Detection of Aerial Spoofing Attacks to LEO Satellite Systems via Deep Learning
Jos Wigchert, Savio Sciancalepore, Gabriele Oligeri
TL;DR
This work tackles the problem of spoofing attacks on LEO satellite links, with a focus on aerial spoofing via drones. It introduces a two-phase PHY-layer detection pipeline that first converts IQ samples into images and then applies a sparse autoencoder trained only on legitimate data to detect anomalies, enabling one-class spoofing detection without requiring attack data during training. Real-world experiments deploy a drone-mounted SDR to replay IRIDIUM messages and demonstrate that the proposed method reliably detects aerial spoofing across altitudes, outperforming state-of-the-art baselines. The study also provides an open dataset to spur further research in satellite security and PHY-layer anomaly detection, with practical implications for enhancing robustness in remote-SDI satellite communications. The approach offers a scalable, data-efficient defense that can complement existing security layers in LEO satellite systems, particularly when direct access to attack data is impractical.
Abstract
Detecting spoofing attacks to Low-Earth-Orbit (LEO) satellite systems is a cornerstone to assessing the authenticity of the received information and guaranteeing robust service delivery in several application domains. The solutions available today for spoofing detection either rely on additional communication systems, receivers, and antennas, or require mobile deployments. Detection systems working at the Physical (PHY) layer of the satellite communication link also require time-consuming and energy-hungry training processes on all satellites of the constellation, and rely on the availability of spoofed data, which are often challenging to collect. Moreover, none of such contributions investigate the feasibility of aerial spoofing attacks launched via drones operating at various altitudes. In this paper, we propose a new spoofing detection technique for LEO satellite constellation systems, applying anomaly detection on the received PHY signal via autoencoders. We validate our solution through an extensive measurement campaign involving the deployment of an actual spoofer (Software-Defined Radio) installed on a drone and injecting rogue IRIDIUM messages while flying at different altitudes with various movement patterns. Our results demonstrate that the proposed technique can reliably detect LEO spoofing attacks launched at different altitudes, while state-of-the-art competing approaches simply fail. We also release the collected data as open source, fostering further research on satellite security.