PL EN
Anomaly Detection in MAVLink Telemetry Logs of Unmanned Aerial Vehicles Using Data Analytics Methods
 
Więcej
Ukryj
1
Faculty of Electrical and Computer Engineering, Rzeszów University of Technology, 35-959 Rzeszów, al. Powstańców Warszawy 12, Poland
 
2
Rzeszów University of Technology, Faculty of Electrical and Computer Engineering
 
3
Państwowa Akademia Nauk Stosowanych w Przemyślu
 
 
Data publikacji: 10-07-2026
 
 
Autor do korespondencji
Paweł Dymora   

Faculty of Electrical and Computer Engineering, Rzeszów University of Technology, 35-959 Rzeszów, al. Powstańców Warszawy 12, Poland
 
 
Adv. Sci. Technol. Res. J. 2026;
 
SŁOWA KLUCZOWE
DZIEDZINY
STRESZCZENIE
Unmanned aerial vehicles rely on telemetry streams for mission monitoring, diagnostics, post-flight analysis, and cyber-physical security assessment. This paper presents a data analytics workflow for anomaly detection in Micro Air Vehicle Link (MAVLink) telemetry logs. The method combines protocol-aware preprocessing, time-series feature engineering, interpretable rule-based indicators, replay-like communication-pattern screening, and unsupervised anomaly detection. The analysed variables include position, velocity, attitude, altitude, battery parameters, system-status messages, message timing, and selected communication patterns. The workflow was evaluated in complementary stages. First, it was applied to publicly available UAV logs from DroneKit-LA and representative annotated cases from UAV-SEAD, where detected anomaly windows were interpreted against diagnostic outputs, status messages, and available log-level annotations. Second, controlled MAVLink-like validation fixtures were used to verify detector behaviour under known anomaly conditions and to quantify sample-level precision, recall, F1-score, and ranking ability. The public-log analysis showed that the proposed indicators can highlight windows consistent with altitude-estimate divergence, attitude-control problems, estimator warnings, compass/variance flags, and communication irregularities. In the five-flight validation fixture, rule-based indicators achieved high precision but lower recall, while Isolation Forest and One-Class SVM provided stronger anomaly-score ranking at the cost of more false positive detections. The findings show that lightweight unsupervised models are useful for ranking suspicious windows, whereas domain rules provide clearer operational interpretation. The proposed workflow should be understood as an interpretable screening and post-flight diagnostic pipeline rather than a complete operational intrusion-detection system.
Journals System - logo
Scroll to top