SeaSpoofFinder -- Potential GNSS Spoofing Event Detection Using AIS

This paper investigates whether large-scale GNSS spoofing activity can be inferred from maritime Automatic Identification System (AIS) position reports. A data-processing framework, called SeaSpoofFinder, available here: seaspooffinder.github.io/ais_data, was developed to ingest and post-process global AIS streams and to detect candidate anomalies through a two-stage procedure. In Stage 1, implausible position jumps are identified using kinematic and data-quality filters; in Stage 2, events are retained only when multiple vessels exhibit spatially consistent source and target clustering, thereby reducing false positives from single-vessel artifacts. The resulting final potential spoofing events (FPSEs) reveal recurrent patterns in several regions, including the Baltic Sea, the Black Sea, Murmansk, Moscow, and the Haifa area, with affected footprints that can span large maritime areas. The analysis also highlights recurring non-spoofing artifacts (e.g., back-to-port jumps and data gaps) that can still pass heuristic filters in dense traffic regions. These results indicate that AIS-based monitoring can provide useful evidence for identifying and characterizing potential spoofing activity at scale, while emphasizing that AIS-only evidence does not provide definitive attribution.