AIS Spoofing Detection: A Field Guide for Analysts
How to tell a manipulated AIS track from a real one — the spoofing and GPS-jamming signatures that betray a vessel hiding its position, and the open data layers that catch them.
Two ways an AIS track lies
The Automatic Identification System was built for collision avoidance, not security: it broadcasts an unauthenticated, self-reported position that anyone aboard can falsify. Two distinct manipulations matter to an analyst. In spoofing, a false signal overrides the real one so the vessel appears somewhere it is not. In jamming, the underlying GNSS signal is blocked or distorted across an area, degrading or erasing position data for every ship in range.
According to maritime-AI vendor reporting, GPS jamming has become a mainstream operational threat, with tens of thousands of vessels affected and large position “jumps” recorded across 2025 REPORTED. Treat such vendor tallies as reported context, not verified counts — this guide is about the detection method, which does not depend on any single figure.
An AIS gap is not proof of wrongdoing. Receiver coverage, weather, and legitimate dark operations all produce gaps. The method below is about building corroboration, not jumping to a conclusion from one anomaly.
How to interrogate a suspicious track
Each step adds an independent data layer so a single spoofed feed cannot carry the whole conclusion.
- Check kinematic plausibility Test whether the reported track is physically possible: implied speeds above the hull's capability, instantaneous teleports, or impossible turn rates are classic spoofing artefacts.
- Look for the gap, then the reappearance Map where the AIS signal stopped and where it resumed. A long gap that ends far from a plausible continuation of the last course is a flag, especially near a transfer area.
- Cross-check against satellite imagery Use optical (EO) and synthetic-aperture radar (SAR) imagery to look for a hull at the claimed position — or at the suspected real one. SAR sees through cloud and dark, which is why it anchors maritime spoofing detection.
- Correlate with RF and other emitters Radio-frequency geolocation and other emitter data can place a vessel independently of its AIS, exposing a position the AIS feed denies.
- Profile the behaviour over time Behaviour-based modelling — implausible port calls, loitering, repeated gaps in the same waters — assesses intent even when any single position is suspect.
- Distinguish jamming from spoofing Area-wide degradation affecting many ships at once points to jamming; a single vessel reporting a coherent but false track points to spoofing. The response and the inference differ.
- Record each layer with a confidence tag Note which layers agreed. A conclusion corroborated by imagery and RF is far stronger than one resting on an AIS anomaly alone; tag accordingly and never assert confirmation from a single source.
Spoofing vs. jamming at a glance
| Signature | Points to | Best corroborating layer |
|---|---|---|
| Single vessel, physically impossible jumps | Spoofing | SAR/EO imagery at claimed vs. suspected position |
| Many vessels degraded in one area | Jamming | Area RF analysis; reports from multiple ships |
| Coherent track that contradicts imagery | Spoofing | EO/SAR snapshot |
| Long gap ending near a known STS area | Intentional dark + possible transfer | Imagery + pattern history |
| Identity/MMSI inconsistencies | Identity laundering | Registry and historical-identity cross-check |
Method limitation: imagery is a snapshot, not a continuous feed, and RF coverage is uneven. Detection improves with more independent layers; a confident attribution should rest on at least two that agree.
Common questions
What is the difference between AIS spoofing and AIS jamming?
Spoofing injects a false position so a vessel appears where it is not, usually affecting one ship's coherent track. Jamming blocks or distorts the underlying GNSS signal across an area, degrading position data for many vessels at once.
Can satellite imagery confirm an AIS track is spoofed?
It can corroborate it. SAR and optical imagery can show whether a hull is actually at the AIS-claimed position. Because imagery is a snapshot, a strong conclusion combines it with kinematic analysis and, where available, RF geolocation.
Is an AIS gap proof a ship is evading sanctions?
No. Gaps arise from receiver coverage, weather, and legitimate operations as well as deliberate dark sailing. A gap is a prompt to investigate with other layers, not a conclusion on its own.