GPS spoofed or not? Exploiting RSSI and TSS in crowdsourced air traffic control data


GPS-dependent localization, tracking and navigation applications have a significant impact on the modern aviation industry. However, the lack of encryption and authentication makes GPS vulnerable for spoofing attacks with the purpose of hijacking aircrafts or threatening air safety. In this paper, we propose GPS-Probe, a GPS spoofing detection algorithm which leverages the air traffic control (ATC) messages periodically broadcasted by aircrafts. By exploiting the received signal strength indicator (RSSI) and the timestamps at server (TSS) of the ATC messages monitored by multiple ground sensors, GPS-Probe constructs a machine learning enabled framework which can estimate the real position of the target aircraft and then detect whether GPS is spoofed or not. Unlike existing techniques, GPS-Probe neither requires any updates of the GPS infrastructure nor of the GPS receivers. It also releases the requirement on the time synchronization of the ground sensors distributed around the world. We further present GPS-Probe-Plus by incorporating a flight height estimation module and a calibration method for RSSI and TSS values, which performs better on both target localization and spoofing detection than GPS-Probe. Using the real-world ATC data crowdsourced by OpenSky Network, our experiment results show that GPS-Probe (resp. GPS-Probe-Plus) can achieve an average detection accuracy and precision, of 81.7% (resp. 86.8%) and 85.3% (resp. 91.2%), respectively, significantly outperforming the state-of-the-arts.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13


  1. 1.

  2. 2.

  3. 3.

  4. 4.

  5. 5.

    Please refer to Appendix for the principle of XGBoost.

  6. 6.

  7. 7.


  1. 1.

    Liu, G., Zhang, R., Wang, C., Liu, L.: Synchronization-free GPS spoofing detection with crowdsourced air traffic control data. In: Proceedings of 20th IEEE MDM, pp. 260–268 (2019)

  2. 2.

    Hofmann-Wellenhof, B., Lichtenegger, H., Collins, J.: Global Positioning System: Theory and Practice. Springer, New York (2012)

    Google Scholar 

  3. 3.

    Liu, Z., Shi, X., He, L., Yu, D., Jin, H., Yu, C., Dai, H., Feng, Z.: A parameter-level parallel optimization algorithm for large-scale spatio-temporal data mining. In: Agrawal, D., Mokbel, M. (eds.) Distributed and Parallel Databases, pp. 1–27. Springer, Cham (2020).

    Google Scholar 

  4. 4.

    Wang, C., Lin, H., Jiang, H.: CANS: towards congestion-adaptive and small stretch emergency navigation with wireless sensor networks. IEEE Trans. Mob. Comput. 15(5), 1077–1089 (2016)

    Article  Google Scholar 

  5. 5.

    Zhang, W., Li, M., Tandon, R., Li, H.: Online location trace privacy: an information theoretic approach. IEEE Trans. Inf. Forensics Secur. 14(1), 235–250 (2019)

    Article  Google Scholar 

  6. 6.

    Tang, J., Chen, G., Coon, J.P.: Secrecy performance analysis of wireless communications in the presence of UAV jammer and randomly located UAV eavesdroppers. IEEE Trans. Inf. Forensics Secur. 14(11), 3026–3041 (2019)

    Article  Google Scholar 

  7. 7.

    Psiaki, M.L., Humphreys, T.E.: GNSS spoofing and detection. Proc. IEEE 104(6), 1258–1270 (2016)

    Article  Google Scholar 

  8. 8.

    Moser, D., Leu, P., Lenders, V., Ranganathan, A., Ricciato, F., Capkun, S.: Investigation of multi-device location spoofing attacks on air traffic control and possible countermeasures. In: Proceedings of ACM MobiCom, pp. 375–386 (2016)

  9. 9.

    Schmidt, E., Ruble, Z., Akopian, D., Pack, D.J.: Software-defined radio GNSS instrumentation for spoofing mitigation: a review and a case study. IEEE Trans. Instrum. Meas. 68(8), 2768–2784 (2019)

    Article  Google Scholar 

  10. 10.

    Humphreys, T.E., Ledvina, B.M., Psiaki, M.L., O’Hanlon, B.W., Kintner, P.M.: Assessing the spoofing threat: development of a portable GPS civilian spoofer. In: Proceedings on Radionavigation Laboratory Conference (2008)

  11. 11.

    Kerns, A.J., Shepard, D.P., Bhatti, J.A., Humphreys, T.E.: Unmanned aircraft capture and control via GPS spoofing. J. Field Robot. 31(4), 617–636 (2014)

    Article  Google Scholar 

  12. 12.

    Psiaki, M.L., Humphreys, T.E., Stauffer, B.: Attackers can spoof navigation signals without our knowledge. Here’s how to fight back GPS lies. IEEE Spectr. 53(8), 26–53 (2016)

    Article  Google Scholar 

  13. 13.

    Zhao, P., Li, J., Zeng, F., Xiao, F., Wang, C., Jiang, H.: ILLIA: enabling k-anonymity-based privacy preserving against location injection attacks in continuous LBS queries. IEEE Internet Things J. 5(2), 1033–1042 (2018)

    Article  Google Scholar 

  14. 14.

    Wesson, K.D., Gross, J.N., Humphreys, T.E., Evans, B.L.: GNSS signal authentication via power and distortion monitoring. IEEE Trans. Aerosp. Electron. Syst. 54(2), 739–754 (2018)

    Article  Google Scholar 

  15. 15.

    Heng, L., Work, D.B., Gao, G.X.: GPS signal authentication from cooperative peers. IEEE Trans. Intell. Transp. Syst. 16(4), 1794–1805 (2015)

    Article  Google Scholar 

  16. 16.

    Wesson, K., Rothlisberger, M., Humphreys, T.: Practical cryptographic civil GPS signal authentication. Navigation 59(3), 177–193 (2012)

    Article  Google Scholar 

  17. 17.

    Montgomery, P.Y.: Receiver-autonomous spoofing detection: experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer. In: Proceedings of Radionavigation Laboratory Conference (2011)

  18. 18.

    Nielsen, J., Broumandan, A., Lachapelle, G.: GNSS spoofing detection for single antenna handheld receivers. Navigation 58(4), 335–344 (2011)

    Article  Google Scholar 

  19. 19.

    Psiaki, M.L., Powell, S.P., O’hanlon, B.W.: GNSS spoofing detection using high-frequency antenna motion and carrier-phase data. In: Proceedings of the ION GNSS Meeting, pp. 2949–2991 (2013)

  20. 20.

    Akos, D.M.: Who’s afraid of the spoofer? GPS/GNSS spoofing detection via automatic gain control (AGC). Navigation 59(4), 281–290 (2012)

    Article  Google Scholar 

  21. 21.

    Jansen, K., Schäfer, M., Moser, D., Lenders, V., Pöpper, C., Schmitt, J.: Crowd-GPS-Sec: leveraging crowdsourcing to detect and localize GPS spoofing attacks. In: Proceedings of IEEE S&P, pp. 1018–1031 (2018)

  22. 22.

    Xu, B., Sun, G., Yu, R., Yang, Z.: High-accuracy TDOA-based localization without time synchronization. IEEE Trans. Parallel Distrib. Syst. 24(8), 1567–1576 (2013)

    Article  Google Scholar 

  23. 23.

    Schäfer, M., Strohmeier, M., Lenders, V., Martinovic, I., Wilhelm, M.: Bringing up OpenSky: a large-scale ADS-B sensor network for research. In: Proceedings of ACM/IEEE IPSN, pp. 83–94 (2014)

  24. 24.

    Tippenhauer, N.O., Pöpper, C., Rasmussen, K.B., Čapkun, S.: On the requirements for successful GPS spoofing attacks. In: Proceedings of ACM CCS, pp. 75–85 (2011)

  25. 25.

    Nolan, M.: Fundamentals of Air Traffic Control. Cengage Learning, Boston (2010)

    Google Scholar 

  26. 26.

    Trüb, R., Moser, D., Schäfer, M., Pinheiro, R., Lenders, V.: Monitoring meteorological parameters with crowdsourced air traffic control data. In: Proceedings of ACM/IEEE IPSN, pp. 25–36 (2018)

  27. 27.

    Zheng, Y., Liu, Y., Zhou, Z.: From RSSI to CSI: indoor localization via channel response. ACM Comput. Surv. 46(2), 1–32 (2013)

    MATH  Google Scholar 

  28. 28.

    Chen, T., Guestrin, C.: XGBoost: A scalable tree boosting system. In: Proceedings of ACM SIGKDD, pp. 785–794 (2016)

  29. 29.

    Liu, X., Cao, J., Tang, S., Wen, J., Guo, P.: Contactless respiration monitoring via off-the-shelf WiFi devices. IEEE Trans. Mob. Comput. 15(10), 2466–2479 (2016)

    Article  Google Scholar 

  30. 30.

    Strohmeier, M., Lenders, V., Martinovic, I.: A localization approach for crowdsourced air traffic communication networks. arXiv preprint arXiv:1610.06754 (2016)

  31. 31.

    Wang, C., Liu, G., Huang, H., Feng, W., Peng, K., Wang, L.: MIASec: enabling data indistinguishability against membership inference attacks in MLaaS. IEEE Trans. Sustain. Comput. 1, 1–12 (2020).

    Article  Google Scholar 

  32. 32.

    Hernández, J.A., Phillips, I.W.: Weibull mixture model to characterise end-to-end internet delay at coarse time-scales. IEE Proc. Commun. 153(2), 295–304 (2006)

    Article  Google Scholar 

  33. 33.

    Van Brummelen, G.: Heavenly Mathematics: The Forgotten Art of Spherical Trigonometry. Princeton University Press, Princeton (2012)

    Google Scholar 

  34. 34.

    Ranganathan, A., Ólafsdóttir, H., Capkun, S.: Spree: a spoofing resistant GPS receiver. In: Proceedings of ACM MobiCom, pp. 348–360 (2016)

  35. 35.

    Psiaki, M.L., O’Hanlon, B.W., Bhatti, J.A., Shepard, D.P., Humphreys, T.E.: GPS spoofing detection via dual-receiver correlation of military signals. IEEE Trans. Aerosp. Electron. Syst. 49(4), 2250–2267 (2013)

    Article  Google Scholar 

  36. 36.

    Psiaki, M.L., O’hanlon, B.W., Powell, S.P., Bhatti, J.A., Wesson, K.D., Humphreys, T.E.: GNSS spoofing detection using two-antenna differential carrier phase. In: Proceedings of Radionavigation Laboratory Conference (2014)

  37. 37.

    Bhamidipati, S., Kim, K.J., Sun, H., Orlik, P.V.: GPS spoofing detection and mitigation in pmus using distributed multiple directional antennas. In: Proceedings of IEEE ICC, pp. 1–7 (2019)

  38. 38.

    Jansen, K., Tippenhauer, N.O., Pöpper, C.: Multi-receiver GPS spoofing detection: error models and realization. In: Proceedings of ACM ACSAC, pp. 237–250 (2016)

  39. 39.

    Wang, Q., Lu, Z., Gao, M., Qu, G.: Edge computing based gps spoofing detection methods. In: Proceedings of IEEE DSP, pp. 1–5 (2018)

  40. 40.

    Jiang, C., Chen, S., Chen, Y., Bo, Y., Xia, Q., Zhang, B.: Analysis of the baseline data based GPS spoofing detection algorithm. In: Proceedings of IEEE/ION PLANS, pp. 397–403 (2018)

  41. 41.

    Magiera, J., Katulski, R.: Detection and mitigation of GPS spoofing based on antenna array processing. J. Appl. Res. Technol. 13(1), 45–57 (2015)

    Article  Google Scholar 

  42. 42.

    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

Download references


This work was supported in part by the National Key Technologies R&D Program of China under Grant No. 2016YFC0201101; the National Natural Science Foundation of China under Grant Nos. 61872416, 61702204, 61671216, and 51479159; by the Fundamental Research Funds for the Central Universities of China under Grant 2019kfyXJJS017; by the Natural Science Foundation of Hubei Province of China under Grant 2019CFB191; by the Open Research Project of Hubei Key Laboratory of Intelligent Geo-Information Processing under Grant No. KLIGIP-2018A03; and by the fund of Hubei Key Laboratory of Transportation Internet of Things under Grant 2018IOT004. Ling Liu’s research is partially support by the National Science Foundation under NSF Grant Nos. 1547102, 1564097 and an IBM faculty award. An earlier version of this work appeared in Proceedings of 20th IEEE MDM [1].

Author information



Corresponding author

Correspondence to Chen Wang.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix: Extreme gradient boosting

Appendix: Extreme gradient boosting

Tree boosting is a highly effective and widely used machine learning technique. Due to the poor classification performance of single decision tree, the method of random forests [42] is proposed to achieve better prediction precision by assembling multiple decision trees. Random forest trees are built independent of each other, and therefore the trained models are often unstable, and do not perform well on “small” data.

Extreme Gradient Boosting (XGBoost) algorithm was proposed in 2016 [28] and can address the aforementioned issues of random forests. XGBoost builds a new tree according to the already built ones, and the new tree focuses on how to correctly classify the misclassified data samples.

The training process of XGBoost is as follows. For a given dataset: \(\{(x_i, y_i):i=1\ldots n, x_i\in \mathbb {R}^d, y_i\in \mathbb {R}\). The result given by an ensemble represented by the generated model is:

$$\begin{aligned} \hat{y}_i = \sum _{k=1}^{K} f_k(x_i) \end{aligned}$$

where \(f_k\) is a single decision tree and \(f_k(x_i)\) represents the score given by the kth tree to the ith observation in data. The goal of XGBoost is to minimize the following regularized objective function in order to choose the structure of decision tree \(f_k\):

$$\begin{aligned} \mathcal {L} = \sum _{i} l(y_i,\hat{y}_i) + \sum _{k} \varOmega (f_k) \end{aligned}$$

where l is the loss function and \(\varOmega\) is the regularization. Specifically, the penalty term \(\varOmega\) is shown as follows:

$$\begin{aligned} \varOmega (f_k) = \gamma T + \frac{1}{2} \lambda \left\| w\right\| ^2 \end{aligned}$$

where \(\gamma\) and \(\lambda\) are parameters controlling the number of leaf nodes and magnitude of leaf weights, respectively.

XGBoost leverages an iterative method to minimize the objective function (17). In jth iteration, XGBoost adds a new tree \(f_j\) and minimizes the modified objective function as:

$$\begin{aligned} \mathcal {L}^j = \sum _{i} l((y_i,\hat{y}_i^{j-1})+ f_j(x_i)) + \sum _{k} \varOmega (f_k). \end{aligned}$$

Then adopting Taylor expansion, XGBoost can simplify this function and derive the loss function after the tree split from given node. By comparing the loss of tree’s nodes, XGBoost can find the best split at a given node. It is easy to see that XGBoost can construct a series of trees by gradually iteration and every new tree correctly predicts the misclassified data obtained from the already built ones.

When using XGBoost in practice, we need to adjust the parameters of the XGBoost model to control the model structure and achieve better performance. There are two important parameters which manipulate the model structure locally and globally. One is “max_depth” which controls the depth of the decision tree \(f_j\), and the other is “n_estimators” which controls the number of decision trees, i.e. the upper limit of j in Eq. (19). Increasing the value of “max_depth” will make the XGBoost model more complex and more likely to overfit, and the default max_depth is set to 6. XGBoost adds a new tree to the existing model in each iteration, and thus “n_estimators” also control the maximum number of iterations. Since every added tree is trained on the misclassified data by previous trees, increasing the value of “n_estimators” will also make the model overfitting on some outlier data and losing model’s generalization, while decreasing “n_estimators” will degrade the accuracies of XGBoost models. What is more, increasing “max_depth” or “n_estimators” both will result in the requirements of longer training time and more calculation resources. So the key point is to choose an appropriate set of model parameters.

Besides those improvements in terms of the algorithm, XGBoost also performs better than other tree boosting methods. It supports an approximate split finding, which improves the process of the building trees and scales very well with the number of CPU cores (detailed in its github page.Footnote 7)

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Liu, G., Zhang, R., Yang, Y. et al. GPS spoofed or not? Exploiting RSSI and TSS in crowdsourced air traffic control data. Distrib Parallel Databases 39, 231–257 (2021).

Download citation


  • GPS spoofing attack
  • Air traffic control data
  • OpenSky Network
  • Adaptive k nearest neighbor
  • XGBoost