A “Max/min” Binary Hypothesis Test for GPS Spoofing Detection

Changhui Jiang 1,2, Yuwei Chen2*, Yuming Bo1

1
School of Automation, Nanjing University of Science and Technology, Xiaolingwei 200, Nanjing, China
2
Department of Remote Sensing and Photogrammetry, Finnish Geospatial Research Institute, Helsinki, Finland
*
chiang_changhui@outlook.com

Abstract:
The navigation solutions provided by the GPS has the foundation stone of various applications.
However, the signal interference, signal jamming and the signal spoofing endangers the security and
integrity of the system, which hinders its further application. The signal interference and jamming undermine
the system by providing the receivers from accessing to the broadcasted signals. However, the spoofing
attacks the system by feeding the receivers the false signals and make the receivers output erroneous
navigation information.
Overall, each antenna receives unique signals related with its position when there is no spoofing.
Consequently, we can compute the distance or separation between each pair of receivers. The statistic
characteristics distance changes with spoofing or non-spoofing. The existing of the spoofing will make the
statistic characteristics different from that normal or non-spoofed. The spoofing attack is detected based on
the statistic characteristics of the single distance or the sum values of the distances.
This paper firstly proposed a “Max/Min” detecting method, this method employs the maximum or
minimum distances between receivers as the representative variable for the binary hypothesis test. The
statistic characteristics with spoofing or non-spoofing is derived and presented under some assumptions.
The interrelationship between the false alarm probability and detection probability is established with the
distance length and amount as the variables. And then analysis is presented by the receiver operating curves
(ROC) with several simple examples. We compared the detection performance under different distance
length and the amount, the results demonstrated the better performance of the proposed “Max/Min” detector.

Keyword：Spoofing detection; binary hypothesis test; statistic characteristics; ROC;

1. Introduction
The global satellite navigation systems (GNSS) broadcast satellite navigation signals, and the receivers
at any time and place which are available to the signals that can provide precise navigation solutions
(position, time and velocity). This system has been an important infrastructure directly related to the national
economy and the people's livelihood [1-5]. However, with the popularization and wide application of
satellite positioning technology, some problems are gradually exposed. When the navigation signals reach
the surface of the earth, the signal is so weak and vulnerable to intentional interference (jamming, spoofing
etc.) and unintentional interference (multipath etc.) effect. The presence of interference has been a serious
threat to the accuracy, availability, continuity and integrity of the system [6-8]. For the signal blockage and
jamming, they undermine the system by providing the receiver from accessing to the broadcasted signals.
Unlike the signal blockage and jamming, the spoofing attack feeds the receiver the fake satellite signals
and aims to mislead the target to the wrong place. Especially for the safety critical applications. The
interference anti-jamming and spoofing detection technology become an important guarantee for the secure
and continuous application of the satellite navigation system.
Much previous work about the detection and identification of the spoofing is conducted by monitoring
the abnormal change of the received signal’s characteristics to determine whether the system is attacked [11-
15].

1
 In 2003, Warnter and Johnston proposed seven possible countermeasures for detecting the suspicious
GPS signal activity, they include 1) Monitor the absolute GPS signal strength; 2) Monitor the relative GPS
signal strength; 3) Monitor the signal strength of each received satellite signal; 4) Monitor satellite
identification codes and number of satellite signals received; 5) Check the time intervals; 6) Do a time
comparison; 7) Perform a sanity check [1].
In 2007, McDowell proposed a spoofing detection method using the antenna array [2]. This method
calculates the AOA (Angle of Arrival) of the interference signal, and then detects and suppresses the
interference. The simulation results show the effectiveness of the proposed algorithm, but the receiver
requires a large amount of computation. In literature [3], another method that using the DOA (Direction of
Arrival) of arrival signal is measured by the multi-antenna array and the predicted angle to detect the
spoofing attack. In this method, supposing that all the signal received by the receiver is the true signal and
calculating the received signal’s DOA. Then estimating and predicting the DOA of the next time epoch
based on the s positioning information and satellite ephemeris. The spoofing can be detected by comparing
the calculated DOA and the predicted DOA. However, due to the low power of satellite signals, the accuracy
of estimating DOA using this method is very low, and the false alarm rate and false alarm probability of this
method are very high.
Apart from the antenna array based spoofing detection method, much previous work focus on the signal
processing level for spoofing detection. After a large number of experiments, Shepard observed that the
power of spoofing attack must be stronger than the real satellite signals at about 1.1dB and then it can
mislead the satellite navigation receiver. The absolute power of the signal can be an indicator for determine
whether there is a spoofing attack [9]. Apart from this, Jafarnia from the Calgary University in Canada
proposed that the spoofing can be detected by continuously monitoring the carrier to noise ratio of the signal.
[10]. In aspects of the correlators, by detecting whether there is an abnormal asymmetry in the output peak
of the GPS correlator, whether the receiver is spoofed is the another kind of spoofing detection method using
the received signals’ characteristics [10-11]. In 2013, Akos proposed a method that using the anomalies of
AGC (Automatic Gain Control) parameters in the receivers’ tracking loop to detect the spoofing [12].
In addition to the above methods based on the single receiver configuration, the analysis on the results
from different receivers is another method for identifying the spoofing attack [13-15]. And few analysis of
the positioning results under spoofing attack are presented. What’s more, the influence of the baseline’s
amount and the length on the detection performance is never modelled little discussed. This paper firstly
proposed a “Max/Min” detecting method, this method employs the maximum or minimum distances
between receivers as the representative variable for the binary hypothesis test. The statistic characteristics
with spoofing or non-spoofing is derived and presented under some assumptions. The interrelationship
between the false alarm probability and detection probability is established with the distance length and
amount as the variables. And then analysis is presented by the ROC curves with several simple examples.
We compared the detection performance under different distance length and amount, the results
demonstrated the better performance of the proposed “Max/Min” detector

This paper is organized as follows: section 1: the introduction; section 2: the modelling, the
effectiveness analysis and the demonstration; section 3: the experiments and the results presentation; the
next sections include the conclusion, acknowledgement and the reference.

2. Methods
As mentioned in the previous section, this section is about the setting up of the detectors including
the related formulas and expressions. Both of them take advantage of the statistic characteristics’ changes
between spoofing and non-spoofing. The features are defined as:
① “sum” detector : Utilizing the statistic characteristics’ changes of the distances summation under
spoofing or non-spoofing;

2
 ② “max/min” detector: Utilizing the statistic characteristics’ changes of the maximum/minimum
distance under spoofing or non-spoofing.
Before the setting up, some assumptions are necessary. Here, the hypothesis test is a form of a binary
decision (H0: non-spoofing and H1: spoofing).
Two types errors false alarm and miss detection are possible. The specific meanings of the errors are
as follows
1) False alarm detection: the detector decides for H1, but H0 is actually true.
2) Miss detection, the detector decides for H0, but H1 is actually true.

2.1. “sum” detector

This detector utilizes the statistic characteristics’ changes of the distances summation under spoofing
or non-spoofing.
Firstly, recalling that the distances are subject to normal distribution and statistically independent
from each other.
Bi  N  d L ,  L2  , i  1,..., N
i i
(1)

Where, the Bi is the ith distance, d L is the length and the  Li is the variance. With the assumptions,
2
i

the hypothesises are

① H0, non-spoofing, d Lns1 _ LN is the sum of the distances, and it is subject to normal distribution with
the mean D  d L1  ...  d LN and covariance    L21  ...   L2N .
d Lns_ L   B1  ...  BN   N  D,   (2)
1 N

② H1, spoofing, d Lns_ L is the sum of the distances, and it is subject to normal distribution with the
1 N

mean D  0 and covariance    L21  ...   L2N .

d Ls _ L  N  0,  
1 N

How can we take advantage of the statistics characteristics’ difference for spoofing detection? One
obvious method is to compare the distances summation to a threshold.
① D >  decide H0;
② D <  decide H1.
Based on these, we can solve for the false alarm probability
 d ns  d L  ...  d L  
  d L1  ...  d LN 
 
ns

1 N


p fa  P d L _ L   | H 0  P  L1 _ LN
 2

1

...   2
N

 2
 ...   2
| H0 

(3)
 L1 LN L1 LN 
For numeric analysis, considering an example that
d L1  ...  d LN  d 0 ,  L2  ...   L2   2
1 N

We can solve for threshold 

   N  d0 
norm _ inv  p fa   (4)
 N   2

   N  2
  norm _ inv  p    N  d 
fa 0 (5)
Where the p fa is the false alarm probability, the function P  is the usual Gaussian probability,
norm _ inv  is the inverse operation of the Gaussian probability.
Hence, we can write the detection probability as

3
  d Ls _ L 

pd  P d L _ L   | H1  P
1 N
s   1 N

  L2  ...   L2


 L1  ...   LN
2 2
| H1 

(6)
 1 N 
Considering the  , the detection probability
 N   2  norm _ inv( p )   N  d  
pd  P  
fa 0
(7)
 N   2 
 
As an example of the results, we recall that  m     d0 and the detection probability simplifies
 N  norm _ inv  p fa    m  N  
pd  P 
 N 

  P norm _ inv( p fa )  m  N  (8)
 
The expression will be used later in the paper.

2.2. “Max/Min” detector

Overall, the “sum” detector utilizes the statistic characteristics of the distance summation. Is there
another method or model better than the “sum” detector? Actually, selecting the maximum or minimum
distance as the parameter may have better performance? We proposed a “max/min” detector and elaborate
the specifics of the detector.
Similar to the previous detector, assuming the distance or separation is subject to Gaussian distribution.
We express the ith distance Li
 
Li  N d Li ,  L2i ; i  1,..., N (9)
Under some assumptions, the binary hypothesis test for this case is
① H0, non-spoofing: the minimum value min  L1...LN  is selected to compare with a threshold  .
The distances Li are subject to Gaussian distribution.
 
Li  N d Li ,  L2i ; i  1,..., N (10)
We can compute the false alarm probability
N
p fa  P  min  L1 ,..., LN    | H 0   1   1  Pi  Li     , i  1,..., N (11)
i 1

N   Li  d Li   d Li 
p fa  1   1  Pi    (12)
  L  Li 
i 1
  i 
N     d Li  
p fa  1   1  Pi   (13)
  L 
i 1
  i 
Where the P  is the usual Gaussian probability and the p fa is the false alarm probability.
② H1, spoofing: the maximum value max  L1...LN  is selected to compare with a threshold  . The
distances Li are subject to Gaussian distribution.
 
Li  N 0,  L2i ; i  1,..., N
We can compute the detection probability

pd  P  max  L1 ,..., LN    | H1    P  L1     ...  P  LN     (14)

N   
pd   Pi   (15)
L 
i 1  i 

4
 Where, the Pi   is the usual Gaussian probability, the  is the threshold in the hypothesis test, the
pd is the detection probability.
Considering an example, assuming  m   L   ...   m   L   d L ...  d L
1 n 1 n

Then
    m    
N

p fa  1  1  P    (16)
 
  
We can find the threshold 

   m       norm _ inv 1  N 1  p fa  (17)
The interrelationship between the false alarm probability and the detection probability is

  
N
pd  P m  norm _ inv 1  N 1  p fa (18)
Where, the function norm _ inv  is the inverse operation of the Gaussian probability. The variable
m reflects the length of the baseline and the variable N means the amount of the distances.
3. Performance Analysis
Previous section describes the interrelationship false alarm and detection probability of the “sum”
detector and the new “max/min” detector. And here, in this section, the receiver operating characteristic
curves (ROC) are presented for the analysis reference of the two detectors. Since a ROC curve that appears
more toward the upper left of the diagram is better for detection. We use the ROC curves for
comparing the detection performance of detectors.
Since little previous work presents the resulting performance of the distance length or distance amount.
This section firstly presents the ROC curves under different length and amount for the two detectors. The
formulas and expressions are derived in the previous section. Finally, the “max/min” detector is compared
with “sum” detector. We divide the analysis into three parts: ① ”sum” detector; ② ”max/min” detector;
③ detectors comparison.
3.1. “sum” detector analysis
This part is the resulting analysis for the “sum” detector using several simple examples. The
interrelationship between the detection performance and the false alarm probability is derived. We express
them as this and the more derivation details are as the previous section. In the equation, the variable m
represents the effect of distance or separation length on detection results. And the variable N represents
the effect of the amount of the baseline on the spoofing detection performance. These are just examples and
hypetheses for convienently evaluating the detection performance.

pd  P norm _ inv( p fa )  m  N  
The figure 1, figure 2, figure 3 and figure 4 are the presentations of the ROC curves with the different
values of variable. The figure 1 and figure 2 are the ROC curves of different N values at the same value of
m . The figure 3 and the figure 4 are the ROC curves of different m values at the same N values. It can be
seen that the detection performance is better along with the increasing length and amount of the distances.
The increasing of the amount and the length can both bring better detection performance for the case 1.

5
 Figure 1. ROC curves ( m  1 ) Figure 2. ROC curves ( m  2 )

Figure 3. ROC curves ( N  1) Figure 4. ROC curves ( N  2 )

3.2. “max/min” detector analysis
Similar to the previous part, this part is the resulting analysis of the “max/min” detector. The
relationship between the false alarm probability and the detection probability is as the equation.

  
N
pd  P m  norm _ inv 1  N 1  p fa

Similarly, the variable m represents the effect of distance length on detection results. And the variable
N represents the effect of the distance amount on the spoofing detection performance.
The figure 5 and figure 6 are the ROC curves of different N values at the same value of m . The figure
7 and the figure 8 are the ROC curves of different m values at the same N values. It can be seen that the
detection performance and the increasing of the amount and the larger distance can both improve the ability
to detect spoofing.

6
 Figure 5. ROC curves ( m  1 ) Figure 6. ROC curves ( m  2 )

Figure 7. ROC curves ( N  1) Figure 8. ROC curves ( N  2 )

3.3. Detectors Comparisons

The previous two parts are the ROC curves and the individual analysis of the two detectors. This part
is the comparison of the two detectors presented by the ROC curves. The figure 9, figure 10, figure 11 and
the figure 12 are the results for the two detectors at different distance length and amount. It can be seen that
the second detector has the better detection performance compared with the first one under the listed four
conditions. However, as distance amount and length increase, their performance is getting closer and closer.

Figure 9. ROC curves ( N  2 , m  2 ) Figure 10. ROC curves ( N  2 , m  3 )

Figure 11. ROC curves ( N  3 , m  2 ) Figure 12. ROC curves ( N  2 , m  1 )

7
4 Conclusion
Spoofing detection and mitigation is important for safety critical applications. Various methods are
proposed and published, but little work is about the analysis of the resulting performance. In this paper, we
firstly proposed a “max/min” detector better than the “sum” detector which utilizes the receivers’ distance
summation. The new detector include the maximum/minimum values in the distances set. The
interrelationship between the false alarm probability and detection probability is derived with the variables
distance amount and distance length. Numeric simulation with simple examples is carried out for evaluating
the influence on the detectors’ detection performance. The results demonstrate that lager separation and
more amount can improve the detection performance. And the proposed “max/min” detector is better than
the conventional “sum” detector. For future works, the field tests are expected to be carried out. And the
analysis in this paper is expected to be employed for the spoofing detection.

5 Acknowledgments
The author gratefully acknowledges the financial support from China Scholarship Council (CSC) and
Outstanding Doctor Scholarship from Nanjing University of Science and Technology (NJUST). This paper
was supported by the Fundamental Research Funds for the Central Universities (30917011105). Thanks for
the paper writing guidance and revision from Professor Yuwei Chen and Yuming Bo.

6 References

[1] Warner, Jon S, and R. G. Johnston. ‘GPS Spoofing Countermeasures’. Homeland Security Journal,
2003.

[2] Mcdowell, Charles E. ’GPS spoofer and repeater mitigation system using digital spatial nulling’. US,
US 7250903 B1. 2007.

[3] Chang, Chung Liang. ‘Novel multiplexing technique in anti-jamming GNSS receiver’. American
Control Conference, 2011:3453-3458.

[4] Meurer, Michael, et al. ‘Robust Joint Multi-Antenna Spoofing Detection and Attitude Estimation using
Direction Assisted Multiple Hypotheses RAIM’. The, International Technical Meeting of the Satellite
Division of the Institute of Navigation DLR, 2012:3007-3016.

[5] Humphreys, T, Ledvina, M, Psiaki M.: ‘Assessing the Spoofing Threat: Development of a Portable GPS
Civilian Spoofer’, International Technical Meeting of the Satellite Division of the Institute of Navigation.
2008:2314-2325.

[6] Wesson, K; Shepard, D; Humphreys, T.:’ Straight Talk on Anti-Spoofing’. GPS World, 2012, 23 (1):
32-39

[7] Jahromi, A. J., Broumandan, A., Nielsen, J., Lachapelle, G.:’GPS spoofer countermeasure effectiveness
based on signal strength, noise power, and C/N0 measurements’. International Journal of Satellite
Communications & Networking, 30(4), 181–191.

[8] Khanafseh, S; Roshan, N; Langel, S.:’GPS spoofing detection using RAIM with INS coupling.’
Position, Location and Navigation Symposium - PLANS 2014, 2014 IEEE/ION. IEEE, 2014:1232-1239.

[9] Swaszek, P; Hartnett, R; Kempe, M.:’ Analysis of a Simple, Multi-Receiver GPS Spoof Detector.
Proceedings of the International Technical Meeting of the Institute of Navigation, 2013:884-892.

8
[10] Radin D, Swaszek P F, Seals K C, et al. GNSS Spoof Detection Based on Pseudo-ranges from Multiple
Receivers’. Proceedings of the International Technical Meeting of the Institute of Navigation, 2015.

[11] Pini, M., Fantino, M., Cavaleri, A., Ugazio, S., Presti, L. L.:’ Signal Quality Monitoring Applied to
Spoofing Detection’. International Technical Meeting of the Satellite Division of the Institute of Navigation,
2011:1888-1896.

[12] Akos, D.:’ Who’s Afraid of the Spoofer? GPS/GNSS Spoofing Detection via Automatic Gain Control’.
Navigation，2012，59(4): 281-290

[13] Swaszek, P. F., Hartnett, R. J.:’ Spoof detection using multiple COTS receivers in safety critical
applications’. Proceedings of International Technical Meeting of the Satellite Division of the Institute of
Navigation, 2013:

[14] Dovis, F., Chen, X., Pini, M., Cavaleri, A., Ali, K.:’ Detection of spoofing threats by means of signal
parameters estimation’. Proceedings of International Technical Meeting of the Satellite Division of the
Institute of Navigation, 10(1), 416-421.

[15] Konovaltsev, A., Cuntz, M., Hättich, C., Meurer, M.:’ Performance Analysis of Joint Multi-Antenna
Spoofing Detection and Attitude Estimation’. Proceedings of International Technical Meeting of the
Satellite Division of the Institute of Navigation, 2013:864-872.