=1}^N{w}_i{\alpha }_{ij}{d}_{ij}-\frac{1}{2}{\sum }_{k=1}^K{\mu }_k{r}_{kj}}{{\sum }_{i=1}^N{w}_i{\alpha }_{ij}}},$$

(26)

where ${\mu }_k$ represents the Lagrange multiplier. The computational complexity depends primarily on n and K, neither of which increase significantly with the expansion of the UAV cluster scale within the system, ensuring the algorithm’s real-time capability under large-scale constraints.

4.2. Expert Consensus Rating

The consensus on the evaluation of expert opinions is as follows:

$$f_{\mathrm{consensus}}=1-{\displaystyle \frac{{\sum }_{i=1}^N{w}_i·{\parallel d_i-x^{\ast }\parallel }_2^2}{{max}_{i,j}{\parallel d_i-d_j\parallel }_2^2}},$$

(27)

where $w_i$ is the weight of the i-th expert. The higher the consistency is, the closer the score is to 1.

The decision-making effects of similar historical scenarios are compared as follows:

$$f_{\mathrm{history}}=\sum _{(v_h,x_h,e_h)\in \mathcal{H}}{f}_{\mathrm{sim}}(v, v_h)·f_{\mathrm{success}}\left(e_h\right),$$

(28)

where H represents the historical decision record, which contains feature vectors $v_h$, decisions $x_h$, and effects $e_h$; $f_{\mathrm{sim}}$ calculates the similarity between the current feature vector and the historical record; and $f_{\mathrm{success}}$ assesses the success of historical decisions.

The decision effectiveness in a lightweight simulation environment is quickly confirmed as follows:

$$f_{\mathrm{sim}}={\displaystyle \frac{1}{\left|\mathrm{KPI}\right|}}\sum _{i=1}^{\left|\mathrm{KPI}\right|}{\displaystyle \frac{{\text{Sim\_KPI}}_i\left(x^{\ast }\right)-{\text{Worst\_KPI}}_i}{{\text{Best\_KPI}}_i-{\text{Worst\_KPI}}_i}},$$

(29)

where ${\text{Sim\_KPI}}_i\left(x^{\ast }\right)$ represents the ith KPI value resulting from decision $x^{\ast }$ in the simulation environment and ${\text{Best\_KPI}}_i$ and ${\text{Worst\_KPI}}_i$ denote the predefined best and worst values, respectively.

The uncertainty of the current input data is assessed as follows:

$$f_{\mathrm{uncert}}=exp\left(-{\lambda }_{\mathrm{unc}}·\sum _i{\sigma }_i^2\right),$$

(30)

where ${\sigma }_i^2$ represents the estimated variance of the ith input vector v and ${\lambda }_{\mathrm{unc}}$ denotes the scaling factor.

Multidimensional weighted integration is performed as follows:

$$\mathrm{Confidence}\left(x^{\ast }\right)=\sum _{m\in \{\mathrm{consensus},\mathrm{history},\mathrm{sim},\mathrm{uncert}\}}{\alpha }_m·{\mathrm{Conf}}_m,$$

(31)

where ${\alpha }_m$ weights can be dynamically adjusted through reinforcement learning and other methods to optimize long-term decision quality.

Thresholds are dynamically adjusted on the basis of the urgency of the situation as follows:

$$\tau ={\tau }_{\mathrm{base}}·(1-\beta ·f_{\mathrm{Urgency}}),$$

(32)

where ${\tau }_{\mathrm{base}}$ represents the base threshold, $\beta$ controls the degree to which the threshold is lowered in an emergency, and $f_{\mathrm{Urgency}}$ denotes the current assessment of the urgency of the situation.

When the system involves many UAVs, a collaborative enhancement module is used to achieve more efficient decision-making and execution. UAVs are grouped into multiple clusters $\mathcal{G}=\{G_1, G_2, \dots , G_k\}$, with edge servers and agents set up in each cluster $G_i={\text{UAV}}_{i,1}, {\mathrm{UAV}}_{i,2}, \dots \}$. The clusters share summary information through a high-level coordination mechanism:

$$I_i^{\mathrm{share}}=F_{\mathrm{abstract}}(v_i, x_i^{\ast }, f_{\mathrm{uncert}}),$$

(33)

where $I_i^{\mathrm{share}}$ represents a summary of information shared by cluster i, including key status, decision intent, and uncertainty assessment. When there is a conflict between the decisions of adjacent clusters, a negotiation mechanism is triggered as follows:

$$f_{\mathrm{conflict}}(x_i^{\ast }, x_j^{\ast })>{\theta }_{\mathrm{conflict}}\Rightarrow \mathrm{Negotiate}({\mathrm{Agent}}_i, {\mathrm{Agent}}_j),$$

(34)

The agent sends the final optimal decision vector $x^{\ast }$ to each relevant UAV, which then performs the corresponding operation (evacuation, communication switching, anti-interference, etc.) on the basis of $x^{\ast }$ and feeds back the execution results to the system.

4.3. Multi-Expert Collaborative Safety Decision-Making Algorithm

Algorithm 2 shows the multi-expert collaborative adaptive security decision-making framework. This framework extracts threat features, calculates threat probability distributions, and then dynamically adjusts expert weights on the basis of threat probabilities and resource matrices. Next, this framework optimizes and generates the optimal decision vector under resource constraints and integrates four dimensions—the consensus degree, historical matching, simulation verification, and uncertainty—for comprehensive confidence assessment. This framework dynamically adjusts the execution threshold according to resource scarcity to achieve adaptive decision execution.

Algorithm 2: Dynamic expert decision algorithm.

Input: $\mathbf{v}\left(t\right), \varphi \left(t\right), {\mathbf{R}}_{\mathrm{available}}, \mathrm{Expert}\mathcal{E}\mathrm{and}{\alpha }_{ji}$, Threat–Expert Association Matrix $\mathbf{R}$, Historical Decision Database $\mathcal{H}$, Lightweight Decision Simulator $\mathcal{S}$ Ouput:  ${\mathbf{x}}^{\ast }, Conf$ 1: Initialization: 2:    ${\mathbf{h}}_{\mathrm{threat}}\leftarrow \mathrm{ReLU}({\mathbf{W}}_{\mathrm{ext}}·\mathbf{v}\left(t\right)+{\mathbf{b}}_{\mathrm{ext}})$     3:    ${\mathbf{p}}_{\mathrm{threat}}\leftarrow ({\mathbf{W}}_{\mathrm{th}}·{\mathbf{h}}_{\mathrm{threat}})$     4: Calculate ${\tilde{G}}_j$ for $0\le j\le N$ according to Equation (8) 5: Calculate $w_j$ for $0\le j\le N$ according to Equation (9) 6: for  $j=1$to  N  do 7:     ${\mathbf{d}}_j\leftarrow {\mathrm{Expert}}_j\left(\mathbf{v}\left(t\right)\right)$     8: end for 9: Calculate ${\mathbf{x}}^{\ast }$ according to Equation (20) 10: Calculate $Con{f}_{\mathrm{cons}}, Con{f}_{\mathrm{hist}}, Con{f}_{\mathrm{sim}}, Con{f}_{\mathrm{uncert}}$ according to Equations (21) and (24) 11: $Conf\leftarrow {\sum }_{m\in \Omega }{\alpha }_m·Con{f}_m$    // $\Omega =\{\mathrm{cons}, \mathrm{hist}, \mathrm{sim}, \mathrm{uncert}\},\alpha =[0.4, 0.3, 0.2, 0.1]$ 12: $Urgency\leftarrow 1-min\left(1, {\displaystyle \frac{\parallel {\mathbf{R}}_{\mathrm{used}}\parallel }{\parallel {\mathbf{R}}_{max}\parallel }}\right)$     13: ${\tau }_{\mathrm{adaptive}}\leftarrow {\tau }_{\mathrm{base}}·(1-{\beta }_{\mathrm{urg}}·Urgency)$     14: if  $Conf<{\tau }_{\mathrm{adaptive}}$then  15:     TriggerHumanIntervention(${\mathbf{x}}^{\ast }, Conf$)     16: else 17:     ExecuteDecision(${\mathbf{x}}^{\ast }$)     18:     $\mathrm{feedback}\leftarrow MonitorExecution\left(\right)$     19:     $\mathbf{R}\leftarrow \mathbf{R}+\eta ·\mathrm{feedback}·{\mathbf{p}}_{\mathrm{threat}}·\mathbf{w}$     20: end if 21: Return  ${\mathbf{x}}^{\ast }, Conf$

4.4. Complexity and Deployment Analysis

K represents the number of resource types, H denotes the number of historical decision records, n indicates the dimension of the decision vector, and d represents the dimension of the input feature vector. The complexity of the threat feature extraction matrix multiplication is $O(M·d)$; the complexity of the threat perception weight correction is $O(N_{\mathrm{expert}}·M)$; the complexity of the expert decision generation is $O(N_{\mathrm{expert}}·d)$; the complexity of the resource-constrained decision optimization is $O(N_{\mathrm{expert}}·n^2+K·n)$; and the complexity of the multidimensional confidence assessment is $O(N_{\mathrm{expert}}^2·n)+O(H·d).$ Thus, the overall complexity is $T(N_{\mathrm{expert}}, M, n, d, K, H)=O(M·d+N_{\mathrm{expert}}·M+N_{\mathrm{expert}}·d+N_{\mathrm{expert}}·n^2+K·n+N_{\mathrm{expert}}^2·n+H·d)$. Considering that the number of experts and the number of decision dimensions are both much smaller than those of the historical data, this can be simplified to $T=O(M·d)$. Therefore, the complexity of this algorithm is related primarily to the number of historical data records, which can be adjusted according to actual conditions.

Further consideration must be given to the challenges encountered in actual deployment, including the system’s inherent robustness and communication latency, the physical limitations of the UAV platform, and data privacy. These factors may impact the system’s real-time performance and reliability. To address these challenges and ensure system security in real-world environments, LLM-LCSA processes terminal data through sliding window aggregation and data validity scoring. Feature vectors contain only statistical characteristics rather than raw data, thereby reducing privacy leakage risks. The resource-aware decision model supports anti-interference strategies such as dynamic channel switching and spread spectrum techniques. Through real-time threat identification enabled by end–edge–cloud collaboration and the dynamic activation of expert models via the MoEs, optimal response decisions are rapidly generated and executed. Furthermore, slack variables introduced in the multi-objective optimization model effectively mitigate security vulnerabilities potentially caused by resource conflicts. The feedback module, based on multidimensional confidence assessment, continuously optimizes decision strategies, collectively ensuring the system’s security and privacy protection capabilities in complex real-world environments.

To assess practical deployment feasibility, we evaluated computational resource requirements for agents at each level: lightweight LLMs can be deployed on embedded platforms like NVIDIA Jetson Orin, and medium LLMs and hybrid expert systems at the edge can leverage edge computing nodes such as NVIDIA A100, while foundational cloud-based LLMs can be supported by mainstream AI servers. Analysis indicates that with current 5G/6G networks and commercial hardware, the LLM-LCSA architecture demonstrates high engineering feasibility, laying the groundwork for subsequent deployment and application within actual UAV clusters.

5. Simulation and Results

The simulation experiment was conducted using Pycharm 2022.1, and the algorithms were implemented in Python 3.8.5. The programs were run on a server with a Windows 11 operating system equipped with 8.00 GB of RAM and a 13th Gen Intel(R) Core(TM) i9-13900H 2.60 GHz processor(Intel Corporation; Santa Clara, California, USA). The system supports the detection of eight threat types (GPS spoofing, network attack, sensor jamming, physical attack, spectrum jamming, malware, data leakage, and DoS attack) and the normal state. Table 4 shows the LLM-LCSA parameter configuration. Table 5 shows the experimental parameter configuration.

Table 4. LLM-LCSA parameter configuration.

Category	Name	Value
Lightweight LLM	Model size	7 B parameters
	Architecture type	Transformer-based lightweight inference model
	Inference latency	<15 ms
	Memory usage	<2 GB
	Attention weight	GPS weight: 0.25; communication weight: 0.20
	Sensor weight	0.15
	Latency weight	0.10
	Spectrum weight	0.15
	CPU weight	0.10
	Memory weight	0.05
	Detection threshold	0.4
Medium LLM	Model size	13 B parameters
	Number of Transformer layers	24
	Inference latency	<45 ms
	Memory usage	<8 GB
	Input dimensions	12-dimensional feature vectors
	Output dimensions	9 classes (8 threats + normal)
	Number of self-attention heads	16
	Feedforward network dimensions	4096
Large LLM	Model size	70 B parameters
	Transformer layers	80 layers
	Inference latency	<180 ms
	Memory usage	<40 GB
	Sequential prediction window	240 historical points
	Context length	2048 tokens
	Pattern memory capacity	2000 threat patterns

Table 5. Simulation parameter configuration.

Category	Name	Value
UAV Cluster	Number of UAVs	15
	Flight altitude	80∼150 m
	Cruising speed	6∼10 m/s
	Maximum speed	12 m/s
	Flight area	3 km × 3 km
Communication System	Communication frequency	2.4 GHz/5.8 GHz
	Transmit power	100 mW
	Antenna gain	2.15 dBi
	Communication range	500–1000 m
	Data transmission rate	1–10 Mbps
	Path loss index	2.2
	Shadowing attenuation standard deviation	3 dB
Network Topology	Topology type	Random geometric graph
	Normalized connection distance	0.35
	Average node degree	4–6
	Network diameter	≤5 hops
	Connectivity probability	>95%

A performance analysis of the LLM-LCSA components, including the end-based LLM, edge-based LLM, cloud-based LLM, expert system, resource optimization process, and decision fusion process, is shown in Figure 4. The performance scores of each LLM component are shown in Figure 4a, and the response times of each component are shown in Figure 4b. The cloud-based large LLM has the best performance, with its value reaching 0.89; however, this component has the highest latency of 195 measurements. The end lightweight LLM has the lowest latency, reducing the dependence on the cloud and ensuring real-time system performance. The three-layer architecture achieves a balance between optimal performance and real-time efficiency.

Figure 4. Component performance analysis of LLM-LCSA.

The changes in expert weights enhanced by the LLM are shown in Figure 5. The dynamic evolution process, where expert weights are dynamically adjusted on the basis of threat types, is shown in Figure 5a. All expert weights fluctuate between 0 and 0.5, indicating that the system uses a balanced design to prevent any single expert from dominating the decision-making process. During the initial learning phase, the weight distribution is relatively even. In the middle phase, specialization begins, with the weight of the GPS defense expert significantly increasing during GPS attacks and the weight of the comprehensive coordination expert increasing during composite threats. This intelligent collaboration mechanism enables real-time adjustment of weights on the basis of threat types, as well as knowledge sharing and updating among experts. A statistical analysis of the weights is shown in Figure 5b, which fluctuates by approximately 0.125 overall, consistent with the expected equal distribution among the eight experts. The slight fluctuations indicate that the system can make fine-tuning adjustments based on threat conditions; the standard deviation bandwidth of approximately ±0.05∼0.08 indicates that the dispersion of expert weights is moderate, allowing for differentiation (to respond to different threats) without excessive dispersion; the maximum weight peak reaches approximately 0.45∼0.5, occurring at T = 4∼5 min, corresponding to major threat events, indicating that the system can concentrate decision-making weights at critical moments; and the minimum weight remains in the range of 0.02∼0.05, ensuring that even experts with the lowest priority maintain basic influence, reflecting a fault-tolerant design philosophy.

Figure 5. Changes in expert weights.

The propagation of threats in a UAV network and the response of the LLMs are shown in Figure 6. A distance-based geometric model was constructed on the basis of 15 UAVs. For key propagation paths, only 1∼2 hops are needed from the high-altitude node to the neighboring cluster, 3∼4 hops are needed for cross-cluster connections, and 4∼5 hops are needed for the network edge node. The LLM acts as a coordination hub at nodes 0, 5, 10, and 14 and is responsible for threat information aggregation and response coordination, implementing a defense strategy that includes early response during low-threat conditions, communication isolation of high-threat nodes, and collaborative protection of adjacent nodes.

Figure 6. UAV network threat propagation and LLM-coordinated response.

Figure 7 shows a comparison of the learning efficiency and performance of various algorithms. The LLM-LCSA curve has the steepest slope, indicating that it adapts quickly to new threat patterns. Traditional methods learn more slowly and encounter learning bottlenecks in the later stages. Owing to the diverse nature of threats, a single algorithm cannot accurately identify them. LLM-LCSA introduces a hybrid expert model, where multiple LLM components work together to improve decision-making and recognition capabilities for different threats.

Figure 7. Learning curve and performance comparison.

As shown in Figure 8, LLM-LCSA consistently outperforms all the baseline methods, indicating its robustness and generalizability. The architecture has significant advantages in the detection of complex threats, achieving a 15.2% improvement over the GNN baselines in malware detection and an 18.7% improvement against GPT spoofing. This is attributed to its effective fusion of multisource data and expert knowledge. Furthermore, LLM-LCSA maintains an average lead of 5.4% in identifying simpler threats, such as sensor jamming and spectrum jamming, which are typically dominated by CNN-based approaches. Across various attack scenarios, LLM-LCSA outperforms the best algorithm in the comparison set by an average of 7.92%, confirming the effectiveness of our hierarchical collaborative design.

Figure 8. Threat type detection accuracy.

The usage of eight key resources (computing resources, communication bandwidth, data and model storage, power consumption, RAM usage, connection quality and latency, dedicated processing units, and sensor resources) is shown in Figure 9. Because the model requires information updates and exchanges with external systems, its demand for communication resources is greater than that for other critical resources. However, this process occurs only around the 1.7 min mark, allowing for staggered scheduling with other critical resources. At this time, no other resources experience peak usage, thereby achieving load balancing and avoiding single-point resource bottlenecks.

Figure 9. Resource consumption analysis.

To highlight the superiority of this architecture in terms of collaborative response at the system level, we also performed weighted collaboration on other methods, selecting enterprise usage rule systems, commonly used academic ML systems, and distributed systems, and assigning them weights of 0.4, 0.35, and 0.25, respectively, to obtain a collaborative architecture representing traditional methods.

The response latency comparison is shown in Figure 10. The five key response stages are as follows: from threat emergence to detection confirmation, from detection to decision output, resource allocation execution time, multinode collaborative response time, and from attack to system recovery. Compared with traditional methods, LLM-LCSA achieves a threat detection delay of 18 ms vs. 35 ms (a 49% reduction), a decision generation time of 52 ms vs. 85 ms, a resource scheduling speed of 68 ms vs. 120 ms, a collaborative response time of 95 ms vs. 180 ms, a 47% increase in efficiency, a 46% reduction in system recovery time, and a 44.52% reduction in total time. Therefore, LLM-LCSA achieves multilayer parallel computing, enables trend-based proactive preparation, and reduces the response time.

Figure 10. Response latency comparison.

The results of the scalability and adaptability analysis are shown in Figure 11. The performance of traditional methods is compared with that of our architecture as the number of UAVs increases. The performance curve of LLM-LCSA declines slowly, whereas that of the traditional methods decreases sharply. When the number of UAVs reaches 30, the gap in performance increases significantly. For different adaptation scenarios, LLM-LCSA achieves higher scores. Owing to its ability to continuously learn new threat patterns, it achieves superior performance in strategy updates.

Figure 11. Scalability and adaptability analysis.

The results of the threat response timing analysis are shown in Figure 12. The experiment included 120 time steps, covering a time window of approximately 13 min, with each time step representing approximately 6.5 s. The analysis shows that the threat appeared at 130 s, and at 143 s, LLM-LCSA began its improved response, with the peak response intensity reaching 105.5% of the threat’s peak intensity. The response covered the entire period from the appearance of the threat to its disappearance, closely matching the evolution curve of the threat. Traditional methods did not begin responding until 97.5 time steps after the threat appeared (approximately 1.4 min later than LLM-LCSA), resulting in delays and insufficient response intensity. Therefore, LLM-LCSA has threat warning capabilities, achieves more precise response intensity, and can fully meet the requirements of threat management across the entire lifecycle.

Figure 12. Threat response time series analysis.

To comprehensively evaluate the reliability of the LLM-LCSA, we further analyzed its false positive rate and false negative rate. The false positive rate reflects how frequently the system misclassifies normal behavior as a threat, while the false negative rate reflects the proportion of genuine threats that the system fails to identify. As shown in Figure 13, the LLM-LCSA architecture achieved significantly lower false positive and false negative rates than traditional methods across all eight threat types. Specifically, the LLM-LCSA achieves an average false positive rate of 3.2% and an average false negative rate of 2.1%. Compared with traditional methods (false positive rate: 8.7%, false negative rate: 6.5%), these results represent relative reductions of 63.2% and 67.7%, respectively. Thus, this outcome fully demonstrates the LLM-LCSA’s balanced approach between precision and completeness in terms of threat detection.

Figure 13. False positive rate and false negative rate analysis.

To validate the scalability of the LLM-LCSA, we incrementally increased the number of UAVs to 30, 45, and 60. Figure 14 shows the response times of each component. As the scale of UAV increases, the response time of cloud-based models grows the fastest, yet it remains within a satisfactory performance range. The lightweight LLM module, expert system module, and decision fusion module remained virtually unaffected, with response time increases under 2 ms. This confirms that even as the UAV fleet expands, the system maintains real-time responsiveness by generating minimal latency.

Figure 14. System response times at different UAV scales.

Figure 15 shows the accuracy of different algorithms for various threats when the number of UAVs reaches 60. It can be observed that as the scale of UAV increases, the threat detection accuracy of LLM-LCSA does not exhibit significant changes. In contrast, the baseline method shows a noticeable decline in performance.

Figure 15. Threat type detection accuracy (UAV = 16).

We selected GNN, which demonstrated superior performance among the comparison algorithms, for contrast analysis. We examined its accuracy trends alongside LLM-LCSA across varying numbers of UAVs, as shown in the Figure 16. Physical attacks typically result in severe consequences, are relatively simple to detect, and their accuracy remains largely unaffected by variations in UAV size. For network attacks, attack sources can propagate through multiple paths. Even a single attack easily identifiable in small networks may evolve into a difficult-to-track “multi-point coordinated attack” in large networks. Consequently, as the number of UAV nodes increases, the accuracy of network attack detection algorithms generally declines. However, LLM-LCSA maintains an accuracy rate above 80%, demonstrating strong robustness. Although GNN methods are theoretically applicable to networked systems, their performance also degrades when handling large-scale, high-density graph structures due to computational complexity issues. Notably, despite this performance decline, LLM-LCSA maintains the highest absolute accuracy among all methods across different scales. Its performance degradation is relatively mild, far less severe than that observed in baseline methods.

Figure 16. Threat detection accuracy of LLM-LCSA and GNN.

To situate this research within the broader context of large-scale parallel and clustered systems, we compare it with advanced work in the field of cluster robotics to establish its position within large-scale parallel systems. Yasser et al. maximized task allocation efficiency by optimizing the communication topology within the cluster (CDTA-CL/DL), focusing on optimizing information flow paths [40]. This study addresses the unique security challenges of UAV clusters by proposing the LLM-LCSA architecture, shifting its focus to optimizing cognitive and decision-making processes. We deploy LLMs and MoEs mechanisms through a cloud–edge–end layered architecture, dynamically scheduling expert knowledge to counter complex threats while explicitly modeling resource constraints in decision-making. Thus, for well-defined tasks, communication optimization is the preferred approach; whereas for high-uncertainty problems like security, enhancing the system’s cognitive intelligence is essential. Despite divergent approaches, both validate a core principle: efficient parallel systems hinge on explicit trade-offs between performance and resources within decentralized coordination mechanisms. Our work demonstrates that this principle extends from communication layers to AI decision-making layers, further validating LLM-LCSA’s value in generalized parallel intelligent systems.

6. Conclusions

In response to the challenges faced by traditional methods in multimachine coordination safety for UAV clusters, including dynamic threat generalization, heterogeneous data fusion difficulties, and resource-constrained decision-making latency, this paper presents LLM-LCSA for multimachine coordination safety. Through cloud–edge–end coordinated deployment and intelligent agent decision-making mechanisms, the proposed framework achieves an efficient threat response. The main contributions of this study are as follows.

We propose the LLM-LCSA model, which integrates short-term and long-term historical databases through a sliding window aggregation mechanism to optimize the efficiency of multisource asynchronous data fusion. All the components achieve excellent performance scores. Additionally, we introduce hybrid expert-based intelligent agents and design a hierarchical collaborative threat detection algorithm, achieving an average 7.92% improvement in threat identification accuracy over traditional methods. With respect to resource-constrained environments, we design a multi-objective optimization model balancing resource consumption and performance, effectively reducing the communication load and decision latency. The simulation results demonstrate a 44.52% reduction in total decision time compared with traditional methods. The load balancing strategy successfully avoids single resource bottlenecks, significantly improving resource utilization.

This paper provides a new solution for the collaborative security of UAV clusters. Future research will build upon this foundation to enhance the practicality and scalability of the LLM-LCSA. Key directions include investigating lightweight models for physical-layer attack detection, developing a cross-cluster federated learning framework for privacy-preserving collaborative training, and validating the system real-time performance in integrated 6G network scenarios, such as high-security smart factories, low-latency smart cities, and data-sharing smart logistics.