Drones—also known as Unmanned Aerial Vehicles (UAVs)—have become ubiquitous across a range of domains, from hobbyist photography and special events to the military and agriculture. They can carry out essential, time-sensitive missions while being operated remotely or autonomously. Often, they are put into service as swarms, with multiple drones coordinating over wireless links to cover more ground and adapt on the fly. 

As drone swarms expand into civilian and mission-critical use, however, safety and security questions arise. This is the subject of Assistant Professor of Computer Science at the School of Arts and Sciences Rachad Atat’s paper, “Generalizable Topology-Aware GNN-Based Intrusion Detection System for UAV Swarms,” recently published in the IEEE Internet of Things Journal alongside co-authors from the US. 

If a swarm’s communications are not secured, an attacker can interfere with coordination, delay or block critical messages, and inject misleading information that makes drones behave unpredictably. In high-stakes settings, this can translate into mission failure, dangerous landings, the loss of equipment or the exposure of sensitive data. To mitigate these risks, drones employ intrusion detection systems (IDS) for enhanced protection. 

The paper addresses a fundamental security gap: Most intrusion detection systems are built as if a swarm’s communication layout is fixed, whereas in reality, swarms frequently change formation. This motivated Dr. Atat to tackle the problem. “We wanted to design an IDS that does not just look at time-series signals, but also understands the spatial relationships between drones,” he said. 

The research team designed a hands-on experimental setup with six drones and deliberately switched the swarm among six distinct communication patterns, from sparse connections to more centralized layouts, carrying out 30 normal flights as control, and 48 flights that simulated attack conditions across six topologies. 

They collected two types of information at once: The “cyber” data—wireless communication traces—and “physical” data—flight and sensor readings. They validated their approach by training models on certain topologies and then evaluating performance on topologies the models had not seen before, a stress test that reflects real deployments where the “shape” of the swarm changes mid-mission. 

The results showed that learning the swarm’s structure improved detection, especially when conditions changed. The proposed system uses a “graph neural network,” a machine-learning architecture designed for data that naturally forms a network, where nodes represent the drones and links represent who is communicating. In this setting, it can learn not only how signals change over time, but also how anomalies spread through neighbor relationships. 

When trained on three topologies and tested on three unseen ones, the system achieved an F1-score of 96.79 percent, demonstrating its accuracy in identifying targets while avoiding false alarms. Training on more data improved generalization, raising the F1-score to 99.07 percent. The F1-score summarizes how well a system finds the right items while avoiding false alarms 

Under the most difficult test, conventional deep-learning baselines dropped to F1-scores between about 71 percent and 81 percent, while the presented approach stayed at 99.07 percent. In practical terms, this means a structure-aware detector is effective against attacks even when the swarm rearranges itself. 

When it comes to  seeing drones in our daily lives, Dr. Atat said, “We are closer than many think.” However, he also highlighted the current hurdles. “Large-scale daily deployment still faces several challenges, such as secure coordination under dynamic topologies, airspace integration and safety certification, operation in dense urban environments, and others,” he added, an issue he addresses directly in his work. 

The implications of these empirical findings extend beyond drones to any mobile, connected system that reconfigures itself, from temporary emergency networks to cooperative robots, and help draw lessons from security that understands relationships, not just isolated signals. 

To browse more scholarly output by the LAU community, visit our open-access digital archive, the Lebanese American University Repository (LAUR).