VessiGuard: AI-Driven Anomaly Detection for Maritime Cyber Defence

Abstract

The maritime industry is undergoing a rapid digital transformation, driven by the adoption of technologies such as the Automatic Identification System (AIS), advanced navigation software, and onboard Internet of Things (IoT) sensors. These innovations have significantly improved operational efficiency, safety, and situational awareness. However, this increasing reliance on interconnected digital systems also expands the sector’s exposure to cyber threats. Traditional rule-based monitoring and siloed intrusion detection systems often fail to identify coordinated multi-modal attacks, leaving vessels vulnerable to sophisticated, stealthy intrusions. The dual nature of this transformation underscores the urgent need for more sophisticated and adaptive cybersecurity strategies. This study introduces VessiGuard, an AI-driven anomaly detection system designed to detect and mitigate abnormal vessel behaviour as an early indicator of potential cyber intrusions, system failures, or operational anomalies. The approach leverages two complementary artificial intelligence techniques: Long Short-Term Memory (LSTM) neural networks, which model temporal dependencies in vessel movement, and Isolation Forest algorithms, which excel at detecting rare and unusual behaviour patterns. By fusing navigational telemetry with operational technology (OT) sensor readings, specifically engine temperature and fuel consumption, the model creates a unified, cross-domain anomaly score that is robust against single-variable manipulation. A prototype anomaly detection system was implemented and evaluated using controlled simulation and publicly available maritime datasets that reflect real-world operational scenarios. Results demonstrate that VessiGuard effectively detects anomalies, including GPS spoofing, sensor drift, and structured interference. Experimental validation indicates a detection accuracy of approximately 94.2% for trajectory anomalies and 92.8% for sensor deviations. Furthermore, the system demonstrates modality-specific responsiveness, identifying operational sensor faults in under four minutes while accurately accumulating evidence for trajectory deviations within five to eight minutes. This work presents a practical pathway towards adaptive, data-driven cybersecurity solutions by situating anomaly detection within the broader maritime operational ecosystem. The findings highlight how AI-based anomaly detection can complement existing maritime defence mechanisms, support decision-making under dynamic threat conditions, and improve incident response readiness. Furthermore, the results lay the groundwork for future research into autonomous and semi-autonomous detection architectures, ultimately contributing to a more resilient, secure, and intelligence-driven digital maritime domain.