Unmanned aerial vehicle (UAV) CAN buses are vulnerable to cyberattacks, yet existing intrusion detection methods lack both lightweight design and generalizability across diverse UAV platforms. Method: This paper proposes a graph neural network (GNN)-based detection framework leveraging UAVCAN protocol parsing and dynamic graph modeling. It introduces a novel protocol-agnostic mechanism for transforming time-series CAN messages into structured dynamic heterogeneous graphs, and systematically evaluates inductive GNNs—including Graph Attention Networks (GAT), GraphSAGE, and Graph Transformers. Results: All evaluated GNNs significantly outperform a single-layer LSTM baseline. Notably, GAT and Graph Transformer achieve 98.7% accuracy under unknown attack scenarios, requiring only minimal protocol-level prior knowledge. The framework demonstrates strong cross-platform deployability, generalization across UAV models, robustness against unseen attacks, and real-time inference capability—making it suitable for resource-constrained embedded aviation systems.

The network of services, including delivery, farming, and environmental monitoring, has experienced exponential expansion in the past decade with Unmanned Aerial Vehicles (UAVs). Yet, UAVs are not robust enough against cyberattacks, especially on the Controller Area Network (CAN) bus. The CAN bus is a general-purpose vehicle-bus standard to enable microcontrollers and in-vehicle computers to interact, primarily connecting different Electronic Control Units (ECUs). In this study, we focus on solving some of the most critical security weaknesses in UAVs by developing a novel graph-based intrusion detection system (IDS) leveraging the Uncomplicated Application-level Vehicular Communication and Networking (UAVCAN) protocol. First, we decode CAN messages based on UAVCAN protocol specification; second, we present a comprehensive method of transforming tabular UAVCAN messages into graph structures. Lastly, we apply various graph-based machine learning models for detecting cyber-attacks on the CAN bus, including graph convolutional neural networks (GCNNs), graph attention networks (GATs), Graph Sample and Aggregate Networks (GraphSAGE), and graph structure-based transformers. Our findings show that inductive models such as GATs, GraphSAGE, and graph-based transformers can achieve competitive and even better accuracy than transductive models like GCNNs in detecting various types of intrusions, with minimum information on protocol specification, thus providing a generic robust solution for CAN bus security for the UAVs. We also compared our results with baseline single-layer Long Short-Term Memory (LSTM) and found that all our graph-based models perform better without using any decoded features based on the UAVCAN protocol, highlighting higher detection performance with protocol-independent capability.