Trustworthy positioning is critical in the operational control and management of trains. For a train positioning system (TPS) based on a global navigation satellite system (GNSS), a spoofing attack significantly threatens the trustworthiness of positioning. However, the influence and recognition of GNSS spoofing attacks are not considered in the existing research on GNSS-enabled TPS. Spoofing attacks affect the performance of GNSS observations and the positioning results, allowing the development of data-driven spoofing recognition solutions. This study aims to achieve effective spoofing recognition for active security protection in TPS. Different features were designed to reflect the effects of a spoofing attack, including GNSS observation-related indicators and odometer-enabled parameters, and a novel Bayesian optimization-light gradient boosting machine (BO-LightGBM) solution was proposed. In particular, a Bayesian optimization technique was introduced into the LightGBM framework to improve the hyperparameter determination capability for recognition model training. Using a GNSS spoofing test platform with a specific GNSS signal generator and the SimSAFE spoofing test tool, different spoofing attack modes were tested to collect sample datasets for model training and evaluation. The results of model establishment and comparison of the model performance indicators illustrated the advantages of the proposed solution, its adaptability to different spoofing attack situations, and its superiority over state-of-the-art modeling strategies.