Next Article in Journal
Image-Based Segregation of High-Quality Dragon Fruits Among Ripe Fruits
Next Article in Special Issue
Toward a Hybrid Intrusion Detection Framework for IIoT Using a Large Language Model
Previous Article in Journal
LoRa-Based IoT Multi-Hop Architecture for Smart Vineyard Monitoring: Simulation Framework and System Design
Previous Article in Special Issue
STS-AT: A Structured Tensor Flow Adversarial Training Framework for Robust Intrusion Detection
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sensors
Volume 26
Issue 4
10.3390/s26041111
sensors-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Performance Analysis of LSTM, GRU and Hybrid LSTM–GRU Model for Detecting GPS Spoofing Attacks

by
Umur Kuriş
1 and
Özgür Can Turna
2,*
1
Cyber Security Analyst and Operator, Cyber Security Vocational School, Istanbul Technical University, 34485 Istanbul, Türkiye
2
Computer Engineering, Faculty of Engineering, Istanbul University-Cerrahpaşa, 34320 Istanbul, Türkiye
*
Author to whom correspondence should be addressed.
Sensors 2026, 26(4), 1111; https://doi.org/10.3390/s26041111
Submission received: 2 January 2026 / Revised: 4 February 2026 / Accepted: 6 February 2026 / Published: 9 February 2026
(This article belongs to the Special Issue AI, Machine Learning (ML), and Large Language Models (LLMs) for Cybersecurity in Sensor Networks)
Browse Figures
Versions Notes

Abstract

The exposure of Unmanned Aerial Vehicles (UAVs) to Global Positioning System (GPS) spoofing attacks constitutes a major cybersecurity challenge. In this work, we conduct a comparative performance analysis of LSTM, GRU, and sequential LSTM–GRU hybrid deep learning models for the detection of GPS spoofing attacks. The ‘UAV Attack’ dataset was preprocessed, and the 11 most significant features were selected using correlation and mutual information algorithms. The models were evaluated using a robust 5-fold cross-validation framework. A combination of 99.31% accuracy, 96.98% recall, and a 97.47% F1-score was achieved by the LSTM–GRU hybrid model, distinguishing it as the leading performer in the experimental study. The LSTM model achieved the highest precision, with a value of 98.49%. ROC curves and AUC values confirmed that the classification performance of all models was close to perfect for the simulated dataset. The findings indicate that deep-learning-based models incorporating the hybrid LSTM–GRU architectures provide an effective and reliable approach designed to identify GPS-spoofing threats affecting UAVs.

1. Introduction

Advances in autonomous systems enable many tasks to be performed either without human intervention or with minimal intervention. These systems, capable of processing sensory information and making decisions, are now being used in many applications that were previously considered challenging. UAVs represent a class of autonomous technologies and are equipped with a wide range of sensors including gyroscopes, accelerometers, LiDAR, thermal sensors, optical cameras, and GPS/GNSS receivers [1]. UAVs have been widely adopted in both civilian and military contexts, serving purposes including applications related to disaster response, airborne surveillance, target localization, aerial imaging, and search-and-rescue operations and agricultural applications.
The successful execution of UAV missions is largely dependent on reliable positioning and navigation information. At this point, GPS stands out as a critical technology that provides UAVs with high-precision position, speed, and time information [2]. With the aid of GPS, UAVs can follow predefined trajectories, maintain stable hovering positions even under challenging environmental conditions, and execute automated tasks with high accuracy. The integration of GPS technology into UAV systems has enhanced their operational capabilities while also improving efficiency, reliability, and overall effectiveness during mission execution [3]. Within DJI UAV systems, GPS constitutes a core component for navigation mode, maintaining position, enabling autonomous return, and enforcing airspace limitations [4]. However, the lack of encryption and authentication in civilian GPS signals renders the system vulnerable to a range of cyberattacks [2].
GPS receivers operate by processing weak satellite signals originating from orbital altitudes of roughly 20,000 km. As a result, they are highly vulnerable to signal spoofing. GPS spoofing refers to an attack in which attackers inject artificially generated GPS signals at power levels exceeding those of legitimate satellites, thereby manipulating the target receiver’s position solution [5]. This attack can lead to the takeover control of the UAV’s position–velocity–time (PVT) solution [6], thus causing the UAV to be misdirected, disrupting critical missions, leading to data loss, material damage, and even threatening human life [7,8]. In military contexts, inaccuracies in position estimation may result in the engagement of unintended targets [9]. Due to the lack of encryption, GPS signal integrity is susceptible to a range of malicious interventions, notably spoofing-based attacks, meaconing and jamming [10]. The use of low-cost and easily obtainable devices such as Software-Defined Radio (SDR) has made it considerably easier to carry out such attacks [11,12].
Various methods based on signal monitoring, mathematical modeling, control theory, cryptography, and, more recently, artificial intelligence have been proposed to enable the identification and mitigation of GPS-spoofing threats [13,14]. The limitations of conventional approaches have motivated researchers to explore machine learning and deep learning models for addressing this problem [15,16].
This work conducts an in-depth performance comparison focused on LSTM, GRU, and hybrid LSTM–GRU models in detecting GPS-spoofing attacks targeting UAVs and assesses the effectiveness of deep learning approaches in addressing this critical cybersecurity challenge. The study utilized the publicly available “UAV Attack” dataset. Following a comprehensive preprocessing and feature engineering process, the models were trained, and the results were analyzed in detail.

1.1. Related Work

The problem of GPS spoofing in UAVs has been approached through multiple detection and defense mechanisms reported across the literature. These approaches can be classified as signal processing, control theory, cryptography and more recently machine learning and deep-learning-based techniques. This section summarizes key studies that are closely related to the subject matter.

1.1.1. Traditional Methods and Signal-Based Approaches

Early studies on GPS spoofing detection focused on signal processing and control theory-based methods. For example, Panice et al. [17] developed a detection solution based on the One-Class Support Vector Machine and emphasized the advantage of this lightweight, hardware-free solution being integrable into small UAVs. Similarly, Qiao et al. [4] proposed a vision-based method using the UAV’s monocular camera and Inertial Measurement Unit (IMU) sensor data and were able to detect attacks within an average of 5 s. Among traditional methods, techniques based on metrics such as signal-to-noise ratio, carrier phase, and pseudo-range are also widely used [18]. However, these methods can be inadequate against sophisticated spoofing attacks and may require additional hardware costs [13].

1.1.2. Machine Learning-Based Approaches

In recent years, ML-based methods have emerged as an effective alternative for GPS spoofing detection. Manesh et al. [18] achieved high detection probability and low false alarm rate using an Artificial Neural Network (ANN)-based classifier that utilizes GPS signal characteristics such as false range and Doppler shift. Whelan et al. [19] reported F1 scores of up to 99% using a novelty-based approach with single-class classifiers. Feng et al. [20] processed GPS and IMU data using a Genetic Algorithm-XGBoost (GA-XGBoost) model and achieved 100% detection accuracy 1 s after the start of the attack. Traditional ML algorithms such as SVM have also been frequently applied in this field [16].

1.1.3. Deep Learning and Hybrid Models

Deep learning models, particularly Recurrent Neural Network (RNN) architectures, have been widely adopted in this domain due to their effectiveness in handling time-series data. Wang et al. [21] rapidly and accurately detected UAV GPS spoofing attacks using an LSTM-based model. Xiao et al. [22] used RNNs to detect abnormal behaviors of UAVs and achieved high accuracy. Agyapong et al. [1] trained various deep learning models using a benchmark telemetry dataset and demonstrated that they could detect deviations caused by GPS spoofing with high accuracy.
Hybrid and ensemble models also offer promising results. Gasimova et al. [23] comparatively investigated three ensemble-based machine learning methods and reported that the stacking model outperformed the others across all evaluation metrics. Dang et al. [24] achieved over 97% accuracy under two base stations using a deep ensemble learning-based system. The hybrid use of LSTM and GRU models has demonstrated effectiveness across a broad range of application domains, including traffic prediction, integrated navigation, and stock price prediction, indicating its potential for UAV safety as well.

1.1.4. Other Related Studies

Other important studies in literature include:
  • Sedjelmaci et al. [25] introduced a hierarchical attack detection and response framework and reported a high detection rate accompanied by a low false positive rate.
  • Gaspar et al. [26] developed a portable GPS spoofing system based on Software Defined Radio (SDR), demonstrating the vulnerability of commercial receivers.
  • Arteaga et al. [27] demonstrated the exploitability of GPS vulnerability in a commercial UAV and highlighted the security advantages of military GPS.
  • Nayfeh et al. [28] achieved a detection rate better than 92% with a detection time under a millisecond, demonstrating the real-time applicability of ML-based modeling.
  • Eshmawi et al. [29] reported an accuracy of 99.74% by employing a stacking ensemble model that integrates support vector machines and convolutional neural networks.
  • İşleyen and Bahtiyar [30] demonstrated that the XGBoost model is effective in accurately detecting fraud incidents.

1.1.5. The Gap in the Literature and the Position of This Study

The existing literature demonstrates that machine and deep learning can be effectively utilized in GPS spoofing detection; however, a comprehensive comparison of different architectures (LSTM, GRU) and especially hybrid combinations of these architectures using the same dataset and features is limited. Furthermore, most studies focus on a specific model and do not provide performance comparisons across a wide range. This study aims to fill this gap in the literature by systematically evaluating the performance of LSTM, GRU, and LSTM–GRU hybrid models using the same dataset (UAV Attack) and a comprehensive preprocessing process. The use of a hybrid model has the potential to offer better prediction accuracy and lower error rates compared to LSTM or GRU models alone.
The primary objectives of this study are to (i) evaluate the effectiveness of deep learning architectures in detecting GPS spoofing, (ii) conduct a systematic comparative analysis of standalone LSTM and GRU models against a hybrid LSTM–GRU approach, (iii) identify the most critical sensory features for robust attack detection using information-theoretic selection methods, and (iv) ensure the generalizability and robustness of the findings through a 5-fold cross-validation framework.

2. Materials and Methods

2.1. Dataset and Preprocessing

In this study, the “UAV Attack”, a publicly available dataset created for the detection of cyber-attacks targeting UAVs, was utilized. The dataset consists of multidimensional time series data collected from both normal and attacked UAV flights. The dataset, which originally consists of 84 attributes (columns) and 3622 observations (rows), includes various system parameters such as the UAV’s attitude, global position, GPS position and local position.
A comprehensive preprocessing process was applied to the dataset to increase the efficiency and effectiveness of model training. In the first stage, correlation analysis was performed to understand the structure of the dataset and eliminate attributes containing unnecessary information. Attributes with high correlation (|r| > 0.84) with the target variable and attributes with low correlation (|r| ≈ 0) with a negligible relationship with the target variable were removed from the dataset. As a result of this process, the number of attributes was reduced to 35.
In the next step, mutual information feature selection algorithm was applied to further improve the model’s generalization performance and reduce computational complexity. This approach enables the modeling of non-linear dependencies between input features and the target outcome. As a result of the analysis, 11 features with the highest information gain for the target class were selected as the final dataset. To ensure unit consistency across all evaluated sensory features, the alt_y attribute was converted from millimeters (mm) into meters (m) by dividing its raw values by 1000. This standardization ensures that all altitude-related metrics are represented in meters (m), facilitating a more uniform input distribution for the deep learning models.
The definitions of these selected features are presented below (Table 1), based on an examination of the original source of the dataset and the relevant uORB (Micro Object Request Broker) message protocols:
These features focus on metrics critical for detecting GPS spoofing attacks, such as the UAV’s position, speed and the uncertainty or margin of error in these measurements. The final dataset obtained through preprocessing and feature selection was used in training and evaluating the deep learning models described in subsequent sections.

2.2. Method and Models Applied

In this study, three different deep learning models, whose effectiveness has been proven in the analysis of time series data to detect GPS spoofing on UAVs, were implemented: LSTM [31], GRU [32] and LSTM–GRU hybrid model, which is created by sequentially combining these two models.
Hybrid deep learning models aim to create a model that is more powerful and robust than what a single model could achieve by combining the strengths of different architectures. The proposed LSTM–GRU hybrid model in this study combines the superior ability of LSTM to model long-term dependencies with the computational efficiency of GRU.
The model is designed with a structure where the data flow sequentially passes through an LSTM layer first, followed by a GRU layer. The LSTM layer is responsible for capturing complex and long-term patterns in the input time series. The output of the LSTM layer is fed directly into the GRU layer. The GRU layer then processes the abstracted features from the LSTM layer to enable the model to make its final decision.
The theoretical basis of hybrid architecture is the synergistic effect produced by LSTM’s capacity to capture long-term dependencies and the GRU’s more compact structure and fast learning ability. These hybrid models have demonstrated successful application in several areas, including traffic flow prediction and financial time series analysis. Schematic illustration of the LSTM–GRU hybrid architecture applied in this study is given in Figure 1.

Model Training and Application Details

Python (version: 3.13), along with the TensorFlow/Keras frameworks, was employed to implement all proposed models. To ensure the statistical reliability and generalizability of the performance metrics, a 5-fold cross-validation framework was employed instead of a single static split. This approach ensures that the reported results represent the mean performance across the entire dataset, mitigating potential biases related to data partitioning. The models were configured to address a binary classification problem (attack versus normal). The output layer utilized a sigmoid activation function, while binary cross-entropy was selected as the loss function for model optimization. The Adam algorithm was used for optimization. Early stopping and regularization techniques were applied to prevent overfitting of the models. Early stopping was applied to all models, terminating training when no improvement in validation loss was observed over a specified number of epochs. The optimal number of layers, number of cells and learning rate values were determined for models.
To ensure the reproducibility of the experimental results, the specific hyperparameters and training configurations used for all evaluated models are summarized in Table 2. These settings were kept consistent across standalone and hybrid architectures to maintain a fair performance comparison.
As detailed in Table 2, the input sequence length was set to 1. This choice was primarily driven by the need for low-latency detection in UAVs, where identifying an attack in its earliest stages is critical for flight stability and safety. By processing data at each time step independently, the models can provide near-instantaneous classification outcomes without the computational delay associated with larger temporal windows. Furthermore, the high discriminative power of the selected 11 sensory features allows for high-accuracy detection even at this minimal sequence length.

3. Results

Among the evaluated models, hybrid LSTM–GRU model demonstrated the most robust performance across the 5-fold cross-validation, achieving a mean accuracy of 99.31%, a superior recall of 96.98% and F1 score 97.47%. The highest precision was observed in the LSTM model (98.49%). Table 3 reports accuracy, precision, recall, and F1-score results obtained from models evaluated using 11 features.
The number of trainable parameters for each architecture was calculated to assess the trade-off between performance and computational complexity. The standalone LSTM and GRU models consist of approximately 19,700 and 14,800 parameters, respectively. The hybrid LSTM–GRU model, which demonstrated the highest performance, possesses approximately 44,500 parameters. This increased capacity justifies its enhanced ability to model complex temporal dependencies and achieve a superior recall of 96.98%.
The training and validation accuracy and loss curves for the LSTM, GRU, and hybrid LSTM-GRU models are illustrated in Figure 2, Figure 3 and Figure 4, respectively. According to the graphs, all three models show similar learning curves; accuracy increased and loss decreased as epochs progressed. The LSTM–GRU hybrid model converged faster, reaching higher accuracy levels around the 5th epoch (see Figure 4a). All models stabilized at an accuracy level of 98–99% around the 15th epoch. Test accuracy (orange line) occasionally exceeded training accuracy (blue line), indicating good generalization ability.
Confusion matrices are used to depict the distributions of true and false classification outcomes for each model. The LSTM–GRU hybrid model showed the lowest false negative rate, but it has a slightly higher false positive rate (see Figure 5c). The classification performance and the distribution of true versus false outcomes for each model are depicted in the confusion matrices presented in Figure 5:
The three ROC curves in Figure 6 show the classification performance of the compared LSTM, GRU and LSTM–GRU hybrid models.
ROC curves validate our previous analyses and show that all models perform very well but the LSTM–GRU hybrid model has a slight advantage. The fact that the models achieve an AUC value of 1.00 indicates excellent classification performance on the utilized simulated dataset. This near-perfect separability is attributed to the distinct patterns of GPS spoofing attacks within the dataset generated via PX4/Gazebo simulations, which facilitate almost flawless classification under controlled conditions.
The results obtained indicate that the hybrid LSTM–GRU model is preferable, especially in applications requiring high accuracy.

4. Discussion

Our findings are consistent with the benchmark study by Whelan et al. [19], who introduced the ‘UAV Attack’ dataset. While Whelan et al. utilized one-class classifiers like Autoencoders to achieve high F1-scores, our research demonstrates that a supervised hybrid LSTM–GRU approach also yields robust results (97.47% F1-score) by effectively leveraging temporal dependencies. Unlike the PCA-based dimensionality reduction used in previous work, our study emphasizes the physical interpretability of individual sensory features. Additionally, the near-perfect AUC values observed in our tests align with the high separability of spoofing signals in simulated PX4/Gazebo environments, as also noted in [19].
Drawing on the outcomes of this study, the following recommendations are provided to guide future research efforts:
  • Examination of different feature selection methods: In this study, 11 features were selected using the mutual information method. The effect of different feature selection or dimension reduction techniques (e.g., PCA, LDA, model-based importance scores) on performance can be investigated.
  • Deepening hyperparameter optimization: To further improve model performance, more comprehensive hyperparameter optimization (e.g., Bayesian optimization) can be performed and parameters (e.g., optimal configuration of layers, cell counts and learning rate) can be investigated in greater detail.
  • Validation with larger and more diverse datasets: To test the model’s generalization ability more robustly, work can be done on training and evaluating it on larger and more diverse datasets from different UAV platforms and containing different attack scenarios.
  • Validation Strategy Limitations: It is important to acknowledge that the 5-fold cross-validation employed in this study was performed at the sample level rather than using a time-aware or flight-wise split. While sample-level splitting provides statistical robustness regarding feature space distribution, it may result in high performance due to the temporal correlation between adjacent samples in time-series data. In real-world operational scenarios, detecting attacks on completely unseen flight trajectories (flight-wise validation) represents a stricter generalization challenge. Future studies should prioritize flight-wise splitting strategies to rigorously evaluate the model’s performance on unseen trajectories and minimize potential data leakage arising from temporal proximity.
  • Real-time application and deployment: Work can be done on optimizing the developed model to run in real time and integrating it as an embedded system on a UAV flight controller or ground station. In this context, model pruning, quantization, and latency analysis are critical.
  • Research on different deep learning architectures: In future work, the performance of other advanced architectures, such as Transformer-based models or Convolutional Neural Networks for Long-Term Patterns (CNN-LSTM), can be investigated.
  • Extension to other attack types: In addition to the GPS spoofing attack focused on this study, the development of similar deep-learning-based methods for detecting other cyber-attacks, such as communication channel eavesdropping, DoS and command injection, could be investigated.
In conclusion, this study has demonstrated that deep learning models, and hybrid approaches in particular, offer an effective solution for ensuring the cybersecurity of UAVs. Future work in the suggested directions will significantly contribute to the maturation of these technologies and their integration into real-world applications.

5. Conclusions

The performance of LSTM, GRU and hybrid LSTM–GRU models in detecting GPS-spoofing attacks targeting UAVs is examined in this study. Experimental studies conducted on the “UAV Attack” dataset yielded the following results:
  • Hybrid model demonstrated superior performance: Our findings confirm that the hybrid architecture provides an optimal balance for UAV security, with an F1-score of 97.47%. Specifically, it minimizes missed detections (False Negatives) by reaching a recall of 96.98%, a significant improvement over single-layer recurrent models.
  • LSTM provided high precision: The LSTM model demonstrated the highest positive predictive consistency, achieving a precision value of 98.49%. This indicates that the LSTM model exhibits superior reliability in its positive class predictions.
  • All models achieved high success: ROC curves and 1.00 AUC values confirmed that all three models performed near-perfectly in distinguishing GPS spoofing attacks from normal conditions. This result proves that deep learning models are effective tools in the field of UAV cybersecurity.
  • The hybrid model converged faster: During the training process, the hybrid model was observed to reach high accuracy values at earlier epochs (Figure 4). This indicates that the hybrid model also offers advantages in terms of learning efficiency.
These results demonstrate that the hybrid use of LSTM and GRU architectures is an extremely promising approach, particularly in critical applications requiring high accuracy and reliability, such as the detection of GPS spoofing attacks.

Author Contributions

Conceptualization, U.K. and Ö.C.T.; methodology, U.K.; software, U.K.; validation, U.K. and Ö.C.T.; formal analysis, U.K.; investigation, U.K.; data curation, U.K.; writing—original draft preparation, U.K.; writing—review and editing, Ö.C.T.; visualization, U.K.; supervision, Ö.C.T.; project administration, Ö.C.T. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Publicly available datasets were analyzed in this study. This data can be found here: https://doi.org/10.21227/00dg-0d12.

Acknowledgments

This study was conducted as part of the first author’s Ph.D. thesis at İstanbul University-Cerrahpaşa, Department of Computer Engineering.

Conflicts of Interest

The authors declare no conflicts of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript; or in the decision to publish the results.

Abbreviations

The following abbreviations are used in this manuscript:
UAVUnmanned Aerial Vehicle
GPSGlobal Positioning System
GNSSGlobal Navigation Satellite System
IMUInertial Measurement Unit
uORBMicro Object Request Broker
SDRSoftware Defined Radio
ANNArtificial Neural Network
RNNRecurrent Neural Network
LSTMLong Short-Term Memory
GRUGated Recurrent Unit
ROCReceiver Operating Characteristic
AUCArea Under the Curve
PVTPosition–Velocity–Time

References

  1. Agyapong, R.A.; Nabil, M.; Nuhu, A.-R.; Rasul, M.I.; Homaifar, A. Efficient Detection of GPS Spoofing Attacks on Unmanned Aerial Vehicles Using Deep Learning. In Proceedings of the 2021 IEEE Symposium Series on Computational Intelligence (SSCI), Orlando, FL, USA, 5–7 December 2021. [Google Scholar] [CrossRef]
  2. Titouna, C.; Naït-Abdesselam, F. A Lightweight Security Technique For Unmanned Aerial Vehicles Against GPS Spoofing Attack. In Proceedings of the 2021 International Wireless Communications and Mobile Computing (IWCMC), Harbin, China, 28 June–2 July 2021. [Google Scholar] [CrossRef]
  3. Srinivasan, S.P.; Sathyadevan, S. GPS Spoofing Detection in UAV Using Motion Processing Unit. In Proceedings of the 11th International Symposium on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA, 11–12 May 2023. [Google Scholar] [CrossRef]
  4. Qiao, Y.; Zhang, Y.; Du, X. A Vision-Based GPS-Spoofing Detection Method for Small UAVs. In Proceedings of the 13th International Conference on Computational Intelligence and Security (CIS), Hong Kong, China, 15–18 December 2017. [Google Scholar] [CrossRef]
  5. Zou, Q.; Huang, S.; Lin, F.; Cong, M. Detection of GPS spoofing based on UAV model estimation. In Proceedings of the IECON 2016—42nd Annual Conference of the IEEE Industrial Electronics Society, Florence, Italy, 23–26 October 2016. [Google Scholar] [CrossRef]
  6. Shepard, D.P.; Bhatti, J.A.; Humphreys, T.E. Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks. In Proceedings of the 25th International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS 2012), Nashville, TN, USA, 19–21 September 2012. [Google Scholar] [CrossRef]
  7. O’Hanlon, B.W.; Psiaki, M.L.; Bhatti, J.A.; Shepard, D.P.; Humphreys, T.E. Real-Time GPS Spoofing Detection via Correlation of Encrypted Signals. Navigation 2013, 60, 267–278. [Google Scholar] [CrossRef]
  8. Noh, J.; Kwon, Y.; Son, Y.; Shin, H.; Kim, D.; Choi, J.; Kim, Y. Tractor beam: Safe-hijacking of consumer drones with adaptive GPS spoofing. ACM Trans. Priv. Secur. 2019, 22, 12. [Google Scholar] [CrossRef]
  9. Dulo, D.A. Unmanned aircraft: The rising risk of hostile takeover [leading edge]. IEEE Technol. Soc. Mag. 2015, 34, 17–19. [Google Scholar] [CrossRef]
  10. Warner, J.S.; Johnston, R.G. Think GPS Cargo Tracking = High Security. Think Again; LA-UR-04-1692; Los Alamos National Laboratory: Los Alamos, NM, USA, 2003. Available online: https://www.osti.gov/servlets/purl/977505 (accessed on 31 December 2025).
  11. Feng, W.; Friedt, J.M.; Merou, G.G.; Meyer, F. Software-Defined Radio Implemented GPS Spoofing and Its Computationally Efficient Detection and Suppression. IEEE Aerosp. Electron. Syst. Mag. 2021, 36, 36–52. [Google Scholar] [CrossRef]
  12. Psiaki, M.L.; Humphreys, T.E. GNSS spoofing and detection. Proc. IEEE 2016, 104, 1258–1270. [Google Scholar] [CrossRef]
  13. Schmidt, D.; Radke, K.; Camtepe, S.; Foo, E.; Ren, M. A survey and analysis of the GNSS spoofing threat and countermeasures. ACM Comput. Surv. 2016, 48, 64. [Google Scholar] [CrossRef]
  14. Spilker, J.J. GPS signal structure and performance characteristics. Navigation 1978, 25, 121–146. [Google Scholar] [CrossRef]
  15. Kerns, A.J.; Wesson, K.D.; Humphreys, T.E. A blueprint for civil GPS navigation message authentication. In Proceedings of the 2014 IEEE/ION Position, Location and Navigation Symposium—PLANS 2014, Monterey, CA, USA, 5–8 May 2014. [Google Scholar] [CrossRef]
  16. Aissou, G.; Benouadah, S.; El Alami, H.; Kaabouch, N. Instance-based Supervised Machine Learning Models for Detecting GPS Spoofing Attacks on UAS. In Proceedings of the 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 26–29 January 2022. [Google Scholar] [CrossRef]
  17. Panice, G.; Luongo, S.; Gigante, G.; Pascarella, D.; Di Benedetto, C.; Vozella, A. A SVM-based detection approach for GPS spoofing attacks to UAV. In Proceedings of the 2017 23rd International Conference on Automation and Computing (ICAC), Huddersfield, UK, 7–8 September 2017. [Google Scholar] [CrossRef]
  18. Manesh, M.R.; Kenney, J.; Hu, W.C.; Devabhaktuni, V.K.; Kaabouch, N. Detection of GPS Spoofing Attacks on Unmanned Aerial Systems. In Proceedings of the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 11–14 January 2019. [Google Scholar] [CrossRef]
  19. Whelan, J.; Sangarapillai, T.; Minawi, O.; Almehmadi, A.; El-Khatib, K. Novelty-based Intrusion Detection of Sensor Attacks on Unmanned Aerial Vehicles. In Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet ‘20), New York, NY, USA, 16–20 November 2020. [Google Scholar] [CrossRef]
  20. Feng, Z.; Guan, N.; Lv, M.; Liu, W.; Deng, Q.; Liu, X.; Yi, W. Efficient drone hijacking detection using two-step GA-XGBoost. J. Syst. Archit. 2020, 103, 101694. [Google Scholar] [CrossRef]
  21. Wang, S.; Wang, J.; Su, C.; Ma, X. Intelligent Detection Algorithm Against UAVs’ GPS Spoofing Attack. In Proceedings of the 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS), Hong Kong, China, 2–4 December 2020. [Google Scholar] [CrossRef]
  22. Xiao, K.; Zhao, J.; He, Y.; Li, C.; Cheng, W. Abnormal Behavior Detection Scheme of UAV Using Recurrent Neural Networks. IEEE Access 2019, 7, 110293–110305. [Google Scholar] [CrossRef]
  23. Gasimova, A.; Khoei, T.T.; Kaabouch, N. A Comparative Analysis of the Ensemble Models for Detecting GPS Spoofing attacks on UAVs. In Proceedings of the 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 26–29 January 2022; pp. 310–315. [Google Scholar] [CrossRef]
  24. Dang, Y.; Benzaïd, C.; Yang, B.; Taleb, T.; Shen, Y. Deep-Ensemble-Learning-Based GPS Spoofing Detection for Cellular-Connected UAVs. IEEE Internet Things J. 2022, 9, 25068–25085. [Google Scholar] [CrossRef]
  25. Sedjelmaci, H.; Senouci, S.M.; Ansari, N. A Hierarchical Detection and Response System to Enhance Security Against Lethal Cyber-Attacks in UAV Networks. IEEE Trans. Syst. Man Cybern. Syst. 2018, 48, 1594–1606. [Google Scholar] [CrossRef]
  26. Gaspar, J.; Ferreira, R.; Sebastião, P.; Souto, N. Capture of UAVs Through GPS Spoofing. In Proceedings of the 2018 Global Wireless Summit (GWS), Chiang Rai, Thailand, 25–28 November 2018. [Google Scholar] [CrossRef]
  27. Arteaga, S.P.; Hernández, L.A.M.; Pérez, G.S.; Orozco, A.L.S.; Villalba, L.J.G. Analysis of the GPS Spoofing Vulnerability in the Drone 3DR Solo. IEEE Access 2019, 7, 51782–51789. [Google Scholar] [CrossRef]
  28. Nayfeh, M.; Li, Y.; Al Shamaileh, K.; Devabhaktuni, V.; Kaabouch, N. Machine Learning Modeling of GPS Features with Applications to UAV Location Spoofing Detection and Classification. Comput. Secur. 2023, 126, 103085. [Google Scholar] [CrossRef]
  29. Eshmawi, A.A.; Umer, M.; Ashraf, I.; Park, Y. Enhanced Machine Learning Ensemble Approach for Securing Small Unmanned Aerial Vehicles From GPS Spoofing Attacks. IEEE Access 2024, 12, 27344–27355. [Google Scholar] [CrossRef]
  30. İşleyen, E.; Bahtiyar, Ş. GPS Spoofing Detection on Autonomous Vehicles with XGBoost. In Proceedings of the 2024 9th International Conference on Computer Science and Engineering (UBMK), Antalya, Turkiye, 26–28 September 2024. [Google Scholar] [CrossRef]
  31. Hochreiter, S.; Schmidhuber, J. Long Short-Term Memory. Neural Comput. 1997, 9, 1735–1780. [Google Scholar] [CrossRef] [PubMed]
  32. Cho, M.; Kim, C.; Jung, K.; Jung, H. Water Level Prediction Model Applying a Long Short-Term Memory (LSTM)–Gated Recurrent Unit (GRU) Method for Flood Prediction. Water 2022, 14, 2221. [Google Scholar] [CrossRef]
Sensors 26 01111 g001
Figure 1. Schematic illustration of the LSTM–GRU hybrid architecture.
Figure 1. Schematic illustration of the LSTM–GRU hybrid architecture.
Sensors 26 01111 g001
Sensors 26 01111 g002
Figure 2. LSTM accuracy-loss graphs: (a) LSTM accuracy graph; (b) LSTM loss graph.
Figure 2. LSTM accuracy-loss graphs: (a) LSTM accuracy graph; (b) LSTM loss graph.
Sensors 26 01111 g002
Sensors 26 01111 g003
Figure 3. GRU accuracy-loss graphs: (a) GRU accuracy graph; (b) GRU loss graph.
Figure 3. GRU accuracy-loss graphs: (a) GRU accuracy graph; (b) GRU loss graph.
Sensors 26 01111 g003
Sensors 26 01111 g004
Figure 4. LSTM–GRU accuracy-loss graphs: (a) LSTM–GRU accuracy graph; (b) LSTM–GRU loss graph.
Figure 4. LSTM–GRU accuracy-loss graphs: (a) LSTM–GRU accuracy graph; (b) LSTM–GRU loss graph.
Sensors 26 01111 g004
Sensors 26 01111 g005
Figure 5. Normalized confusion matrices. Results represent a representative fold of the 5-fold cross-validation process, aligning with the reported mean performance metrics: (a) LSTM confusion matrix; (b) GRU confusion matrix; (c) LSTM-GRU confusion matrix.
Figure 5. Normalized confusion matrices. Results represent a representative fold of the 5-fold cross-validation process, aligning with the reported mean performance metrics: (a) LSTM confusion matrix; (b) GRU confusion matrix; (c) LSTM-GRU confusion matrix.
Sensors 26 01111 g005
Sensors 26 01111 g006
Figure 6. ROC curves: (a) LSTM ROC curve; (b) GRU ROC curve; (c) LSTM–GRU ROC curve.
Figure 6. ROC curves: (a) LSTM ROC curve; (b) GRU ROC curve; (c) LSTM–GRU ROC curve.
Sensors 26 01111 g006
Table 1. Descriptions of attributes used in the final data set.
Table 1. Descriptions of attributes used in the final data set.
Feature NameDescriptionUnitMI Score
alt_ellipsoid_xFused altitude relative to the ellipsoidal reference surfacemeter (m)0.315998
epv_xPrimary standard deviation of estimated vertical position errormeter (m)0.274125
alt_yRaw GPS altitude above Mean Sea Level (MSL)meter (m)0.284894
alt_ellipsoid_yRaw GPS altitude relative to the ellipsoidal reference surfacemeter (m)0.284961
s_variance_m_sGPS speed accuracy estimate (speed variance)meter/second (m/s)0.349014
epv_yVertical Dilution of Precision (VDOP) representing geometric qualitymeter (m)0.293474
vdopVertical Dilution of Precision (unitless geometric multiplier)-0.269708
vel_m_sGPS ground speedmeter/second (m/s)0.284417
vel_d_m_sGPS downward velocity component (vertical speed)meter/second (m/s)0.264995
cog_radCourse Over Groundradian (rad)0.281952
epvSystem-wide vertical position error estimate (redundant check)meter (m)0.256721
Table 2. Detailed Training Hyperparameters and Configuration.
Table 2. Detailed Training Hyperparameters and Configuration.
ParameterValue/Detail
Input Sequence Length1
Batch Size64
OptimizerAdam
Initial Learning Rate0.001
Loss FunctionBinary Cross-Entropy
CallbacksEarly Stopping (patience 3), ReduceLROnPlateau
Maximum Epochs20
Table 3. Models’ Performance.
Table 3. Models’ Performance.
AccuracyPrecisionRecallF1
LSTM0.98670.98490.91760.9501
GRU0.98700.98290.92170.9513
LSTM-GRU0.99310.97980.96980.9747
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kuriş, U.; Turna, Ö.C. Performance Analysis of LSTM, GRU and Hybrid LSTM–GRU Model for Detecting GPS Spoofing Attacks. Sensors 2026, 26, 1111. https://doi.org/10.3390/s26041111

AMA Style

Kuriş U, Turna ÖC. Performance Analysis of LSTM, GRU and Hybrid LSTM–GRU Model for Detecting GPS Spoofing Attacks. Sensors. 2026; 26(4):1111. https://doi.org/10.3390/s26041111

Chicago/Turabian Style

Kuriş, Umur, and Özgür Can Turna. 2026. "Performance Analysis of LSTM, GRU and Hybrid LSTM–GRU Model for Detecting GPS Spoofing Attacks" Sensors 26, no. 4: 1111. https://doi.org/10.3390/s26041111

APA Style

Kuriş, U., & Turna, Ö. C. (2026). Performance Analysis of LSTM, GRU and Hybrid LSTM–GRU Model for Detecting GPS Spoofing Attacks. Sensors, 26(4), 1111. https://doi.org/10.3390/s26041111

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop