Introduction

The Global Positioning System (GPS) provides accurate timing information for time-dependent structures such as financial markets and banking systems, communication networks, and phasor measurement units (PMUs). For instance, GPS offers a precision better than 1 μs for PMUs to maintain the high sampling rate of the unit (Xie and Meliopoulos 2020). The weak nature of GPS signals causes vulnerability to all kinds of environmental conditions, and its well-known civilian structure is prone to intentional interferences. Therefore, a malicious signal with slightly higher strength can outperform the authentic signal effortlessly (Bonebrake and O’Neil 2014).

Customarily, the receivers that exploit the timing information of the GPS signal are stationary; thus, they are threatened more by a specific category of spoofing attacks: time synchronization attack (TSA). TSA manipulates the signal information so that the receiver miscalculates the clock offset and causes erroneous time measurement (Shepard et al. 2012). Generally, in this type of attack, the position of the receiver will remain intact. Wrong or inaccurate time stamps in PMU measurements can cause false alarms or prevent the disclosure of an event in the network (Jiang et al. 2013). A similar attack on the communication towers can disturb time synchronization of adjacent towers, and eventually, jam their signals (3GPP2 2004).

An intermediate spoofer device contains a receiver and is placed near the target; thus, it spreads intelligently altered signals very similar to the authentic one in Doppler frequency and code phase (Mosavi et al. 2017). Therefore, the spoofing detection methods in the acquisition stage would be ineffective. TSA is considered as an intermediate spoofing attack, and software-defined radios (SDRs) can implement them straightforwardly (Schmidt et al. 2019). SDRs are accessible for public use; therefore, the generation of TSA is feasible and cost-effective, considering that most commercial receivers cannot detect intermediate or even simplistic attacks (Schmidt et al. 2020).

A vast number of countermeasures and protection techniques have been proposed to detect or mitigate the effects of TSA, which can be categorized into four classes (Schmidt et al. 2016). The first category includes signal processing methods that monitor and analyze the signal features for any unexpected anomalies in quality, power, or any other observable parameters (Zhang and Zhan 2016; Schmidt et al. 2020). Multi-antenna receivers and radio spectrum inspections are organized in the second category and exploit the angle of arrival of each signal to detect the direction of its source (Magiera 2019; Heng et al. 2014). The cryptographic techniques present solutions in the third category that relies on the next-generation GPS signal structure (Ghorbani et al. 2020) or the relation between military signals and authentic ones to detect the invasion (Psiaki et al. 2013). The last category suggests the correlation of GPS information with other time sources, such as GLONASS (Mosavi et al. 2016).

Cryptographic techniques are resilient to intermediate and advanced spoofing attacks; however, they are prone to simplistic attacks such as meaconing (Ghorbani et al. 2020). Therefore, it is strongly suggested to exploit the method accompanying other defense solutions to achieve the maximum level of protection (Musleh et al. 2019). The facility of cryptography is only available on new GPS signals and services (GPS CNAV) and the Galileo system, which is not exploited extensively.

As an advantage, there is no requirement to modify the signal protocols or the satellites for the validation of the GPS information by the other GNSS or data sources. However, the network-based validation creates an overwhelming amount of data traffic through the network and is vulnerable to cyber attacks, such as man-in-the-middle. Furthermore, verification of the information with other satellite systems requires extra receivers, which is not very cost-efficient. The immunity of multi-antenna defenses to SDR-generated attacks and their intrinsic resistance to spoofing distinguish them as a robust choice for secure receivers. Still, the utilization of multi-antenna receivers and radio spectrum analyses are quite costly.

The signal processing countermeasures can be applied to the receivers by updating their firmware and equipping them with the latest defense methods. However, they do not require any hardware modifications or adjustments in signal structure. This research contributes a spoof-detection and mitigation algorithm based on the clock offset observations, which lies within the mentioned category. A multi-layer perceptron neural network (MLP NN) is trained to follow the behavior of clock offset information and maintain the authentic trend under TSA conditions. The network reduces the diversions introduced in the information and represents an acceptable accuracy for PMUs, the communication towers, and other time-dependent applications.

The contributions of this research can be listed as follows:

  • A three-layer MLP NN is proposed, which can impressively mimic the clock offset trend. Since each dataset has a similar pattern as the other ones in terms of clock offset behavior, the network is trained once, and there is no necessity to train it with every new dataset.

  • A reference dataset can be exploited to train the network in offline mode; therefore, there is no obligation to train the network in the setup stage of the receiver. Furthermore, the trained weights can be stored in the memory of the receiver and exploited at each startup.

  • The defensive mechanism of the proposed method is independent of the generation procedure of TSA, and it only concentrates on the correction of destructive effects on the clock offset. Therefore, it can cover a vast number of TSAs that influence the clock offset information, without concern about new or future methods of attack generation.

  • The proposed MLP NN is exploited in a detection algorithm, which can detect the type of attack.

  • The algorithm requires low memory space, and it does not demand complicated mathematical tools and a massive number of computational resources. Therefore, the update of the receiver firmware consists of a few lookup tables and the algorithm routine.

The following section reviews clock offset derivation and the state-of-art algorithms in signal-processing defense techniques. The configurations of the MLP NN and the algorithm are expressed in the third section, and it will be followed by experimental results, which are obtained by two real datasets. Finally, the conclusions are made in the last section.

Terminology review and related works

The first part of this section explains the procedure of clock offset calculations and its associated terminology. The second part discusses the existing solutions to confront the thread of TSA in stationary receivers and inspects their cons and pros.

GPS time and clock offset derivation

Generally, the GPS signals are exploited to determine the position, velocity, and time or PVT solution of the receiver. The position accuracy in open sky conditions is about 4.9 m for smartphones (Diggelen and Enge 2015). Though, depending on environmental conditions, the accuracy will be reduced in more challenging situations. According to the studies of Lewandowski et al. (1993), the precision of time measurements of GPS receivers is in the order of nanoseconds (Li et al. 2015).

The GPS signals received at the front end of the receiver will be passed through acquisition, tracking, and navigation data processing stages to derive the PVT information. Based on the retrieved information, the position of each satellite is calculated, and the pseudoranges are estimated as well. Pseudoranges assist in computing the PVT solution. The relationship connecting the trip time between the kth satellite and the user’s receiver, denoted by \({\tau }_{u}^{k}\), the speed of light c, and the corresponding pseudorange \({\rho }_{u}^{k}\), is defined as (Borre et al. 2007):

$$t_{u} - t^{k} = \tau_{u}^{k} = \frac{{\rho_{u}^{k} }}{c}$$
(1)

where \(t_{u}\) is the user time and \(t^{k}\) is the kth satellite time. Consider \(t^{{{\text{GPS}}}}\) as absolute GPS time. Clocks of the receiver and satellites are not exactly the same as the GPS time. Therefore, the time of the user and kth satellite are expressed as follows:

$$t_{u} = t^{{{\text{GPS}}}} + {\text{d}}t_{u}$$
(2)
$$t^{k} = t_{u}^{{{\text{GPS}}}} - \tau_{u}^{{k,{\text{GPS}}}} + {\text{d}}t^{k}$$
(3)

where the epoch time, which expressed in terms of the receiver clock, is \(t_{u}\), and \(\rho_{u}^{k}\) is known from the observations. According to (1), \(t^{k}\) can be calculated and corrected with satellite clock offset \(dt^{k}\). Now the transmit time is obtained in absolute GPS time as well as clock offset of the user \(dt_{u}\).

TSA formation and countermeasures

The clock offset of receiver \({dt}_{u}\) is prone to TSA attacks. Any distortion in the receiver clock offset directly influences the receiver clock and will be resulted in erroneous time stamps for data measurement or corruption of the synchronization between devices. The mentioned distortion can be conducted by any possible means, such as a fluctuation in pseudorange or modification in ephemeris information. In Jiang et al. (2013), a TSA optimization problem is formulated to increase the clock offset error, and consequently, the phase measurement error in a PMU. The problem conditions are precisely selected so that the position of the receiver and satellites, and pseudoranges are not altered drastically. These conditions develop a hard-to-detect TSA for simplistic observation countermeasures, such as position monitoring.

Another spoofing scheme is proposed by Lee et al. (2019) and Schmidt et al. (2020) that injects a malicious signal to the pseudorange measurements. Based on the shape of the added signal, two types of TSAs are introduced. In the first type of the proposed TSA, a step-shaped signal is added abruptly to the authentic measurements, while the second type of attack consists of gradual modification of the clock offset. The location of the receiver is constant, and its velocity is assumed to be zero in these cases.

The countermeasures for such attacks, independent of their configuration scheme, are divided into three categories: exploiting a defense mechanism in the receiver stage, detection or mitigating the attack effects on the application stage, or a combination of both methods, as shown in Fig. 1. Most of the countermeasures in the application stage detect the attack based on the unusual status of the device or the network. The application of GPS timing in PMUs and their vulnerability to TSA have drawn attention to the issue. Therefore, various pieces of research have been conducted on this specific application and provided many solutions for TSA detection or mitigation in the application layer. In Zhu et al. (2016), the number of visible satellites has been estimated, and modifications in the signal were observed and investigated. Similarly, Wang and Chakrabortty (2016) monitor the oscillations in the network and check the consistency of parameter updates in each network node in a distributed scheme. The evaluation of the network time integrity and tracking the signal quality in Riedel et al. (2019) is an instance of exploiting both receiver-level and application-level defense mechanisms.

Fig. 1
figure 1

Defenses against TSAs are categorized into four classes, in which signal processing techniques are utilized in the stages of the receiver, application, or both

Full size image

Many solutions exclusively detect the malicious invasion based on statistical estimations, and the supervisor will conduct further reactions, such as disconnecting the faulty PMU. However, some defense mechanisms are equipped with error correction and mitigation techniques. Statistical model and state estimation techniques have been utilized for synchrophasor data correction in Fan et al. (2018a), while Fan et al. (2018b) employ the analysis of the network matrices to estimate the phase shift, which is generated by the attack, and determination of the infected PMU. Furthermore, the Supervisory Control and Data Acquisition (SCADA) system and PMU measurements assist a dynamic filter to estimate the phase shift of the attack in Siamak et al. (2020). The method also corrects the faulty measurements of the attacked PMU. These kinds of techniques explore the network models with complex relationships and investigate the results of spreading erroneous measurements through the network, which can eventually endanger the network state.

A more desirable method is the detection of attack in the receiver stage and refining the time information before exploiting them in the application. TSA rejection and mitigation (TSARM) technique employs the spoofing attack model and mitigates the attack effects by correcting the pseudoranges and their rates (Khalajmehrabadi et al. 2018a, b). A belief propagation technique and adaptive extended Kalman filter (EKF) are utilized to adjust the pseudorange measurements in Bhamidipati et al. (2019), and the receivers are also equipped with multiple directional antennas. Low-memory and robust estimator (RE) is also proposed in Lee et al. (2019), which mitigates the TSA impacts effectively and does not require any parameter tuning procedure.

All of the mentioned contributions effectively mitigate the TSA effects; however, they follow specific modifications in the signal to alleviate the attack outcomes. Furthermore, the accuracy of the methods is an important issue, which will be addressed in the next sections. The contribution of this research is a MLP network that focuses on the time information correction in the receiver level, independent of how the attack generated or affected the other parameters to alter the time. Therefore, in the upcoming section, the basics of the MLP NN will be discussed briefly and the correction mechanism explained in detail.

An MLP NN for spoof mitigation: basics and mechanism

Multi-layer feedforward networks constitute one of the highly popular categories of NNs. They are called feedforward since the input signal propagates through the structure, which can have one or more hidden layers in a forward direction. Commonly, these networks, which are referred to as MLP NNs, can provide solutions for a diverse range of complex problems after receiving the proper training. The error back-propagation (BP) algorithm is employed to train MLP NNs in a supervised routine and consists of two passes: forward pass and backward pass (Haykin 2009). During the forward pass, the response of each layer to the input signal is investigated precisely, while the network weights remain constant. In the backward pass, the error is attained by the difference between the resultant output and the desired value. The error is exploited to adjust the weights and thresholds. Achieving the minimum possible error with a reasonable number of iterations is the ultimate goal of the learning process (Mosavi and Shafiee 2016).

In this section, a three-layer MLP NN is proposed and trained by the error BP algorithm in a supervised manner. Generally, the NNs are expressed by the number of neurons in each layer. For instance, a network with p nodes in the input layer, q neurons in the hidden layer, and r neurons in the output layer is denoted by N(p,q,r). According to this notation, in the first subsection, the calculations of the BP algorithm are presented for the N(p,q,1) network, and in the second subsection, the proposed network structure with N(3,3,1) is discussed.

Network training based on BP algorithm

Consider an N(p,q,1) network, as depicted in Fig. 2. Network parameters are defined as:

$${\varvec{X}}\left( k \right) = \left[ {x_{1} \left( k \right), x_{2} \left( k \right), \ldots , x_{p} \left( k \right)} \right]$$
(4)
$${\varvec{W}}^{{\varvec{I}}} \left( k \right) = \left[ {\begin{array}{*{20}c} {w_{11}^{I} \left( k \right)} & \ldots & {w_{1q}^{I} \left( k \right)} \\ \vdots & \ddots & \vdots \\ {w_{p1}^{I} \left( k \right)} & \ldots & {w_{pq}^{I} \left( k \right)} \\ \end{array} } \right]$$
(5)
$${{\varvec{\Theta}}}^{{\varvec{I}}} \left( k \right) = \left[ {\theta_{1} \left( k \right), \theta_{2} \left( k \right), \ldots , \theta_{q} \left( k \right)} \right]$$
(6)
$${\varvec{W}}^{{\varvec{O}}} \left( k \right) = \left[ {w_{1}^{O} \left( k \right),w_{2}^{O} \left( k \right), \ldots , w_{q}^{O} \left( k \right)} \right]$$
(7)
$${\varvec{V}}^{{\varvec{I}}} \left( k \right) = \left[ {v_{1}^{I} \left( k \right),v_{2}^{I} \left( k \right), \ldots , v_{q}^{I} \left( k \right)} \right]$$
(8)
$${\varvec{Y}}^{{\varvec{I}}} \left( k \right) = \left[ {y_{1}^{I} \left( k \right),y_{2}^{I} \left( k \right), \ldots , y_{q}^{I} \left( k \right)} \right]$$
(9)
Fig. 2
figure 2

General form of N(p,q,1) network is illustrated, consisting of an input layer with p nodes, a hidden layer containing q neurons, and a single output layer

Full size image

where \({\varvec{X}}\left( k \right)\) is a \(p \times 1\) input vector, \({\varvec{W}}^{{\varvec{I}}} \left( k \right)\) is the input weights matrix with the size of \(p \times q\), \({{\varvec{\Theta}}}^{{\varvec{I}}} \left( k \right)\) expresses a \(q \times 1\) vector of input thresholds, \({\varvec{W}}^{{\varvec{O}}} \left( k \right)\) indicates output weight vector with the size of \(q \times 1\), and \(\theta \left( k \right)\) is the output threshold. The stimulation of neurons in the hidden layer is denoted by a \(q \times 1\) vector \({\varvec{V}}^{{\varvec{I}}} \left( k \right)\), and the stimulation of output layer neuron is denoted by \(v^{O} \left( k \right)\) (Mosavi 2006). Output of hidden layer neurons is a \(q \times 1\) vector \({\varvec{Y}}^{{\varvec{I}}} \left( k \right).\)

The final output of the network and desired value are denoted by \(y^{O} \left( k \right)\) and \(d\left( k \right)\), respectively. The activation function of each neuron is a sigmoid function. The function and its derivation are presented as:

$$\sigma \left( x \right) = \frac{2}{{1 + e^{ - 2x} }} - 1$$
(10)
$$\sigma^{\prime}\left( x \right) = \sigma \left( x \right)\left( {1 - \sigma \left( x \right)} \right)$$
(11)

where \(\sigma^{\prime}\left( x \right)\) denotes the derivation of sigmoid. The following steps express the procedure of network learning by the BP algorithm:

Step 1: Initialization of the weights and thresholds

Assign small, random, and uniformly distributed numbers to the corresponding parameters.

Step 2: Forward pass

Forward calculations, based on Fig. 2, are defined as:

$$v_{j}^{I} \left( k \right) = \mathop \sum \limits_{i = 1}^{p} x_{i} \left( k \right)w_{ji}^{I} \left( k \right) + \theta_{j}^{{\text{I}}} \left( k \right)$$
(12)
$$y_{j}^{I} \left( k \right) = \sigma_{j} \left( {v_{j}^{I} \left( k \right)} \right)$$
(13)
$$v^{O} \left( k \right) = \mathop \sum \limits_{i = 1}^{q} y_{j}^{I} \left( k \right)w_{i}^{O} \left( k \right) + \theta \left( k \right)$$
(14)
$$y^{O} \left( k \right) = \sigma \left( {v^{O} \left( k \right)} \right)$$
(15)

which express the forward flow of the input signal.

Step 3: Backward pass (weights and thresholds update)

After obtaining the relationships between inputs and output, the result should be compared with the desired signal. The objective function based on the squared error is defined as:

$$J\left( k \right) = \frac{1}{2}\left( {e\left( k \right)^{2} } \right) = \frac{1}{2}\left( {d\left( k \right) - y^{O} \left( k \right)} \right)^{2}$$
(16)

where \(e\left( k \right)\) is the output error. In each iteration, the algorithm endeavors to minimize the function by updating the adaptable parameters. The updating process is operated by adding an adjustment value to each parameter. For instance, the update relation for \(w_{j}^{O} \left( k \right)\) is expressed as:

$$w_{j}^{O} \left( {k + 1} \right) = w_{j}^{O} \left( k \right) + \Delta w_{j}^{O} \left( k \right)$$
(17)

where \(\Delta w_{j}^{O} \left( k \right)\) is the adjustment value and determined by partial derivative of \(J\left( k \right)\) with respect to \(w_{j}^{O} \left( k \right)\):

$$\Delta w_{j}^{O} \left( k \right) = - \eta \frac{\partial J\left( k \right)}{{\partial w_{j}^{O} \left( k \right)}} = \eta \cdot e\left( k \right) \cdot\sigma \left( {v^{O} \left( k \right)} \right) \cdot\left( {1 - \sigma \left( {v^{O} \left( k \right)} \right)} \right) \cdot y_{j}^{I} \left( k \right)$$
(18)

in which \(\eta\) is the learning rate parameter that influences on convergence speed of the algorithm. Likewise, the adjustment values for other parameters of the network are expressed as:

$${\Delta }\theta \left( k \right) = - \eta \frac{\partial J\left( k \right)}{{\partial \theta \left( k \right)}} = \eta \cdot e\left( k \right) \cdot \sigma \left( {v^{O} \left( k \right)} \right) \cdot \left( {1 - \sigma \left( {v^{O} \left( k \right)} \right)} \right)$$
(19)
$$\Delta w_{ji}^{I} \left( k \right) = - \eta \frac{\partial J\left( k \right)}{{\partial w_{ji}^{I} \left( k \right)}} = \eta \cdot e\left( k \right) \cdot \sigma^{\prime}\left( {v^{O} \left( k \right)} \right) \cdot w_{j}^{O} \left( k \right) \cdot \sigma_{j}^{^{\prime}} \left( {v_{j}^{I} \left( k \right)} \right) \cdot x_{i} \left( k \right)$$
(20)
$${\Delta }\theta_{j}^{{\text{I}}} \left( k \right) = - \eta \frac{\partial J\left( k \right)}{{\partial \theta_{j}^{{\text{I}}} \left( k \right)}} = \eta \cdot e\left( k \right) \cdot \sigma^{\prime}\left( {v^{O} \left( k \right)} \right) \cdot w_{j}^{O} \left( k \right) \cdot \sigma_{j}^{^{\prime}} \left( {v_{j}^{I} \left( k \right)} \right)$$
(21)

which can be exploited to update parameters in each iteration.

Step 4: Iteration

The time instant k is increased, and the algorithm is repeated from Step 2 until the output error conditions satisfy.

Proposed network structure

The ultimate goal of TSA is to affect the clock offset information and cause errors in time stamps; therefore, an MLP NN can be a great help to estimate the authentic trend of the clock offset and preserve the receiver from the catastrophic consequences of TSA. The efficient utilization of MLP NN requires a proper selection of the network features, such as type of architecture, the number of layers and neurons, and training algorithm. Generally, the optimal decisions are made through a trial-and-error procedure (Shafiee et al. 2018). In the proposed network, the previous samples of the clock offset are employed as inputs to predict the upcoming one.

The decision is directed by considering the trade-off between computational complexity and mean square error (MSE) of the training process. The network complexity directly relates to its order and depends on the number of weights and thresholds. The order of a general N(p,q,1) network is defined as (Karim 2019; Haykin 2009):

$${\text{Network Order}} = \left( {p + 2} \right)q + 1$$
(22)

which has a direct relation with the dimensions of the network.

Multiple experiments have been conducted, and the number of neurons and inputs varied between two and 20 to determine the optimal selections. Furthermore, different activation functions such as Gaussian functions with various means and standard deviations are employed to attain the best solution. The sigmoid function is a popular selection as an activation function, and it performs well in estimating the clock offset trend. The final structure selection of the network has been established based on the results of Fig. 3. According to the figure, NNs with three inputs have lower MSEs in comparison with others. Specifically, networks with three and four neurons have the lowest possible MSEs. In terms of epochs, networks with four inputs have the fastest convergence rate. However, due to the nature of spoofing problems, the MSE parameter is a more crucial decision point than the convergence rate. Based on the mentioned priorities and tendency for simplicity, the N(3,3,1) network with sigmoid activation functions, which is depicted in Fig. 4, is selected to estimate the clock offset trend. As shown in the figure, the inputs of the network are three previous samples of the clock offset information, which are \(d\left( {k - 1} \right)\), \(d\left( {k - 2} \right)\), and \(d\left( {k - 3} \right)\). Consequently, the output is the estimation of the clock offset, denoted by \(\hat{d}\left( k \right),\) at the present time instant k.

Fig. 3
figure 3

Performance comparison for different NN structures with sigmoid activation function

Full size image
Fig. 4
figure 4

Scheme of TSA on a typical GPS receiver and applying the proposed MLP NN as a defense mechanism is depicted. The proposed MLP NN has three nodes in the input layer, three neurons in the hidden layer, and a single output layer

Full size image

According to (22), the network order is 16, which indicates a reasonable amount of complexity. The network has been trained with the Levenberg–Marquardt algorithm, which provides an acceptable response and fast convergence rate (Hagan and Menhaj 1994). A dataset of 200 samples of clock offset is exploited in the learning procedure, representing 200 s of information. The first half of the dataset, collected by Lee et al. (2019), has been exploited for this purpose. They utilized a Google Nexus 9 tablet, which has an embedded GPS chipset, to collect the data on November 4, 2018, at the San Antonio campus of the University of Texas. The complete dataset will be utilized in the following sections to evaluate the proposed network. The training process of the network is conducted by 70% of data, while its performance is validated by 15% of samples. The other 15% of the data is employed to test network efficiency. Furthermore, the dataset is scaled to increase the convergence rate (LeCun et al. 2012). The MSE results of the training process are exhibited in Fig. 5.

Fig. 5
figure 5

Learning process of MLP NN and MSE of each iteration with the Levenberg–Marquardt algorithm is exhibited. The best validation performance is \(1.4341\times {10}^{-6}\) at epoch 103

Full size image

The proposed MLP NN has been exploited in an error-based detection algorithm, which can identify the type of TSA. The flowchart of the algorithm is exhibited in Fig. 6. According to the figure, the estimation error of the network is defined as:

$$e_{est} \left( k \right) = d\left( k \right) - \hat{d}\left( k \right)$$
(23)

where \(d\left( k \right)\) is the extracted clock offset information from the navigation solution of the receiver and \(\hat{d}\left( k \right)\) is the MLP NN estimation of the current sample based on the previous three samples. The application and its sensitivity to the clock offset errors determine the threshold of attack detection, which is denoted by \(\delta\). Therefore, if the error between the predicted sample and receiver solution is higher than δ (\(e_{est} \left( k \right) > \delta\)), the error will be intolerable for that specific application. The IEEE C37.118 declares that the 1% total variation error is regarded as an intentional attack on PMUs (Martin 2011). The amount is equal to 26.65 μs of clock offset error or equivalent distance of 7989 m (Lee et al. 2019).

Fig. 6
figure 6

Estimation error, the difference of MLP NN output and clock offset, through a series of threshold conditions leads to the spoof detection and error mitigation

Full size image

In the first type of attack, the clock offset error is introduced abruptly into the samples; thus, the \(e_{est} \left( k \right)\) is increased drastically at once and leads the algorithm to detect the attack. The estimation error is considered a correction coefficient for sample refinement and expresses the amount of the injected clock offset. The second type of attack modifies the clock offset distinctly: The error is added to samples gradually. In the first type of attack, the correction coefficient remains constant, while for the second attack, the value has to be updated in each iteration based on \(e_{est} \left( k \right)\). The second error threshold \(\varepsilon\) is determined to exhibit the amount of parameter update under the condition of the second type of attack.

Experimental results and performance evaluation

In this section, the performance of the proposed MLP NN is evaluated through two real-world datasets with different characteristics. The first dataset has been provided by the authors of Lee et al. (2019) and is available on the Github Web site. A tablet equipped with a GPS chipset is used to record the first dataset on November 4, 2018, at the University of Texas at the San Antonio main campus, and the GNSS Logger android application (Google 2020) is employed to derive the navigation solution. The dataset contains 400 samples that are representing 400-s information of a stationary receiver.

A hardware equipment set including a GPS receiver and a spectrum analyzer with a tracking RF module is exploited for retrieving the second dataset, as shown in Fig. 7. The receiver captures the RF signal, combines it with the GPS simulator signal, and passes it through a band-pass filter and amplifier. The signal is downconverted to the IF; then, the results are digitized and stored for further processing. A temperature-compensated crystal oscillator (TCXO) has been utilized as a clock oscillator. A SDR is exploited for the acquisition, tracking, and extraction of the navigation solution. The dataset has been recorded on April 24, 2014, at Valiasr Street, Tehran, Iran, with a sampling frequency equal to 5.7143 MHz. It should be noted that the receiver has been stationary during the data recording procedure. Matlab® R2016a is employed to extract the solution and corresponding clock offset information. The duration of the obtained dataset is 32.5 s, which is expressed by 400 samples. Furthermore, Matlab® is used to train and test the MLP NN. The network has been trained with a unified dataset of 200 samples that has the same characteristics as the first dataset.

Fig. 7
figure 7

GPS signal collection. The GPS signals are collected through an antenna, and after passing the RF front end, the digitized samples of the signals are saved for further processing and extracting the PVT solution

Full size image

TSA configuration and estimation methods

The first type of TSA is configured by a step-shaped signal with an 8000 m offset or time equivalent of 26.68 \(\mu s\). The attack is abruptly added to the signal at the 30th time sample for the first dataset. The malicious signal is injected into the raw pseudoranges of the second dataset at the 69th sample. A gradually increasing signal is a representative of the spoofing signal in the second attack, which is injected to data at the same time samples, as mentioned for the first type. The disruptive modifications are performed on the raw measurements of all pseudoranges. This type of attack only affects the clock offset information, while the location of the receiver remains constant. Both attacks on datasets remain until the last sample of the data.

TSAs are generated in the same way as expressed in the RE work (Lee et al. 2019) for a fair comparison with the proposed MLP NN. Furthermore, the performance of MLP NN is compared with the well-known EKF (Axelrad and Brown 1996) and Luenberger observer (LO) (Luenberger 1966) as classical approaches to estimate the clock offset. Root mean square error (RMSE) is exploited to conduct the assessment of methods and is defined as:

$$RMSE = \sqrt {\frac{1}{N}\mathop \sum \limits_{k = 1}^{N} \left( {dt_{u} \left( k \right) - \widehat{dt}_{u} \left( k \right)} \right)^{2} }$$
(24)

where \(dt_{u} \left( k \right)\) is the true value of the clock offset, \(\widehat{dt}_{u} \left( k \right)\) is the estimated one, and N is the number of samples involved in the assessment.

Evaluation of methods with first dataset

The GPS navigation estimator has to estimate position, clock offset, and clock drift in stationary applications. The navigation algorithm merges the raw measurements of the receiver and the satellite positions to estimate the user state. EKFs are widely exploited in stand-alone systems and linearize the models with the current best estimate of the receiver state (Axelrad and Brown 1996). Moreover, LO is a linear time-invariant system that is able to eliminate the noise disturbances of the measurements (Luenberger 1966). Both EKF and LO are classical methods of receiver state estimation, which are not resistant to any types of spoofing attacks, as shown in Figs. 8 and 9.

Fig. 8
figure 8

Evaluations of methods with the first dataset. Clock offset information modifications on the first-type TSA (top), and estimation errors of each method (bottom)

Full size image
Fig. 9
figure 9

Evaluations of methods with the first dataset. Clock offset information modifications on the second-type TSA (top), and estimation errors of each method (bottom)

Full size image

According to the top panels of Figs. 8 and 9, the injected modifications of both types of TSA misled EKF and LO. In the first type of attack, a constant amount of error is shown in the bottom panel of Fig. 8 for EKF and LO, which indicates the impact of the step-shaped spoofing signal. Although, the performances of RE and proposed MLP NN are significantly better than classical approaches. The magnified part of the top panel of Fig. 8 indicates a fluctuation in the RE behavior caused by the abrupt injection of the attack signal. However, the MLP NN has not been affected by the sudden introduction of TSA.

RE relies on the dynamic model for stationary applications under spoofing attacks. The main issue with estimations based on the models of the system is their limited knowledge of the signal, which causes a deterioration in estimation conditions. Regarding the bottom panel of Fig. 8, \(e_{est}\) of RE is increasing as time passes, while the proposed method has a stable \(e_{est}\). The reason for MLP NN stability is its knowledge of clock offset trend, which is obtained in the training procedure. The knowledge facilitates maintaining the quality of estimation during the epochs.

The same situation has occurred in the second type of TSA for EKF and LO, and the increasing behavior of TSA caused rising estimation errors, which are exhibited in Fig. 9. Estimations of RE and MLP NN are very close to the true clock offset and indicate their high accuracy based on \(e_{est}\) shown in the bottom panel of the figure. The magnified sections of Fig. 9 indicate the mechanism of \(\delta\) threshold: The difference between the MLP NN estimated value and spoofed one increases until it reaches \(\delta\). At this point, the attack is detected, and MLP NN knowledge facilitates omitting the excessive modifications caused by TSA. The RMSE of each method is expressed in Table 1, which confirms the superiority of MLP NN method. It is also worth noting that \(\delta = 0.15 \mu s\) and \(\varepsilon = 0.15 \mu s\) are exploited in this set of experiments. Thresholds have been chosen based on the range of the input data and its variations for higher precision.

Table 1 MSEs of each method under the TSA conditions for the first dataset (expressed in \(\mu s\))
Full size table

Performance assessment of methods with second dataset

The characteristics of the second dataset are quite different from the first one. The higher data range and an abrupt alteration in the middle of the clock offset samples create challenging conditions for most of the estimation algorithms. The GPS receivers have limited storage space; therefore, they cannot store large clock offsets. According to this point, prescribed ranges are defined for the clock offset. Every time the clock offset exceeds the ranges, the receiver clock is updated to maintain the limits. This update will cause a jump in the clock offset. The attack conditions or other factors can alter the update periods slightly; thus, the clock offset behavior is pseudo-periodic. Due to the weak performance of EKF and LO in the former dataset, only the results of RE and the proposed MLP NN are considered in the second dataset performance evaluation. The TSA modifications on the signal are the same as the previous subsection.

The top panel of Fig. 10 exhibits the response of each method to the first-type TSA. Previously, the RE algorithm reaction to the attack has been manifested as a fluctuation in the estimation. In this dataset, no fluctuations were observed in the behavior of the algorithm, and RE estimated the clock information slightly higher than the desired value. The bottom panel of Fig. 10 indicates a high estimation error for MLP NN at the first samples of data. The network has been trained with a dataset whose initial values are near zero. Therefore, it takes a few samples for the network to adapt to the conditions of the new dataset and emendates the error. Both methods carry a constant error value after attack injection. However, MLP NN attempts to reduce \({e}_{est}\) with a fluctuation, yet a slight amount of error is not compensated, as shown in the magnified part of the bottom panel of Fig. 10.

Fig. 10
figure 10

Performance of RE and the proposed MLP NN with the second dataset. Clock offset information modifications on the first-type TSA (top) and estimation errors of each method (bottom)

Full size image

The responses of RE and the proposed MLP NN to the second type of attack are depicted in Fig. 11. The reactions to the attack are similar to Fig. 10, with respect to the high \(e_{est}\) of the MLP NN at first samples of the dataset. Furthermore, a fluctuation is observed in the estimation error of RE concerning the sudden alteration of the data samples. The correction mechanism based on the \(\varepsilon\) value for the gradually increasing nature of second-type TSA is exhibited in the magnified part of the bottom panel of Fig. 11. Every time the estimation error is higher than \(\varepsilon\), the algorithm corrects the erroneous clock offsets, which causes the sawtooth-shaped \(e_{est}\). The value of \(\varepsilon\) determines the height of each peak: Lower \(\varepsilon\) results in small peaks and contrariwise. The RMSE values for each algorithm alongside the choices for \(\varepsilon\) and \(\delta\) are presented in Table 2. The premier performance of the proposed MLP NN is established based on better RMSE results.

Fig. 11
figure 11

Performance of RE and the proposed MLP NN with the second dataset. Clock offset information modifications on the second-type TSA (top) and estimation errors of each method (bottom)

Full size image
Table 2 RMSEs of RE and the proposed MLP NN and correction algorithm parameters for the second dataset (expressed in \(\mu s\))
Full size table

Discussion on attack detection and corrections for second dataset

The receiver clock update procedure causes a fluctuation in the clock offset trend. This large modification in the smooth trend of the clock offset can be detected as a spoofing attack in some of the monitoring methods. In this subsection, the response of the proposed method to the fluctuation is investigated, specifically. Hence, an attack-free case is considered to evaluate the performance of the network, and the results are demonstrated in Fig. 12. According to the top panel, both RE and MLP NN have followed the trend with acceptable performance. However, the bottom panel exhibits an increase in \(e_{est}\) of RE, which has subsided after a short while. The fluctuation affects the performance of RE, and another raise is observed after the 250th sample. Furthermore, the bottom panel of Fig. 11 exhibits the same behavior for RE. On the other hand, the fluctuation has not affected the \(e_{est}\) of MLP NN, and the value remains the same. As noted earlier, an error of 26.65 μs is considered a spoofing attack (Lee et al. 2019). The effect of the fluctuation on the RE method introduced an error of less than ten microseconds; thus, the resultant error does not trigger any false alarms.

Fig. 12
figure 12

Estimation errors (bottom) of RE and MLP NN demonstrate the effects of the update fluctuation in the clock offset trend (top) for the attack-free case

Full size image

According to Fig. 6, the proposed method exploits two thresholds, \(\delta\) and \(\varepsilon\). Any estimation error higher than \(\delta\) arises speculations of a spoofing attack occurrence; thus, the algorithm starts to correct the clock offsets based on the network knowledge. At this time, if the introduced \(e_{est}\) rises higher than 26.65 μs and remains high for a few samples, then speculations about the first type of attack turn to assurance. On the other hand, if the error does not exceed the threshold, the algorithm keeps observing \(e_{est}\) and updates the correction coefficient using \(\varepsilon\). Similar to the first type of attack detection, when the correction coefficient passes the attack threshold for a few samples, it can be stated that the second type of attack is detected. Any time that the coefficient exceeds the predetermined value (26.65 μs), the attack is detected. Attack-free, the first type, and the second type of attack are depicted in the top, middle, and bottom panels of Fig. 13, which are associated with the second dataset.

Fig. 13
figure 13

Correction coefficients of the attack-free case are demonstrated on the top panel. The middle and bottom panels represent the same values for the first and second types of attack

Full size image

Values of \(\delta\) and \(\varepsilon\) affect the RMSE, as shown in Fig. 14. The best results of the network are obtained with \(\delta \in \left( {0, 5 \mu s} \right]\) and \(\varepsilon \in \left( {0, 3 \mu s} \right]\). According to the figure, a value near 5 μs is suitable for \(\delta\), since it provides the lowest possible RMSE and the highest speculation limit. The second coefficient, \(\varepsilon\), has a selection range of (0, 3 μs], in which the higher values lead to fewer corrections, and lower ones update the correction coefficients at a faster pace. Therefore, it is suggested to select the lower values for \(\varepsilon\) in case of unknown behaviors such as a second-type attack. High uncorrected estimation errors cause a gap between the authentic trend and the estimated one, which increases the RMSE, as shown in the yellow region of Fig. 14.

Fig. 14
figure 14

RMSE of the proposed method is depicted as a function of \(\delta\) and \(\varepsilon\) thresholds

Full size image

Discussion and conclusion

An MLP NN is contributed in this research to address the security issues concerning the clock offset information of a stationary receiver. Two datasets with different features have been exploited to evaluate the performance of the proposed method. The first dataset has straightforward features, while the second one is more challenging for most of the estimators. GPS signals of the second dataset are gathered through a GPS receiver, and the digitized signal samples are stored in a computer to extract the navigation solution. Due to the pseudo-periodic receiver clock updates, the behavior of the clock offset over time does not change drastically, and the proposed MLP NN has the same long-time performance.

Two well-known types of TSA are applied to the raw measurements of pseudorange in each dataset. The performance of the proposed method is compared to the EKF, LO, and RE, and the achieved RMSEs of the proposed method are at least six times better than the state-of-art RE. The security-sensitive applications such as PMUs and communication towers can exploit the proposed MLP NN as well as other applications that require precise timing information. Additionally, the utilization of the method does not demand extra hardware or software resources, and firmware update of the GPS receiver can fortify it against a vast number of TSAs or other error sources.