GNSS Positioning Security: Automatic Anomaly Detection on Reference Stations

The dependency of critical infrastructures on Global Navigation Satellite Systems (GNSS) keeps increasing over the years. This over-reliance brings concerns as those systems are vulnerable and consequently prone to human-made perturbations, such as jamming and spoofing attacks. Solutions for detecting such disturbances are therefore crucially needed to raise GNSS users’ awareness and protection. This paper suggests an approach for detecting anomalous events (i.e., potentially an attack attempt) based on measurements recorded by Continuously Operating GNSS Reference Stations (CORS). Precisely, the anomaly detection process first consists in modeling the normal behavior of a given signal thanks to a predictive model which combines the Seasonal and Trend decomposition using LOESS and ARIMA algorithms. This model can then be used to predict the upcoming measurement values. Finally, we compare the predictions to the actual observations with a statistical rule and assess if those are normal or anomalous. While our anomaly detection approach is intended for real-time use, we assess its effectiveness on historical data. For simplicity and independence, we also focus on the Carrier-to-Noise Ratio only, though similar methods could apply to other observables. Our results prove the sensitivity of the proposed detection on a reported case of unintentional disturbance. Other anomalies in the historical data are also uncovered using that methodology and presented in this paper.