RoboLSTM-IDS: multi-dataset evaluation of deep learning framework for UAV network

Hafiz Muhammad Attaullah; Inam Ullah Khan; Muhammad Mansoor Alam; Mazliham Mohd Su ud; Keshav Kaushik

doi:10.7717/peerj-cs.3500

RoboLSTM-IDS: multi-dataset evaluation of deep learning framework for UAV network

Hafiz Muhammad Attaullah ¹, Inam Ullah Khan¹, Muhammad Mansoor Alam^1,2, Mazliham Mohd Su ud ¹, Keshav Kaushik³

1Faculty of Computing and Informatics, Multimedia University, Cyberjaya, Selangor, Malaysia

2Department of Computer Science, Riphah International University, Islamabad, Islamabad, Capital Territory, Pakistan

3Center for Cyber Security and Cryptology, Sharda School of Computer Science & Engineering, Sharda University, Greater Noida, India

DOI: 10.7717/peerj-cs.3500

Published: 2026-02-19
Accepted: 2025-11-28
Received: 2025-04-25

Academic Editor: Ankit Vishnoi

Subject Areas: Artificial Intelligence, Computer Networks and Communications, Security and Privacy
Keywords: UAV, IDS, Anomaly detection, RoboLSTM, Intrusion detection, RoboLSTM-IDS, Multidataset FRAMEWORK, Cyber physical attacks, UAV classical attacks

Copyright: © 2026 Attaullah et al.
Licence: This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited.

Cite this article: Attaullah HM, Khan IU, Alam MM, Mohd Su ud M, Kaushik K. 2026. RoboLSTM-IDS: multi-dataset evaluation of deep learning framework for UAV network. PeerJ Computer Science 12:e3500 https://doi.org/10.7717/peerj-cs.3500

The authors have chosen to make the review history of this article public.

Abstract

The growing deployment of uncrewed aerial vehicles (UAV) in autonomous and networked missions has heightened their exposure to both cyber and cyber-physical attacks, underscoring the need for intelligent and lightweight intrusion detection systems (IDS) solutions. This study introduces RoboLSTM-IDS, a deep anomaly-based framework that combines robust feature engineering with temporal sequence modeling for UAV network security. Leveraging Robust Optimization-Based Tabular Feature Engineering (ROBOTa), a robust optimization-based feature selection technique—the system extracts stable, high-impact features from complex UAV telemetry and communication data. These are modeled using a Long Short-Term Memory network to capture sequential attack dynamics. Comprehensive experiments conducted on five benchmark datasets, including real-world UAV cyber-physical data (T-ITS), CICIDS-2017, UNSW-NB15, and their CTGAN-augmented variants, demonstrate that RoboLSTM-IDS consistently outperforms traditional machine learning and deep learning baselines. It achieves up to 99.62% accuracy and 0.997 AUC, while maintaining low false positive rates and real-time execution performance. Unlike conventional IDS models that are computationally heavy, proposed model achieves a 6× smaller model size, 3× lower memory footprint, and significantly reduced inference latency. These results confirm RoboLSTM-IDS as an effective and scalable IDS solution tailored for next-generation UAV ecosystems.

Introduction

Uncrewed aerial vehicles (UAVs), commonly known as drones, have become central to a broad spectrum of applications ranging from military surveillance and disaster response to smart agriculture, logistics, and environmental monitoring. Their versatility, mobility, and capacity for autonomous decision-making make them highly attractive for real-time operations in both civilian and defense sectors. With the integration of sensors, actuators, and onboard processors, UAVs are increasingly forming complex cyber-physical systems that support intelligent mission execution over wireless and often vulnerable communication links (Ceviz, Sen & Sadioglu, 2024; Nabi et al., 2024; Huzaifa et al., 2025).

A standard UAV architecture includes four major subsystems: (i) the flight control unit, which maintains flight dynamics and stability; (ii) sensing and perception modules (e.g., global positioning systems (GPS), intertial measurement units (IMU), light detection and ranging (LiDAR), camera systems); (iii) a communication module enabling command and telemetry exchange with ground control stations (GCS) or peer UAVs; and (iv) the processing and decision-making layer, typically supported by edge or onboard computational units (ref: Wei, Ma & Sun, 2024; Adil et al., 2023; Hassler, Mughal & Ismail, 2024).

As in Fig. 1 (recreated from Sihag et al. (2023)), at the physical and communication level, the architecture comprises several UAVs forming a drone network capable of inter-drone communication. Each UAV is equipped with onboard sensors such as GPS, LiDAR, and other environmental sensors that aid in navigation, object detection, and mission-specific tasks. These UAVs receive positional data from GPS satellites and transmit/receive situational data through the Automatic Dependent Surveillance–Broadcast (ADS-B) system. A Ground Control Station serves as a centralized control and monitoring hub, maintaining a communication link with UAVs and receiving broadcasted data from ADS-B stations. The architecture also interfaces with edge/cloud computing infrastructure, allowing offloading of compute-intensive tasks such as real-time analytics, route optimization, or anomaly detection. The right-hand side of the architecture diagram showcases the hierarchical control flow. Modules pertaining to the GCS initiate the process by passing inputs to the Planning Layer for flight plan generation or update based on operational targets. The Flight Management Layer carries out task delegation to individual UAVs after interpreting and managing flight plans. Task instructions are transformed into task behaviors through the Control Layer before becoming executable commands. Control signals reach the Sensors and Actuators Layer from the Control Layer for interaction with physical environments (d’Ambrosio et al., 2025). The multiple components breakdown system enables modular operations and real-time adaptability and scalability for UAV swarm applications across critical missions like surveillance work and environmental monitoring and disaster relief.

Figure 1: Overview and architecture of a UAV system (Sihag et al., 2023).

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-1

The various UAV architectural layers assist in enhancing autonomous functionalities as they present openings to various cyber threats, which are directed to communication and control features (Sedjelmaci, Senouci & Ansari, 2016). The UAV network cybersecurity is a critical field of concern that needs urgent consideration. UAV systems are used in hazardous locations and this provides an opportunity to enemies to interfere in the operation management of systems. Some attack vectors that target UAVs include GPS spoofing attacks along with signal blocking and denial of service attacks and packet injection techniques (Mohammed, Fourati & Fakhrudeen, 2024). The attacks have undesirable impacts that minimize mission objectives alongside aircraft accidents as well as exposing classified information to unauthorized parties. The use of UAVs in conducting their tasks is limited in computing and energy that does not allow them to deploy conventional heavy security systems (Abu Al-Haija & Al Badawi, 2022).

Intrusion Detection Systems (IDS) are necessary to ensure protection of UAV activities since these vulnerabilities are an increasingly disturbing threat. IDS solutions keep track of systems and networks in order to identify anomalous activities that are signs of attacks. The application of the classical machine learning models and traditional IDS models based on fixed sets of rules shows significant issues in the UAV operating environment. The systems are highly inflexible and have inadequate data-generalization capabilities by having features that designers create when the threat patterns change.

The use of deep learning algorithms namely Long Short-Term Memory (LSTM) networks became the choice of algorithm to process sequence data, as it is capable of identifying temporal patterns. Applicability of LSTMs to identify dynamic patterns of UAV network traffic and system logs renders them the best choice in the detection of invisible as well as emerging anomalies in the operational settings (Whelan, Almehmadi & El-Khatib, 2022; Fossaceca, Mazzuchi & Sarkani, 2015). Despite their potential, LSTM performance is heavily influenced by the quality of input features. High-dimensional, irrelevant, or noisy features can hinder learning convergence, reduce model accuracy, and introduce overfitting (Tsao, Girdler & Vassilakis, 2022). Intrusion detection in UAV networks remains challenging due to high mobility and dynamic topologies. Traditional IDS methods are often ineffective in such environments.

To mitigate these challenges, we propose RoboLSTM-IDS, a novel hybrid framework that integrates LSTM-based deep learning with a robust feature optimization module called ROBOTa (Robust Optimization-Based Tabular Feature Engineering). Unlike conventional feature selection approaches that rely on static filters or simple ranking methods, ROBOTa employs optimization-based scoring to select features that are both discriminative and resilient. It considers model sensitivity, perturbation stability, and cross-feature interaction strength, leading to a robust, reduced feature set that enhances downstream LSTM performance.

The effectiveness of RoboLSTM-IDS is evaluated across five intrusion detection datasets relevant to UAV environments. These include CICIDS-2027, UNSW-NB15, a UAV traffic dataset (T-ITS), and two synthetically generated datasets using Conditional Tabular GANs (CTGAN). The evaluation demonstrates that RoboLSTM-IDS consistently outperforms traditional classifiers—including Random Forest, SVM, CNN, and vanilla LSTM—in terms of accuracy, recall, false positive rate (FPR), and area under the receiver operating characteristic (ROC) curve (AUC).

The main contributions of this article are as follows;

We propose and present RoboLSTM-IDS, a new hybrid architecture of deep learning, that is a combination of LSTM-based detection and a highly effective lightweight feature optimization pipeline.
We develop and come up with ROBOTa, an optimization-based feature engineering method which dynamically estimates and picks high-value features. RoboLSTM-IDS is 6× smaller than traditional IDS models, 3× less memory footprint, and much reduced inference latency, which means that it can be simulated onboard UAV deployment and is feasible.
We conduct a cross-dataset analysis to confirm the extrapolation of RoboLSTM-IDS to a wide range of attack types and data distributions.

The rest of the article will be organized in the following way. The Related Work section examines the related literature review on UAV intrusion detection systems, feature selection and sequence based learning. Methodology presents the proposed RoboLSTM-IDS framework, namely, the ROBOTa feature selection module, and the LSTM-based classifier. Experimental Setup presents the datasets, augmentation process, and the experimental settings. Results provides the analysis of the evaluation outcomes using various datasets of UAV intrusion detectors and statistical validation and comparison with the base methods. Discussion addresses the implication of the results, especially in the vastness of lightweight deployment and real-time applicability in UAV settings. Lastly, the article has a conclusion, which suggests possible future research.

Related work

This section provides an extensive literature review of the available Intrusion Detection System methodologies that can be used to improve UAV and Internet of Things (IoT) network security. It details the strengths and weaknesses of these systems, their performance in detecting and countering the threats in dynamic UAVs settings. The methods reviewed include machine learning, deep learning, hybrid IDS, federated models and designs based on reinforcement learning. We organize this discussion into four key areas: traditional ML-based models, deep neural architectures (especially LSTM and its variants), feature engineering strategies, and multi-dataset evaluations.

Initial IDS models for UAV and IoT relied heavily on classical machine learning algorithms. In Fu et al. (2023) employed SVMs to detect intrusions in UAV telemetry but reported low adaptability to evolving attack signatures. In Adil et al. (2023), Hadi et al. (2024), Bouhamed et al. (2021) authors used LSTM (in general without any feature engineering), random forest (RF) and k-nearest neighbor (KNN) on CICIDS and UNSW-NB15, achieving moderate accuracy but with high false positive rates and signs of overfitting in imbalanced datasets. Similarly, Hashesh et al. (2022) tested lightweight ML techniques on Botnet Internet of Things (BoT-IoT) and found them insufficient for detecting minority class attacks. These models, while computationally inexpensive, are static and unsuitable for dynamic UAV contexts.

The rise of deep learning has transformed IDS design, especially using temporal models like LSTM and GRU. Alzahrani (2024) implemented an LSTM-based IDS for UAV cyber-physical systems, achieving 94.2% accuracy on proprietary data, but showed weak cross-dataset generalization (Anwar et al., 2025). Sheela et al. (2024) highlighted issues of over-sensitivity to dominant features in UAV logs using LSTM. CNN-LSTM hybrids (Sheela et al., 2024), GRU-Autoencoders (Alzubi et al., 2022), and AE-LSTM (Xu et al., 2024) have improved detection performance but often at the cost of inference speed, making real-time UAV deployment infeasible. Recent studies like Liang et al. (2024) adopted federated LSTM for distributed UAV logging, but performance degraded under data heterogeneity.

Several hybrid systems have attempted to enhance generalization. AlKhonaini et al. (2024) combined CNN, RF, and DNN ensembles across CICIDS and NSL-KDD, yet suffered from large inference latency. AL-Syouf, Bani-Hani & AL-Jarrah (2024) proposed a DRL-based IDS with promising learning capacity but demonstrated instability in UAV environments with small, non-stationary batch updates.

Recent advances in intrusion detection for UAV networks highlight both opportunities and challenges. Federated learning-based IDS frameworks have been proposed to enhance UAV privacy and security in distributed environments, offering collaborative learning without direct data sharing (Ceviz et al., 2025). At the same time, UAVs have been shown to be vulnerable to adversarial manipulations, where deep learning-based models can be misled through carefully crafted perturbations (Tian et al., 2021). Beyond UAVs, the broader cyber-physical system literature has also demonstrated the risks of adversarial false data injection attacks. For example, the EVADE framework reveals how targeted adversarial manipulations can compromise state estimation in smart grids (Tian et al., 2024a), while LESSON introduces a multi-label adversarial attack strategy that undermines deep learning-based locational detection (Tian et al., 2024b; Qureshi et al., 2025). Overall, these studies indicate the significance of the need to develop sound, lightweight, and generalizable frameworks of IDS that will support the COVID of adversarial effects and will be viable in real-time UAV application.

Nevertheless, feature representation is an important factor in the robustness of the IDS. Popular ones are PCA, IG and RFE to reduce dimensions. These are however not able to explain feature stability to perturbation or deep interactions between features. The authors in Tlili, Ayed & Fourati (2024) reviewed that most failures of IDS were associated with poor feature selection pipelines, also Dewangan & Vij (2024) used LSTM with optimized features and reported better consistency, but only on a single dataset, Booij et al. (2021) used Bi-GRU and feature ranking, but performance declined drastically on the TON_IoT dataset (Tlili, Ayed & Fourati, 2023). These experiments underscore the importance of optimization-based feature selection algorithms to be used that can change with the dynamics of models and be used across datasets.

Lots of IDS frameworks are trained on single datasets, which is not always applicable in the real world. Tlili, Ayed & Fourati (2023) trained AE-CNN on NSL-KDD and CICIDS and obtained good results at the cost of long training times. Alwan et al. (2022), Hassler, Mughal & Ismail (2024) presented a transformer-based IDS and obtained high accuracy, but with a high dependence on the GPU. Sedjelmaci, Senouci & Ansari (2017) trained a lightweight CNN on edge devices, where the balance between complexity and recall was This inability to generalize, edge-feasibility, and robustness underlines the necessity of unified frameworks of IDS that are tested on a variety of datasets.

Despite these advances, there remains a critical need for IDS models that are lightweight as shown in Table 1, generalizable, and resilient to diverse feature behaviors across datasets (Hassler, Mughal & Ismail, 2023; Praveena et al., 2022; Attaullah et al., 2024). In response, we propose RoboLSTM-IDS, a novel hybrid IDS that combines the sequence modeling capability of LSTM with a robust feature optimization module ROBOTa. ROBOTa dynamically ranks and selects features based on model sensitivity, perturbation stability, and cross-feature interaction, thereby ensuring minimal overfitting and strong cross-dataset performance. We evaluate RoboLSTM-IDS across five benchmark datasets, including CICIDS-2017, UNSW-NB15, T-ITS, and two CTGAN datasets.

Table 1:

Summary of existing IDS studies with key limitations.

Study	Model type	Dataset(s)	Type of IDS used	Limitations
Fu et al. (2023)	SVM	Custom UAV dataset	Signature-based ML IDS	Poor adaptability to unseen data
Adil et al. (2023)	RF, KNN	CICIDS, UNSW-NB15	Anomaly-based ML IDS	Overfitting, high FPR
Hadi et al. (2024)	LSTM	CPS, NSL-KDD	Deep Learning (Time-Series IDS)	Weak cross-dataset generalization
Bouhamed et al. (2021)	LSTM-based DL	Surveillance Logs	Temporal Deep IDS	Feature dominance, imbalance issues
Hashesh et al. (2022)	Meta-review	CIC 2017-2018	Comparative Survey (Mixed)	Lacks experimental benchmarking
Alzubi et al. (2022)	Deep Ensemble Model	CICIDS, NSL-KDD, BoT-IoT	Multi-Modal Ensemble IDS	High complexity, unsuitable for UAV edge deployment
Alzahrani (2024)	CNN-LSTM Hybrid	TON_IoT	Anomaly-based DL IDS	High training time, unsuitable for lightweight UAVs
Sheela et al. (2024), Booij et al. (2021)	Autoencoder + Classifier	BoT-IoT	Signature + Anomaly Hybrid IDS	Weak on zero-day detection, limited feature adaptation
Xu et al. (2024)	Federated LSTM	Edge UAV logs	Distributed Federated IDS	Poor convergence under data heterogeneity
Liang et al. (2024)	CNN-GRU	CICIDS-2018	Deep Sequential IDS	No benchmarking across heterogeneous datasets
AlKhonaini et al. (2024)	Hybrid AE-LSTM	IoTID20	Deep Anomaly IDS	Computationally intensive for real-time UAVs
AL-Syouf, Bani-Hani & AL-Jarrah (2024)	Feature-optimized LSTM	NSL-KDD	Optimization-based DL IDS	Dataset-specific tuning; lacks generalization
Tlili, Ayed & Fourati (2024)	Ensemble RF-CNN	CICIDS-2017	Hybrid IDS	Requires preprocessing pipeline; slow inference
Dewangan & Vij (2024)	ML-Based Lightweight IDS	BoT-IoT	Anomaly-based ML IDS	Low precision for minority class
Ntizikira et al. (2023)	LSTM-Attention Model	NSL-KDD	Temporal IDS with attention	Overfits on repetitive sequence features
Booij et al. (2021)	Bi-GRU + Feature Ranking	TON_IoT	Feature-engineered DL IDS	Inconsistent F1-scores across datasets
Tlili, Ayed & Fourati (2023)	AE + CNN	NSL-KDD, CICIDS	Layered DL IDS	Long training cycles; edge impractical
Alwan et al. (2022)	Lightweight CNN	BoT-IoT	Edge ML IDS	Reduces complexity but sacrifices recall
Hassler, Mughal & Ismail (2024)	Transformer-based IDS	TON_IoT, NSL-KDD	Deep Attention IDS	Requires GPU support for deployment
Sedjelmaci, Senouci & Ansari (2017)	DRL-based Classifier	CICIDS-2018	RL-based IDS	Unstable in small UAV batch tasks

DOI: 10.7717/peerj-cs.3500/table-1

UAV-based ids approaches

IDSs in UAV environments can be broadly classified into three categories: Signature-Based, Anomaly-Based, and Hybrid approaches as taxonomy mentioned in Fig. 2. The taxonomy is divided into these IDS classifications but specifically focusing on DL based techniques. Signature-Based IDS rely on rule or pattern matching against known attack signatures. Anomaly-Based IDS include statistical techniques, traditional machine learning algorithms (e.g., support vector machine (SVM), Random Forest, Naïve Bayes), and deep learning models (e.g., LSTM, GRU, CNN, Autoencoders). Advanced deep learning architectures like CNN-LSTM and AE-LSTM enhance anomaly detection capabilities (Fossaceca, Mazzuchi & Sarkani, 2015). Hybrid IDS implements signature detection features together with anomaly detection capabilities to establish a sturdy system that detects threats in UAV environments. Each detection paradigm has its own unique combination of strengths and weaknesses regarding accuracy levels and adaptability parameters and computation availability. This section analyzes all IDS strategies focusing on anomaly-based IDS methods since they serve as the foundation for the proposed RoboLSTM-IDS architectural framework.

Figure 2: Classification of IDS for UAV focusing on DL based techniques.

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-2

Signature-based IDS

IDS based on signature detection matches system behavior along with network traffic patterns against attack signature databases for detection purposes. Embedded systems that operate UAVs benefit from these lightweight security systems because they maintain both high efficiency along with minimal resource requirements. The system rule-based detection tool Snort remains a classic example of matching known threat patterns in real-time for intrusion detection.

Zhang et al. (2018) proposed a UAV-specific signature-based IDS using SVM to classify known attack types. The system effectively detected established security threats yet struggled to recognize new modified attack methods. The core drawback of signature-based systems reveals itself when they demonstrate complete unawareness toward unknown zero-day threats. The frequent need to update signature databases becomes a challenge for these systems because highly mobile UAV environments contain rapidly changing threats.

Anomaly-based IDS

An anomaly-based IDS operates through defining normal patterns of behavior then identifying any unusual operational activity. The analysis technique proves ideal for UAV networks because their unpredictable mission-oriented communication patterns are challenging to specify beforehand. Anomaly detectors surpass signature-based systems by detecting new threats which enables them to act as crucial cyber-defense mechanisms of today.

Anomaly-based IDS implementations during their initial stages relied on statistical models in combination with clustering algorithms. Tan et al. (2019) applied machine learning classifiers like Random Forest and KNN to UAV telemetry data but encountered high false positive rates and instability under class imbalance. Ouiazzane, Barramou & Addou (2020) applied lightweight anomaly-based models to the BoT-IoT dataset and noted that while fast, they struggled with precision for minority attack classes.

In recent years, deep learning has significantly advanced the field of anomaly detection. Deep architectures can extract hierarchical patterns from high-dimensional data and capture temporal relationships, making them ideal for UAVs where behavior evolves over time. LSTM, CNN, GRU, and Autoencoder based IDS have been widely explored.

Dash et al. (2025) implemented an LSTM-based IDS for detecting DoS attacks in UAV-based cyber-physical systems, achieving high accuracy. However, the model struggled to generalize across datasets such as NSL-KDD, indicating a limitation in robustness. Bamber et al. (2025) used a CNN-LSTM hybrid model on the TON_IoT dataset and reported improved detection rates, but the model required significant training time and was not optimized for UAV edge deployment. Other models such as GRU-based Autoencoders (Narmadha & Balaji, 2025) and AE-LSTM hybrids (Abdulganiyu et al., 2025) showed promise but suffered from overfitting or were too computationally demanding for onboard use.

These findings point toward the need for anomaly-based systems that not only leverage deep learning’s potential but are also optimized for generalization and efficiency. The proposed RoboLSTM-IDS framework belongs to this category by combining LSTM’s temporal detection features with robust feature engineering capabilities of the ROBOTa module as the workflow is illustrated in Fig. 3.

Figure 3: Workflow of the proposed RoboLSTM-IDS framework.

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-3

Hybrid-based IDS

Hybrid IDS combine elements of both signature-based and anomaly-based detection to leverage the strengths of each. A signature-based module with fast operation detects known threats but requires a complex anomaly-based component to identify unknown threats and active attacks. The approach consists of two layers to maximize both detection accuracy and minimize false positive and false negative outcomes.

Ali et al. (2025) implemented a deep ensemble model combining CNN and Random Forest for multi-dataset evaluation. While detection rates improved overall, the system required a powerful backend and was unsuitable for real-time or low-power environments like UAVs. Kamal & Mashaly (2025) presented an Autoencoder Classical classifier hybrid that could handle known and unknown attacks, but its performance deteriorated under adversarial perturbations and it lacked explainability.

The hybrid model functions well with abundant resources but lacks the simplicity required for UAVs to handle it efficiently. RoboLSTM-IDS provides a necessary solution to security challenges because it delivers accurate anomaly-based protection through a resource-efficient system design.

Signature based IDS works fast and is economical in resource utilization but possesses low capabilities of detecting threats that are not recognized. The anomaly-based IDS offers very high adaptability to new threats, but with the application of deep learning, but may require complex setup procedures and generates false detection notifications. The hybrid models offer the best benefits of the conventional models but are inapplicable in real-time UAV operations because of complexity of operation. The RoboLSTM-IDS is a system that is in the deep IDS sector of anomaly based IDS. The system implements stable feature engineering algorithms powered by optimization principles for noise reduction alongside improved broad applicability for UAV operational settings.

Datasets

The effectiveness of building a reliable IDS for UAV networks depends heavily on dataset quality along with the specific characteristics that appear during the training and evaluation processes. Existing datasets in the field of intrusion detection have largely focused on either cyber-level network traffic or physical telemetry, but very few offer integrated datasets that include both. This section provides a comprehensive overview of prior datasets used in UAV-related IDS research, categorizing them based on their domain focus, followed by a comparative analysis and the rationale for selecting the specific datasets used in this study. So In this part, the related works categorized into two sections: IDS which is based on cyber and based on the cyber physical features, followed by a comparison.

Datasets with cyber features

Cyber-based datasets focus on network-level data such as packet flows, protocol behavior, and statistical metadata derived from network traffic. These datasets form the foundation of traditional IDS development and have been widely used in machine learning research for network security. Examples include NSL-KDD (Tavallaee et al., 2009; McHugh, 2000); CICIDS-2017 (Sharafaldin, Lashkari & Ghorbani, 2018; Chen, 2023), augmented CTGAN (Alabdulwahab et al., 2023; Xu et al., 2019), InSDN (Khanapuri, Sharma & Brink, 2022), and UNSW-NB15. Which are discussed in Chen (2023), Koroniotis et al. (2017), Moustafa et al. (2018), Keshk et al. (2017), Moustafa, Turnbull & Choo (2018), Moustafa, Slay & Creech (2018a, 2018b, 2018c).

Many researchers have built their IDS models using these cyber-only datasets (Hassler, Mughal & Ismail, 2024). For instance, Shrestha et al. (2021) used a deep belief network combined with particle swarm optimization on the CICIDS-2017 dataset, achieving superior performance over conventional neural networks. Zhang et al. developed a hybrid IDS using TCP/UDP traffic analysis and wavelet-based fractal modeling; however, their data was purely simulated. Several other studies applied classical and deep learning models (e.g., SVM, CNN, RNN) to datasets like NSL-KDD (Tavallaee et al., 2009) and CICIDS-2017.

Despite their utility, these datasets were not originally designed for UAV environments. They lack UAV-specific features such as flight patterns, mobility-induced packet variation, or control link protocols (e.g., MAVLink). Additionally, many of these datasets were created in traditional IT network infrastructures, making them poorly suited for aerial networks where context and timing are essential. As a result, models trained on these datasets may generalize poorly in real-world UAV scenarios.

Datasets with physical features

Physical-feature-based datasets represent another axis of IDS development, focusing on sensor data, flight telemetry, orientation vectors, and behavior-based anomalies. These datasets aim to detect intrusions based on deviations from expected UAV movement patterns or physical signatures.

Several studies have focused on such approaches. Authors in Keipour, Mousaei & Scherer (2021) used a simulated UAV flight log dataset that included attack and normal scenarios, while others like Chen (2023), Mohammed, Fourati & Fakhrudeen (2024) proposed statistical models for GNSS spoofing detection. More sophisticated works have used deep learning models like 1D-CNNs and DNNs to detect behavioral anomalies in UAVs based purely on telemetry signals, flight trajectories, and positional drift.

Although useful, such datasets are usually narrow. They do not usually have network-layer intrusion events and do not necessarily consider cyber attacks such as spoofed command injection, control hijacking, or de-authentication attacks. Also, most of them are not constructed on actual scenarios but virtual scenarios of UAV operations, making them less faithful to real operational IDS deployment.

Selected datasets

A side-by-side comparison of commonly used IDS datasets in UAV research reveals a clear gap: most datasets either focus on cyber-level attacks or physical anomalies—not both. Cyber datasets offer volume and variety but lack UAV-specific context. Physical datasets capture movement-related behavior but ignore networking threats. Table 2 summarizes the domain type, UAV applicability, covered attack types, and known limitations of representative datasets in the field.

Table 2:

Comparison of commonly used datasets for UAV intrusion detection.

Dataset	Domain type	UAV-specific	Attack types	Limitations
NSL-KDD	Cyber	No	DoS, Probe, R2L, U2R	Outdated attack types; no UAV communication or telemetry data
CICIDS-2017	Cyber	No	DDoS, Web, Infiltration, Heartbleed, Brute Force	Not UAV-specific; lacks real mobility or control-link context
UNSW-NB15	Cyber	No	Exploits, Shellcode, Worms, Backdoor, Reconnaissance	No UAV-related protocol (e.g., MAVLink); lacks physical behavior modeling
BoT-IoT	Cyber (IoT-specific)	No	DoS, Theft, Reconnaissance, DDoS	IoT-focused; lacks UAV telemetry or wireless control data
TON_IoT	Cyber (IoT Logs)	No	Keylogging, Malware, Data theft	General IoT logs; lacks UAV context or aerial network representation
GNSS spoofing dataset	Physical (GPS signals)	Yes	GPS Spoofing	Focused only on location deception; does not include cyber attack vectors
AirLab UAV dataset	Physical (Flight logs)	Yes	Anomalies, actuator/sensor failures	No cyber intrusions; only physical flight anomalies
CTGAN	Cyber-Physical (Simulated)	Yes	DoS, Telemetry Injection, Spoofing	Fully simulated; lacks real attack complexity or noise
T-ITS	Cyber-Physical	Yes	De-auth DoS, Replay, FDI, Evil Twin	Testbed-based; limited scalability and diversity
UAV-GRID	Physical	Yes	Command Injection, Spoofing, DoS	Tailored to grid drones; not general UAV use cases

DOI: 10.7717/peerj-cs.3500/table-2

To address these gaps, this study integrates five datasets—three general and two augmented—that collectively cover cyber, physical, synthetic, and a UAV-specific data domains. Each dataset is briefly described below. Table 3 presents a consolidated summary of these five datasets, including their domains, sources, attack types, and unique contributions to this study.

Table 3:

Summary of datasets used for RoboLSTM-IDS.

Dataset	Domain type	Attack types	No. of records	No. of features
T-ITS	Cyber-Physical	De-authentication DoS, Replay, False Data Injection, Evil Twin	10,000+	53 (16 physical + 37 cyber)
CICIDS-2017	Cyber	Brute Force, Web Injection, Infiltration, DDoS, Heartbleed	2.8 million	80+
UNSW-NB15	Cyber	Exploits, Shellcode, Worms, Generic, Reconnaissance	2.5 million	49
CTGAN (Augmented CICIDS)	Cyber (GAN-Augmented)	Heartbleed, Infiltration, Web Attack	2.9 million	80+
CTGAN (Augmented UNSW)	Cyber (GAN-Augmented)	Worms, Shellcode, Backdoor	2.6 million	49

DOI: 10.7717/peerj-cs.3500/table-3

T-ITS

The T-ITS dataset is a cyber-physical dataset specifically designed for UAV intrusion detection. Developed using a custom UAV testbed, it includes both physical telemetry (16 features) and cyber network flow data (37 features). Four types of attacks were executed: de-authentication DoS, replay, false data injection, and evil twin attacks. The data is provided in CSV format and annotated for supervised machine learning, making it an ideal candidate for anomaly-based IDS training (Hassler, Mughal & Ismail, 2023).

CICIDS-2017

CICIDS-2017 is a modern intrusion behaviors simulated over HTTP, FTP, SSH, and SMTP protocols. The dataset spans five days of real traffic between 25 user agents and includes attacks such as Brute Force, Web Injection, Infiltration, DDoS, and Heartbleed. Over 80 flow-level features are extracted per sample using CICFlowMeter. While not UAV-specific, the dataset offers realistic and rich attack scenarios suitable for deep learning-based anomaly detection (Chen, 2023).

UNSW-NB15

The UNSW-NB15 dataset provides a combination of real and synthetic traffic captured in a controlled lab using the IXIA PerfectStorm tool. It includes nine classes of attacks such as Worms, Shellcode, Exploits, Generic, and Reconnaissance. A total of 49 statistical features were engineered from packet flows using Argus and Bro-IDS. While not tailored to UAVs, the diversity of attack profiles adds value for evaluating generalization performance across non-UAV datasets (Chen, 2023).

CTGAN: Augmented CICIDS-2017

CTGAN-CICIDS-2017 is a class-balanced, synthetic variant of CICIDS-2017. Using Conditional Tabular GANs with WGAN-GP regularization, minority classes such as Heartbleed, Infiltration, and Web Attack were augmented to achieve balanced class representation. The resulting dataset helps in mitigating the overfitting problem caused by imbalanced data in standard IDS benchmarks and is well-suited for evaluating anomaly-based learning algorithms (Zeng & Nait-Abdesselam, 2024).

CTGAN: Augmented UNSW-NB15

It follows a similar augmentation strategy applied to UNSW-NB15. Underrepresented attack classes such as Worms, Shellcode, and Backdoor were synthetically boosted using the same CTGAN framework. This ensures balanced multi-class distribution, allowing robust training of detection models like RoboLSTM-IDS and improving sensitivity to stealthy or low-frequency attack patterns (Zeng & Nait-Abdesselam, 2024).

RoboLSTM-IDS framework

This section describes the methodology behind the proposed RoboLSTM-IDS framework, a deep anomaly-based intrusion detection designed for UAV network security. The framework integrates robust feature optimization with temporal learning to detect various cyber and cyber-physical attacks. The full pipeline is composed of these major phases that we discussed in detailed in Algorithm 1, and also highlighted earlier in Fig. 3, they are; dataset preparation, robust optimization-based feature engineering, temporal sequence construction, LSTM model training, and final evaluation.

Algorithm 1 :

RoboLSTM-IDS intrusion detection framework.

Require: Multi-source Datasets D = {D₁, D₂, ..., D_n}, Window size T

Ensure: Predicted labels and evaluation metrics: Accuracy, Fl, MCC, AUC

1: Begin

2: // Phase 1: Data Preprocessing

3: for each dataset D_i

\in

D do

4: Perform Data Cleaning

5: Apply Normalization (Min-Max or Z-score)

6: Encode class labels (One-Hot or Label Encoding)

7: end for

8: // Phase 2: ROBOTa Feature Engineering

9: Define fitness function f(F) based on classification accuracy and feature subset size

10: Initialize population of feature subsets

11: while termination condition not met do

12: Generate candidate subsets F_i

13: Evaluate f(F_i) using a lightweight classifier

14: Update population based on fitness scores

15: end while

16: Select best subset F* = argmax f(F_i)

17: // Phase 3: Temporal Sequence Construction

18: Initialize empty sequence set S

19: for each sample x_i in D restricted to features F* do

20: for

j = 1 t o | x_{i} | - T + 1

21: Create window w_j = {x_j, x_j₊₁, ..., x_j_+T−i}

22: Append w_j to S

23: end for

24: end for

25: for each W_j

\in

S do

26: Assign label y_j (e.g., majority class or last timestep)

27: end for

28: // Phase 4: LSTM-Based Classification

29: Define input shape (T, |

| F^{*} |

) for LSTM

30: Initialize LSTM gates (input, forget, output) as per Eqs. (4)–(8)

31: Train model using training set and cross-entropy loss

32: Apply Softmax for final classification

33: // Phase 5: Performance Evaluation

34: Test model on the testing set

35: for each metric m

\in

{Accuracy, Fl, MCC, AUC} do

36: Compute m using Eqs. (9)–(15)

37: end for

38: Return predicted labels and evaluation metrics

39: End

DOI: 10.7717/peerj-cs.3500/table-101

Preprocessing

The input to the RoboLSTM-IDS framework consists of five datasets: T-ITS, CICIDS-2017, UNSW-NB15, and two augmented versions generated via CTGAN. Each dataset is first preprocessed to ensure compatibility across the pipeline. Initially, all categorical labels are encoded numerically, and attack classes are unified to reduce fragmentation (e.g., all Web attacks are grouped together). Missing values, NaNs, and duplicates are eliminated during a data cleaning phase. Subsequently, feature values are normalized to a [0, 1] scale using Min-Max normalization to improve training stability. Finally, each dataset is split into training and testing subsets, typically in an 80:20 ratio. For temporal modeling, each sequence is constructed with a fixed sliding window of size T and stride $s$ . Given a tabular stream ${x_{1}, x_{2}, \dots, x_{n}} \in R^{F}$ , we build sequences $X_{t} \in R^{T \times F}$ as [x_t, x_t+1, …, x_t+T−1].

Feature engineering with ROBOTa

The ROBOTa module Robust Optimization-Based Tabular Feature Engineering is one of the most important elements to the RoboLSTM-IDS framework. As a model enhancement technique, feature engineering is crucial in enhancing the level of accuracy, preventing overfitting, and generalization in heterogeneous UAV datasets. ROBOTa uses a strong, optimization-based approach in selecting a small, stable set of features without compromising model performance unlike traditional filtering or wrapper-based techniques. It is a population-based swarm heuristic technique that searches binary masks over features to minimize a bi-objective fitness: (i) classification loss (estimated quickly with a lightweight proxy classifier) and (ii) sparsity (number of selected features).

The feature selection task is formulated as a multi-objective optimization problem. The two conflicting objectives are (i) minimizing the classification error and (ii) minimizing the number of features. This trade-off is captured using a fitness function, which evaluates each candidate subset $S_{i}$ as shown in Table 4.

Table 4:

Mathematical formulations used in ROBOTa feature optimization.

Description	Formula	Eq. no.
Fitness function combining classification loss and sparsity	$F F (S_{i}) = ϕ \cdot L_{c l s} (S_{i}) + σ \cdot \frac{\| S_{i} \|}{N}$	(1)
Velocity update rule for candidate subsets	$Q_{i} (t + 1) = Q_{i} (t) + c_{h} + a \cdot (S_{g} - Q_{i} (t))$	(2)
Position update rule for candidate solutions	$S_{i} (t + 1) = S_{i} (t) + Q_{i} (t + 1)$	(3)

DOI: 10.7717/peerj-cs.3500/table-4

Here, $L_{c l s} (S_{i})$ is the classification loss associated with feature subset $S_{i}$ , $| S_{i} |$ is the cardinality of the subset, and N is the total number of available features in the dataset. The scalar weights $ϕ$ and $σ$ control the emphasis placed on accuracy and sparsity, respectively. These hyperparameters can be tuned depending on the dataset characteristics (e.g., class imbalance, feature redundancy).

ROBOTa uses a population-based search strategy inspired by swarm intelligence heuristics. A population of P candidate feature subsets is initialized randomly. Each candidate has an associated velocity $Q_{i}$ and position $S_{i}$ . During each generation $t$ , all candidates are evaluated using the fitness function (Eq. (1)), and their positions and velocities are updated using Eqs. (2) and (3).

In the velocity update equation, $c_{h}$ is a heuristic term to encourage exploration, and $a$ is an attraction coefficient that pulls the candidate toward the current global best solution $S_{g}$ . The position update allows the candidate subset to evolve by selecting or deselecting features in each iteration.

Throughout the optimization process, a lightweight classifier (e.g., logistic regression or shallow neural net) is used to estimate $L_{c l s}$ efficiently. To reduce stochastic variance, a subset’s fitness score may be averaged over multiple random seeds or k-fold splits.

As shown in Table 5, the hyperparameters of the proposed ROBOTa module were systematically tuned over predefined ranges. The search space included the population size (P), number of generations (G), exploration and attraction coefficients ( $c_{h}$ , $a$ ), and the trade-off weights for accuracy ( $ϕ$ ) and sparsity ( $σ$ ). For proxy classifiers, we experimented with both logistic regression (with L2 regularization, $C = 1.0$ ) and a shallow MLP; however, logistic regression was selected in the final configuration. The reported values were chosen based on validation performance, and all experiments were averaged across multiple random seeds to ensure robustness.

Table 5:

ROBOTa hyperparameters and tuning ranges.

Best values are chosen on validation per dataset.

Parameter	Range/Value	Final (example)
Population P	{20, 40, 60}	40
Generations G	{40, 60, 80}	60
Exploration $c_{h}$	{0.2, 0.5, 0.8}	0.5
Attraction $a$	{0.5, 0.8}	0.8
Accuracy weight $ϕ$	{1.0, 0.5}	1.0
Sparsity weight $σ$	{0.05, 0.10, 0.20}	0.10
Proxy classifier	LR (L2, $C = 1.0$ )/MLP(64)	LR (L2, $C = 1.0$ )
Seeds	{13, 17, 23}	Mean over seeds

DOI: 10.7717/peerj-cs.3500/table-5

The algorithm continues for a fixed number of generations or until convergence criteria are met (e.g., no significant improvement in global best). Once complete, the most robust and compact feature subset $F_{o p t}$ is selected and forwarded to the temporal transformation and LSTM classification stages.

ROBOTa thus ensures that only the most predictive and stable features are retained, reducing dimensionality while improving learning efficiency, which is especially important in real-time UAV deployments with constrained edge hardware.

Temporal sequence transformation

After feature selection, the data is converted from a flat tabular format to a temporal sequence suitable for LSTM input. Using a fixed sliding window of size T, individual samples are organized into overlapping sequences. This allows the model to learn temporal dependencies that reflect how attack patterns evolve over time in UAV communications.

LSTM-based classification

The final stage of the RoboLSTM-IDS framework involves sequence learning using an LSTM network. LSTM is a type of recurrent neural network (RNN) designed to handle sequential data with long-term dependencies, which is particularly useful for detecting temporal patterns in UAV network traffic and behavioral logs. The model receives as input a time-series of optimized feature vectors generated through the ROBOTa module and transformed via temporal windowing.

An LSTM unit maintains two types of state at each time step $t$ : a hidden state $h_{t}$ and a memory cell $C_{t}$ . These are updated through three key gates: the forget gate, the input gate, and the output gate. Their operations are controlled by the following set of equations, summarized in Table 6.

Table 6:

Mathematical formulations of LSTM internal mechanisms.

Description	Equation	Eq. no.
Forget gate activation	$f_{t} = σ (W_{f} [h_{t - 1}, x_{t}] + b_{f})$	(4)
Input gate activation	$i_{t} = σ (W_{i} [h_{t - 1}, x_{t}] + b_{i})$	(5)
Candidate cell state	${\tilde{C}}_{t} = \tanh (W_{c} [h_{t - 1}, x_{t}] + b_{c})$	(6)
Cell state update	$C_{t} = f_{t} ⊙ C_{t - 1} + i_{t} ⊙ {\tilde{C}}_{t}$	(7)
Output gate and hidden state	$o_{t} = σ (W_{o} [h_{t - 1}, x_{t}] + b_{o}), h_{t} = o_{t} ⊙ \tanh (C_{t})$	(8)

DOI: 10.7717/peerj-cs.3500/table-6

In these Eqs. (4) to (8), $x_{t}$ represents the input vector at time step $t$ , $σ$ is the sigmoid activation function, and $\tanh$ is the hyperbolic tangent function. The forget gate $f_{t}$ determines which information from the previous cell state $C_{t - 1}$ to retain. The input gate $i_{t}$ controls which parts of the new candidate state ${\tilde{C}}_{t}$ are added to the memory. The output gate $o_{t}$ governs what part of the memory cell $C_{t}$ is exposed as the hidden state $h_{t}$ , which is then passed to subsequent layers or time steps. For classification, the final hidden state is passed through a dense softmax layer that maps to the intrusion classes. In the context of UAV-based anomaly detection, this allows the model to make predictions based not only on instantaneous patterns, but also on the temporal dynamics leading to an event, which is especially useful in detecting gradual or stealthy intrusions. So, the model receives input sequences of shape $R^{T \times | F_{o p t} |}$ , which are processed through an LSTM layer with 64 units (returning sequences), followed by a dropout layer ( $p = 0.3$ ). This is succeeded by a second LSTM layer with 32 units, another dropout layer ( $p = 0.3$ ), and two dense layers: one with 64 units and ReLU activation, and the final output layer with C units and softmax activation (sigmoid for binary classification). Gradient clipping is applied at 1.0 to stabilize training. For optimization, we employ Adam with a learning rate of $10^{- 3}$ , a batch size of 128, and train for up to 100 epochs with early stopping (patience of 10, restoring the best weights). The loss function is a weighted cross-entropy, where class weights are derived from the training labels, and macro-F1 is monitored as the early-stopping criterion due to its robustness under class imbalance. Regularization is achieved via dropout (as described above), L2 weight decay ( $10^{- 5}$ ) on dense layers, and layer-normalized LSTMs (when available) in ablation studies. To analyze window size sensitivity, we evaluate $T \in {10, 20, 30}$ , select the best configuration on the validation set, and report the chosen T for each dataset.

As summarized in Table 7, we provide the full details of the LSTM architecture and training configuration used across different datasets. The temporal window size (T) was set to 20 for most datasets, except for UNSW-NB15 where $T = 30$ yielded better temporal context modeling. The architecture consists of a stacked LSTM with two recurrent layers (64 and 32 units), followed by a dense hidden layer of 64 neurons. Dropout regularization (0.3 applied to both recurrent and dense layers) was employed to mitigate overfitting. The Adam optimizer with a learning rate of $10^{- 3}$ was used for training. Each experiment was trained with a batch size of 128 over 100 epochs, ensuring stability across both real and synthetic datasets.

Table 7:

LSTM architecture and training configuration.

T is the temporal window size.

Dataset	T	Hidden layers	Dropout	Optimizer (lr)	Batch/Epochs
T-ITS	20	LSTM(64) $\to$ LSTM(32) $\to$ Dense(64)	0.3/0.3	Adam ( $10^{- 3}$ )	128/100
CICIDS-2017	20	Same as above	0.3/0.3	Adam ( $10^{- 3}$ )	128/100
UNSW-NB15	30	Same as above	0.3/0.3	Adam ( $10^{- 3}$ )	128/100
CTGAN-CICIDS	20	Same as above	0.3/0.3	Adam ( $10^{- 3}$ )	128/100
CTGAN-UNSW	20	Same as above	0.3/0.3	Adam ( $10^{- 3}$ )	128/100

DOI: 10.7717/peerj-cs.3500/table-7

For each dataset, we run a nested search on the training split with a held-out validation fold. We tune ROBOTa parameters $(P, G, c_{h}, a, ϕ, σ)$ and LSTM parameters (hidden sizes, dropout, learning rate, batch size, window T) using random search (30 trials) bounded by the ranges in Tables 5 and 7. Final models are retrained on train+validation with the selected configuration and evaluated on the held-out test split. We repeat all experiments with three seeds and report mean performance.

Hence, the use of LSTM in RoboLSTM-IDS enables robust detection of both abrupt and evolving attack behaviors, making it well-suited for real-time UAV surveillance environments.

Evaluation metrics

The effectiveness of the RoboLSTM-IDS system is strictly tested by a set of measures which together measure the quality of the classification, the specificity of the recognition, the ability to withstand the imbalance of classes, and predictive consistency. The optimized feature set is then trained on and the expected outcomes of the model on the test set are evaluated in terms of standard statistical measures.

These performance measures are computed: Accuracy, Precision, Recall, F1-score, Matthews Correlation Coefficient (MCC), Cohen Kappa and the Area Under the Receiver Operating Characteristic Curve (AUC-ROC). These metrics have given a full-fledged performance profile; notably essential in analyzing security systems that are deployed in class-imbalanced UAV settings.

A brief description and the mathematical formulation for each metric are presented in Table 8. The equation numbers provided are used for in-text referencing throughout the results section.

Table 8:

Performance evaluation metrics and their mathematical definitions.

Metric	Formula	Eq. no.
Accuracy	$\frac{T P + T N}{T P + T N + F P + F N}$	(9)
Precision	$\frac{T P}{T P + F P}$	(10)
Recall (Sensitivity)	$\frac{T P}{T P + F N}$	(11)
F1-score	$\frac{2 \times T P}{2 \times T P + F P + F N}$	(12)
Matthews Correlation Coefficient (MCC)	$\frac{T P \times T N - F P \times F N}{\sqrt{(T P + F P) (T P + F N) (T N + F P) (T N + F N)}}$	(13)
Cohen’s Kappa	$\frac{2 \times (T P \times T N - F P \times F N)}{(T P + F P) (F P + F N) + (T P + F N) (T N + F N)}$	(14)
AUC (Area Under Curve)	$\int_{0}^{1} T P R (F P R^{- 1} (t)) d t$	(15)

DOI: 10.7717/peerj-cs.3500/table-8

Where Accuracy (Eq. (9)) is an evaluation of the general accuracy of predictions on all classes. Precision (Eq. (10)) indicates how many of all positive predictions are true, where the focus is on the amount of the model not to raise the false alarms. Recall (Eq. (11)) or sensitivity measures the capacity of detecting the actual attack instances without exclusion. The F1-score (Eq. (12)) provides an ideal balance between Precision and Recall, which is especially significant in cases of class imbalance. MCC (Eq. (13)) analyzes the quality of binary classifications in a correlation way, which provides a strong score even with skewed data. The Kappa of Cohen (Eq. (14)) adaptive adjustment of the accuracy takes into consideration the agreement through chance. Finally, the discriminative power of the model over different thresholds, AUC (Eq. (15)) is a measurement of the effectiveness of the model at differentiating between an attack and a benign case.

Simulation environment

This part presents a complete simulation set-up on the proposed RoboLSTM-IDS framework. It includes the description of the tools, libraries, and hardware applied to develop, apply, and test the deep anomaly-based IDS in five separate datasets. The modular pipeline simulation was implemented in Python with Jupyter Notebooks with the help of machine learning and deep learning packages such as TensorFlow and Scikit-learn. Random seeds were fixed to ensure reproducibility of every simulation and no training/test overlap was allowed. The averaged value of all results presented in this research is the mean of three independent runs to reduce the variance due to stochastic factors in optimization and training of LSTMs.

All experiments were conducted on a high-performance computing system using the specifications and software libraries summarized in Table 9. The setup ensured fast training, real-time monitoring, and robust reproducibility for all experimental trials.

Table 9:

Specifications for simulation environment.

Category	Specifications/Details
Hardware
Processor	Intel Core i7 (12th Gen, multi-thread)
RAM	32 GB DDR4
GPU	NVIDIA RTX 3080 (16 GB)
Storage	500 GB SSD
Software and tools
Operating system	Ubuntu 22.04 LTS (64-bit)
Machine learning libraries	TensorFlow 2.12, PyTorch 2.1, Scikit-learn
Programming language	Python 3.9
Dataset preprocessing	Pandas, NumPy, SciPy
Evaluation metrics	Accuracy, Precision, Recall, F1-score, AUC-ROC, MCC, Kappa
Hyperparameter tuning	Optuna, Grid Search, Random Search
Visualization tools	Matplotlib, Seaborn, TensorBoard
Network traffic analysis tool	Wireshark
Dataset type	Mixed Cyber + Cyber-Physical (T-ITS, CTGAN, CICIDS-2017, UNSW-NB15)
Version control	Git

DOI: 10.7717/peerj-cs.3500/table-9

Results and discussions

This section provides a thoroughly analysis of the proposed framework on the basis of a variety of benchmark datasets.

The efficiency of the framework is strictly assessed with the help of various measures which are combined to measure classification accuracy, detection precision, resistance to class imbalance, and predictive reliability. The optimized feature set is then trained on and the prediction on the test set by the model are evaluated by standard statistical measures.

The metrics produce a complete performance portrait, which is vital in the analysis of security systems in the class-imbalanced UAV environment. Table 8 briefly describes them and gives the mathematical formulation of each metric. Throughout the results section, in-text referencing is done with the numbers that are given in the equation.

The details of the T-ITS dataset show that the proposed RoboLSTM-IDS framework was able to achieve the best classification on it, and this information is stated in Table 10. This dataset is the only one that incorporates both physical telemetry capabilities (e.g., altitude, pitch, battery voltage, GPS) and network-layer data (e.g., packet size, port flow, and frequency), thus it is easy to use in deep-anomaly detection models that demand contextual temporal correlations. As depicted in the table, RoboLSTM-IDS attains an almost perfect accuracy of 99.62 on T-ITS because of the more elaborate cyber-physical data scenario and its best result is 99.62 percent in all datasets. Interestingly, the model is also characterized by high classification stability, as the model results in over 99.0% accuracy even on synthetic and GAN-enhanced datasets, including CTGAN-CICIDS and CTGAN-UNSW.

Table 10:

Evaluation metrics across all datasets.

Metric	T-ITS	CICIDS-2017	UNSW-NB15	CTGAN-CICIDS	CTGAN-UNSW
Accuracy	99.62%	98.97%	98.85%	99.02%	98.91%
Precision	0.996	0.989	0.985	0.991	0.988
Recall	0.994	0.987	0.981	0.988	0.983
F1-score	0.995	0.988	0.983	0.989	0.985
Matthews correlation coefficient	0.981	0.964	0.959	0.972	0.961
Cohen’s Kappa	0.975	0.961	0.952	0.967	0.958
AUC-ROC	0.997	0.985	0.981	0.989	0.983

DOI: 10.7717/peerj-cs.3500/table-10

The metrics including Precision, Recall and F1-score are all above 0.98 in all datasets which indicates that RoboLSTM-IDS does not only predict correctly, but also with balanced trade-off between false positive and false negative. This is particularly important in UAV intrusion detection systems, where either of the two kinds of errors can cause a mission failure or security compromise. The MCC and Cohen Kappa value also support this argument. Such statistics take into consideration the imbalance of classes and agreement that is more than chance, and the observation that all MCC values are above 0.95, and Cohen Kappa values are above 0.94 in all datasets, proves high-quality classification consistency. Finally, AUC-ROC scores are between 0.983 and 0.997, which shows that the model is very special to have the capacity to differentiate normal and attack classes in a large range of decision thresholds. These large AUCs indicate the appropriateness of the model to operate in dynamic UAV settings, where patterns of the attacks can either be non-stationary or sparsely occupied.

During training, RoboLSTM-IDS exhibited rapid and stable convergence across all datasets. On the T-ITS dataset, the model converged within 9–11 epochs, achieving 99.3% training and 99.62% validation accuracy, with smooth, exponentially decaying loss curves and minimal overfitting. For CICIDS-2017 and UNSW-NB15, convergence occurred around 10–14 epochs, with validation accuracies of 98.95% and 98.85%, respectively. The CTGAN-augmented datasets also demonstrated consistent learning stability, converging within 11–13 epochs and reaching over 99% validation accuracy.

As illustrated in Table 11, it provides a quantitative breakdown of the True Positive Rate (TPR), False Positive Rate (FPR), and False Negative Rate (FNR) for the RoboLSTM-IDS framework across all five benchmark datasets. The model attained TPR value of more than 94% and this implies that a significant number of attack cases were properly identified. It is noteworthy, that T-ITS data set provided the best TPR of 96.4% due to its powerful cyber-physical feature combination. In all sets, FPR and FNR were low, below 3.5 percent, indicating the great capacity of the model to reduce false alarms and those that were not detected. These findings support the usefulness of RoboLSTM-IDS in differentiating legitimate UAV activity and different types of intrusion, and therefore its practical potential to be used in real-time UAV settings.

Table 11:

Distribution of TPR, FPR, and FNR for RoboLSTM-IDS across all datasets.

Dataset	True positive rate (TPR)	False positive rate (FPR)	False negative rate (FNR)
T-ITS	96.4%	2.5%	1.1%
CICIDS-2017	95.2%	3.1%	1.7%
UNSW-NB15	94.7%	3.5%	1.8%
CTGAN-CICIDS	95.9%	2.8%	1.3%
CTGAN-UNSW	94.8%	3.4%	1.8%

DOI: 10.7717/peerj-cs.3500/table-11

Figure 4 illustrates that all the five datasets exhibit smooth convergence and homogeneous learning patterns in terms of training and validation accuracy and loss patterns. The validation accuracy in each data set is equal or slightly higher than the training accuracy, which proves that there is no overfitting and good generalization. In particular, the T-ITS dataset has the best value of 99.6 percent validation accuracy, then 99.2 percent on CTGAN-CICIDS, 99.0 percent on CTGAN-UNSW and 98.9 percent on UNSW-NB15. The loss curves in all circumstances are gradually decreasing and leveling off below 0.05, which is a validation of the efficient optimization.

Figure 4: Accuracy and loss over epochs on all datasets.

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-4

Also in Fig. 5 presents the confusion matrices for the five evaluated datasets, it demonstrate the classification precision of RoboLSTM-IDS across diverse UAV-relevant intrusion scenarios. The T-ITS matrix shows near-perfect classification across all five classes, with minimal confusion observed only between Replay and FDI attacks. Notably, the model achieved flawless detection of Evil Twin attacks and over 99% accuracy for Normal, DoS, and FDI classes, highlighting its effectiveness on cyber-physical UAV data. On CICIDS-2017, the model effectively distinguishes Brute Force, Web, and Infiltration attacks, with only minor misclassifications between Brute Force and Web classes, achieving overall high diagonal dominance. Similarly, the UNSW-NB15 matrix reveals strong detection rates for Exploits and Reconnaissance classes, while minor confusion is seen between Shellcode and Worms, likely due to feature overlap in synthetic data. The CTGAN-augmented datasets reflect excellent learning generalization, with sharply defined diagonals and minimal false positives. CTGAN-CICIDS shows precise recognition of low-frequency attacks like Botnet and Heartbleed, while CTGAN-UNSW achieves high clarity in separating Shellcode, Worms, and Backdoor. Overall, the confusion matrices across all datasets confirm RoboLSTM-IDS’s robust per-class discrimination capabilities and strong adaptability to varied attack structures, class distributions, and domain representations. Also our ablation analysis confirmed the importance of ROBOTa are removing the feature optimization module reduced macro-F1 by 4–6% across all datasets, demonstrating that the gains of RoboLSTM-IDS are not solely due to the LSTM architecture.

Figure 5: Confusion matrices of RoboLSTM-IDS on benchmark datasets.

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-5

To further assess the predictive robustness of the RoboLSTM-IDS framework, we evaluated the Root Mean Squared Error (RMSE) across all five benchmark datasets. RMSE serves as an important measure of the deviation between predicted and actual values, particularly useful in understanding the residual error in probabilistic and sequence-based classifications. As shown in Fig. 6, the proposed model maintains exceptionally low RMSE values across all datasets, ranging from 0.021 on T-ITS to 0.031 on UNSW-NB15. The lowest RMSE on the T-ITS dataset reflects the model’s ability to make highly precise predictions when fed with rich cyber-physical telemetry and network flow data. Even on complex synthetic and augmented datasets such as CTGAN-CICIDS and CTGAN-UNSW, the RMSE remains below 0.030, demonstrating consistent generalization and low error variance.

Figure 6: Root mean squared error across datasets.

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-6

Execution time is another critical parameter for UAV networks, Fig. 7 presents the execution time in milliseconds for RoboLSTM-IDS when tested on T-ITS, CICIDS-2017, UNSW-NB15, CTGAN-CICIDS, and CTGAN-UNSW datasets. The T-ITS dataset recorded the lowest execution time at 120 ms, while the UNSW-NB15 dataset required the highest time at 145 ms. These slight variations are attributed to differences in dataset size, feature dimensionality, and class distribution. Overall, the model consistently achieves near good execution performance, validating its suitability for deployment in time-sensitive UAV applications.

Figure 7: Execution time of proposed model across datasets.

Download full-size image

DOI: 10.7717/peerj-cs.3500/fig-7

As shown in Table 12, CNN-LSTM achieves slightly higher recall, but requires three convolutional layers, two LSTM layers, and extended training (150 epochs), resulting in 8 $\times$ higher latency (95 ms vs. 12 ms). In contrast, RoboLSTM-IDS achieves the highest accuracy (99.1%) and F1-score (99.0%) while incurring the lowest inference latency (12 ms) and the smallest model size (0.5 M parameters) among all compared deep learning–based IDS models and real-time feasibility for UAVs.

Table 12:

Comparison of RoboLSTM-IDS with existing deep learning IDS models (on benchmarked dataset).

Each baseline is reported with accuracy (Acc), F1-score, and training configuration.

Model	Acc (%)	F1 (%)	Latency (ms)	Params (M)	Configuration
CNN-LSTM	98.5	98.2	95	3.2	3 conv + 2 LSTM layers, 150 epochs
GRU	97.8	97.4	72	2.1	2 GRU layers, 120 epochs
Autoencoder	96.9	96.0	65	1.5	4 hidden layers, 100 epochs
RoboLSTM-IDS	99.1	99.0	12	0.5	2 LSTM layers + ROBOTa, 100 epochs

DOI: 10.7717/peerj-cs.3500/table-12

Furthermore, in terms of lightweight deployment, Table 13 shows that RoboLSTM-IDS requires only 12 features compared to 40 at the beginning of the study. Its model size is reduced by nearly 6 $\times$ , while inference latency decreases from 80 to 12 ms per sample, well within UAV real-time processing constraints. RAM consumption drops from 1,200 MB to 400 MB, and the model includes support for energy-efficient operation. Unlike the baseline IDS, RoboLSTM-IDS is making it a practical candidate for onboard UAV intrusion detection.

Table 13:

Lightweight capacity comparison: RoboLSTM-IDS vs. baseline model.

Metric	Baseline model	Proposed model
Number of features	40	12
Model size (MB)	20	3.5
Inference time (ms/sample)	80	12
RAM usage (MB)	1,200	400
Energy mode support	No	Yes
Deployment readiness	Not suitable	Yes

DOI: 10.7717/peerj-cs.3500/table-13

Although certain deep learning baselines such as CNN-LSTM (in our case) achieve marginally higher recall, they are not practically suitable for UAV environments. For example, CNN-LSTM incurs an inference latency of 95 ms per sample, which exceeds the UAV’s operational threshold of 50 ms. In contrast, RoboLSTM-IDS achieves a significantly lower latency of 12 ms per sample, well within real-time onboard processing limits. This highlights that while baseline models may appear competitive in terms of detection performance, their computational overhead renders them unsuitable, whereas RoboLSTM-IDS strikes an effective balance between accuracy and efficiency.

To further validate the effectiveness of the proposed framework, its performance was benchmarked against a comprehensive set of baseline ML and DL classifiers. Table 14 presents the comparative evaluation of RoboLSTM-IDS against few top baseline models, covering both classical machine learning algorithms and deep learning architectures across five UAV-relevant datasets. Among traditional models, Random Forest and Gradient Boosting showed relatively stronger accuracy, benefiting from ensemble learning’s ability to reduce overfitting and variance. Decision Tree and SVM followed closely, offering decent interpretability but limited performance in capturing non-linear temporal dependencies typical of UAV intrusion patterns. Meanwhile, simpler classifiers like Naïve Bayes and K-Nearest Neighbors, though computationally efficient, consistently lagged in accuracy due to their static nature and sensitivity to noisy, high-dimensional data. Deep learning models, including DNN and CNN, performed better than classical approaches, reaching above 97% accuracy across datasets. Their advantage stemmed from deeper abstraction and improved generalization. However, these models lacked sequential memory and could not capture long-term dependencies within UAV telemetry and communication flow. This limitation resulted in slightly lower recall and F1-scores compared to RoboLSTM-IDS, especially on complex attack patterns and minority classes.

Table 14:

Accuracy comparison with baseline models across all datasets.

Model	T-ITS	CICIDS-2017	UNSW-NB15	CTGAN-CICIDS	CTGAN-UNSW
Naïve Bayes	95.10%	95.00%	95.20%	95.50%	95.30%
K-nearest neighbors	96.20%	95.60%	95.80%	96.00%	95.90%
Support vector machine	96.40%	95.90%	96.10%	96.30%	96.20%
Decision tree	96.90%	96.30%	96.40%	96.60%	96.50%
Random forest	97.10%	96.70%	96.80%	97.00%	96.90%
Gradient boosting	97.40%	96.90%	97.00%	97.30%	97.10%
Deep neural network	97.90%	97.30%	97.50%	97.70%	97.60%
Convolutional neural network	98.20%	97.60%	97.70%	98.00%	97.80%
Proposed model	99.62%	98.97%	98.85%	99.02%	98.91%

DOI: 10.7717/peerj-cs.3500/table-14

RoboLSTM-IDS, on the other hand, consistently achieved the highest performance across all datasets as evaluated in Table 14. By combining optimized feature selection (via ROBOTa) with temporal modeling (LSTM), it maintained superior accuracy (99%), high recall, and balanced precision. Its ability to model evolving patterns in cyber-physical data enabled better detection of low-frequency or stealthy attacks, while minimizing both false positives and false negatives. The AUC-ROC score of 0.997 on the T-ITS dataset and 0.98 on all other datasets further validates its exceptional discriminative power across thresholds, making it ideal for real-time, edge-based UAV intrusion detection scenarios. Also, paired t-tests across datasets confirmed that RoboLSTM-IDS performance improvements over baselines are statistically significant (p = 0.05). We also report the mean and standard deviation (e.g., Accuracy = 98.7 $\pm$ 0.3%).

The outcomes in this section can evidently prove the merits of the proposed framework delivers consistently superior performance across all evaluated datasets. By leveraging a robust feature selection pipeline and sequence-aware LSTM classification, the model achieves high accuracy, low false alarm rates, and reliable detection of both common and rare attack types. The framework demonstrates strong generalization capabilities by supporting data distributions that include UAV real telemetry information as well as synthetic created data and combined data sets. The model displays superiority over its classical and deep learning benchmarks when evaluating precision and execution speed based on expert evaluations. Multiple tests confirm RoboLSTM-IDS has demonstrated its readiness for large-scale UAV intrusion detection programs in operational settings.

Despite the promising results, this work has certain limitations. First, while RoboLSTM-IDS is lightweight at inference, the ROBOTa training phase can be computationally intensive on very large datasets. Second, robustness against adversarial threats and jamming remains unexplored. And, further energy benchmarking on embedded UAV processors is required for real deployment.

Although proposed model is designed for UAV network intrusion detection, its methodological insights extend to other mission-critical domains. For instance, deep learning models have been widely applied in medical diagnostics and treatment (Ogab et al., 2025), while machine learning techniques have been used for drug discovery and pandemic response (Chilakalapudi & Jayachandran, 2025). In these domains, as in UAV security, the need for reliable, lightweight, and explainable models is paramount. Similarly, large language models have demonstrated powerful reasoning capabilities but also face challenges related to interpretability, bias, and resource demands in healthcare applications (El-Shorbagy et al., 2025). Recent work on generative AI for diagnostic supports, such as Iftikhar, Rashid & Attaullah (2025), Ogab et al. (2025), also highlights the importance of balancing predictive accuracy with computational feasibility. By comparison, RoboLSTM-IDS emphasizes robustness, efficiency, and cross-dataset generalization qualities that are equally critical for safe deployment of AI in both cybersecurity and healthcare settings.

Conclusion and future work

In this study, we introduced RoboLSTM-IDS, a robust and efficient anomaly-based Intrusion Detection System tailored for UAV networks. The proposed framework integrates a novel feature engineering strategy, ROBOTa, with an LSTM-based deep learning classifier to leverage both spatial and temporal correlations in UAV telemetry and network flow data. The methodology was comprehensively evaluated across five benchmark datasets, including real-world and GAN-augmented scenarios such as CICIDS-2017, UNSW-NB15, CTGAN-CICIDS, and CTGAN-UNSW and real UAV scenarios T-ITS.

RoboLSTM-IDS proved to be the best model for IDS through its high accuracy ratings and recall performance alongside F1-score and AUC efficacy by surpassing traditional ML and DL baselines across the board. The model reached a maximum performance level of 99.62% on T-ITS dataset which demonstrates its competent threat detection capabilities for UAV cyber-physical systems. The model performance confirmed its high classification reliability through MCC and Cohen’s Kappa metrics while displaying balanced prediction and low residual error as shown by RMSE measurements. In terms of lightweight deployment, the proposed model reduces model size by nearly 6 $\times$ , lowers inference latency from 80 to 12 ms, and cuts RAM usage by two-thirds compared to the baseline. With energy-efficient operation and deployment readiness, it offers a practical solution for advance UAV intrusion detection. The model demonstrates execution latency that is low enough for deployment across UAV platforms which have limited resources.

This research generated promising findings yet multiple new investigation perspectives emerged ahead. The current centralization of the model would benefit from Federated Learning integration because this would increase security and scalability when dealing with UAV fleets and energy benchmarking on embedded UAV processors is required. Future investigators should examine minimized versions of RoboLSTM for deployment systems with limited computational capabilities. Utilizing actual datasets of multiple UAV systems connected with adversarial elements would provide better assessment of defense capabilities against orchestrated stealthy threats. Data safety-critical applications can benefit from inclusion of explainability methods including SHAP or LIME for enhancing transparent model performance.

The foundation built by RoboLSTM-IDS allows secure development of intelligent IDS systems for modern UAV networks which show great promise for real-time defense deployment in future aerial networks.

[1] Abdulganiyu OH, Tchakoucht TA, Saheed YK, Ahmed HA. 2025. XIDINTFL-VAE: XGBoost-based intrusion detection of imbalance network traffic via class-wise focal loss variational autoencoder. The Journal of Supercomputing 81(1):1-38

[2] Abu Al-Haija Q, Al Badawi A. 2022. High-performance intrusion detection system for networked UAVs via deep learning. Neural Computing and Applications 34(13):10885-10900

[3] Adil M, Song H, Mastorakis S, Abulkasim H, Farouk A, Jin Z. 2023. UAV-assisted IoT applications, cybersecurity threats, AI-enabled solutions, open challenges with future research directions. IEEE Transactions on Intelligent Vehicles 9(4):4583-4605

[4] AL-Syouf RA, Bani-Hani RM, AL-Jarrah OY. 2024. Machine learning approaches to intrusion detection in unmanned aerial vehicles (UAVs) Neural Computing and Applications 36(29):18009-18041

[5] Alabdulwahab S, Kim Y-T, Seo A, Son Y. 2023. Generating synthetic dataset for ML-based ids using CTGAN and feature selection to protect smart IoT environments. Applied Sciences 13(19):10951

[6] Ali ML, Thakur K, Schmeelk S, Debello J, Dragos D. 2025. Deep learning vs. machine learning for intrusion detection in computer networks: a comparative study. Applied Sciences 15(4):1903

[7] AlKhonaini A, Sheltami T, Mahmoud A, Imam M. 2024. UAV detection using reinforcement learning. Sensors 24(6):1870

[8] Alwan MH, Hammadi YI, Mahmood OA, Muthanna A, Koucheryavy A. 2022. High density sensor networks intrusion detection system for anomaly intruders using the slime mould algorithm. Electronics 11(20):3332

[9] Alzahrani A. 2024. Novel approach for intrusion detection attacks on small drones using ConvLSTM model. IEEE Access 12(4):149238–149253

[10] Alzubi QM, Anbar M, Sanjalawe Y, Al-Betar MA, Abdullah R. 2022. Intrusion detection system based on hybridizing a modified binary grey wolf optimization and particle swarm optimization. Expert Systems with Applications 204(9):117597

[11] Anwar RW, Abrar M, Salam A, Ullah F. 2025. Federated learning with LSTM for intrusion detection in IoT-based wireless sensor networks: a multi-dataset analysis. PeerJ Computer Science 11(8):e2751

[12] Attaullah HM, Memon S, Erkan OF, Khawar R. 2024. IoT based systems and services: recent security concerns and feasible solutions.

[13] Bamber SS, Katkuri AVR, Sharma S, Angurala M. 2025. A hybrid CNN-LSTM approach for intelligent cyber intrusion detection system. Computers and Security 148:104146

[14] Booij TM, Chiscop I, Meeuwissen E, Moustafa N, den Hartog FT. 2021. Ton IoT—the role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion datasets. IEEE Internet of Things Journal 9(1):485-496

[15] Bouhamed O, Bouachir O, Aloqaily M, Al Ridhawi I. 2021. Lightweight IDS for UAV networks: a periodic deep reinforcement learning-based approach.

[16] Ceviz O, Sadioglu P, Sen S, Vassilakis VG. 2025. A novel federated learning-based IDS for enhancing UAVs privacy and security. Internet of Things 31(3):101592

[17] Ceviz O, Sen S, Sadioglu P. 2024. A survey of security in UAVs and FANETs: issues, threats, analysis of attacks, and solutions. IEEE Communications Surveys and Tutorials 27(5):3227-3265

[18] Chen X. 2023. CICIDS2017 and UNBSW-NB15. IEEE dataport.

[19] Chilakalapudi M, Jayachandran S. 2025. Iterative segmentation and classification for enhanced crop disease diagnosis using optimized hybrid U-Nets model. PeerJ Computer Science 11(4):e2543

[20] Dash N, Chakravarty S, Rath AK, Giri NC, AboRas KM, Gowtham N. 2025. An optimized LSTM-based deep learning model for anomaly network intrusion detection. Scientific Reports 15(1):1554

[21] Dewangan O, Vij P. 2024. CNN-LSTM framework to automatically detect anomalies in farmland using aerial images from UAVs. BIO Web of Conferences 82(4):05015

[22] d’Ambrosio N, Perrone G, Romano SP, Urraro A. 2025. A cyber-resilient open architecture for drone control. Computers and Security 150(8):104205

[23] El-Shorbagy MA, Bouaouda A, Abualigah L, Hashim FA. 2025. Atom search optimization: a comprehensive review of its variants, applications, and future directions. PeerJ Computer Science 11(5):e2722

[24] Fossaceca JM, Mazzuchi TA, Sarkani S. 2015. Mark-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications 42(8):4062-4080

[25] Fu R, Ren X, Li Y, Wu Y, Sun H, Al-Absi MA. 2023. Machine-learning-based UAV-assisted agricultural information security architecture and intrusion detection. IEEE Internet of Things Journal 10(21):18589-18598

[26] Hadi HJ, Cao Y, Li S, Hu Y, Wang J, Wang S. 2024. Real-time collaborative intrusion detection system in UAV networks using deep learning. IEEE Internet of Things Journal 11(20):33371-33391

[27] Hashesh AO, Hashima S, Zaki RM, Fouda MM, Hatano K, Tag Eldien AS. 2022. AI-enabled UAV communications: challenges and future directions. IEEE Access 10(28):92048-92066

[28] Hassler S, Mughal U, Ismail M. 2023. Cyber-physical dataset for UAVs under normal operations and cyber-attacks. IEEE Dataport.

[29] Hassler SC, Mughal UA, Ismail M. 2024. Cyber-physical intrusion detection system for unmanned aerial vehicles. IEEE Transactions on Intelligent Transportation Systems 25(6):6106-6117

[30] Huzaifa M, Attaullah HM, Nawaz M, Rahman H. 2025. Intrusion detection for smart environmental drones: a multi-dataset ML approach.

[31] Iftikhar U, Rashid H, Attaullah HM. 2025. Future emerging challenges and innovations in next gen-cybersecurity and information systems security.

[32] Kamal H, Mashaly M. 2025. Enhanced hybrid deep learning models-based anomaly detection method for two-stage binary and multi-class classification of attacks in intrusion detection systems. Algorithms 18(2):69

[33] Keipour A, Mousaei M, Scherer S. 2021. ALFA: a dataset for UAV fault and anomaly detection. The International Journal of Robotics Research 40(2–3):515-520

[34] Keshk M, Moustafa N, Slay J, Sitnikova E. 2017. Privacy preservation intrusion detection technique for scada systems.

[35] Khanapuri EM, Sharma R, Brink K. 2022. Learning-based detection of stealthy false data injection attack applied to cooperative localization problem.

[36] Koroniotis N, Moustafa N, Turnbull B, Portmann M. 2017. Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques.

[37] Liang X, Xing H, Gu W, Hou T, Ni Z, Wang X. 2024. Hybrid gaussian network intrusion detection method based on CGAN and e-graphsage. Instrumentation 11(2):24-35

[38] McHugh J. 2000. Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security 3(4):262-294

[39] Mohammed AB, Fourati LC, Fakhrudeen AM. 2024. Comprehensive systematic review of intelligent approaches in UAV-based intrusion detection, blockchain, and network security. Computer Networks 239(9):110140

[40] Moustafa N, Sitnikova E, Creech G, Keshk M. 2018. Generalized outlier gaussian mixture technique based on automated association features for simulating and detecting web application attacks. IEEE Transactions on Sustainable Computing 6(2):245-256

[41] Moustafa N, Slay J, Creech G. 2018a. Anomaly detection system using beta mixture models and outlier detection.

[42] Moustafa N, Slay J, Creech G. 2018b. Flow aggregator module for analysing network traffic.

[43] Moustafa N, Slay J, Creech G. 2018c. A network forensic scheme using correntropy-variation for attack detection.

[44] Moustafa N, Turnbull B, Choo K-KR. 2018. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access 6:32910

[45] Nabi F, Zhou X, Iftikhar U, Attaullah HM. 2024. A case study of cyber subversion attack based design flaw in service oriented component application logic. Journal of Cyber Security Technology 8(3):204-228

[46] Narmadha S, Balaji NV. 2025. Improved network anomaly detection system using optimized autoencoder−LSTM. Expert Systems with Applications 273(9):126854

[47] Ntizikira E, Lei W, Alblehai F, Saleem K, Lodhi MA. 2023. Secure and privacy-preserving intrusion detection and prevention in the internet of unmanned aerial vehicles. Sensors 23(19):8077

[48] Ogab M, Zaidi S, Bourouis A, Calafate CT. 2025. Machine learning-based intrusion detection systems for the internet of drones: a systematic literature review. IEEE Access 13:96681

[49] Ouiazzane S, Barramou F, Addou M. 2020. Towards a multi-agent based network intrusion detection system for a fleet of drones. International Journal of Advanced Computer Science and Applications 11(10):1-15

[50] Praveena V, Vijayaraj A, Chinnasamy P, Ali I, Alroobaea R, Yahya Alyahyan S, Ahsan Raza M. 2022. Optimal deep reinforcement learning for intrusion detection in UAVs. Computers, Materials & Continua 70(2):2639-2653

[51] Qureshi S, Attaullah HM, Ashraf A, Laraib R. 2025. Adaptive strategies to mitigate DDoS attacks in IoT-devices through a moving target defense approach in SDN. Journal of Engineering Technology 7(2):101

[52] Sedjelmaci H, Senouci SM, Ansari N. 2016. Intrusion detection and ejection framework against lethal attacks in UAV-aided networks: a bayesian game-theoretic methodology. IEEE Transactions on Intelligent Transportation Systems 18(5):1143-1153

[53] Sedjelmaci H, Senouci SM, Ansari N. 2017. A hierarchical detection and response system to enhance security against lethal cyber-attacks in UAV networks. IEEE Transactions on Systems, Man, and Cybernetics: Systems 48(9):1594-1606

[54] Sharafaldin I, Lashkari AH, Ghorbani AA. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization.

[55] Sheela MS, Soundari AG, Mudigonda A, Kalpana C, Suresh K, Somasundaram K, Farhaoui Y. 2024. Adaptive marine predator optimization algorithm (AOMA)-deep supervised learning classification (DSLC) based IDS framework for manet security. Intelligent and Converged Networks 5(1):1-18

[56] Shrestha R, Omidkar A, Roudi SA, Abbas R, Kim S. 2021. Machine-learning-enabled intrusion detection system for cellular connected UAV networks. Electronics 10(13):1549

[57] Sihag V, Choudhary G, Choudhary P, Dragoni N. 2023. Cyber4Drone: a systematic review of cyber security and forensics in next-generation drones. Drones 7(7):430

[58] Tan X, Su S, Zuo Z, Guo X, Sun X. 2019. Intrusion detection of UAVs based on the deep belief network optimized by PSO. Sensors 19(24):5529

[59] Tavallaee M, Bagheri E, Lu W, Ghorbani AA. 2009. A detailed analysis of the KDD cup 99 data set.

[60] Tian J, Shen C, Wang B, Ren C, Xia X, Dong R, Cheng T. 2024a. EVADE: targeted adversarial false data injection attacks for state estimation in smart grid. IEEE Transactions on Sustainable Computing 10(3):534-546

[61] Tian J, Shen C, Wang B, Xia X, Zhang M, Lin C, Li Q. 2024b. Lesson: multi-label adversarial false data injection attack for deep learning locational detection. IEEE Transactions on Dependable and Secure Computing 21(5):4418-4432

[62] Tian J, Wang B, Guo R, Wang Z, Cao K, Wang X. 2021. Adversarial attacks and defenses for deep-learning-based unmanned aerial vehicles. IEEE Internet of Things Journal 9(22):22399-22409

[63] Tlili F, Ayed S, Fourati LC. 2023. Dynamic intrusion detection framework for UAVcan protocol using AI.

[64] Tlili F, Ayed S, Fourati LC. 2024. Exhaustive distributed intrusion detection system for UAVs attacks detection and security enforcement (E-DIDS) Computers and Security 142(1):103878

[65] Tsao KY, Girdler T, Vassilakis VG. 2022. A survey of cyber security threats and solutions for UAV communications and flying ad-hoc networks. Ad Hoc Networks 133(3):102894

[66] Wei X, Ma J, Sun C. 2024. A survey on security of unmanned aerial vehicle systems: attacks and countermeasures. IEEE Internet of Things Journal 11(21):34826-34847

[67] Whelan J, Almehmadi A, El-Khatib K. 2022. Artificial intelligence for intrusion detection systems in unmanned aerial vehicles. Computers and Electrical Engineering 99(5):107784