First responders and other tactical teams rely on mobile tactical networks to coordinate and accomplish emergent time-critical tasks. The information exchanged through these networks is vulnerable to various strategic cyber network attacks. Detecting and mitigating them is a challenging problem due to the volatile and mobile nature of an ad hoc environment. This paper proposes MalCAD, a graph machine learning-based framework for detecting cyber attacks in mobile tactical software-defined networks. Mal-CAD operates based on observing connectivity features among various nodes obtained using graph theory, instead of collecting information at each node. The MalCAD framework is based on the XGBOOST classification algorithm and is evaluated for lost versus wasted connectivity and random versus targeted cyber attacks. Results show that, while the initial cyber attacks create a loss of 30%–60% throughput, MalCAD results in a gain of average throughput by 25%–50%, demonstrating successful attack mitigation.