Early Detection of Spoofing Threats and Network Resilience Prediction in Drones Based on GRU and LSTM

As unmanned aerial vehicles (UAVs) are increasingly deployed in mission-critical domains such as military operations, infrastructure inspection, and disaster response, the threat of GPS and network spoofing attacks has emerged as a fundamental challenge to operational continuity. Existing intrusion detection systems based on threshold rules or shallow machine learning models are inherently limited in their ability to identify the latent onset of sophisticated, gradually intensifying spoofing campaigns—a gap that motivates the present work. This study proposes a deep learning-based early detection and network resilience prediction framework that employs Gated Recurrent Unit (GRU) and Long Short-Term Memory (LSTM) architectures operating on three spatio-temporal network features—Hop Count Spike Rate (HCS), Packet Drop Volatility (PDV), and Spatial Disconnect Density (SDD)—proposed in this study. To reflect realistic adversarial conditions, we design a Gradual Adaptive Attacker model in which the spoofing intensity escalates progressively across six operational phases, including a second-stage adaptive attack that modulates its gradient upon detecting initial countermeasures. Both models are trained on 1000 simulated runs using sliding-window time-series sequences and evaluated across 500 independent test runs with paired statistical testing. The GRU model achieves a mean ROC-AUC of 0.9915 (±0.0091) and a mean F1-Score of 0.9099 (±0.0462), outperforming LSTM across all metrics with statistical significance at p < 0.001 under both the paired t-test and the Wilcoxon signed-rank test. Critically, GRU detects spoofing onset with an average latency of 0.503 time steps—approximately 29.4% faster than LSTM (0.712 steps)—a difference confirmed as statistically significant (p < 0.001, Cohen’s d = 0.41). Network resilience simulations further demonstrate that integrating GRU-based autonomous evasion maintains a Connectivity Ratio (CR) above 80% even under severe attack phases, whereas passive networks experience total connectivity collapse (CR = 0%). These findings establish GRU as the superior architecture for real-time UAV edge deployment and affirm that the proposed pipeline extends beyond threat alerting to actively preserving mission continuity under adversarial spoofing conditions.