Because of the variability and complexity of intentional interferences, it is very difficult for one single anti-spoofing approach to properly treat all spoofing modes (Dovis, 2015). The proposed method nearly ensures security of the acquisition segment against 10 spoofing data sets as will reported in Table 2. Firstly, the spoofing signal model is defined this section. Then, the steps of the proposed algorithm will be explained in detail. A short discussion about threshold comes at the end.

Signal Model

The received signal in the presence of a spoofing signal is simply modeled as:

$${\operatorname{S} _{in}}=\beta [{S_A}(n)+\alpha {S_F}(n - d)+\omega (n)]$$

5

where \(\alpha ={10^{FAR/20}}\) represents the amplitude ratio, FAR indicates the fake to authentic signal ratio in dB, and *β* is the AGC gain at the front-end which affects the entire received signal. is the spoofing signal delay with respect to the authentic signal. Finally, SA and SF represent authentic and spoofing signals, respectively.

Initial models assume a very sharp peak for CAF while its sidelobes are completely buried by the noise terms. Indeed, this approximation is not exact because of the presence of non-zero correlation values, and a more accurate model accounting these imperfections should be considered. Envelope comparison of spoofing and authentic signals indicates that spoofing attack can be recognized by a double statistical test (Manfredini and Dovis, 2016):

$$\begin{gathered} H0H0{\text{ (no signal)}}:{\text{ }}CAF \approx {(\mu +{w_I})^2}+{(\mu +{w_Q})^2} \hfill \\ H1H0{\text{ (single signal) : CAF}} \approx {(AR(\tau ){\text{sinc}}({f_d}T))^2}+{(\mu +{w_I})^2}+{(\mu +{w_Q})^2} \hfill \\ HxH1{\text{ (double signal) : }}CAF \approx {A^2}{\text{Sinc(}}{f_{\text{d}}}{\text{T)Sinc(}}{{\text{f}}_{{\text{d'}}}}{\text{T)(}}R{(\tau )^2}+{\alpha ^2}R{(\tau - \Delta c)^2} \hfill \\ {\text{ }}+2\alpha R(\tau )R(\tau - \Delta c))\cos (\varphi ' - \varphi )+{(\mu +{w_I})^2}+{(\mu +{w_Q})^2} \hfill \\ \end{gathered}$$

6

where H0H0, H1H0 and HxH1 means that no signal, one single signal and two signals are available, respectively. \(\Delta c\) is the signal's interval between the counterfeit and the authentic signal and can be either positive or negative. \(\varphi '\) is the carrier phase of the counterfeit signal. When the interval is very small, they are completely synchronous, and the carrier phase's interval is approximately 0, i.e., \(\cos (\varphi ' - \varphi ) \approx 1\). Otherwise, when the signals intervals is more than 2 code phase the carrier phase's interval is a factor. Regardless of its value, two peaks would be founded.

The cells close to the main peak are significantly affected by the signal presence that we named secondary peaks. In order to account the effect of these peaks, an enhanced Gaussian model has been tested: all the simulated Gaussian random variables present a mean equal to µ, except the ones representing main peak and the four adjacent cells. The means of the four adjacent cells were set to the values measured on the squared root of a noiseless search space.

Commonly, noise threshold is selected based on the acceptable probability of false acquisition and noise spectral power density (Kaplan and Hegarty, 2007) as:

$$N\_Tr= - 2\sigma _{N}^{2}\ln [1 - {(1 - {P_{FA}})^{\frac{1}{{{N_C}}}}}]$$

7

where \({N_C}\)is the length of the processed signal, and\({P_{FA}}\)is the probability of false acquisition. The noise variance can be shown as:

$$\sigma _{N}^{2}=E\{ W_{{IF}}^{2}(t)\} ={N_0}B_{{IF}}^{{}}$$

8

where \({{{N_0}} \mathord{\left/ {\vphantom {{{N_0}} 2}} \right. \kern-0pt} 2}\) is the power spectral density of the IF noise, and BIF is the front-end bandwidth. Secondary peaks are present because of correlation side values which are considered by the mean factor *µ* introduced in (6). Therefore, the noise threshold is optimally determined by:

$$N\_Tr=( - 2\sigma _{N}^{2}\ln [\frac{{1 - {{(1 - {P_{FA}})}^{\frac{1}{{{N_C}}}}}}}{{\sum\limits_{{K=0}}^{\infty } {{{(\frac{\mu }{{\sqrt {Tr} }})}^K}{I_K}(\frac{{\mu \sqrt {Tr} }}{{\sigma _{N}^{2}}})} }}]) - {\mu ^2}$$

9

where *I**K**(.)* is the modified Bessel function of the first kind of *K* order (Borio et al, 2008).

The Principle of the Proposed Method

The standard receiver performs a single hypothesis tests and reports the corresponding single PRN peak and hands over its parameters to the tracking loop. However, a smart acquisition considers the possibility of another state in which the spoofer has induced a fake peak for the related PRN. This proposed smart acquisition in this work can not only detect but also identify spoofing signal. Figure 2 elaborates the flowchart of implementation details to separate the spoofing peaks. Hereafter, a more detailed explanation is provided:

Step 1: The first thing that algorithm should focus on is calculation of correlation as shown in Fig. 1. In the presence of spoofing, it will be:

$$R(\tau ,f)={R_A}(\tau ,f)+\alpha {R_F}(\tau - \Delta \tau ,f - \Delta f)+N$$

10

where A and F denote the authentic and spoofed fake signal, respectively. \(\Delta \tau\) and\(\Delta f\)are the time delay and the frequency difference relative to authentic signal, respectively

Step 2: The Function *Sub1* in the Fig. 2 extracts the first peak (PA) and the second peak (PB) of the input signal in the way that explained in the above mentioned pseudo code; subsequently the equations of PA = P1 and PB = P2 are set. Then, P1/P2 is compared with the acquisition threshold. A ratio larger threshold means H1 is true. Classification process of peaks is performed during total algorithm as explained in next steps.

Step 3: As a smart acquisition, to detect whether the extracted peak is authentic or fake, a second hypothesis test after a WT-based denoising process is applied to the remained signal (sea the pseudo code). In other words, Sub1 function is applied again to extract the PA and PB values of denoised signal. Afterward, the hypothesis test is done. As can be seen in the Fig. 2, in this step, PA and PB are indeed P2 (second peak) and P3 (third peak) of the initial signal, respectively. Detection of a new peak, evidences a spoofing attack (H1H1); otherwise, the initial peak will be considered as an authentic peak (H1H0).

Denoising gets the wavelet coefficients so that the related coefficients of the noise are considered zero to remove them from the initial signal. The product of the wavelet and the noise is numerically small since the noise spectrum is extended at all frequencies. On the contrary, most of the signal information is available on a small number of coefficients, making the amplitude of these coefficients large; thus, the signal will not be damaged by denoising with these three stages:

1. Applying a signal with a length of N to a selected wavelet at the K level.

2. Determining the threshold for separating the coefficients such that the noise is eliminated.

3. Using the coefficients for the inverted wavelet and extracting the main noise-free signal.

To have effective denoising through wavelet, the proper selection of components is significant. For example, selecting the appropriate base function, then accurately determining the number of decompositions (K), and most importantly, selection of an optimal threshold is necessary. For this purpose, the proposed method in the study of Sharie et al. (2020a) is applied by factorizing differential acquisition. The more similar mother wavelet with the original signal gives the better decomposition. The rbio1.1 mother wavelet from the reverse biorthogonal family introduced by Sharie et al. (2020b) is utilized that is well compatible with the GPS signal. In order to increase the probability of detecting the available potential signal, the maximum number of decomposition levels equal to the following equation has been selected:

$${K_{MAX}}=\left\lfloor {{{\log }_2}N} \right\rfloor$$

11

where N is the length of the processed signal. The resolution threshold is determined based on the statistical characteristics of the processed signal according to:

$${\lambda _{i,j}}={\mu _i}+{K_{i,j}}{\sigma _i}$$

12

where Ki,j is an adjustable parameter to manipulate the effect of non-zero bias in threshold determination. Furthermore, \({\mu _i}\)and \({\sigma _i}\)respectively represent the average and standard deviation of detail components in each level of decomposition and can be expressed by:

$${\mu _i}=\frac{{\sum\nolimits_{{j=1}}^{{{N_i}}} {{w_{i,j}}} }}{{{N_j}}},{\text{ }}{\sigma _i}=\sqrt {\frac{1}{{({N_i} - 1)}}\sum\limits_{{j=1}}^{{{N_i}}} {{{({w_{i,j}} - {\mu _i})}^2}} }$$

13

where \({w_{i,j}}\) are the WT coefficients, and navigation section *N**i* indicates the number of elements in each detail component. After obtaining the threshold and removing the coefficients below its level, the signal reconstruction stage with the remaining coefficients is performed, which results in a noise-free signal.

Step 4: If the initial hypothesis is not proved (H0). In the case of a standard receiver, it means that the satellite is invisible. However, for a smart acquisition, a second possibility is considered. This is the above mentioned main problem of SDR in acquisition when P1 and P2 are correspond to the authentic and spoofing signal with about close signal amplitudes. This can be distinguished among another hypothesis where the *Sub1* function is rerun on the remained signal. Then, the P2 / P3 ratio is compared with the acquisition threshold; a small ratio means that they are close to each other and belong to the noise signal and this PRN is actually invisible (H0H0). Otherwise, a new peak is identified (H0H1). The next step dedicates to determine whether P1 is authentic or P2.

Step 5: The spoofing signal is usually higher than the authentic signal, but not always. Moreover, at the initial stage of the synchronous intermediate spoofing *α* is less than one. Generally, separation of spoofing and authentic close peaks is an essential challenge in the spoofing field. In this research the authors have solved this problem by concentrating on the effect of AGC gain (β). In is obvious that high power spoofing signal (*α* > 1) needs smaller β. Since *β* in the Eq. (5), is also applied to noise, the noise level in case of *α* > 1 is lower than the case of *α* < 1; Referring to (Jafarnia, 2013) *β* can be extracted from IF signal as the filter.

According to these points, selecting an appropriate threshold for *β*, the range of *α* value can be estimated. In the other words, if *β > β* *trh*, then *α* < 1 and P2 indicates an authentic peak; otherwise, the P1 will be considered as the authentic peak.

Qualitative analysis of this decision-making pattern is demonstrated in Fig. 3. The probability of decision-making error is presented in three decision rules: (1) higher peak related to authentic signal, (2) higher peak related to spoofing signal, and (3) the proposed model. It can be observed that in the case of the correct estimation of the threshold, the cumulative error of the proposed algorithm is considerably lower.