The network of services, including delivery, farming, and environmental monitoring, has experienced exponential expansion in the past decade with Unmanned Aerial Vehicles (UAVs). Yet, UAVs are not robust enough against cyberattacks, especially on the Controller Area Network (CAN) bus. The CAN bus is a general-purpose vehicle-bus standard to enable microcontrollers and in-vehicle computers to interact, primarily connecting different Electronic Control Units (ECUs). In this study, we focus on solving some of the most critical security weaknesses in UAVs by developing a novel graph-based intrusion detection system (IDS) leveraging the Uncomplicated Application-level Vehicular Communication and Networking (UAVCAN) protocol. First, we decode CAN messages based on UAVCAN protocol specification; second, we present a comprehensive method of transforming tabular UAVCAN messages into graph structures. Lastly, we apply various graph-based machine learning models for detecting cyber-attacks on the CAN bus, including graph convolutional neural networks (GCNNs), graph attention networks (GATs), Graph Sample and Aggregate Networks (GraphSAGE), and graph structure-based transformers. Our findings show that inductive models such as GATs, GraphSAGE, and graph-based transformers can achieve competitive and even better accuracy than transductive models like GCNNs in detecting various types of intrusions, with minimum information on protocol specification, thus providing a generic robust solution for CAN bus security for the UAVs. We also compared our results with baseline single-layer Long Short-Term Memory (LSTM) and found that all our graph-based models perform better without using any decoded features based on the UAVCAN protocol, highlighting higher detection performance with protocol-independent capability.

翻译：在过去十年中，包含配送、农业和环境监测在内的服务网络随着无人机（UAV）的应用经历了指数级扩张。然而，无人机在面对网络攻击时仍不够鲁棒，尤其是在控制器局域网（CAN）总线上。CAN总线是一种通用的车辆总线标准，旨在使微控制器与车载计算机能够交互，主要连接不同的电子控制单元（ECU）。在本研究中，我们通过开发一种新颖的基于图的入侵检测系统（IDS）来重点解决无人机中的若干关键安全弱点，该系统利用了简洁应用层车载通信与网络（UAVCAN）协议。首先，我们基于UAVCAN协议规范解码CAN消息；其次，我们提出了一种将表格化UAVCAN消息转换为图结构的综合方法。最后，我们应用多种基于图的机器学习模型来检测CAN总线上的网络攻击，包括图卷积神经网络（GCNN）、图注意力网络（GAT）、图采样与聚合网络（GraphSAGE）以及基于图结构的Transformer模型。我们的研究结果表明，在检测各类入侵时，归纳式模型（如GAT、GraphSAGE和基于图的Transformer）能够取得与传导式模型（如GCNN）相当甚至更高的准确率，且仅需最少的协议规范信息，从而为无人机的CAN总线安全提供了一个通用的鲁棒解决方案。我们还将我们的结果与基准单层长短期记忆网络（LSTM）进行了比较，发现我们所有的基于图的模型在不使用任何基于UAVCAN协议的解码特征的情况下表现更优，这凸显了其在协议无关能力方面具有更高的检测性能。