Quantum Machine Learning for Cyber-Physical Anomaly Detection in Unmanned Aerial Vehicles: A Leakage-Free Evaluation with Proxy-Audited Feature Sets

Camilo Segura Quintero; Carlos A. Dur\'an Paredes; German Dar\'io D\'iaz; Javier E. Le\'on Calder\'on; Nicol\'as S\'anchez Perea

arxiv: 2605.19233 · v1 · pith:SX5VGFQXnew · submitted 2026-05-19 · 💻 cs.CR · cs.LG· quant-ph

Quantum Machine Learning for Cyber-Physical Anomaly Detection in Unmanned Aerial Vehicles: A Leakage-Free Evaluation with Proxy-Audited Feature Sets

Carlos A. Dur\'an Paredes , Javier E. Le\'on Calder\'on , Nicol\'as S\'anchez Perea , German Dar\'io D\'iaz , Camilo Segura Quintero This is my paper

Pith reviewed 2026-05-20 05:22 UTC · model grok-4.3

classification 💻 cs.CR cs.LGquant-ph

keywords quantum machine learningUAV anomaly detectioncyber-physical systemsdata leakagehybrid quantum-classicalfeature auditingfalse alarm rate

0 comments

The pith

A trained quantum-classical hybrid raises mean F1 macro when UAV anomaly detection is limited to instantaneous physical signals.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper tests quantum machine learning for spotting anomalies in unmanned aerial vehicles by using a multi-sensor dataset that captures both avionics and physical measurements. It introduces a temporal partitioning method that splits data into contiguous time blocks and a feature audit that separates raw physical readings from accumulated context such as energy totals or GPS paths. The evaluation compares a hybrid XGBoost plus trained data-reuploading circuit against several classical and quantum baselines under the same computational limits. Only the trained hybrid shows an increase in average F1 macro score when moving from full features to the strict physical-only set, and it also posts the lowest average false-alarm rate in the proxy-free case. The authors present the outcome as an incremental, reproducible benefit for quantum hybrids in NISQ-era aerospace security and release the code for further checks.

Core claim

The trained-DRU hybrid is the only model whose mean F1 macro shifts upward from full to strict (+0.05), a directional signal that the per-seed standard deviations prevent from being interpreted as a statistically established difference. The trained-DRU hybrid also records the lowest mean false-alarm rate under proxy-free evaluation, subject to the inter-seed variance reported. We frame this as an incremental, reproducible quantum-enhanced hybrid benefit.

What carries the argument

Hybrid XGBoost plus trained Data Reuploading (DRU) quantum circuit, evaluated with group-aware temporal partitioning into contiguous TimeUS blocks and a three-mode feature audit (full, loose, strict).

If this is right

The hybrid shows resilience when contextual proxies are removed, which matters in settings where those proxies can be manipulated by an attacker.
Trained quantum circuits can contribute to lower false-alarm rates than matched classical baselines when the evaluation budget is held fixed.
Contiguous block partitioning avoids performance inflation caused by mixing temporally correlated sensor samples.
The open Qiskit implementation supplies a reproducible benchmark for testing similar quantum-classical hybrids in aerospace cybersecurity.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The directional improvement may arise because the quantum map extracts features that remain informative even after historical context is stripped away.
The same leakage-free partitioning and audit approach could be applied to anomaly detection on other cyber-physical platforms such as ground robots or industrial control systems.
Running the protocol on additional public UAV datasets or with more seeds would clarify whether the observed shift exceeds current inter-seed variance.

Load-bearing premise

Partitioning the TLM:UAV dataset into ten contiguous TimeUS blocks and using the three-mode feature audit together eliminate leakage and correctly isolate instantaneous physical signals from contextual proxies.

What would settle it

A repeated run of the same protocol with the same models but a fresh UAV sensor dataset in which the trained-DRU hybrid no longer shows the F1 macro increase or loses its lowest false-alarm position.

Figures

Figures reproduced from arXiv: 2605.19233 by Camilo Segura Quintero, Carlos A. Dur\'an Paredes, German Dar\'io D\'iaz, Javier E. Le\'on Calder\'on, Nicol\'as S\'anchez Perea.

**Figure 1.** Figure 1: Hub-and-spoke architecture of the experimental pipeline. The central hub implements the leakage-free preprocessing core: temporal ordering by TimeUS, K-block group-aware split, train-only scaling and balancing (RobustScaler → SMOTETomek), and mutual-information feature ranking under the three audit modes (full/loose/strict). From this hub, three model spokes are evaluated under identical seeds, splits, and… view at source ↗

**Figure 2.** Figure 2: TLM:UAV anomaly classes along TimeUS. Each anomaly type is confined to one or two segments, with only three gap-defined episodes. A temporal diagnostic ( [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 3.** Figure 3: F1 macro across paradigms, per feature mode. Classical models carry most of their performance from contextual proxies and degrade visibly from full to strict; the trained-DRU hybrid (rightmost) is the only model that improves under strict [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗

**Figure 4.** Figure 4: ROC AUC across paradigms. Random Forest is the most proxy-robust classical baseline; the standalone DRU is competitive in full (0.76) but degrades sharply, indicating that its raw representation still benefits from contextual signals [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

**Figure 5.** Figure 5: False-alarm rate (FAR) on the normal class across paradigms. Under strict, the trained-DRU hybrid attains the lowest FAR (0.451), a key operational metric for an intrusion-style detector. 3 Results 3.1 Headline Comparison [PITH_FULL_IMAGE:figures/full_fig_p005_5.png] view at source ↗

**Figure 6.** Figure 6: DRU degradation from full to strict. The slope on F1 macro is −0.06; on MCC it is −0.24. The DRU’s MI-selected angles still encode part of the contextual proxies, motivating the hybrid augmentation [PITH_FULL_IMAGE:figures/full_fig_p006_6.png] view at source ↗

**Figure 7.** Figure 7: Hybrid XGBoost variants under the three feature modes. The trained-DRU variant (last bar of each panel) is the only one whose balanced accuracy stays competitive across modes; PCA, Poly2 , and random-RBF behave similarly to one another, suggesting that the trained DRU contributes information not present in deterministic or random non-linear expansions. 3.3 Fault-3 Secondary Task Of the four anomaly classes… view at source ↗

read the original abstract

Unmanned aerial vehicles (UAVs) are cyber-physical systems whose attack surface spans networked avionics and on-board sensor fusion: a compromised GPS or battery module can mimic a benign mission segment and evade naive anomaly detectors. We present a leakage-free evaluation of quantum machine learning for UAV anomaly detection on the multi-sensor TLM:UAV benchmark. Three contributions support the study. (i) A group-aware temporal protocol (B2) partitions the dataset into ten contiguous TimeUS blocks and evaluates over ten seeds, eliminating the inflation produced by random stratified splits that mix neighbouring samples. (ii) A three-mode feature audit (full/loose/strict) quantifies how much accuracy stems from instantaneous physical signals versus contextual proxies (cumulative energy, battery state, GPS trajectory). (iii) A hybrid XGBoost + Data Reuploading (DRU) classifier is benchmarked against five paired non-linear controls (raw, PCA, polynomial-2, random-RBF, and an untrained DRU map) under identical budgets. The standalone DRU does not consistently match the strongest classical baseline across seeds; however, the trained-DRU hybrid is the only model whose mean F1 macro shifts upward from full to strict (+0.05), a directional signal that the per-seed standard deviations prevent from being interpreted as a statistically established difference. The trained-DRU hybrid also records the lowest mean false-alarm rate under proxy-free evaluation, subject to the inter-seed variance reported. We frame this as an incremental, reproducible quantum-enhanced hybrid benefit, and provide an open Qiskit 2.x implementation as a benchmark for cybersecurity analytics in NISQ-era aerospace systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a careful temporal split and feature audit for testing a data-reuploading hybrid on UAV anomaly data, but the reported edge stays small and inside the variance.

read the letter

The main takeaway is that this work takes the known data-reuploading circuit, trains it in a hybrid with XGBoost, and runs it on the TLM:UAV benchmark under a group-aware split into ten contiguous TimeUS blocks plus a three-mode feature audit. That setup is the concrete addition: it tries to stop random splits from leaking neighboring samples and to separate instantaneous sensor signals from longer-term proxies like battery state or GPS path. They also ship the Qiskit 2.x code, which is useful for anyone who wants to rerun the exact comparison against the five classical controls under matched budgets. The abstract is honest that the hybrid alone shows a +0.05 mean F1 macro rise from full to strict features and the lowest false-alarm rate, yet the per-seed standard deviations are large enough that the shift is only directional. That restraint is welcome. The protocol itself looks like a reasonable step beyond naive cross-validation for time-series cyber-physical data. The soft spot is whether ten contiguous blocks plus the strict audit really close off all leakage. If anomalies or state transitions cross block boundaries, or if some linear or nonlinear correlation with removed proxies survives in the strict feature set, the attribution of any small gain to the quantum component weakens. The variance numbers already keep the result modest, so residual leakage would make the hybrid benefit even harder to isolate. This is the kind of incremental, reproducible benchmark that people working on quantum methods for security or aerospace anomaly detection might want to cite or extend. It is not a new algorithm or a large-scale demonstration, but the evaluation hygiene and open implementation give it a clear reference value. I would send it to peer review so the full methods, exact hyper-parameters, and raw per-seed tables can be checked by specialists who know the UAV dataset and the circuit details.

Referee Report

1 major / 1 minor

Summary. The paper evaluates a hybrid XGBoost + trained Data Reuploading (DRU) quantum classifier for anomaly detection on the TLM:UAV multi-sensor benchmark. It introduces a group-aware temporal protocol (B2) that partitions data into ten contiguous TimeUS blocks evaluated over ten seeds, a three-mode feature audit (full/loose/strict) to isolate instantaneous physical signals from contextual proxies, and benchmarks the hybrid against five classical non-linear controls under matched budgets. The central empirical claim is that the trained-DRU hybrid is the only model showing a mean F1-macro increase (+0.05) from full to strict mode and records the lowest mean false-alarm rate under proxy-free evaluation, presented as an incremental, reproducible quantum-enhanced benefit with an open Qiskit 2.x implementation.

Significance. If the leakage-free protocol and directional result hold, the work supplies a concrete, reproducible benchmark for NISQ-era quantum hybrids in cyber-physical security, emphasizing careful temporal partitioning and proxy auditing in time-series anomaly detection. The open implementation and explicit acknowledgment of per-seed variance are strengths that support incremental progress rather than overstated claims.

major comments (1)

Protocol B2 (abstract and methods): the assertion that ten contiguous TimeUS blocks plus the three-mode audit together eliminate leakage from neighboring samples and isolate instantaneous physical signals requires additional validation. Contiguous blocks can still allow residual temporal leakage if anomalies or state transitions cross block boundaries, if feature statistics are non-stationary across the ten blocks, or if strict-mode features retain linear/nonlinear correlations with removed proxies (cumulative energy, battery state, GPS trajectory). The manuscript reports per-seed standard deviations large enough to render the +0.05 F1-macro shift non-significant; any undetected leakage would directly undermine attribution of the directional signal to the quantum hybrid component.

minor comments (1)

Abstract and results section: the phrasing 'incremental, reproducible quantum-enhanced hybrid benefit' should be qualified more explicitly to reflect that the observed shift is directional only and not statistically established.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback. We address the major comment below, agreeing where the manuscript can be strengthened through additional validation and clearer caveats while defending the protocol's design rationale on substantive grounds.

read point-by-point responses

Referee: Protocol B2 (abstract and methods): the assertion that ten contiguous TimeUS blocks plus the three-mode audit together eliminate leakage from neighboring samples and isolate instantaneous physical signals requires additional validation. Contiguous blocks can still allow residual temporal leakage if anomalies or state transitions cross block boundaries, if feature statistics are non-stationary across the ten blocks, or if strict-mode features retain linear/nonlinear correlations with removed proxies (cumulative energy, battery state, GPS trajectory). The manuscript reports per-seed standard deviations large enough to render the +0.05 F1-macro shift non-significant; any undetected leakage would directly undermine attribution of the directional signal to the quantum hybrid component.

Authors: We agree that contiguous blocks do not provably eliminate every conceivable form of residual temporal leakage and that further validation is needed. Protocol B2 was designed specifically to avoid the severe leakage induced by random stratified splits that mix temporally adjacent samples; the ten contiguous TimeUS blocks ensure that training and test sets respect temporal contiguity within each seed. However, we acknowledge the referee's points on possible boundary crossings, non-stationarity, and residual correlations. In revision we will add (i) a stationarity check (e.g., Augmented Dickey-Fuller tests or variance ratios) across the ten blocks for key features and (ii) Pearson and mutual-information correlations between strict-mode features and the removed proxy variables (cumulative energy, battery state, GPS trajectory) to quantify any remaining linear or nonlinear dependencies. These diagnostics will be reported in a new subsection of the methods. On the +0.05 F1-macro shift, the manuscript already states that per-seed standard deviations render the difference non-significant and presents it only as a directional signal; we will move this explicit caveat into the abstract and strengthen the discussion to prevent over-attribution to the quantum component. We maintain that the combination of temporal partitioning and proxy auditing still provides a stricter leakage control than standard random-split benchmarks in the literature, but we accept that additional empirical checks are required to support this claim. revision: partial

Circularity Check

0 steps flagged

No circularity: empirical protocol and direct measurements

full rationale

The paper advances an empirical evaluation on the TLM:UAV dataset using a group-aware temporal partitioning protocol (B2) into contiguous TimeUS blocks, a three-mode feature audit (full/loose/strict), and direct benchmarking of a trained-DRU hybrid against five classical controls under fixed budgets. All headline results—the +0.05 mean F1 macro shift from full to strict, lowest false-alarm rate, and per-seed statistics—are reported as measured performance quantities on the audited splits rather than as outputs of any derivation, equation, or fitted parameter that is then re-labeled as a prediction. No self-definitional steps, ansatz smuggling, or load-bearing self-citations appear in the described contributions; the work is self-contained against external benchmarks and does not reduce its central claims to tautological re-use of its own inputs.

Axiom & Free-Parameter Ledger

2 free parameters · 1 axioms · 0 invented entities

The evaluation depends on the representativeness of the TLM:UAV benchmark and on the assumption that the chosen temporal blocks and feature modes isolate the intended signal; no new physical entities are postulated and the only free parameters are the explicit design choices of block count and seed count.

free parameters (2)

number of TimeUS blocks = 10
Set to ten contiguous blocks to enforce temporal separation in the group-aware protocol B2.
number of evaluation seeds = 10
Set to ten to quantify inter-run variance in F1 and false-alarm metrics.

axioms (1)

domain assumption The TLM:UAV multi-sensor benchmark contains representative attack and benign segments whose temporal structure can be partitioned without destroying the underlying physical signals.
Invoked when claiming that the B2 protocol eliminates leakage while preserving meaningful anomaly detection.

pith-pipeline@v0.9.0 · 5885 in / 1472 out tokens · 54178 ms · 2026-05-20T05:22:44.509493+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

hybrid XGBoost + Data Re-uploading (DRU) classifier … three-mode feature audit (full/loose/strict)

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

16 extracted references · 16 canonical work pages

[1]

Cybersecurity in aviation,

ENISA, “Cybersecurity in aviation,”ENISA Threat Landscape, 2021. [Online].https: //www.enisa.europa.eu

work page 2021
[2]

Quantum machine learning,

J. Biamonteet al., “Quantum machine learning,”Nature, vol. 549, pp. 195–202, 2017. https://doi.org/10.1038/nature23474

work page doi:10.1038/nature23474 2017
[3]

Supervised learning with quantum-enhanced feature spaces,

V. Havlíčeket al., “Supervised learning with quantum-enhanced feature spaces,”Nature, vol. 567, pp. 209–212, 2019.https://doi.org/10.1038/s41586-019-0980-2

work page doi:10.1038/s41586-019-0980-2 2019
[4]

P´ erez-Salinas, A

A. Pérez-Salinaset al., “Data re-uploading for a universal quantum classifier,”Quantum, vol. 4, p. 226, 2020.https://doi.org/10.22331/q-2020-02-06-226

work page doi:10.22331/q-2020-02-06-226 2020
[5]

Security intrusion detection using quantum machine learning techniques,

M. Kalinin and V. Krundyshev, “Security intrusion detection using quantum machine learning techniques,”J. Comput. Virol. Hacking Tech., vol. 19, pp. 125–136, 2023.https: //doi.org/10.1007/s11416-022-00435-0

work page doi:10.1007/s11416-022-00435-0 2023
[6]

Acquisition and processing of UAV fault data based on time line modeling method,

T. Yang, Y. Lu, H. Deng, J. Chen, and X. Tang, “Acquisition and processing of UAV fault data based on time line modeling method,”Applied Sciences, vol. 13, no. 7, p. 4301, 2023. https://doi.org/10.3390/app13074301

work page doi:10.3390/app13074301 2023
[7]

Quantum machine learning in feature hilbert spaces,

M. Schuld and N. Killoran, “Quantum machine learning in feature Hilbert spaces,”Phys. Rev. Lett., vol. 122, p. 040504, 2019.https://doi.org/10.1103/PhysRevLett.122.040504

work page doi:10.1103/physrevlett.122.040504 2019
[8]

Schuld and F

M. Schuld and F. Petruccione,Machine Learning with Quantum Computers, 2nd ed. Springer, 2021.https://doi.org/10.1007/978-3-030-83098-4

work page doi:10.1007/978-3-030-83098-4 2021
[9]

Experimental quantum adversarial learning with programmable supercon- ducting qubits,

W. Renet al., “Experimental quantum adversarial learning with programmable supercon- ducting qubits,”Nat. Comput. Sci., vol. 2, pp. 711–717, 2022.https://doi.org/10.1038/ s43588-022-00351-9

work page 2022
[10]

The power of quantum neural networks,

A. Abbaset al., “The power of quantum neural networks,”Nat. Comput. Sci., vol. 1, pp. 403–409, 2021.https://doi.org/10.1038/s43588-021-00084-1

work page doi:10.1038/s43588-021-00084-1 2021
[11]

& Guestrin, C

T. Chen and C. Guestrin, “XGBoost: A scalable tree boosting system,”Proc. ACM KDD, pp. 785–794, 2016.https://doi.org/10.1145/2939672.2939785

work page doi:10.1145/2939672.2939785 2016
[12]

Intrusion detection and ejection framework against lethal attacks in UAV-aided networks: A Bayesian game-theoretic methodology,

H. Sedjelmaci, S. M. Senouci, and N. Ansari, “Intrusion detection and ejection framework against lethal attacks in UAV-aided networks: A Bayesian game-theoretic methodology,” IEEE Trans. Intell. Transp. Syst., vol. 18, no. 5, pp. 1143–1153, 2017.https://doi.org/ 10.1109/TITS.2016.2600370

work page doi:10.1109/tits.2016.2600370 2017
[13]

Intrusion detection systems for networked unmanned aerial vehicles: A survey,

G. Choudhary, V. Sharma, I. You, K. Yim, R. Chen, and J. H. Cho, “Intrusion detection systems for networked unmanned aerial vehicles: A survey,”IEEE Internet Things J., vol. 7, no. 7, pp. 6047–6064, 2020.https://doi.org/10.1109/JIOT.2020.2973140

work page doi:10.1109/jiot.2020.2973140 2020
[14]

qiskit-data-reuploading: a scikit-learn compatible data re-uploading classifier for Qiskit2.x,

C. A. Durán Paredes, “qiskit-data-reuploading: a scikit-learn compatible data re-uploading classifier for Qiskit2.x,” GitHub, 2025. [Online]. https://github.com/Carlosandp/ qiskit-data-reuploading 9

work page 2025
[15]

TLM-UAV-Quantum-Anomaly-Detection: reproducible pipeline, note- books, results, and figures,

C. A. Durán Paredes, J. E. León Calderón, N. Sánchez Perea, G. D. Díaz, and C. Segura, “TLM-UAV-Quantum-Anomaly-Detection: reproducible pipeline, note- books, results, and figures,” GitHub, 2026. [Online].https://github.com/Carlosandp/ TLM-UAV-Quantum-Anomaly-Detection

work page 2026
[16]

Unmanned aerial vehicles anomaly detection model based on sensor information fusion and hybrid multimodal neural network,

H. Deng, Y. Lu, T. Yang, Z. Liu, and J. Chen, “Unmanned aerial vehicles anomaly detection model based on sensor information fusion and hybrid multimodal neural network,”Eng. Appl. Artif. Intell., vol. 132, p. 107961, 2024. https://doi.org/10.1016/j.engappai. 2024.107961 10

work page doi:10.1016/j.engappai 2024

[1] [1]

Cybersecurity in aviation,

ENISA, “Cybersecurity in aviation,”ENISA Threat Landscape, 2021. [Online].https: //www.enisa.europa.eu

work page 2021

[2] [2]

Quantum machine learning,

J. Biamonteet al., “Quantum machine learning,”Nature, vol. 549, pp. 195–202, 2017. https://doi.org/10.1038/nature23474

work page doi:10.1038/nature23474 2017

[3] [3]

Supervised learning with quantum-enhanced feature spaces,

V. Havlíčeket al., “Supervised learning with quantum-enhanced feature spaces,”Nature, vol. 567, pp. 209–212, 2019.https://doi.org/10.1038/s41586-019-0980-2

work page doi:10.1038/s41586-019-0980-2 2019

[4] [4]

P´ erez-Salinas, A

A. Pérez-Salinaset al., “Data re-uploading for a universal quantum classifier,”Quantum, vol. 4, p. 226, 2020.https://doi.org/10.22331/q-2020-02-06-226

work page doi:10.22331/q-2020-02-06-226 2020

[5] [5]

Security intrusion detection using quantum machine learning techniques,

M. Kalinin and V. Krundyshev, “Security intrusion detection using quantum machine learning techniques,”J. Comput. Virol. Hacking Tech., vol. 19, pp. 125–136, 2023.https: //doi.org/10.1007/s11416-022-00435-0

work page doi:10.1007/s11416-022-00435-0 2023

[6] [6]

Acquisition and processing of UAV fault data based on time line modeling method,

T. Yang, Y. Lu, H. Deng, J. Chen, and X. Tang, “Acquisition and processing of UAV fault data based on time line modeling method,”Applied Sciences, vol. 13, no. 7, p. 4301, 2023. https://doi.org/10.3390/app13074301

work page doi:10.3390/app13074301 2023

[7] [7]

Quantum machine learning in feature hilbert spaces,

M. Schuld and N. Killoran, “Quantum machine learning in feature Hilbert spaces,”Phys. Rev. Lett., vol. 122, p. 040504, 2019.https://doi.org/10.1103/PhysRevLett.122.040504

work page doi:10.1103/physrevlett.122.040504 2019

[8] [8]

Schuld and F

M. Schuld and F. Petruccione,Machine Learning with Quantum Computers, 2nd ed. Springer, 2021.https://doi.org/10.1007/978-3-030-83098-4

work page doi:10.1007/978-3-030-83098-4 2021

[9] [9]

Experimental quantum adversarial learning with programmable supercon- ducting qubits,

W. Renet al., “Experimental quantum adversarial learning with programmable supercon- ducting qubits,”Nat. Comput. Sci., vol. 2, pp. 711–717, 2022.https://doi.org/10.1038/ s43588-022-00351-9

work page 2022

[10] [10]

The power of quantum neural networks,

A. Abbaset al., “The power of quantum neural networks,”Nat. Comput. Sci., vol. 1, pp. 403–409, 2021.https://doi.org/10.1038/s43588-021-00084-1

work page doi:10.1038/s43588-021-00084-1 2021

[11] [11]

& Guestrin, C

T. Chen and C. Guestrin, “XGBoost: A scalable tree boosting system,”Proc. ACM KDD, pp. 785–794, 2016.https://doi.org/10.1145/2939672.2939785

work page doi:10.1145/2939672.2939785 2016

[12] [12]

Intrusion detection and ejection framework against lethal attacks in UAV-aided networks: A Bayesian game-theoretic methodology,

H. Sedjelmaci, S. M. Senouci, and N. Ansari, “Intrusion detection and ejection framework against lethal attacks in UAV-aided networks: A Bayesian game-theoretic methodology,” IEEE Trans. Intell. Transp. Syst., vol. 18, no. 5, pp. 1143–1153, 2017.https://doi.org/ 10.1109/TITS.2016.2600370

work page doi:10.1109/tits.2016.2600370 2017

[13] [13]

Intrusion detection systems for networked unmanned aerial vehicles: A survey,

G. Choudhary, V. Sharma, I. You, K. Yim, R. Chen, and J. H. Cho, “Intrusion detection systems for networked unmanned aerial vehicles: A survey,”IEEE Internet Things J., vol. 7, no. 7, pp. 6047–6064, 2020.https://doi.org/10.1109/JIOT.2020.2973140

work page doi:10.1109/jiot.2020.2973140 2020

[14] [14]

qiskit-data-reuploading: a scikit-learn compatible data re-uploading classifier for Qiskit2.x,

C. A. Durán Paredes, “qiskit-data-reuploading: a scikit-learn compatible data re-uploading classifier for Qiskit2.x,” GitHub, 2025. [Online]. https://github.com/Carlosandp/ qiskit-data-reuploading 9

work page 2025

[15] [15]

TLM-UAV-Quantum-Anomaly-Detection: reproducible pipeline, note- books, results, and figures,

C. A. Durán Paredes, J. E. León Calderón, N. Sánchez Perea, G. D. Díaz, and C. Segura, “TLM-UAV-Quantum-Anomaly-Detection: reproducible pipeline, note- books, results, and figures,” GitHub, 2026. [Online].https://github.com/Carlosandp/ TLM-UAV-Quantum-Anomaly-Detection

work page 2026

[16] [16]

Unmanned aerial vehicles anomaly detection model based on sensor information fusion and hybrid multimodal neural network,

H. Deng, Y. Lu, T. Yang, Z. Liu, and J. Chen, “Unmanned aerial vehicles anomaly detection model based on sensor information fusion and hybrid multimodal neural network,”Eng. Appl. Artif. Intell., vol. 132, p. 107961, 2024. https://doi.org/10.1016/j.engappai. 2024.107961 10

work page doi:10.1016/j.engappai 2024