GPS spoofed or not? Exploiting RSSI and TSS in crowdsourced air traffic control data

Abstract

GPS-dependent localization, tracking and navigation applications have a significant impact on the modern aviation industry. However, the lack of encryption and authentication makes GPS vulnerable for spoofing attacks with the purpose of hijacking aircrafts or threatening air safety. In this paper, we propose GPS-Probe, a GPS spoofing detection algorithm which leverages the air traffic control (ATC) messages periodically broadcasted by aircrafts. By exploiting the received signal strength indicator (RSSI) and the timestamps at server (TSS) of the ATC messages monitored by multiple ground sensors, GPS-Probe constructs a machine learning enabled framework which can estimate the real position of the target aircraft and then detect whether GPS is spoofed or not. Unlike existing techniques, GPS-Probe neither requires any updates of the GPS infrastructure nor of the GPS receivers. It also releases the requirement on the time synchronization of the ground sensors distributed around the world. We further present GPS-Probe-Plus by incorporating a flight height estimation module and a calibration method for RSSI and TSS values, which performs better on both target localization and spoofing detection than GPS-Probe. Using the real-world ATC data crowdsourced by OpenSky Network, our experiment results show that GPS-Probe (resp. GPS-Probe-Plus) can achieve an average detection accuracy and precision, of 81.7% (resp. 86.8%) and 85.3% (resp. 91.2%), respectively, significantly outperforming the state-of-the-arts.

Appendix: Extreme gradient boosting

Tree boosting is a highly effective and widely used machine learning technique. Due to the poor classification performance of single decision tree, the method of random forests [42] is proposed to achieve better prediction precision by assembling multiple decision trees. Random forest trees are built independent of each other, and therefore the trained models are often unstable, and do not perform well on “small” data.

Extreme Gradient Boosting (XGBoost) algorithm was proposed in 2016 [28] and can address the aforementioned issues of random forests. XGBoost builds a new tree according to the already built ones, and the new tree focuses on how to correctly classify the misclassified data samples.

The training process of XGBoost is as follows. For a given dataset: \(\{(x_i, y_i):i=1\ldots n, x_i\in \mathbb {R}^d, y_i\in \mathbb {R}\). The result given by an ensemble represented by the generated model is:

$$\begin{aligned} \hat{y}_i = \sum _{k=1}^{K} f_k(x_i) \end{aligned}$$

(16)

where \(f_k\) is a single decision tree and \(f_k(x_i)\) represents the score given by the kth tree to the ith observation in data. The goal of XGBoost is to minimize the following regularized objective function in order to choose the structure of decision tree \(f_k\):

$$\begin{aligned} \mathcal {L} = \sum _{i} l(y_i,\hat{y}_i) + \sum _{k} \varOmega (f_k) \end{aligned}$$

(17)

where l is the loss function and \(\varOmega\) is the regularization. Specifically, the penalty term \(\varOmega\) is shown as follows:

$$\begin{aligned} \varOmega (f_k) = \gamma T + \frac{1}{2} \lambda \left\| w\right\| ^2 \end{aligned}$$

(18)

where \(\gamma\) and \(\lambda\) are parameters controlling the number of leaf nodes and magnitude of leaf weights, respectively.

XGBoost leverages an iterative method to minimize the objective function (17). In jth iteration, XGBoost adds a new tree \(f_j\) and minimizes the modified objective function as:

$$\begin{aligned} \mathcal {L}^j = \sum _{i} l((y_i,\hat{y}_i^{j-1})+ f_j(x_i)) + \sum _{k} \varOmega (f_k). \end{aligned}$$

(19)

Then adopting Taylor expansion, XGBoost can simplify this function and derive the loss function after the tree split from given node. By comparing the loss of tree’s nodes, XGBoost can find the best split at a given node. It is easy to see that XGBoost can construct a series of trees by gradually iteration and every new tree correctly predicts the misclassified data obtained from the already built ones.

When using XGBoost in practice, we need to adjust the parameters of the XGBoost model to control the model structure and achieve better performance. There are two important parameters which manipulate the model structure locally and globally. One is “max_depth” which controls the depth of the decision tree \(f_j\), and the other is “n_estimators” which controls the number of decision trees, i.e. the upper limit of j in Eq. (19). Increasing the value of “max_depth” will make the XGBoost model more complex and more likely to overfit, and the default max_depth is set to 6. XGBoost adds a new tree to the existing model in each iteration, and thus “n_estimators” also control the maximum number of iterations. Since every added tree is trained on the misclassified data by previous trees, increasing the value of “n_estimators” will also make the model overfitting on some outlier data and losing model’s generalization, while decreasing “n_estimators” will degrade the accuracies of XGBoost models. What is more, increasing “max_depth” or “n_estimators” both will result in the requirements of longer training time and more calculation resources. So the key point is to choose an appropriate set of model parameters.

Besides those improvements in terms of the algorithm, XGBoost also performs better than other tree boosting methods. It supports an approximate split finding, which improves the process of the building trees and scales very well with the number of CPU cores (detailed in its github page.⁷)