UAVs are widely used in mission-critical tasks but remain vulnerable due to open communication links. Especially, the Ground Control Station to UAV (G2U) communication channel is particularly vulnerable, often exploited for large-scale intrusions due to its multi-connectivity and openness. To address these risks, significant efforts have been devoted to developing Intrusion Detection Systems (IDS) based on machine learning for UAVs. However, most existing ML-based IDS solutions concentrate on UAV operations rather than G2U communication, lack real-time detection capability, and rely heavily on limited or synthetic datasets. To address this gap, we present GCS-NIDD, a real-time dataset that captures both normal and malicious traffic across nine attack types, including Replay, DoS/DDoS, Evil Twin, and Fake Landing attacks, among others. We build a physical testbed using actual UAV devices (PX4 Vision Dev Kit V1.5) and diverse GCS platforms (laptops, Tablets) to emulate real G2U communication scenarios. Furthermore, we propose G2UIDS, a multi-tier IDS framework that leverages complementary strengths of ML models across three layers, Tier 1 (LightGBM) performs anomaly detection to separate normal and malicious traffic, Tier 2 (TabNet) conducts fine-grained multi-class attack classification, and Tier 3 (BLS) focuses on detecting zero-day attacks. These outputs are combined through decision-level fusion, ensuring both accuracy and robustness. Unlike prior simulation-based solutions, G2UIDS is deployed and evaluated in a real operational environment. Experimental results demonstrate that G2UIDS achieves 93.16% accuracy and a 94.80% detection rate, significantly outperforming existing methods while maintaining low computational overhead.
Hadi et al. (Thu,) studied this question.