Double the number of GPS spoofing overnight
Or did it?
On the night of February 23, 2025, we deployed a significantly improved GPS spoofing detection algorithm, and the number of spoofed aircraft seemingly doubled overnight. Well, it’s not that the number suddenly increased dramatically; we are simply detecting more.
The need to continuously adapt
As the GPS interference landscape constantly evolves, we need to constantly adapt to keep track of the changing spoofing patterns. We noticed that our detection in some geographical regions was not as good as we expected and started looking for a cause. Particularly, the spoofing near Kaliningrad seemed to defy our detection.
The noisy ADS-B data and the messy reality of flight operation limit how well GPS spoofing can be detected, and detection algorithms need to be tuned. Tuning them involves a trade-off that might not be obvious. In an ideal world, we would detect 100% of the spoofed aircraft and, at the same time, none that was not spoofed. However, in reality, it is always a trade-off between detecting false positives and false negatives. False positives are flights we flagged as spoofed, even though they were not, and false negatives are flights we don’t flag as spoofed, even though they were. The trade-off between false positives and negatives is inherent to most real-world applications of classifiers, the class of algorithms we employ to detect spoofing. I would be very skeptical if somebody claimed their classifier performed flawlessly.
We consciously prioritize detecting as few false positives as possible. False positives, flights that are wrongly flagged as spoofed, can clutter the maps. They can also mislead the observer into believing that GPS interference is occurring in places it is not. To avoid this, we accept that we will miss a few flights that were spoofed, but at least we create a minimum amount of false alerts.
What changed
To assess the new detection algorithm, we ran it on our test system for a while and compared the results. An example of a day in February is shown below, once with the old algorithm and once with the new one.
February 22, 2025 with old detection algorithm.
February 22, 2025 with new detection algorithm.
With the new detection algorithm, spoofing remains largely unchanged in some geographical areas, such as the Middle East. In other areas, we detect significantly more. This is especially true for the spoofing around Kaliningrad, the Black Sea, and Myanmar.
Do you want to help?
One of the difficult tasks for us is to determine how many flights we falsely classify as being spoofed or don’t flag as spoofed. The problem is that we don’t know what is often called the ground truth, i.e., which flights were actually spoofed. To establish the ground truth, we need an additional source for the spoofing detection. One possibility would be to compare our detection with data from the aircraft’s Flight Data Recorder (FDR).
We are well aware that FDR data is very sensitive and cannot simply be handed over to a third party. However, we are sure we can find a way to validate our model and handle the sensitive FDR data in a way that is acceptable to the involved parties.
If you are working for an airline and are in a position to push for such an exchange, we would very much appreciate it if you reached out to us. Please get in touch with us at contact@skai-data-services.com.
To see our updated spoofing detection in action, go to spoofing.skai-data-services.com.
