GNSS Timing Spoofing Detection: Methods and Analysis using Jammertest data

This thesis investigates GNSS timing spoofing detection strategies using data collected from Jammertest 2024, addressing critical vulnerabilities in infrastructure systems dependent on precise timing. Following a comprehensive literature review of GNSS fundamentals and existing detection methodologies, the research analyses how various parameters behave during spoofing events, including pseudoranges, carrier phase, Doppler measurements, positioning coordinates, signal quality indicators, and HDOP values. Through detailed examination of u-blox F9P receiver data during controlled spoofing events, distinct signature patterns were identified in multiple parameters. While carrier-to-noise ratio monitoring proved ineffective for detection, pseudorange RMS error analysis and NMEA validity flags successfully identified timing anomalies despite generating false positives. The implemented Isolation Forest algorithm demonstrated excellent performance with 100% recall and 99.96% specificity, correctly identifying all spoofing instances while producing only two false positives from 4,695 normal samples. A combined approach using validity flags as initial triggers followed by machine learning verification in the interference data emerged as an optimal strategy, providing a robust framework for protecting critical infrastructure systems against timing attacks.